diff --git a/Makefile b/Makefile
index b5a9b9a5c5..d301a80249 100644
--- a/Makefile
+++ b/Makefile
@@ -61,6 +61,7 @@ OPERATOR_IMG=$(DOCKER_HUB_REPO)/$(DOCKER_HUB_OPERATOR_IMG):$(DOCKER_HUB_OPERATOR
 OPERATOR_TEST_IMG=$(DOCKER_HUB_REPO)/$(DOCKER_HUB_OPERATOR_TEST_IMG):$(DOCKER_HUB_OPERATOR_TEST_TAG)
 BUNDLE_IMG=$(DOCKER_HUB_REPO)/$(DOCKER_HUB_BUNDLE_IMG):$(RELEASE_VER)
 REGISTRY_IMG=$(DOCKER_HUB_REPO)/$(DOCKER_HUB_REGISTRY_IMG):$(RELEASE_VER)
+
 PX_DOC_HOST ?= https://docs.portworx.com
 PX_INSTALLER_HOST ?= https://install.portworx.com
 PROMETHEUS_OPERATOR_HELM_CHARTS_TAG ?= kube-prometheus-stack-42.1.0
@@ -78,7 +79,8 @@ BUILD_OPTIONS := -ldflags=$(LDFLAGS)
 .DEFAULT_GOAL=all
 .PHONY: operator deploy clean vendor vendor-update test generate manifests tools-check
 
-all: operator pretest downloads
+all: operator resource-gateway pretest downloads
+dev: operator resource-gateway container deploy
 
 vendor-update:
 	go mod download
@@ -174,11 +176,16 @@ codegen:
 	@echo "Generating CRD"
 	(GOFLAGS="" hack/update-codegen.sh)
 
-operator:
+resource-gateway:
+	@echo "Building the resource-gateway binary"
+	@cd cmd/resource-gateway && CGO_ENABLED=0 go build $(BUILD_OPTIONS) -o $(BIN)/resource-gateway
+
+operator: resource-gateway
 	@echo "Building the cluster operator binary"
 	@cd cmd/operator && CGO_ENABLED=0 go build $(BUILD_OPTIONS) -o $(BIN)/operator
 	@cd cmd/dryrun && CGO_ENABLED=0 go build $(BUILD_OPTIONS) -o $(BIN)/dryrun
 
+
 container:
 	@echo "Building operator image $(OPERATOR_IMG)"
 	docker build --pull --tag $(OPERATOR_IMG) -f build/Dockerfile .
@@ -298,3 +305,6 @@ clean: clean-release-manifest clean-bundle
 	@go clean -i $(PKGS)
 	@echo "Deleting image "$(OPERATOR_IMG)
 	@docker rmi -f $(OPERATOR_IMG) registry.access.redhat.com/ubi9-minimal:latest
+
+resource-gateway-proto:
+	$(MAKE) -C proto docker-proto
\ No newline at end of file
diff --git a/build/Dockerfile b/build/Dockerfile
index f9e5cd7272..721276584a 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -22,3 +22,4 @@ COPY manifests /manifests
 COPY bin/configs /configs
 COPY bin/operator /
 COPY bin/dryrun /
+COPY bin/resource-gateway /
diff --git a/cmd/resource-gateway/resource_gateway.go b/cmd/resource-gateway/resource_gateway.go
new file mode 100644
index 0000000000..ab296845bf
--- /dev/null
+++ b/cmd/resource-gateway/resource_gateway.go
@@ -0,0 +1,153 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	_ "net/http/pprof"
+	"os"
+	"strings"
+
+	"github.com/libopenstorage/grpc-framework/pkg/auth"
+	grpcFramework "github.com/libopenstorage/grpc-framework/server"
+
+	pxutil "github.com/libopenstorage/operator/drivers/storage/portworx/util"
+	resourceGateway "github.com/libopenstorage/operator/pkg/resource-gateway"
+	"github.com/libopenstorage/operator/pkg/version"
+	"github.com/sirupsen/logrus"
+	"github.com/urfave/cli"
+)
+
+func main() {
+	app := cli.NewApp()
+	app.Name = "resource-gateway"
+	app.Usage = "gRPC service for managing resources"
+	app.Version = version.Version
+	app.Action = run
+
+	app.Flags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "serverHost",
+			Usage: "Host for resource-gateway gRPC server",
+		},
+		cli.StringFlag{
+			Name:  "serverPort",
+			Usage: "Port for resource-gateway gRPC server",
+		},
+		cli.StringFlag{
+			Name:  "namespace",
+			Usage: "Name of the configmap to use for semaphore",
+		},
+		cli.StringFlag{
+			Name:  "configMapName",
+			Usage: "Name of the configmap to use for semaphore",
+		},
+		cli.StringFlag{
+			Name:  "configMapLabels",
+			Usage: "Labels to use for the configmap",
+		},
+		cli.DurationFlag{
+			Name:  "configMapUpdatePeriod",
+			Usage: "Time period between configmap updates",
+		},
+		cli.DurationFlag{
+			Name:  "deadClientTimeout",
+			Usage: "Time period after which a node is considered dead",
+		},
+		cli.BoolFlag{
+			Name:  "debug",
+			Usage: "Set log level to debug",
+		},
+	}
+
+	if err := app.Run(os.Args); err != nil {
+		log.Fatalf("Error starting resource gateway gRPC server: %v", err)
+	}
+}
+
+// run is the main function for resource-gateway gRPC server
+// it initializes the k8s client, creates the gRPC server, and runs the server...
+func run(c *cli.Context) {
+	if c.Bool("debug") {
+		logrus.SetLevel(logrus.DebugLevel)
+	}
+
+	resourceGatewayServer := resourceGateway.NewResourceGatewayServer(
+		newResourceGatewayServerConfig(c),
+		newSemaphoreConfig(c))
+	err := resourceGatewayServer.SetupSigIntHandler()
+	if err != nil {
+		logrus.Fatalf("Failed to setup signal handler: %v", err)
+	}
+	err = resourceGatewayServer.Start()
+	if err != nil {
+		logrus.Fatalf("Failed to start resource-gateway server: %v", err)
+	}
+}
+
+// newResourceGatewayServerConfig creates the config for resource-gateway gRPC server
+func newResourceGatewayServerConfig(c *cli.Context) *grpcFramework.ServerConfig {
+	resourceGatewayServerConfig := resourceGateway.NewResourceGatewayServerConfig()
+
+	serverName := c.String("serverName")
+	if serverName == "" {
+		resourceGatewayServerConfig.Name = serverName
+	}
+
+	serverHost := c.String("serverHost")
+	serverPort := c.String("serverPort")
+	if serverHost != "" && serverPort != "" {
+		serverAddress := fmt.Sprintf("%s:%s", serverHost, serverPort)
+		resourceGatewayServerConfig.Address = serverAddress
+	}
+
+	// if Px security is enabled, then Issuer and SharedSecret will be set in the environment
+	authIssuer := os.Getenv(pxutil.EnvKeyPortworxAuthJwtIssuer)
+	authSharedSecret := os.Getenv(pxutil.EnvKeyPortworxAuthJwtSharedSecret)
+	if authIssuer != "" && authSharedSecret != "" {
+		security := &grpcFramework.SecurityConfig{}
+		authenticator, err := auth.NewJwtAuthenticator(
+			&auth.JwtAuthConfig{
+				SharedSecret: []byte(authSharedSecret),
+			})
+		if err != nil {
+			log.Fatalf("unable to create shared key authenticator")
+		}
+		security.Authenticators = map[string]auth.Authenticator{
+			authIssuer: authenticator,
+		}
+		resourceGatewayServerConfig.Security = security
+	}
+
+	return resourceGatewayServerConfig
+}
+
+// newSemaphoreConfig creates a SemaphoreConfig object with provided
+// cli arguments to initialize a new semaphore server
+func newSemaphoreConfig(c *cli.Context) *resourceGateway.SemaphoreConfig {
+	semaphoreConfig := resourceGateway.NewSemaphoreConfig()
+	if c.String("configMapName") != "" {
+		semaphoreConfig.ConfigMapName = c.String("configMapName")
+	}
+	if c.String("namespace") != "" {
+		semaphoreConfig.ConfigMapNamespace = c.String("namespace")
+	}
+	if c.String("configMapLabels") != "" {
+		configMapLabels := make(map[string]string)
+		for _, kv := range strings.Split(c.String("configMapLabels"), ",") {
+			kvSplit := strings.Split(kv, "=")
+			if len(kvSplit) != 2 {
+				logrus.Errorf("Invalid configMapLabels: %s", kvSplit)
+				continue
+			}
+			configMapLabels[kvSplit[0]] = kvSplit[1]
+		}
+		semaphoreConfig.ConfigMapLabels = configMapLabels
+	}
+	if c.Duration("configMapUpdatePeriod") != 0 {
+		semaphoreConfig.ConfigMapUpdatePeriod = c.Duration("configMapUpdatePeriod")
+	}
+	if c.Duration("deadClientTimeout") != 0 {
+		semaphoreConfig.DeadClientTimeout = c.Duration("deadClientTimeout")
+	}
+	return semaphoreConfig
+}
diff --git a/deploy/crds/core_v1_storagecluster_crd.yaml b/deploy/crds/core_v1_storagecluster_crd.yaml
index 021be0af90..4009485109 100644
--- a/deploy/crds/core_v1_storagecluster_crd.yaml
+++ b/deploy/crds/core_v1_storagecluster_crd.yaml
@@ -931,6 +931,45 @@ spec:
                           cpu:
                             type: string
                             description: CPU limit.
+              resourceGateway:
+                type: object
+                description: Contains spec of resource-gateway component for storage driver.
+                properties:
+                  enabled:
+                    type: boolean
+                    description: Flag indicating whether resource-gateway needs to be enabled.
+                  image:
+                    type: string
+                    description: Docker image of the resource-gateway container.
+                  args:
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
+                    description: >-
+                      It is a map of arguments provided to resource-gateway. Example: log-level: debug
+                  resources:
+                    type: object
+                    description: Specifies the resource requirements for the resource-gateway pod.
+                    properties:
+                      requests:
+                        type: object
+                        description: Requested resources.
+                        properties:
+                          memory:
+                            type: string
+                            description: Requested memory.
+                          cpu:
+                            type: string
+                            description: Requested cpu.
+                      limits:
+                        type: object
+                        description: Resource limit.
+                        properties:
+                          memory:
+                            type: string
+                            description: Memory limit.
+                          cpu:
+                            type: string
+                            description: CPU limit.
               monitoring:
                 type: object
                 description: Contains monitoring configuration for the storage cluster.
@@ -3902,6 +3941,9 @@ spec:
                   dynamicPluginProxy:
                     type: string
                     description: Desired image for nginx proxy image.
+                  resourceGateway:
+                    type: string
+                    description: Desired image for px resource gateway.
               conditions:
                 type: array
                 description: Contains details for the current condition of this cluster.
diff --git a/drivers/storage/portworx/component/component.go b/drivers/storage/portworx/component/component.go
index a5fe79dd6d..7b80b972cb 100644
--- a/drivers/storage/portworx/component/component.go
+++ b/drivers/storage/portworx/component/component.go
@@ -59,6 +59,7 @@ func Register(name string, c PortworxComponent) {
 	registerLock.Lock()
 	defer registerLock.Unlock()
 	components[name] = c
+	
 }
 
 // Get returns a PortworxComponent if present else returns (nil, false)
diff --git a/drivers/storage/portworx/component/resource_gateway.go b/drivers/storage/portworx/component/resource_gateway.go
new file mode 100644
index 0000000000..5624130976
--- /dev/null
+++ b/drivers/storage/portworx/component/resource_gateway.go
@@ -0,0 +1,421 @@
+package component
+
+import (
+	"context"
+	"fmt"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/hashicorp/go-version"
+	pxutil "github.com/libopenstorage/operator/drivers/storage/portworx/util"
+	corev1 "github.com/libopenstorage/operator/pkg/apis/core/v1"
+	"github.com/libopenstorage/operator/pkg/util"
+	k8sutil "github.com/libopenstorage/operator/pkg/util/k8s"
+	appsv1 "k8s.io/api/apps/v1"
+	v1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/intstr"
+	"k8s.io/client-go/tools/record"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+const (
+	// ResourceGatewayComponentName name of the ResourceGateway component
+	ResourceGatewayComponentName = "ResourceGateway"
+	// resourceGatewayStr common string value for resourceGateway k8s subparts
+	resourceGatewayStr = "resource-gateway"
+
+	// names for resource-gateway kubernetes resources
+	//
+	// ResourceGatewayServiceAccountName name of the resourceGateway service account
+	ResourceGatewayServiceAccountName = resourceGatewayStr
+	// ResourceGatewayRoleName name of the resourceGateway cluster role
+	ResourceGatewayRoleName = resourceGatewayStr
+	// ResourceGatewayRoleBindingName name of the resourceGateway cluster role binding
+	ResourceGatewayRoleBindingName = resourceGatewayStr
+	// ResourceGatewayDeploymentName name of the resourceGateway deployment
+	ResourceGatewayDeploymentName = resourceGatewayStr
+	// ResourceGatewayServiceName name of the resourceGateway service
+	ResourceGatewayServiceName = resourceGatewayStr
+	// ResourceGatewayContainerName name of the resourceGateway container
+	ResourceGatewayContainerName = resourceGatewayStr
+	// ResourceGatewayLabelName label name for resourceGateway
+	ResourceGatewayLabelName = resourceGatewayStr
+
+	// configuration values for resource-gateway deployment and service
+	//
+	// resourceGatewayPortName name of the resourceGateway port
+	resourceGatewayPortName = "resource-gate" // must be no more than 15 characters
+	// resourceGatewayDeploymentHost is the host resourceGateway deployment listens on
+	resourceGatewayDeploymentHost = "0.0.0.0"
+	// resourceGatewayPort common port for resourceGateway components
+	resourceGatewayPort = 50051
+	// resourceGatewayDeploymentPort is the port resourceGateway deployment listens on
+	resourceGatewayDeploymentPort = resourceGatewayPort
+	// resourceGatewayServicePort is the port resourceGateway service listens on
+	resourceGatewayServicePort = resourceGatewayPort
+
+	// configuration for resource-gateway deployment liveliness probe
+	//
+	// resourceGatewayLivenessProbeInitialDelaySeconds is the initial delay for the resource-gateway liveness probe
+	resourceGatewayLivenessProbeInitialDelaySeconds = 10
+	// resourceGatewayLivenessProbePeriodSeconds is the period for the resource-gateway liveness probe
+	resourceGatewayLivenessProbePeriodSeconds = 2
+)
+
+var defaultResourceGatewayCommandArgs = map[string]string{
+	"serverHost": resourceGatewayDeploymentHost,
+	"serverPort": strconv.Itoa(resourceGatewayPort),
+}
+
+// resourceGateway is the PortworxComponent implementation for the resource-gateway component
+type resourceGateway struct {
+	k8sClient client.Client
+}
+
+func (r *resourceGateway) Name() string {
+	return ResourceGatewayComponentName
+}
+
+func (r *resourceGateway) Priority() int32 {
+	return DefaultComponentPriority
+}
+
+func (r *resourceGateway) Initialize(
+	k8sClient client.Client,
+	_ version.Version,
+	_ *runtime.Scheme,
+	_ record.EventRecorder,
+) {
+	r.k8sClient = k8sClient
+}
+
+func (r *resourceGateway) IsPausedForMigration(cluster *corev1.StorageCluster) bool {
+	return util.ComponentsPausedForMigration(cluster)
+}
+
+func (r *resourceGateway) IsEnabled(cluster *corev1.StorageCluster) bool {
+	return cluster.Spec.ResourceGateway != nil && cluster.Spec.ResourceGateway.Enabled
+}
+
+func (r *resourceGateway) Reconcile(cluster *corev1.StorageCluster) error {
+	ownerRef := metav1.NewControllerRef(cluster, pxutil.StorageClusterKind())
+	if err := r.createServiceAccount(cluster.Namespace, ownerRef); err != nil {
+		return err
+	}
+	if err := r.createRole(cluster.Namespace, ownerRef); err != nil {
+		return err
+	}
+	if err := r.createRoleBinding(cluster.Namespace, ownerRef); err != nil {
+		return err
+	}
+	if err := r.createDeployment(cluster, ownerRef); err != nil {
+		return err
+	}
+	if err := r.createService(cluster, ownerRef); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (r *resourceGateway) Delete(cluster *corev1.StorageCluster) error {
+	ownerRef := metav1.NewControllerRef(cluster, pxutil.StorageClusterKind())
+	if err := k8sutil.DeleteServiceAccount(r.k8sClient, ResourceGatewayServiceAccountName, cluster.Namespace, *ownerRef); err != nil {
+		return err
+	}
+	if err := k8sutil.DeleteRole(r.k8sClient, ResourceGatewayRoleName, cluster.Namespace, *ownerRef); err != nil {
+		return err
+	}
+	if err := k8sutil.DeleteRoleBinding(r.k8sClient, ResourceGatewayRoleBindingName, cluster.Namespace, *ownerRef); err != nil {
+		return err
+	}
+	if err := k8sutil.DeleteDeployment(r.k8sClient, ResourceGatewayDeploymentName, cluster.Namespace, *ownerRef); err != nil {
+		return err
+	}
+	if err := k8sutil.DeleteService(r.k8sClient, ResourceGatewayServiceName, cluster.Namespace, *ownerRef); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (r *resourceGateway) MarkDeleted() {}
+
+func (r *resourceGateway) createServiceAccount(
+	clusterNamespace string,
+	ownerRef *metav1.OwnerReference,
+) error {
+	return k8sutil.CreateOrUpdateServiceAccount(
+		r.k8sClient,
+		&v1.ServiceAccount{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:            ResourceGatewayServiceAccountName,
+				Namespace:       clusterNamespace,
+				OwnerReferences: []metav1.OwnerReference{*ownerRef},
+			},
+		},
+		ownerRef,
+	)
+}
+
+func (r *resourceGateway) createRole(
+	clusterNamespace string,
+	ownerRef *metav1.OwnerReference,
+) error {
+	return k8sutil.CreateOrUpdateRole(
+		r.k8sClient,
+		&rbacv1.Role{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      ResourceGatewayRoleName,
+				Namespace: clusterNamespace,
+			},
+			Rules: []rbacv1.PolicyRule{
+				{
+					APIGroups: []string{""},
+					Resources: []string{"configmaps"},
+					Verbs:     []string{"create", "get", "list", "patch", "update", "watch"},
+				},
+			},
+		},
+		ownerRef,
+	)
+}
+
+func (r *resourceGateway) createRoleBinding(
+	clusterNamespace string,
+	ownerRef *metav1.OwnerReference,
+) error {
+	return k8sutil.CreateOrUpdateRoleBinding(
+		r.k8sClient,
+		&rbacv1.RoleBinding{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      ResourceGatewayRoleBindingName,
+				Namespace: clusterNamespace,
+			},
+			Subjects: []rbacv1.Subject{
+				{
+					Kind: "ServiceAccount",
+					Name: ResourceGatewayServiceAccountName,
+				},
+			},
+			RoleRef: rbacv1.RoleRef{
+				Kind:     "Role",
+				Name:     ResourceGatewayRoleName,
+				APIGroup: "rbac.authorization.k8s.io",
+			},
+		},
+		ownerRef,
+	)
+}
+
+func (r *resourceGateway) getImage(cluster *corev1.StorageCluster) string {
+	image := cluster.Spec.ResourceGateway.Image
+	if image == "" {
+		image = cluster.Status.DesiredImages.ResourceGateway
+	}
+	if image != "" {
+		image = util.GetImageURN(cluster, image)
+	}
+	return image
+}
+
+// getCommand returns the command to run the resource-gateway server with custom configuration
+// it uses the configuration values from the StorageCluster spec and sets default values if not present
+func (r *resourceGateway) getCommand(cluster *corev1.StorageCluster) []string {
+	args := map[string]string{}
+
+	// parse user arguments from the StorageCluster spec
+	for k, v := range cluster.Spec.ResourceGateway.Args {
+		key := strings.TrimLeft(k, "-")
+		if len(key) > 0 && len(v) > 0 {
+			args[key] = v
+		}
+	}
+
+	// fill in the missing arguments with default values
+	defaultResourceGatewayCommandArgs["namespace"] = cluster.Namespace // set namespace
+	for k, v := range defaultResourceGatewayCommandArgs {
+		if _, ok := args[k]; !ok {
+			args[k] = v
+		}
+	}
+
+	argList := make([]string, 0)
+	for k, v := range args {
+		argList = append(argList, fmt.Sprintf("--%s=%s", k, v))
+	}
+	sort.Strings(argList)
+
+	command := append([]string{"/resource-gateway"}, argList...)
+	return command
+}
+
+func (r *resourceGateway) createDeployment(
+	cluster *corev1.StorageCluster,
+	ownerRef *metav1.OwnerReference,
+) error {
+	// get the existing deployment
+	existingDeployment := &appsv1.Deployment{}
+	err := r.k8sClient.Get(
+		context.TODO(),
+		types.NamespacedName{
+			Name:      ResourceGatewayDeploymentName,
+			Namespace: cluster.Namespace,
+		},
+		existingDeployment,
+	)
+	if err != nil && !errors.IsNotFound(err) {
+		return err
+	}
+
+	// get the target deployment
+	imageName := r.getImage(cluster)
+	if imageName == "" {
+		return fmt.Errorf("px reosurce gateway image cannot be empty")
+	}
+	command := r.getCommand(cluster)
+	targetDeployment := r.getResourceGatewayDeploymentSpec(cluster, ownerRef, imageName, command)
+
+	// compare existing and target deployments and create/update the deployment if necessary
+	isPodTemplateEqual, _ := util.DeepEqualPodTemplate(&targetDeployment.Spec.Template, &existingDeployment.Spec.Template)
+	if !isPodTemplateEqual {
+		if err = k8sutil.CreateOrUpdateDeployment(r.k8sClient, targetDeployment, ownerRef); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (r *resourceGateway) createService(
+	cluster *corev1.StorageCluster,
+	ownerRef *metav1.OwnerReference,
+) error {
+	return k8sutil.CreateOrUpdateService(
+		r.k8sClient,
+		&v1.Service{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:            ResourceGatewayServiceName,
+				Namespace:       cluster.Namespace,
+				OwnerReferences: []metav1.OwnerReference{*ownerRef},
+			},
+			Spec: v1.ServiceSpec{
+				Type: v1.ServiceTypeClusterIP,
+				Selector: map[string]string{
+					"name": ResourceGatewayLabelName,
+				},
+				Ports: []v1.ServicePort{
+					{
+						Name:       resourceGatewayPortName,
+						Port:       resourceGatewayServicePort,
+						TargetPort: intstr.FromInt(resourceGatewayDeploymentPort),
+						Protocol:   v1.ProtocolTCP,
+					},
+				},
+			},
+		},
+		ownerRef,
+	)
+}
+
+func (r *resourceGateway) getResourceGatewayDeploymentSpec(
+	cluster *corev1.StorageCluster,
+	ownerRef *metav1.OwnerReference,
+	imageName string,
+	command []string,
+) *appsv1.Deployment {
+	commonLabels := map[string]string{
+		"name": ResourceGatewayLabelName,
+		"tier": "control-plane",
+	}
+
+	replicas := int32(1)
+	imagePullPolicy := pxutil.ImagePullPolicy(cluster)
+
+	// get the security environment variables
+	envMap := map[string]*v1.EnvVar{}
+	pxutil.PopulateSecurityEnvironmentVariables(cluster, envMap)
+	envList := make([]v1.EnvVar, 0)
+	for _, env := range envMap {
+		envList = append(envList, *env)
+	}
+
+	deployment := &appsv1.Deployment{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:            ResourceGatewayDeploymentName,
+			Namespace:       cluster.Namespace,
+			Labels:          commonLabels,
+			OwnerReferences: []metav1.OwnerReference{*ownerRef},
+		},
+		Spec: appsv1.DeploymentSpec{
+			Selector: &metav1.LabelSelector{
+				MatchLabels: commonLabels,
+			},
+			Replicas: &replicas,
+			Template: v1.PodTemplateSpec{
+				ObjectMeta: metav1.ObjectMeta{
+					Labels: commonLabels,
+				},
+				Spec: v1.PodSpec{
+					ServiceAccountName: ResourceGatewayServiceAccountName,
+					Containers: []v1.Container{
+						{
+							Name:            ResourceGatewayContainerName,
+							Image:           imageName,
+							ImagePullPolicy: imagePullPolicy,
+							Env:             envList,
+							Command:         command,
+							SecurityContext: &v1.SecurityContext{
+								AllowPrivilegeEscalation: boolPtr(false),
+								Privileged:               boolPtr(false),
+							},
+							Ports: []v1.ContainerPort{
+								{
+									Name:          resourceGatewayPortName,
+									ContainerPort: resourceGatewayDeploymentPort,
+									Protocol:      v1.ProtocolTCP,
+								},
+							},
+							LivenessProbe: &v1.Probe{
+								ProbeHandler: v1.ProbeHandler{
+									GRPC: &v1.GRPCAction{
+										Port: resourceGatewayServicePort,
+									},
+								},
+								InitialDelaySeconds: resourceGatewayLivenessProbeInitialDelaySeconds,
+								PeriodSeconds:       resourceGatewayLivenessProbePeriodSeconds,
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	if cluster.Spec.ImagePullSecret != nil && *cluster.Spec.ImagePullSecret != "" {
+		deployment.Spec.Template.Spec.ImagePullSecrets = append(
+			[]v1.LocalObjectReference{},
+			v1.LocalObjectReference{
+				Name: *cluster.Spec.ImagePullSecret,
+			},
+		)
+	}
+
+	if cluster.Spec.ResourceGateway.Resources != nil {
+		deployment.Spec.Template.Spec.Containers[0].Resources = *cluster.Spec.ResourceGateway.Resources
+	}
+
+	return deployment
+}
+
+// RegisterResourceGatewayComponent registers the ResourceGateway component
+func RegisterResourceGatewayComponent() {
+	Register(ResourceGatewayComponentName, &resourceGateway{})
+}
+
+func init() {
+	RegisterResourceGatewayComponent()
+}
diff --git a/drivers/storage/portworx/components_test.go b/drivers/storage/portworx/components_test.go
index 6a2de2ced1..766f74c4b3 100644
--- a/drivers/storage/portworx/components_test.go
+++ b/drivers/storage/portworx/components_test.go
@@ -3345,6 +3345,221 @@ func TestLighthouseSidecarsOverrideWithEnv(t *testing.T) {
 	require.Equal(t, "docker.io/test/stork-connector:t2", image)
 }
 
+func setupTestEnv(t *testing.T) (portworx, client.Client) {
+	// Start test with newer version (1.25 beyond) of Kubernetes first, on which PodSecurityPolicy is no longer existing
+	mockCtrl := gomock.NewController(t)
+	versionClient := fakek8sclient.NewSimpleClientset()
+	versionClient.Discovery().(*fakediscovery.FakeDiscovery).FakedServerVersion = &version.Info{
+		GitVersion: "v1.25.0",
+	}
+	setUpMockCoreOps(mockCtrl, versionClient)
+	fakeExtClient := fakeextclient.NewSimpleClientset()
+	apiextensionsops.SetInstance(apiextensionsops.New(fakeExtClient))
+	reregisterComponents()
+	k8sClient := testutil.FakeK8sClient()
+	driver := portworx{}
+	err := driver.Init(k8sClient, runtime.NewScheme(), record.NewFakeRecorder(0))
+	require.NoError(t, err)
+	return driver, k8sClient
+}
+
+func createStorageClusterWithResourceGateway() *corev1.StorageCluster {
+	return &corev1.StorageCluster{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "px-cluster",
+			Namespace: "kube-test",
+		},
+		Spec: corev1.StorageClusterSpec{
+			Monitoring: &corev1.MonitoringSpec{Telemetry: &corev1.TelemetrySpec{}}, // required to run test
+			ResourceGateway: &corev1.ResourceGatewaySpec{
+				Enabled: true,
+				Image:   "portworx/operator:1.1.1",
+			},
+		},
+	}
+}
+
+func TestResourceGatewayBasicInstall(t *testing.T) {
+	logrus.SetLevel(logrus.DebugLevel)
+	driver, k8sClient := setupTestEnv(t)
+
+	// create StorageCluster with ResourceGateway enabled
+	cluster := createStorageClusterWithResourceGateway()
+
+	err := driver.SetDefaultsOnStorageCluster(cluster)
+	require.NoError(t, err)
+
+	err = driver.PreInstall(cluster)
+	require.NoError(t, err)
+
+	// Resource Gateway ServiceAccount
+	serviceAccount := &v1.ServiceAccount{}
+	err = testutil.Get(k8sClient, serviceAccount, component.ResourceGatewayServiceAccountName, cluster.Namespace)
+	require.NoError(t, err)
+	require.Equal(t, component.ResourceGatewayServiceAccountName, serviceAccount.Name)
+	require.Equal(t, cluster.Namespace, serviceAccount.Namespace)
+	require.Len(t, serviceAccount.OwnerReferences, 1)
+	require.Equal(t, cluster.Name, serviceAccount.OwnerReferences[0].Name)
+
+	// Resource Gateway Role
+	expectedRole := testutil.GetExpectedRole(t, "resourceGatewayRole.yaml")
+	actualRole := &rbacv1.Role{}
+	err = testutil.Get(k8sClient, actualRole, component.ResourceGatewayRoleName, cluster.Namespace)
+	require.NoError(t, err)
+	require.Equal(t, expectedRole.Name, actualRole.Name)
+	require.Empty(t, actualRole.OwnerReferences)
+	require.ElementsMatch(t, expectedRole.Rules, actualRole.Rules)
+
+	// Resource Gateway RoleBinding
+	expectedRoleBinding := testutil.GetExpectedRoleBinding(t, "resourceGatewayRoleBinding.yaml")
+	actualRoleBinding := &rbacv1.RoleBinding{}
+	err = testutil.Get(k8sClient, actualRoleBinding, component.ResourceGatewayRoleBindingName, cluster.Namespace)
+	require.NoError(t, err)
+	require.Equal(t, expectedRoleBinding.Name, actualRoleBinding.Name)
+	require.Empty(t, actualRoleBinding.OwnerReferences)
+	require.ElementsMatch(t, expectedRoleBinding.Subjects, actualRoleBinding.Subjects)
+	require.Equal(t, expectedRoleBinding.RoleRef, actualRoleBinding.RoleRef)
+
+	// Resource Gateway Deployment
+	expectedDeployment := testutil.GetExpectedDeployment(t, "resourceGatewayDeployment.yaml")
+	resourceGatewayDeployment := &appsv1.Deployment{}
+	err = testutil.Get(k8sClient, resourceGatewayDeployment, component.ResourceGatewayDeploymentName, cluster.Namespace)
+	require.NoError(t, err)
+	resourceGatewayDeployment.ResourceVersion = ""
+	require.Equal(t, expectedDeployment, resourceGatewayDeployment)
+
+	// Resource Gateway Service
+	expectedService := testutil.GetExpectedService(t, "resourceGatewayService.yaml")
+	actualService := &v1.Service{}
+	err = testutil.Get(k8sClient, actualService, component.ResourceGatewayServiceName, cluster.Namespace)
+	require.NoError(t, err)
+	require.Equal(t, expectedService.Name, actualService.Name)
+	require.Equal(t, expectedService.Namespace, actualService.Namespace)
+	require.Len(t, actualService.OwnerReferences, 1)
+	require.Equal(t, cluster.Name, actualService.OwnerReferences[0].Name)
+	require.Equal(t, expectedService.Labels, actualService.Labels)
+	require.Equal(t, expectedService.Spec, actualService.Spec)
+}
+
+func TestResourceGatewayWithSecurity(t *testing.T) {
+	logrus.SetLevel(logrus.DebugLevel)
+	driver, k8sClient := setupTestEnv(t)
+
+	// create StorageCluster with ResourceGateway and Security enabled
+	cluster := createStorageClusterWithResourceGateway()
+	cluster.Spec.Security = &corev1.SecuritySpec{
+		Enabled: true,
+		Auth: &corev1.AuthSpec{
+			SelfSigned: &corev1.SelfSignedSpec{
+				Issuer:        stringPtr(defaultSelfSignedIssuer),
+				TokenLifetime: stringPtr(defaultTokenLifetime),
+				SharedSecret:  stringPtr(pxutil.SecurityPXSharedSecretSecretName),
+			},
+		},
+	}
+
+	err := driver.SetDefaultsOnStorageCluster(cluster)
+	require.NoError(t, err)
+
+	err = driver.PreInstall(cluster)
+	require.NoError(t, err)
+
+	// Resource Gateway Deployment
+	resourceGatewayDeployment := &appsv1.Deployment{}
+	err = testutil.Get(k8sClient, resourceGatewayDeployment, component.ResourceGatewayDeploymentName, cluster.Namespace)
+	require.NoError(t, err)
+
+	jwtIssuer := ""
+	var sharedSecretSet, appsSecretSet, systemSecretSet bool
+	actualContainer := resourceGatewayDeployment.Spec.Template.Spec.Containers[0]
+
+	for _, env := range actualContainer.Env {
+		if env.Name == pxutil.EnvKeyPortworxAuthJwtIssuer {
+			jwtIssuer = env.Value
+		}
+		if env.Name == pxutil.EnvKeyPortworxAuthJwtSharedSecret {
+			sharedSecretSet = true
+		}
+		if env.Name == pxutil.EnvKeyPortworxAuthSystemKey {
+			systemSecretSet = true
+		}
+		if env.Name == pxutil.EnvKeyPortworxAuthSystemAppsKey {
+			appsSecretSet = true
+		}
+	}
+	assert.Equal(t, defaultSelfSignedIssuer, jwtIssuer)
+	assert.True(t, sharedSecretSet)
+	assert.True(t, systemSecretSet)
+	assert.True(t, appsSecretSet)
+}
+
+func TestResourceGatewayWithCustomArguments(t *testing.T) {
+	logrus.SetLevel(logrus.DebugLevel)
+	driver, k8sClient := setupTestEnv(t)
+
+	// create StorageCluster with ResourceGateway with custom arguments provided
+	cluster := createStorageClusterWithResourceGateway()
+	cluster.Spec.ResourceGateway.Args = map[string]string{
+		"configMapUpdatePeriod": "10s",
+		"deadClientTimeout":     "30s",
+	}
+
+	err := driver.SetDefaultsOnStorageCluster(cluster)
+	require.NoError(t, err)
+
+	err = driver.PreInstall(cluster)
+	require.NoError(t, err)
+
+	// Resource Gateway Deployment
+	resourceGatewayDeployment := &appsv1.Deployment{}
+	err = testutil.Get(k8sClient, resourceGatewayDeployment, component.ResourceGatewayDeploymentName, cluster.Namespace)
+	require.NoError(t, err)
+
+	expectedCommand := []string{
+		"/resource-gateway",
+		"--configMapUpdatePeriod=10s",
+		"--deadClientTimeout=30s",
+		"--namespace=kube-test",
+		"--serverHost=0.0.0.0",
+		"--serverPort=50051",
+	}
+
+	actualCommand := resourceGatewayDeployment.Spec.Template.Spec.Containers[0].Command
+	require.Equal(t, expectedCommand, actualCommand)
+}
+
+func TestResourceGatewayWithCustomResources(t *testing.T) {
+	logrus.SetLevel(logrus.DebugLevel)
+	driver, k8sClient := setupTestEnv(t)
+
+	// create StorageCluster with ResourceGateway with custom resources limits and requests
+	cluster := createStorageClusterWithResourceGateway()
+	cluster.Spec.ResourceGateway.Resources = &v1.ResourceRequirements{
+		Limits: v1.ResourceList{
+			v1.ResourceCPU:    resource.MustParse("2"),
+			v1.ResourceMemory: resource.MustParse("2Gi"),
+		},
+		Requests: v1.ResourceList{
+			v1.ResourceCPU:    resource.MustParse("1"),
+			v1.ResourceMemory: resource.MustParse("1Gi"),
+		},
+	}
+
+	err := driver.SetDefaultsOnStorageCluster(cluster)
+	require.NoError(t, err)
+
+	err = driver.PreInstall(cluster)
+	require.NoError(t, err)
+
+	// Resource Gateway Deployment
+	resourceGatewayDeployment := &appsv1.Deployment{}
+	err = testutil.Get(k8sClient, resourceGatewayDeployment, component.ResourceGatewayDeploymentName, cluster.Namespace)
+	require.NoError(t, err)
+
+	require.Equal(t, *cluster.Spec.ResourceGateway.Resources, resourceGatewayDeployment.Spec.Template.Spec.Containers[0].Resources)
+
+}
+
 func TestAutopilotInstall(t *testing.T) {
 	// Start test with newer version (1.25 beyond) of Kubernetes first, on which PodSecurityPolicy is no longer existing
 	mockCtrl := gomock.NewController(t)
@@ -3496,7 +3711,6 @@ func TestAutopilotInstall(t *testing.T) {
 	require.Equal(t, expectedCR.Name, actualCR.Name)
 	require.Empty(t, actualCR.OwnerReferences)
 	require.ElementsMatch(t, expectedCR.Rules, actualCR.Rules)
-
 }
 
 func TestAutopilotWithoutImage(t *testing.T) {
@@ -17816,6 +18030,7 @@ func reregisterComponents() {
 	component.RegisterTelemetryComponent()
 	component.RegisterSCCComponent()
 	component.RegisterPortworxPluginComponent()
+	component.RegisterResourceGatewayComponent()
 	pxutil.SpecsBaseDir = func() string {
 		return "../../../bin/configs"
 	}
diff --git a/drivers/storage/portworx/testspec/prometheusRule.yaml b/drivers/storage/portworx/testspec/prometheusRule.yaml
index b956758cb2..24a1cd1b2e 100644
--- a/drivers/storage/portworx/testspec/prometheusRule.yaml
+++ b/drivers/storage/portworx/testspec/prometheusRule.yaml
@@ -205,7 +205,7 @@ spec:
       expr: px_alerts_poolexpandsuccessful > 1
       labels:
         issue: Portworx pool expand successful.
-        severity: warning
+        severity: info
         resource_type: portworx-node
         resource_name: "{{$labels.node}}"
         scrape_target_type: portworx-node
@@ -231,7 +231,7 @@ spec:
       expr: px_alerts_volumeresizesuccessful == 1
       labels:
         issue: Portworx volume resize successful.
-        severity: warning
+        severity: info
         resource_type: portworx-volume
         resource_name: "{{$labels.volumeid}}"
         scrape_target_type: portworx-node
diff --git a/drivers/storage/portworx/testspec/resourceGatewayDeployment.yaml b/drivers/storage/portworx/testspec/resourceGatewayDeployment.yaml
new file mode 100644
index 0000000000..599fed2e08
--- /dev/null
+++ b/drivers/storage/portworx/testspec/resourceGatewayDeployment.yaml
@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    name: resource-gateway
+    tier: control-plane
+  name: resource-gateway
+  namespace: kube-test
+  ownerReferences:
+    - apiVersion: core.libopenstorage.org/v1
+      blockOwnerDeletion: true
+      controller: true
+      kind: StorageCluster
+      name: px-cluster
+spec:
+  selector:
+    matchLabels:
+      name: resource-gateway
+      tier: control-plane
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        name: resource-gateway
+        tier: control-plane
+    spec:
+      serviceAccountName: resource-gateway
+      containers:
+      - name: resource-gateway
+        image: docker.io/portworx/operator:1.1.1
+        imagePullPolicy: Always
+        command:
+        - /resource-gateway
+        - --namespace=kube-test
+        - --serverHost=0.0.0.0
+        - --serverPort=50051
+        securityContext:
+          allowPrivilegeEscalation: false       
+          privileged: false
+        livenessProbe:
+          grpc:
+            port: 50051
+          initialDelaySeconds: 10
+          periodSeconds: 2
+        ports:
+        - containerPort: 50051
+          name: resource-gate
+          protocol: TCP
\ No newline at end of file
diff --git a/drivers/storage/portworx/testspec/resourceGatewayRole.yaml b/drivers/storage/portworx/testspec/resourceGatewayRole.yaml
new file mode 100644
index 0000000000..48b9ea883c
--- /dev/null
+++ b/drivers/storage/portworx/testspec/resourceGatewayRole.yaml
@@ -0,0 +1,9 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+   name: resource-gateway
+   namespace: kube-test
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["create", "get", "list", "patch", "update", "watch"]
diff --git a/drivers/storage/portworx/testspec/resourceGatewayRoleBinding.yaml b/drivers/storage/portworx/testspec/resourceGatewayRoleBinding.yaml
new file mode 100644
index 0000000000..3b81e8dfec
--- /dev/null
+++ b/drivers/storage/portworx/testspec/resourceGatewayRoleBinding.yaml
@@ -0,0 +1,12 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: resource-gateway
+  namespace: kube-test
+subjects:
+- kind: ServiceAccount
+  name: resource-gateway
+roleRef:
+  kind: Role
+  name: resource-gateway
+  apiGroup: rbac.authorization.k8s.io
diff --git a/drivers/storage/portworx/testspec/resourceGatewayService.yaml b/drivers/storage/portworx/testspec/resourceGatewayService.yaml
new file mode 100644
index 0000000000..e4003f0933
--- /dev/null
+++ b/drivers/storage/portworx/testspec/resourceGatewayService.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: resource-gateway
+  namespace: kube-test
+spec:
+  type: ClusterIP
+  ports:
+    - name: resource-gate
+      port: 50051
+      targetPort: 50051
+      protocol: TCP
+  selector:
+    name: resource-gateway
diff --git a/drivers/storage/portworx/util/util.go b/drivers/storage/portworx/util/util.go
index 15cf2c9c09..c69e2f69aa 100644
--- a/drivers/storage/portworx/util/util.go
+++ b/drivers/storage/portworx/util/util.go
@@ -1533,3 +1533,75 @@ func ShouldUseClusterDomain(node *api.StorageNode) (bool, error) {
 	}
 	return true, nil
 }
+
+func PopulateSecurityEnvironmentVariables(
+	cluster *corev1.StorageCluster,
+	envMap map[string]*v1.EnvVar,
+) {
+	if !SecurityEnabled(cluster) {
+		return
+	}
+	envMap[EnvKeyPortworxAuthJwtSharedSecret] = &v1.EnvVar{
+		Name: EnvKeyPortworxAuthJwtSharedSecret,
+		ValueFrom: &v1.EnvVarSource{
+			SecretKeyRef: &v1.SecretKeySelector{
+				LocalObjectReference: v1.LocalObjectReference{
+					Name: *cluster.Spec.Security.Auth.SelfSigned.SharedSecret,
+				},
+				Key: SecuritySharedSecretKey,
+			},
+		},
+	}
+	envMap[EnvKeyPortworxAuthSystemKey] = &v1.EnvVar{
+		Name: EnvKeyPortworxAuthSystemKey,
+		ValueFrom: &v1.EnvVarSource{
+			SecretKeyRef: &v1.SecretKeySelector{
+				LocalObjectReference: v1.LocalObjectReference{
+					Name: SecurityPXSystemSecretsSecretName,
+				},
+				Key: SecuritySystemSecretKey,
+			},
+		},
+	}
+	envMap[EnvKeyPortworxAuthJwtIssuer] = &v1.EnvVar{
+		Name:  EnvKeyPortworxAuthJwtIssuer,
+		Value: *cluster.Spec.Security.Auth.SelfSigned.Issuer,
+	}
+	pxVersion := GetPortworxVersion(cluster)
+	storkVersion := GetStorkVersion(cluster)
+	pxAppsIssuerVersion, err := version.NewVersion("2.6.0")
+	if err != nil {
+		logrus.Errorf("failed to create PX version variable 2.6.0: %s", err.Error())
+	}
+	storkIssuerVersion, err := version.NewVersion("2.5.0")
+	if err != nil {
+		logrus.Errorf("failed to create Stork version variable 2.5.0: %s", err.Error())
+	}
+	// apps issuer was added in PX version 2.6.0
+	if pxVersion.GreaterThanOrEqual(pxAppsIssuerVersion) && storkVersion.GreaterThanOrEqual(storkIssuerVersion) {
+		envMap[EnvKeyPortworxAuthSystemAppsKey] = &v1.EnvVar{
+			Name: EnvKeyPortworxAuthSystemAppsKey,
+			ValueFrom: &v1.EnvVarSource{
+				SecretKeyRef: &v1.SecretKeySelector{
+					LocalObjectReference: v1.LocalObjectReference{
+						Name: SecurityPXSystemSecretsSecretName,
+					},
+					Key: SecurityAppsSecretKey,
+				},
+			},
+		}
+	} else {
+		// otherwise, use the stork issuer for pre-2.6 support
+		envMap[EnvKeyPortworxAuthStorkKey] = &v1.EnvVar{
+			Name: EnvKeyPortworxAuthStorkKey,
+			ValueFrom: &v1.EnvVarSource{
+				SecretKeyRef: &v1.SecretKeySelector{
+					LocalObjectReference: v1.LocalObjectReference{
+						Name: SecurityPXSystemSecretsSecretName,
+					},
+					Key: SecurityAppsSecretKey,
+				},
+			},
+		}
+	}
+}
diff --git a/go.mod b/go.mod
index 12de8bca47..0693f7daf8 100644
--- a/go.mod
+++ b/go.mod
@@ -7,10 +7,12 @@ require (
 	github.com/go-logr/logr v1.3.0
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/golang/mock v1.6.0
+	github.com/golang/protobuf v1.5.4
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/google/uuid v1.5.0
+	github.com/google/uuid v1.6.0
 	github.com/hashicorp/go-version v1.6.0
 	github.com/libopenstorage/cloudops v0.0.0-20221107233229-3fa4664e96b1
+	github.com/libopenstorage/grpc-framework v0.1.4
 	github.com/libopenstorage/openstorage v9.4.47+incompatible
 	github.com/openshift/api v0.0.0-20230503133300-8bbcb7ca7183
 	github.com/pborman/uuid v1.2.1
@@ -19,12 +21,13 @@ require (
 	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.63.0
 	github.com/prometheus-operator/prometheus-operator/pkg/client v0.46.0
 	github.com/sirupsen/logrus v1.9.3
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.9.0
 	github.com/urfave/cli v1.22.12
-	golang.org/x/sys v0.16.0
-	google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0
-	google.golang.org/grpc v1.60.1
-	google.golang.org/protobuf v1.32.0
+	golang.org/x/net v0.27.0
+	golang.org/x/sys v0.22.0
+	google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d
+	google.golang.org/grpc v1.65.0
+	google.golang.org/protobuf v1.34.2
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.27.1
 	k8s.io/apiextensions-apiserver v0.26.5
@@ -45,11 +48,12 @@ require (
 require (
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0 // indirect
 	github.com/codeskyblue/go-sh v0.0.0-20170112005953-b097669b1569 // indirect
 	github.com/coreos/etcd v3.3.13+incompatible // indirect
 	github.com/coreos/go-oidc v2.2.1+incompatible // indirect
+	github.com/coreos/go-oidc/v3 v3.11.0 // indirect
 	github.com/coreos/go-semver v0.3.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
@@ -59,17 +63,19 @@ require (
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/fatih/color v1.15.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.3 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
+	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
 	github.com/hashicorp/consul/api v1.20.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-hclog v1.4.0 // indirect
@@ -85,7 +91,6 @@ require (
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.17 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
@@ -97,25 +102,24 @@ require (
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/pquerna/cachecontrol v0.1.0 // indirect
-	github.com/prometheus/client_golang v1.15.1 // indirect
-	github.com/prometheus/client_model v0.4.0 // indirect
-	github.com/prometheus/common v0.42.0 // indirect
-	github.com/prometheus/procfs v0.9.0 // indirect
+	github.com/prometheus/client_golang v1.19.1 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/rs/cors v1.11.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/stretchr/objx v0.5.0 // indirect
-	golang.org/x/crypto v0.18.0 // indirect
-	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/net v0.20.0 // indirect
-	golang.org/x/oauth2 v0.16.0 // indirect
-	golang.org/x/term v0.16.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
+	golang.org/x/crypto v0.25.0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/oauth2 v0.21.0 // indirect
+	golang.org/x/term v0.22.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.13.0 // indirect
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto v0.0.0-20231212172506-995d672761c0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/go.sum b/go.sum
index 7f810ceff3..aece394f5a 100644
--- a/go.sum
+++ b/go.sum
@@ -62,6 +62,7 @@ cloud.google.com/go v0.110.7/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5x
 cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk=
 cloud.google.com/go v0.110.9/go.mod h1:rpxevX/0Lqvlbc88b7Sc1SPNdyK1riNBTUU6JXhYNpM=
 cloud.google.com/go v0.110.10/go.mod h1:v1OoFqYxiBkUrruItNM3eT4lLByNjxmJSV/xDKJNnic=
+cloud.google.com/go v0.111.0 h1:YHLKNupSD1KqjDbQ3+LVdQ81h/UJbJyZG203cEfnQgM=
 cloud.google.com/go v0.111.0/go.mod h1:0mibmpKP1TyOOFYQY5izo0LnT+ecvOQ0Sg3OdmMiNRU=
 cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4=
 cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw=
@@ -330,11 +331,14 @@ cloud.google.com/go/compute v1.21.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdi
 cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
 cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78=
 cloud.google.com/go/compute v1.23.2/go.mod h1:JJ0atRC0J/oWYiiVBmsSsrRnh92DhZPG4hFDcR04Rns=
+cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk=
 cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI=
 cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU=
 cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
+cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
+cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 cloud.google.com/go/contactcenterinsights v1.3.0/go.mod h1:Eu2oemoePuEFc/xKFPjbTuPSj0fYJcPls9TFlPNnHHY=
 cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJoT9YiTTnSEd6fEvCeHTYVck=
 cloud.google.com/go/contactcenterinsights v1.6.0/go.mod h1:IIDlT6CLcDoyv79kDv8iWxMSTZhLxSCofVV5W6YFM/w=
@@ -1763,8 +1767,9 @@ github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghf
 github.com/cespare/xxhash/v2 v2.1.0/go.mod h1:dgIUBU3pDso/gPgZ1osOZ0iQf77oPR28Tjxl5dIMyVM=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
 github.com/charithe/durationcheck v0.0.9/go.mod h1:SSbRIBVfMjCi/kEB6K65XEA83D6prSM8ap1UCpNKtgg=
 github.com/chavacava/garif v0.0.0-20220630083739-93517212f375/go.mod h1:4m1Rv7xfuwWPNKXlThldNuJvutYM6J95wNuuVmn55To=
@@ -1995,6 +2000,8 @@ github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjs
 github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-oidc/v3 v3.5.0/go.mod h1:ecXRtV4romGPeO6ieExAsUK9cb/3fp9hXNz1tlv8PIM=
 github.com/coreos/go-oidc/v3 v3.9.0/go.mod h1:rTKz2PYwftcrtoCzV5g5kvfJoWcm0Mk8AF8y1iAQro4=
+github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI=
+github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@@ -2340,6 +2347,8 @@ github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3I
 github.com/go-ini/ini v1.66.6/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
+github.com/go-jose/go-jose/v4 v4.0.3 h1:o8aphO8Hv6RPmH+GfzVuyf7YXSBibp+8YyHdOoDESGo=
+github.com/go-jose/go-jose/v4 v4.0.3/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
@@ -2702,8 +2711,9 @@ github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/golang/snappy v0.0.0-20170215233205-553a64147049/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
@@ -2858,8 +2868,9 @@ github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
 github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/wire v0.4.0/go.mod h1:ngWDr9Qvq3yZA10YrxfyGELY/AFWGVpy9c1LTRi1EoU=
 github.com/googleapis/cloud-bigtable-clients-test v0.0.0-20221104150409-300c96f7b1f5/go.mod h1:Udm7et5Lt9Xtzd4n07/kKP80IdlR4zVDjtlUZEO2Dd8=
 github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
@@ -2983,6 +2994,8 @@ github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4Zs
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.2/go.mod h1:7pdNwVWBBHGiCxa9lAszqCJMbfTISJ7oMftp8+UGV08=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI=
 github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed/go.mod h1:tMWxXQ9wFIaZeTI9F+hmhFiGpFmhOHzyShyFUhRm0H4=
 github.com/hashicorp/consul-template v0.25.0/go.mod h1:/vUsrJvDuuQHcxEw0zik+YXTS7ZKWZjQeaQhshBmfH0=
@@ -3500,6 +3513,8 @@ github.com/libopenstorage/external-storage v5.1.1-0.20190919185747-9394ee8dd536+
 github.com/libopenstorage/gossip v0.0.0-20190507031959-c26073a01952/go.mod h1:TjXt2Iz2bTkpfc4Q6xN0ttiNipTVwEEYoZSMZHlfPek=
 github.com/libopenstorage/gossip v0.0.0-20200808224301-d5287c7c8b24/go.mod h1:TjXt2Iz2bTkpfc4Q6xN0ttiNipTVwEEYoZSMZHlfPek=
 github.com/libopenstorage/gossip v0.0.0-20220309192431-44c895e0923e/go.mod h1:TjXt2Iz2bTkpfc4Q6xN0ttiNipTVwEEYoZSMZHlfPek=
+github.com/libopenstorage/grpc-framework v0.1.4 h1:0IEQ73UE5kc3GukW0qwL0aCp7QKPEM+PJgau81NIGZo=
+github.com/libopenstorage/grpc-framework v0.1.4/go.mod h1:ifKXukHbd75tqTb4NXgnofNlyr5CHeIg/NI7bSHG9aU=
 github.com/libopenstorage/openstorage v1.0.1-0.20240221210452-7757fdc2b8ff h1:9uognDSvafpcrNICT8I5OJRt9TlLeV61cF6nIl9KwBQ=
 github.com/libopenstorage/openstorage v1.0.1-0.20240221210452-7757fdc2b8ff/go.mod h1:8E8ueY3NJV+tcOr1BQBvyNU9FRtDfcRGB7+trr07+rA=
 github.com/libopenstorage/openstorage-sdk-clients v0.109.0/go.mod h1:vo0c/nLG2HIyQva4Avwx61U1kWcw4HGQh3sjzV2DEEs=
@@ -3642,7 +3657,6 @@ github.com/matttproud/golang_protobuf_extensions v1.0.0/go.mod h1:D8He9yQNgCq6Z5
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
 github.com/mbilski/exhaustivestruct v1.2.0/go.mod h1:OeTBVxQWoEmB2J2JCHmXWPJ0aksxSUOUy+nvtVEfzXc=
@@ -4140,8 +4154,9 @@ github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrb
 github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
 github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
-github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI=
 github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
 github.com/prometheus/client_model v0.0.0-20170216185247-6f3806018612/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
@@ -4151,8 +4166,9 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:
 github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
-github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
 github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
 github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.0.0-20180518154759-7600349dcfe1/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
@@ -4180,8 +4196,9 @@ github.com/prometheus/common v0.34.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRL
 github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
 github.com/prometheus/common v0.38.0/go.mod h1:MBXfmBQZrK5XpbCkjofnXs96LD2QQ7fEq4C0xjC/yec=
 github.com/prometheus/common v0.41.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
-github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
 github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
+github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
+github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
 github.com/prometheus/common/assets v0.1.0/go.mod h1:D17UVUE12bHbim7HzwUvtqm6gwBEaDQ0F+hIGbFbccI=
 github.com/prometheus/common/assets v0.2.0/go.mod h1:D17UVUE12bHbim7HzwUvtqm6gwBEaDQ0F+hIGbFbccI=
 github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI=
@@ -4210,8 +4227,9 @@ github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
-github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI=
 github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/prometheus/prometheus v0.0.0-20180315085919-58e2a31db8de/go.mod h1:oAIUtOny2rjMX0OWN5vPR5/q/twIROJvdqnQKDdil/s=
 github.com/prometheus/prometheus v0.0.0-20190818123050-43acd0e2e93f/go.mod h1:rMTlmxGCvukf2KMu3fClMDKLLoJ5hl61MhcJ7xKakf0=
 github.com/prometheus/prometheus v0.35.0/go.mod h1:7HaLx5kEPKJ0GDgbODG0fZgXbQ8K/XjZNJXQmbmgQlY=
@@ -4288,6 +4306,8 @@ github.com/rs/cors v1.6.1-0.20190116175910-76f58f330d76/go.mod h1:gFx+x8UowdsKA9
 github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
 github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/rs/cors v1.9.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
+github.com/rs/cors v1.11.0 h1:0B9GE/r9Bc2UxRMMtymBkHTenPkHDv0CW4Y98GBY+po=
+github.com/rs/cors v1.11.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
 github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
 github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
@@ -4481,8 +4501,9 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
@@ -4502,8 +4523,9 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.3.0/go.mod h1:YzJjq/33h7nrwdY+iHMhEOEEbW0ovIz0tB6t6PwAXzs=
 github.com/subosito/gotenv v1.4.0/go.mod h1:mZd6rFysKEcUhUHXJk0C/08wAgyDBFuwEYL7vWWGaGo=
@@ -5017,8 +5039,9 @@ golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf
 golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
 golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -5097,8 +5120,9 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20171107184841-a337091b0525/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -5223,8 +5247,9 @@ golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
 golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
-golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
 golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/oauth2 v0.0.0-20180724155351-3d292e4d0cdc/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -5271,8 +5296,9 @@ golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQ
 golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk=
 golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
 golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
-golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
 golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
+golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -5515,8 +5541,9 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -5539,8 +5566,9 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
-golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
 golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
+golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk=
+golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.1.1-0.20171102192421-88f656faf3f3/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -5565,8 +5593,9 @@ golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -5713,7 +5742,6 @@ google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
 google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk=
 google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
@@ -5936,8 +5964,9 @@ google.golang.org/genproto/googleapis/api v0.0.0-20231030173426-d783a09b4405/go.
 google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4=
 google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f/go.mod h1:Uy9bTZJqmfrw2rIBxgGLnamc78euZULUBrLZ9XTITKI=
 google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3/go.mod h1:k2dtGpRrbsSyKcNPKKI5sstZkrNCZwpU/ns96JoHbGg=
-google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0 h1:s1w3X6gQxwrLEpxnLd/qXTVLgQE2yXwaOaoa6IlY/+o=
 google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0/go.mod h1:CAny0tYF+0/9rmDB9fahA9YLzX3+AEVl1qXbv5hhj6c=
+google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d h1:kHjw/5UfflP/L5EbledDrcG4C2597RtymmGRZvHiCuY=
+google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0=
 google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA=
 google.golang.org/genproto/googleapis/bytestream v0.0.0-20230807174057-1744710a1577/go.mod h1:NjCQG/D8JandXxM57PZbAJL1DCNL6EypA0vPPwfsc7c=
 google.golang.org/genproto/googleapis/bytestream v0.0.0-20231030173426-d783a09b4405/go.mod h1:GRUCuLdzVqZte8+Dl/D4N25yLzcGqqWaYkeVOwulFqw=
@@ -5961,8 +5990,9 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405/go.
 google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f/go.mod h1:L9KNLi232K1/xB6f7AlSX692koaRnKaWSR0stBki0Yc=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20231211222908-989df2bf70f3/go.mod h1:eJVxU6o+4G1PSczBr85xmyvSNYAKvAYgkub40YGomFM=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d h1:JU0iKnSg02Gmb5ZdV8nYsKEKsP6o/FGVWTrw4i1DA9A=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
 google.golang.org/grpc v1.29.1 h1:EC2SB8S04d2r73uptxphDSUG+kTKVgjRPF+N3xpxRB4=
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
@@ -5988,8 +6018,9 @@ google.golang.org/protobuf v1.29.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
 google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
 google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
 gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/alexcesaro/statsd.v2 v2.0.0/go.mod h1:i0ubccKGzBVNBpdGV5MocxyA/XlLUJzA7SLonnE4drU=
diff --git a/pkg/apis/core/v1/storagecluster.go b/pkg/apis/core/v1/storagecluster.go
index 9ac028bf00..8cc5486df5 100644
--- a/pkg/apis/core/v1/storagecluster.go
+++ b/pkg/apis/core/v1/storagecluster.go
@@ -103,6 +103,8 @@ type StorageClusterSpec struct {
 	// to the storage driver. The autopilot component could augment the storage
 	// driver to take intelligent actions based on the current state of the cluster.
 	Autopilot *AutopilotSpec `json:"autopilot,omitempty"`
+	// ResourceGateway limits Px access to external resources to prevent throttling
+	ResourceGateway *ResourceGatewaySpec `json:"resourceGateway,omitempty"`
 	// Monitoring contains monitoring configuration for the storage cluster.
 	Monitoring *MonitoringSpec `json:"monitoring,omitempty"`
 	// Security configurations for setting up an auth enabled or disabled cluster
@@ -486,6 +488,18 @@ type AutopilotSpec struct {
 	Resources *v1.ResourceRequirements `json:"resources,omitempty"`
 }
 
+// ResourceGatewaySpec contains details of an ResourceGateway component
+type ResourceGatewaySpec struct {
+	// Enabled decides whether ResourceGateway needs to be enabled
+	Enabled bool `json:"enabled,omitempty"`
+	// Image is docker image of the ResourceGateway
+	Image string `json:"image,omitempty"`
+	// Args is a map of arguments given to ResourceGateway
+	Args map[string]string `json:"args,omitempty"`
+	// Resources requests and limits (like CPU and memory) for ResourceGateway pod
+	Resources *v1.ResourceRequirements `json:"resources,omitempty"`
+}
+
 // DataProviderSpec contains the details for data providers for components like autopilot
 type DataProviderSpec struct {
 	// Name is the unique name for the provider
@@ -622,6 +636,7 @@ type ComponentImages struct {
 	Pause                      string `json:"pause,omitempty"`
 	DynamicPlugin              string `json:"dynamicPlugin,omitempty"`
 	DynamicPluginProxy         string `json:"dynamicPluginProxy,omitempty"`
+	ResourceGateway            string `json:"resourceGateway,omitempty"`
 }
 
 // Storage represents cluster storage details
diff --git a/pkg/apis/core/v1/zz_generated.deepcopy.go b/pkg/apis/core/v1/zz_generated.deepcopy.go
index d9dcb973e6..292e89552c 100644
--- a/pkg/apis/core/v1/zz_generated.deepcopy.go
+++ b/pkg/apis/core/v1/zz_generated.deepcopy.go
@@ -793,6 +793,34 @@ func (in *PrometheusSpec) DeepCopy() *PrometheusSpec {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ResourceGatewaySpec) DeepCopyInto(out *ResourceGatewaySpec) {
+	*out = *in
+	if in.Args != nil {
+		in, out := &in.Args, &out.Args
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.Resources != nil {
+		in, out := &in.Resources, &out.Resources
+		*out = new(corev1.ResourceRequirements)
+		(*in).DeepCopyInto(*out)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceGatewaySpec.
+func (in *ResourceGatewaySpec) DeepCopy() *ResourceGatewaySpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ResourceGatewaySpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *RollingUpdateStorageCluster) DeepCopyInto(out *RollingUpdateStorageCluster) {
 	*out = *in
@@ -1036,6 +1064,11 @@ func (in *StorageClusterSpec) DeepCopyInto(out *StorageClusterSpec) {
 		*out = new(AutopilotSpec)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.ResourceGateway != nil {
+		in, out := &in.ResourceGateway, &out.ResourceGateway
+		*out = new(ResourceGatewaySpec)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.Monitoring != nil {
 		in, out := &in.Monitoring, &out.Monitoring
 		*out = new(MonitoringSpec)
diff --git a/pkg/constants/metadata.go b/pkg/constants/metadata.go
index e00083086a..3f2d2cdf87 100644
--- a/pkg/constants/metadata.go
+++ b/pkg/constants/metadata.go
@@ -50,8 +50,10 @@ const (
 	// OperatorLabelManagedByKey is a label key that is added to any object that is
 	// managed the Portworx operator.
 	OperatorLabelManagedByKey = OperatorPrefix + "/managed-by"
-	// OperatorLabelManagedByValue indicates that the object is managed by portworx.
-	OperatorLabelManagedByValue = "portworx"
+	// OperatorLabelManagedByValuePortworx indicates that the object is managed by portworx.
+	OperatorLabelManagedByValuePortworx = "portworx"
+	// OperatorLabelManagedByValueResourceGateway indicates that the object is managed by Px Resource Gateway.
+	OperatorLabelManagedByValueResourceGateway = "resource-gateway"
 )
 
 const (
diff --git a/pkg/controller/storagecluster/controller_test.go b/pkg/controller/storagecluster/controller_test.go
index 8dfc2b381a..6aa922eb0e 100644
--- a/pkg/controller/storagecluster/controller_test.go
+++ b/pkg/controller/storagecluster/controller_test.go
@@ -1829,7 +1829,7 @@ func TestStoragePodGetsScheduled(t *testing.T) {
 			Labels: map[string]string{
 				constants.LabelKeyClusterName:       cluster.Name,
 				constants.LabelKeyDriverName:        driverName,
-				constants.OperatorLabelManagedByKey: constants.OperatorLabelManagedByValue,
+				constants.OperatorLabelManagedByKey: constants.OperatorLabelManagedByValuePortworx,
 			},
 			Annotations: make(map[string]string),
 		},
@@ -1947,7 +1947,7 @@ func TestStoragePodGetsScheduledK8s1_24(t *testing.T) {
 			Labels: map[string]string{
 				constants.LabelKeyClusterName:       cluster.Name,
 				constants.LabelKeyDriverName:        driverName,
-				constants.OperatorLabelManagedByKey: constants.OperatorLabelManagedByValue,
+				constants.OperatorLabelManagedByKey: constants.OperatorLabelManagedByValuePortworx,
 			},
 			Annotations: make(map[string]string),
 		},
@@ -2338,7 +2338,7 @@ func TestStoragePodGetsScheduledWithCustomNodeSpecs(t *testing.T) {
 			Labels: map[string]string{
 				constants.LabelKeyClusterName:       cluster.Name,
 				constants.LabelKeyDriverName:        driverName,
-				constants.OperatorLabelManagedByKey: constants.OperatorLabelManagedByValue,
+				constants.OperatorLabelManagedByKey: constants.OperatorLabelManagedByValuePortworx,
 			},
 		},
 		Spec: expectedPodSpec,
diff --git a/pkg/controller/storagecluster/kubevirt.go b/pkg/controller/storagecluster/kubevirt.go
index c4a09b3f92..15df66a628 100644
--- a/pkg/controller/storagecluster/kubevirt.go
+++ b/pkg/controller/storagecluster/kubevirt.go
@@ -148,7 +148,7 @@ OUTER:
 		}
 		// All checks passed. Start the live-migration.
 		labels := map[string]string{
-			constants.OperatorLabelManagedByKey: constants.OperatorLabelManagedByValue,
+			constants.OperatorLabelManagedByKey: constants.OperatorLabelManagedByValuePortworx,
 		}
 		annotations := map[string]string{
 			constants.AnnotationControllerRevisionHashKey: controllerRevisionHash,
diff --git a/pkg/controller/storagecluster/kubevirt_test.go b/pkg/controller/storagecluster/kubevirt_test.go
index b904d73870..35ee10e9c4 100644
--- a/pkg/controller/storagecluster/kubevirt_test.go
+++ b/pkg/controller/storagecluster/kubevirt_test.go
@@ -202,7 +202,7 @@ func TestStartEvictingVMPods(t *testing.T) {
 		constants.AnnotationControllerRevisionHashKey: hash,
 	}
 	expectedLabels := map[string]string{
-		constants.OperatorLabelManagedByKey: constants.OperatorLabelManagedByValue,
+		constants.OperatorLabelManagedByKey: constants.OperatorLabelManagedByValuePortworx,
 	}
 	// Test case: no migration exists
 	virtLauncherPod, vmi := getTestVirtLauncherPodAndVMI("virt-launcher-1", "node1")
@@ -308,7 +308,7 @@ func TestStartEvictingVMPods(t *testing.T) {
 				constants.AnnotationControllerRevisionHashKey: "different-hash",
 			},
 			Labels: map[string]string{
-				constants.OperatorLabelManagedByKey: constants.OperatorLabelManagedByValue,
+				constants.OperatorLabelManagedByKey: constants.OperatorLabelManagedByValuePortworx,
 			},
 			SourceNode: virtLauncherPod.Spec.NodeName,
 		},
diff --git a/pkg/controller/storagecluster/storagecluster.go b/pkg/controller/storagecluster/storagecluster.go
index 5e3c8af315..d5f1ea03a6 100644
--- a/pkg/controller/storagecluster/storagecluster.go
+++ b/pkg/controller/storagecluster/storagecluster.go
@@ -1395,7 +1395,7 @@ func (c *Controller) CreatePodTemplate(
 	addPxServiceAccountTokenSecretIfNotExist(&podSpec)
 	podSpec.NodeName = node.Name
 	labels := c.StorageClusterSelectorLabels(cluster)
-	labels[constants.OperatorLabelManagedByKey] = constants.OperatorLabelManagedByValue
+	labels[constants.OperatorLabelManagedByKey] = constants.OperatorLabelManagedByValuePortworx
 	newTemplate := v1.PodTemplateSpec{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace:   cluster.Namespace,
diff --git a/pkg/controller/storagenode/storagenode.go b/pkg/controller/storagenode/storagenode.go
index 31143bbc2a..6e9c560e05 100644
--- a/pkg/controller/storagenode/storagenode.go
+++ b/pkg/controller/storagenode/storagenode.go
@@ -3,11 +3,12 @@ package storagenode
 import (
 	"context"
 	"fmt"
+	"strings"
+	"time"
+
 	"github.com/libopenstorage/openstorage/api"
 	pxutil "github.com/libopenstorage/operator/drivers/storage/portworx/util"
 	"google.golang.org/grpc"
-	"strings"
-	"time"
 
 	"github.com/hashicorp/go-version"
 	apiextensionsops "github.com/portworx/sched-ops/k8s/apiextensions"
@@ -379,11 +380,11 @@ func (c *Controller) syncStorage(
 			}
 
 			value, present := podCopy.Labels[constants.OperatorLabelManagedByKey]
-			if !present || value != constants.OperatorLabelManagedByValue {
+			if !present || value != constants.OperatorLabelManagedByValuePortworx {
 				if podCopy.Labels == nil {
 					podCopy.Labels = make(map[string]string)
 				}
-				podCopy.Labels[constants.OperatorLabelManagedByKey] = constants.OperatorLabelManagedByValue
+				podCopy.Labels[constants.OperatorLabelManagedByKey] = constants.OperatorLabelManagedByValuePortworx
 				updateNeeded = true
 			}
 
@@ -424,7 +425,7 @@ func (c *Controller) createKVDBPod(
 
 func (c *Controller) kvdbPodLabels(cluster *corev1.StorageCluster) map[string]string {
 	podLabels := map[string]string{
-		constants.OperatorLabelManagedByKey: constants.OperatorLabelManagedByValue,
+		constants.OperatorLabelManagedByKey: constants.OperatorLabelManagedByValuePortworx,
 	}
 	for k, v := range c.kvdbOldPodLabels(cluster) {
 		podLabels[k] = v
diff --git a/pkg/resource-gateway/priority_queue.go b/pkg/resource-gateway/priority_queue.go
new file mode 100644
index 0000000000..76700c8573
--- /dev/null
+++ b/pkg/resource-gateway/priority_queue.go
@@ -0,0 +1,141 @@
+// Implements a priority queue with priorities high, medium, and low defined in proto.
+// The queue supports the following operations: Enqueue, Dequeue, Front, and Remove.
+//
+// It is implemented with a separate list for each priority.
+// When a client is enqueued, it is added to the list corresponding to its priority.
+//
+// When the front of the queue is requested,
+// the queue will return the client at the front of the highest priority non-empty list.
+//
+// The queue is configured with a maximum size to prevent unbounded growth.
+// When the queue is full, Enqueue will return an error.
+package resource_gateway
+
+import (
+	"container/list"
+	"fmt"
+	"sync"
+
+	pb "github.com/libopenstorage/operator/proto"
+)
+
+var (
+	// priorityDescendingOrder is the order of priorities in descending order.
+	// It is used to iterate through the queues in order of priority.
+	priorityDescendingOrder = []pb.AccessPriority_Type{
+		pb.AccessPriority_HIGH,
+		pb.AccessPriority_MEDIUM,
+		pb.AccessPriority_LOW,
+	}
+)
+
+// PriorityQueue is an interface for a priority queue.
+type PriorityQueue interface {
+	// Enqueue adds a client to the queue with the given priority.
+	Enqueue(clientId string, priority pb.AccessPriority_Type) error
+	// Dequeue removes the client at the front of the queue with the given priority.
+	Dequeue(priority pb.AccessPriority_Type) error
+	// Front returns the client at the front of the non-empty queue with the highest priority.
+	Front() (clientId string, accessPriority pb.AccessPriority_Type)
+	// Remove removes the client from the priority queue.
+	Remove(clientId string) error
+}
+
+// priorityQueue is an implementation of the PriorityQueue interface.
+type priorityQueue struct {
+	// sync.Mutex protects Q operations from concurrent access
+	sync.Mutex
+	// queues for each priority
+	// uses list for O(1) implementation of Q operations
+	queues map[pb.AccessPriority_Type]*list.List
+	// maxQueueSize is the maximum number of elements across all queues
+	maxQueueSize uint
+}
+
+// NewPriorityQueue creates a new priority queue with the given maximum size
+// and returns a PriorityQueue interface.
+func NewPriorityQueue(maxQueueSize uint) PriorityQueue {
+	queues := make(map[pb.AccessPriority_Type]*list.List)
+	for _, priority := range priorityDescendingOrder {
+		queues[priority] = list.New()
+	}
+	return &priorityQueue{
+		queues:       queues,
+		maxQueueSize: maxQueueSize,
+	}
+}
+
+// Enqueue adds a client to the queue with the given priority.
+//
+// It returns an error if the queue is full that is
+// total number of elements is equal to maxQueueSize.
+func (pq *priorityQueue) Enqueue(clientId string, priority pb.AccessPriority_Type) error {
+	pq.Lock()
+	defer pq.Unlock()
+
+	if pq.len() == pq.maxQueueSize {
+		return fmt.Errorf("queue is full")
+	}
+
+	pq.queues[priority].PushBack(clientId)
+	return nil
+}
+
+// Dequeue removes the client at the front of the queue with the given priority.
+func (pq *priorityQueue) Dequeue(priority pb.AccessPriority_Type) error {
+	pq.Lock()
+	defer pq.Unlock()
+
+	if pq.queues[priority].Front() == nil {
+		return fmt.Errorf("queue %v is empty", priority)
+	}
+
+	pq.queues[priority].Remove(pq.queues[priority].Front())
+	return nil
+}
+
+// Front returns the client at the front of the priority queue.
+//
+// It iterates through the queues in descending order of priority
+// and returns the front of the first non-empty queue.
+func (pq *priorityQueue) Front() (string, pb.AccessPriority_Type) {
+	pq.Lock()
+	defer pq.Unlock()
+
+	for _, priority := range priorityDescendingOrder {
+		if pq.queues[priority].Front() != nil {
+			return pq.queues[priority].Front().Value.(string), priority
+		}
+	}
+	return "", pb.AccessPriority_LOW
+}
+
+// Remove removes the client from the priority queue.
+//
+// It iterates through all queues to find the client and removes it.
+func (pq *priorityQueue) Remove(clientId string) error {
+	pq.Lock()
+	defer pq.Unlock()
+
+	for _, q := range pq.queues {
+		for e := q.Front(); e != nil; e = e.Next() {
+			if e.Value.(string) == clientId {
+				q.Remove(e)
+				return nil
+			}
+		}
+	}
+	return fmt.Errorf("client %v not found in the queue", clientId)
+}
+
+// len returns the total number of elements across all queues
+//
+// It iterates through all queues and returns the sum of their lengths.
+// It should be called with the mutex locked.
+func (pq *priorityQueue) len() uint {
+	var length uint
+	for _, q := range pq.queues {
+		length += uint(q.Len())
+	}
+	return length
+}
diff --git a/pkg/resource-gateway/resource_gateway_server.go b/pkg/resource-gateway/resource_gateway_server.go
new file mode 100644
index 0000000000..f4bf318d36
--- /dev/null
+++ b/pkg/resource-gateway/resource_gateway_server.go
@@ -0,0 +1,116 @@
+package resource_gateway
+
+import (
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/libopenstorage/grpc-framework/pkg/util"
+	grpcFramework "github.com/libopenstorage/grpc-framework/server"
+	"github.com/libopenstorage/openstorage/pkg/sched"
+	pb "github.com/libopenstorage/operator/proto"
+	"github.com/portworx/sched-ops/k8s/core"
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/health"
+	healthpb "google.golang.org/grpc/health/grpc_health_v1"
+)
+
+const (
+	// defaultServerName is the default server name for resource-gateway
+	defaultServerName = "resource-gateway"
+	// defaultServerHost is the default server host for resource-gateway
+	defaultServerHost = "127.0.0.1"
+	// defaultServerPort is the default server port for resource-gateway
+	defaultServerPort = "50051"
+)
+
+// ResourceGatewayServer is the main struct for resource-gateway gRPC server
+//
+// It contains the gRPC server instance and various component servers like semaphore and health check
+type ResourceGatewayServer struct {
+	server *grpcFramework.Server
+
+	semaphoreServer   *semaphoreServer
+	healthCheckServer *health.Server
+}
+
+// NewResourceGatewayServer creates a new resource-gateway gRPC server instance
+func NewResourceGatewayServer(
+	resourceGatewayConfig *grpcFramework.ServerConfig,
+	semaphoreConfig *SemaphoreConfig,
+) *ResourceGatewayServer {
+	// create component servers
+	healthCheckServer := health.NewServer()
+	semaphoreServer := NewSemaphoreServer(semaphoreConfig)
+
+	// register the component servers with the gRPC server config
+	resourceGatewayConfig.
+		RegisterGrpcServers(func(gs *grpc.Server) {
+			pb.RegisterSemaphoreServiceServer(gs, semaphoreServer)
+		}).
+		RegisterGrpcServers(func(gs *grpc.Server) {
+			healthpb.RegisterHealthServer(gs, healthCheckServer)
+		}).
+		WithDefaultGenericRoleManager()
+
+	// create the gRPC server instance
+	resourceGatewayGRPCServer, err := grpcFramework.New(resourceGatewayConfig)
+	if err != nil {
+		fmt.Printf("Unable to create server: %v", err)
+		os.Exit(1)
+	}
+
+	resourceGatewayServer := &ResourceGatewayServer{
+		server:            resourceGatewayGRPCServer,
+		semaphoreServer:   semaphoreServer,
+		healthCheckServer: healthCheckServer,
+	}
+	return resourceGatewayServer
+}
+
+func NewResourceGatewayServerConfig() *grpcFramework.ServerConfig {
+	defaultServerAddress := fmt.Sprintf("%s:%s", defaultServerHost, defaultServerPort)
+	resourceGatewayServerConfig := &grpcFramework.ServerConfig{
+		Name:         defaultServerHost,
+		Address:      defaultServerAddress,
+		AuditOutput:  os.Stdout,
+		AccessOutput: os.Stdout,
+	}
+	return resourceGatewayServerConfig
+}
+
+// SetupSigIntHandler sets up a signal handler to stop the server
+func (r *ResourceGatewayServer) SetupSigIntHandler() error {
+	signal_handler := util.NewSigIntManager(func() {
+		r.server.Stop()
+		r.healthCheckServer.SetServingStatus("", healthpb.HealthCheckResponse_NOT_SERVING)
+		r.server.Address()
+		os.Exit(0)
+	})
+
+	return signal_handler.Start()
+}
+
+// Start starts the resource-gateway gRPC server
+func (r *ResourceGatewayServer) Start() error {
+	// Initialize the k8s client
+	_, err := core.Instance().GetVersion()
+	if err != nil {
+		return fmt.Errorf("Unable to get k8s version: %v", err)
+	}
+
+	if sched.Instance() == nil {
+		sched.Init(time.Second)
+	}
+
+	err = r.server.Start()
+	if err != nil {
+		return err
+	}
+	r.healthCheckServer.SetServingStatus("", healthpb.HealthCheckResponse_SERVING)
+
+	// Wait. The signal handler will exit cleanly
+	logrus.Info("Px gRPC server running")
+	select {}
+}
diff --git a/pkg/resource-gateway/semaphore.go b/pkg/resource-gateway/semaphore.go
new file mode 100644
index 0000000000..0824e8e2ac
--- /dev/null
+++ b/pkg/resource-gateway/semaphore.go
@@ -0,0 +1,399 @@
+// Package resource_gateway provides a semaphore implementation backed by priority queue
+package resource_gateway
+
+import (
+	"sync"
+	"time"
+
+	"github.com/libopenstorage/openstorage/pkg/sched"
+	pb "github.com/libopenstorage/operator/proto"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	nullPermit uint32 = 0
+)
+
+var (
+	testOverride = false
+)
+
+type SemaphorePriorityQueue interface {
+	Acquire(clientId string, priority pb.AccessPriority_Type) (pb.AccessStatus_Type, error)
+	Release(clientId string) error
+	Heartbeat(clientId string) pb.AccessStatus_Type
+
+	Update(config *SemaphoreConfig)
+}
+
+type activeLeasesMap map[string]int64
+
+// semaphorePriorityQueue implements the SemaphorePriorityQueue interface
+type semaphorePriorityQueue struct {
+	// configurations
+	config *SemaphoreConfig
+
+	// thread safety
+	mutex sync.Mutex
+
+	// internal state
+	priorityQueue    PriorityQueue
+	activeLeases     activeLeasesMap
+	availablePermits uint
+	heartbeats       map[string]int64
+
+	// persistent state
+	configMap           *configMap
+	configMapUpdateDone chan struct{}
+}
+
+// NewSemaphorePriorityQueue creates a new or loads an existing semaphore priority queue
+// if the backing configmap does not exist then it creates a new one
+func NewSemaphorePriorityQueueWithConfig(config *SemaphoreConfig) *semaphorePriorityQueue {
+	// create or update the configmap
+	configMap, err := createOrUpdateConfigMap(config)
+	if err != nil {
+		panic(err)
+	}
+
+	semPQ := &semaphorePriorityQueue{
+		priorityQueue:       NewPriorityQueue(config.MaxQueueSize),
+		heartbeats:          map[string]int64{},
+		configMapUpdateDone: make(chan struct{}),
+		config:              config,
+		configMap:           configMap,
+	}
+
+	semPQ.populateSemaphoreConfig()
+	semPQ.initPermitsAndLeases()
+	// TODO cancel and restart background tasks
+	semPQ.startBackgroundTasks()
+
+	return semPQ
+}
+
+// NewSemaphorePriorityQueue creates a new or loads an existing semaphore priority queue
+// if the backing configmap does not exist then it creates a new one
+func NewSemaphorePriorityQueueWithConfigMap(config *SemaphoreConfig) *semaphorePriorityQueue {
+	// create or update the configmap
+	configMap, err := getConfigMap(config)
+	if err != nil {
+		panic(err)
+	}
+
+	semPQ := &semaphorePriorityQueue{
+		priorityQueue:       NewPriorityQueue(config.MaxQueueSize),
+		heartbeats:          map[string]int64{},
+		configMapUpdateDone: make(chan struct{}),
+		config:              config,
+		configMap:           configMap,
+	}
+
+	semPQ.populateSemaphoreConfig()
+	semPQ.initPermitsAndLeases()
+	semPQ.startBackgroundTasks()
+
+	return semPQ
+}
+
+func (s *semaphorePriorityQueue) Update(config *SemaphoreConfig) {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+
+	logrus.Infof("Update semaphore config: %v", config)
+	s.config = config
+	s.configMap.update(config)
+
+	// TODO: update the internal state based on the new config
+	s.populateSemaphoreConfig()
+	s.initPermitsAndLeases()
+}
+
+// populateSemaphoreConfig fetches the latest copy of configmap from kubernetes
+// and updates the values in the semaphore config
+func (s *semaphorePriorityQueue) populateSemaphoreConfig() {
+	s.config.ConfigMapName = s.configMap.Name()
+	s.config.ConfigMapNamespace = s.configMap.Namespace()
+	s.config.ConfigMapLabels = s.configMap.Labels()
+
+	nPermits, err := s.configMap.NPermits()
+	if err != nil {
+		panic(err)
+	}
+	s.config.NPermits = nPermits
+
+	leaseTimeout, err := s.configMap.LeaseTimeout()
+	if err != nil {
+		panic(err)
+	}
+	s.config.LeaseTimeout = leaseTimeout
+}
+
+// populate structures for active leases and available permits
+func (s *semaphorePriorityQueue) initPermitsAndLeases() {
+	activeLeases, err := s.configMap.ActiveLeases()
+	if err != nil {
+		panic(err)
+	}
+	s.activeLeases = activeLeases
+	s.availablePermits = uint(s.config.NPermits) - uint(len(activeLeases))
+}
+
+// startBackgroundTasks starts background workers for updating the configmap,
+// cleaning up dead clients and reclaiming expired leases
+func (s *semaphorePriorityQueue) startBackgroundTasks() {
+	// TODO: cancel and restart background tasks
+	bgTasks := []struct {
+		name     string
+		f        func()
+		interval time.Duration
+	}{
+		{"updateConfigMap", s.updateConfigMap, s.config.ConfigMapUpdatePeriod},
+		{"cleanupDeadClients", s.cleanupDeadClients, s.config.DeadClientTimeout / 2},
+		{"reclaimExpiredLeases", s.reclaimExpiredLeases, s.config.LeaseTimeout / 2},
+	}
+
+	for _, bgTask := range bgTasks {
+		f := bgTask.f
+		intv := bgTask.interval
+		if testOverride {
+			intv = time.Second
+		}
+		taskID, err := sched.Instance().Schedule(
+			func(_ sched.Interval) { f() },
+			sched.Periodic(intv),
+			time.Now(), false,
+		)
+		if err != nil {
+			panic(err)
+		}
+		logrus.Debugf("Scheduled task %v with interval %v and Id %v",
+			bgTask.name, bgTask.interval, taskID)
+	}
+}
+
+// Acquire acquires a lease for the client with the given priority
+func (s *semaphorePriorityQueue) Acquire(clientId string, priority pb.AccessPriority_Type) (pb.AccessStatus_Type, error) {
+	s.mutex.Lock()
+	updateDone := false
+	defer func() {
+		s.mutex.Unlock()
+		if updateDone {
+			<-s.configMapUpdateDone
+		}
+	}()
+	logrus.Debugf("Received Acquire request for client %v", clientId)
+
+	// check if the client already has a lease, if yes return
+	if s.hasActiveLease(clientId) {
+		logrus.Debugf("Already acquired lease for client %v", clientId)
+		return pb.AccessStatus_LEASED, nil
+	}
+
+	// check if the client is already in the queue, if not add it
+	// no heartbeat = new client
+	if _, isQueued := s.heartbeats[clientId]; !isQueued {
+		logrus.Debugf("Enqueueing client %v with priority %v", clientId, priority)
+		err := s.priorityQueue.Enqueue(clientId, priority)
+		if err != nil {
+			return pb.AccessStatus_TYPE_UNSPECIFIED, err
+		}
+	}
+
+	// update the heartbeat of the client
+	s.heartbeats[clientId] = time.Now().Unix()
+
+	// try to acquire the lease
+	if hasAcquiredLease := s.tryAcquire(clientId); hasAcquiredLease {
+		logrus.Infof("Acquired lease for client %v", clientId)
+		updateDone = true
+		return pb.AccessStatus_LEASED, nil
+	}
+
+	logrus.Debugf("Client %v is waiting in queue", clientId)
+	return pb.AccessStatus_QUEUED, nil
+}
+
+// removeActiveLease removes the client from the heartbeats and activeLeases map
+// and adds the respective permit back to the available permits list
+//
+// removeActiveLease should be called with mutex locked
+func (s *semaphorePriorityQueue) removeActiveLease(clientId string) {
+	delete(s.heartbeats, clientId)
+	delete(s.activeLeases, clientId)
+	s.availablePermits++
+}
+
+// Release releases the lease held by the client
+func (s *semaphorePriorityQueue) Release(clientId string) error {
+	s.mutex.Lock()
+	updateDone := false
+	defer func() {
+		s.mutex.Unlock()
+		if updateDone {
+			<-s.configMapUpdateDone
+		}
+	}()
+	logrus.Debugf("Received Release request for client %v", clientId)
+
+	// check if the client has an active lease, if not return
+	if !s.hasActiveLease(clientId) {
+		logrus.Warnf("Did NOT find an active lease for the client %v!", clientId)
+		return nil
+	}
+
+	s.removeActiveLease(clientId)
+	updateDone = true
+
+	return nil
+}
+
+// Heartbeat updates the heartbeat of the client and returns the status of the client
+func (s *semaphorePriorityQueue) Heartbeat(clientId string) pb.AccessStatus_Type {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+
+	logrus.Debugf("Received Heartbeat request for client %v", clientId)
+	_, exists := s.heartbeats[clientId]
+	if !exists {
+		return pb.AccessStatus_TYPE_UNSPECIFIED
+	}
+	s.heartbeats[clientId] = time.Now().Unix()
+
+	if s.hasActiveLease(clientId) {
+		return pb.AccessStatus_LEASED
+	}
+	return pb.AccessStatus_QUEUED
+}
+
+// tryAcquire checks if a given client is at the front of the queue and if there is an available permit,
+// if true, it assigns the permit to the client
+//
+// tryAcquire should be called with mutex locked
+func (s *semaphorePriorityQueue) tryAcquire(clientId string) bool {
+	// check if the client is at the front of the queue
+	nextResouceId, priority := s.priorityQueue.Front()
+	if nextResouceId == "" {
+		panic("Queue is empty")
+	}
+	if nextResouceId != clientId {
+		return false
+	}
+	logrus.Debugf("Next resource in queue: %v", nextResouceId)
+
+	// check if any permit is available
+	if s.availablePermits == 0 {
+		return false
+	}
+	s.availablePermits--
+
+	// remove the client from the queue and assign it the permit
+	err := s.priorityQueue.Dequeue(priority)
+	if err != nil {
+		panic(err)
+	}
+	s.activeLeases[clientId] = time.Now().Unix()
+
+	return true
+}
+
+// updateConfigMap updates the configmap with the active lease data in memory
+// and notifies all the goroutines waiting on the configMapUpdateDone channel
+//
+// updateConfigMap is scheduled as a background task
+func (s *semaphorePriorityQueue) updateConfigMap() {
+
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	logrus.Debugf("Running updateConfigMap background task")
+
+	err := s.configMap.UpdateLeases(s.activeLeases)
+	if err != nil {
+		logrus.Fatalf("Failed to update configmap: %v", err)
+	}
+
+	// notify all the goroutines waiting that the update is done
+	close(s.configMapUpdateDone)
+	// reset the channel for the next batch of waiters
+	s.configMapUpdateDone = make(chan struct{})
+}
+
+// cleanupDeadClients removes the dead clients from the priority queue
+// and releases the leases held by them
+//
+// A client is considered dead when it has not sent a heartbeat
+// for more than DeadClientTimeout duration
+//
+// cleanupDeadClients is scheduled as a background task
+func (s *semaphorePriorityQueue) cleanupDeadClients() {
+	deadClients := []string{}
+
+	s.mutex.Lock()
+	defer func() {
+		s.mutex.Unlock()
+		if len(deadClients) != 0 {
+			<-s.configMapUpdateDone // wait for the next update to complete
+		}
+	}()
+	logrus.Debugf("Running cleanupDeadClients background task")
+
+	for clientId, lastHeartbeat := range s.heartbeats {
+		if time.Since(time.Unix(lastHeartbeat, 0)) > s.config.DeadClientTimeout {
+			deadClients = append(deadClients, clientId)
+		}
+	}
+	if len(deadClients) == 0 {
+		return
+	}
+
+	logrus.Warnf("Cleaning up dead clients: %v", deadClients)
+	for _, clientId := range deadClients {
+		if s.hasActiveLease(clientId) {
+			s.removeActiveLease(clientId)
+		} else {
+			delete(s.heartbeats, clientId)
+			err := s.priorityQueue.Remove(clientId)
+			if err != nil {
+				logrus.Errorf("Failed to remove dead client %v from the queue: %v", clientId, err)
+			}
+		}
+	}
+}
+
+// reclaimExpiredLeases releases the leases that have been held
+// for more than LeaseTimeout duration
+//
+// reclaimExpiredLeases is scheduled as a background task
+func (s *semaphorePriorityQueue) reclaimExpiredLeases() {
+	expiredLeases := []string{}
+
+	s.mutex.Lock()
+	defer func() {
+		s.mutex.Unlock()
+		if len(expiredLeases) != 0 {
+			<-s.configMapUpdateDone // wait for the next update to complete
+		}
+	}()
+
+	logrus.Debugf("Running reclaimExpiredLeases background task")
+
+	for clientId, leaseTimeAcquired := range s.activeLeases {
+		timeSinceAcquire := time.Since(time.Unix(leaseTimeAcquired, 0))
+		if timeSinceAcquire > s.config.LeaseTimeout {
+			expiredLeases = append(expiredLeases, clientId)
+		}
+	}
+	if len(expiredLeases) == 0 {
+		return
+	}
+
+	logrus.Warnf("Reclaiming expired leases: %v", expiredLeases)
+	for _, clientId := range expiredLeases {
+		s.removeActiveLease(clientId)
+	}
+}
+
+func (s *semaphorePriorityQueue) hasActiveLease(clientId string) bool {
+	_, hasLease := s.activeLeases[clientId]
+	return hasLease
+}
diff --git a/pkg/resource-gateway/semaphore_config.go b/pkg/resource-gateway/semaphore_config.go
new file mode 100644
index 0000000000..d4897da3bf
--- /dev/null
+++ b/pkg/resource-gateway/semaphore_config.go
@@ -0,0 +1,63 @@
+package resource_gateway
+
+import "time"
+
+const (
+	// ResourceGatewayStr is the common string for resource-gateway components
+	resourceGatewayStr = "resource-gateway"
+	// defaultNamespace is the default namespace to create semaphore configmap
+	defaultNamespace = "kube-system"
+	// defaultConfigMapName is the default name for semaphore configmap
+	defaultConfigMapName = resourceGatewayStr
+	// defaultConfigMapLabels are the default labels applied to semaphore configmap
+	defaultConfigMapLabels = "name=resource-gateway"
+	// defaultConfigMapUpdatePeriod is the default time period between configmap updates
+	defaultConfigMapUpdatePeriod = 1 * time.Second
+	// defaultLeaseTimeout is the default time period after which a lease will force expire
+	defaultLeaseTimeout = 30 * time.Second
+	// defaultDeadClientTimeout is the default time period after which a node
+	// is considered dead if no heartbeats were received in this duration
+	defaultDeadClientTimeout = 10 * time.Second
+	// defaultMaxQueueSize is the default max queue size for semaphore server
+	defaultMaxQueueSize = 5000
+)
+
+type SemaphoreConfig struct {
+	NPermits              uint32
+	ConfigMapName         string
+	ConfigMapNamespace    string
+	ConfigMapLabels       map[string]string
+	ConfigMapUpdatePeriod time.Duration
+	LeaseTimeout          time.Duration
+	DeadClientTimeout     time.Duration
+	MaxQueueSize          uint
+}
+
+func NewSemaphoreConfig() *SemaphoreConfig {
+	return &SemaphoreConfig{
+		ConfigMapNamespace:    defaultNamespace,
+		ConfigMapName:         defaultConfigMapName,
+		ConfigMapLabels:       map[string]string{"name": resourceGatewayStr},
+		ConfigMapUpdatePeriod: defaultConfigMapUpdatePeriod,
+		LeaseTimeout:          defaultLeaseTimeout,
+		DeadClientTimeout:     defaultDeadClientTimeout,
+		MaxQueueSize:          defaultMaxQueueSize,
+	}
+}
+
+func copySemaphoreConfig(semaphoreConfig *SemaphoreConfig) *SemaphoreConfig {
+	configMapLabels := make(map[string]string)
+	for k, v := range semaphoreConfig.ConfigMapLabels {
+		configMapLabels[k] = v
+	}
+	return &SemaphoreConfig{
+		NPermits:              semaphoreConfig.NPermits,
+		ConfigMapName:         semaphoreConfig.ConfigMapName,
+		ConfigMapNamespace:    semaphoreConfig.ConfigMapNamespace,
+		ConfigMapLabels:       configMapLabels,
+		ConfigMapUpdatePeriod: semaphoreConfig.ConfigMapUpdatePeriod,
+		LeaseTimeout:          semaphoreConfig.LeaseTimeout,
+		DeadClientTimeout:     semaphoreConfig.DeadClientTimeout,
+		MaxQueueSize:          semaphoreConfig.MaxQueueSize,
+	}
+}
diff --git a/pkg/resource-gateway/semaphore_configmap.go b/pkg/resource-gateway/semaphore_configmap.go
new file mode 100644
index 0000000000..da8f639c0b
--- /dev/null
+++ b/pkg/resource-gateway/semaphore_configmap.go
@@ -0,0 +1,249 @@
+package resource_gateway
+
+import (
+	"encoding/json"
+	"fmt"
+	"strconv"
+	"time"
+
+	"github.com/portworx/sched-ops/k8s/core"
+	"github.com/sirupsen/logrus"
+	corev1 "k8s.io/api/core/v1"
+	k8s_errors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+	activeLeasesKey          = "activeLeases"
+	nPermitsKey              = "nPermits"
+	configMapUpdatePeriodKey = "configMapUpdatePeriod"
+	leaseTimeoutKey          = "leaseTimeout"
+	deadClientTimeoutKey     = "deadClientTimeout"
+	maxQueueSizeKey          = "maxQueueSize"
+)
+
+type configMap struct {
+	// activeLeases is the cache for fetching active leases persisted in configmap
+	activeLeases activeLeasesMap
+	cm           *corev1.ConfigMap
+}
+
+func createOrUpdateConfigMap(config *SemaphoreConfig) (*configMap, error) {
+	remoteConfigMap, err := updateConfigMap(config)
+	if err != nil && !k8s_errors.IsNotFound(err) {
+		return nil, err
+	}
+
+	if k8s_errors.IsNotFound(err) {
+		// create a new configmap
+		remoteConfigMap = &corev1.ConfigMap{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      config.ConfigMapName,
+				Namespace: config.ConfigMapNamespace,
+				Labels:    config.ConfigMapLabels,
+			},
+			Data: map[string]string{
+				activeLeasesKey:          "",
+				nPermitsKey:              fmt.Sprintf("%d", config.NPermits),
+				configMapUpdatePeriodKey: config.ConfigMapUpdatePeriod.String(),
+				leaseTimeoutKey:          config.LeaseTimeout.String(),
+				deadClientTimeoutKey:     config.DeadClientTimeout.String(),
+				maxQueueSizeKey:          fmt.Sprintf("%d", config.MaxQueueSize),
+			},
+		}
+
+		remoteConfigMap, err = core.Instance().CreateConfigMap(remoteConfigMap)
+		if err != nil && !k8s_errors.IsAlreadyExists(err) {
+			return nil, err
+		}
+	}
+
+	cm := &configMap{
+		cm: remoteConfigMap,
+	}
+	cm.activeLeases, err = cm.ActiveLeases()
+	if err != nil {
+		return nil, err
+	}
+	return cm, nil
+}
+
+func updateRemoteConfigMap(remoteConfigMap *corev1.ConfigMap, config *SemaphoreConfig) {
+	// update the configmap with the latest values
+	remoteConfigMap.Data[nPermitsKey] = fmt.Sprintf("%d", config.NPermits)
+	remoteConfigMap.Data[configMapUpdatePeriodKey] = config.ConfigMapUpdatePeriod.String()
+	remoteConfigMap.Data[leaseTimeoutKey] = config.LeaseTimeout.String()
+	remoteConfigMap.Data[deadClientTimeoutKey] = config.DeadClientTimeout.String()
+	remoteConfigMap.Data[maxQueueSizeKey] = strconv.FormatUint(uint64(config.MaxQueueSize), 10)
+}
+
+// create the configmap if it doesn't exist then, fetch the latest copy of configmap and,
+// update semaphore config values (nPermits, leaseTimeout)
+func updateConfigMap(config *SemaphoreConfig) (*corev1.ConfigMap, error) {
+	remoteConfigMap, err := core.Instance().GetConfigMap(config.ConfigMapName, config.ConfigMapNamespace)
+	if err != nil {
+		return nil, err
+	}
+
+	// update the configmap with the latest values
+	updateRemoteConfigMap(remoteConfigMap, config)
+	remoteConfigMap, err = core.Instance().UpdateConfigMap(remoteConfigMap)
+	if err != nil {
+		return nil, err
+	}
+	return remoteConfigMap, nil
+}
+
+func getConfigMap(config *SemaphoreConfig) (*configMap, error) {
+	remoteConfigMap, err := core.Instance().GetConfigMap(config.ConfigMapName, config.ConfigMapNamespace)
+	if err != nil {
+		return nil, err
+	}
+
+	configMapUpdatePeriod, err := time.ParseDuration(remoteConfigMap.Data[configMapUpdatePeriodKey])
+	if err != nil {
+		return nil, err
+	}
+
+	leaseTimeout, err := time.ParseDuration(remoteConfigMap.Data[leaseTimeoutKey])
+	if err != nil {
+		return nil, err
+	}
+
+	deadClientTimeout, err := time.ParseDuration(remoteConfigMap.Data[deadClientTimeoutKey])
+	if err != nil {
+		return nil, err
+	}
+
+	maxQueueSize, err := strconv.ParseUint(remoteConfigMap.Data[maxQueueSizeKey], 10, 32)
+	if err != nil {
+		return nil, err
+	}
+
+	config.ConfigMapLabels = remoteConfigMap.Labels
+	config.ConfigMapUpdatePeriod = configMapUpdatePeriod
+	config.LeaseTimeout = leaseTimeout
+	config.DeadClientTimeout = deadClientTimeout
+	config.MaxQueueSize = uint(maxQueueSize)
+
+	cm := &configMap{
+		cm: remoteConfigMap,
+	}
+	cm.activeLeases, err = cm.ActiveLeases()
+	if err != nil {
+		return nil, err
+	}
+	return cm, nil
+}
+
+func (c *configMap) update(config *SemaphoreConfig) error {
+	updateRemoteConfigMap(c.cm, config)
+	remoteConfigMap, err := core.Instance().UpdateConfigMap(c.cm)
+	if err != nil {
+		return err
+	}
+	c.cm = remoteConfigMap
+	return nil
+}
+
+func (c *configMap) Name() string {
+	return c.cm.Name
+}
+
+func (c *configMap) Namespace() string {
+	return c.cm.Namespace
+}
+
+func (c *configMap) Labels() map[string]string {
+	return c.cm.Labels
+}
+
+func (c *configMap) NPermits() (uint32, error) {
+	nPermits, err := strconv.Atoi(c.cm.Data[nPermitsKey])
+	if err != nil {
+		return 0, err
+	}
+	return uint32(nPermits), nil
+}
+
+func (c *configMap) LeaseTimeout() (time.Duration, error) {
+	leaseTimeout, err := time.ParseDuration(c.cm.Data[leaseTimeoutKey])
+	if err != nil {
+		return 0, err
+	}
+	return leaseTimeout, nil
+}
+
+func (c *configMap) DeadClientTimeout() (time.Duration, error) {
+	deadClientTimeout, err := time.ParseDuration(c.cm.Data[deadClientTimeoutKey])
+	if err != nil {
+		return 0, err
+	}
+	return deadClientTimeout, nil
+}
+
+func (c *configMap) ActiveLeases() (activeLeasesMap, error) {
+	if c.activeLeases == nil {
+		c.activeLeases = activeLeasesMap{}
+		activeLeasesValue := c.cm.Data[activeLeasesKey]
+		if activeLeasesValue != "" {
+			err := json.Unmarshal([]byte(activeLeasesValue), &c.activeLeases)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	returnActiveLeases := activeLeasesMap{}
+	for key, val := range c.activeLeases {
+		returnActiveLeases[key] = val
+	}
+	return returnActiveLeases, nil
+}
+
+// isConfigMapUpdateRequired compares two maps and returns true if they are different
+func isConfigMapUpdateRequired(map1, map2 activeLeasesMap) bool {
+	if len(map1) != len(map2) {
+		return true
+	}
+	for key1, val1 := range map1 {
+		// TODO how are two structs compared
+		if val2, ok := map2[key1]; !ok || val1 != val2 {
+			logrus.Infof("Lease %s: %v != %v", key1, val1, val2)
+			return true
+		}
+	}
+	return false
+}
+
+// Update replaces active leases in the configmap with the provided active leases
+// it only makes an update call if the active leases have changed
+func (c *configMap) UpdateLeases(newActiveLeases activeLeasesMap) error {
+	currentActiveLeases, err := c.ActiveLeases()
+	if err != nil {
+		panic(err)
+	}
+	if !isConfigMapUpdateRequired(newActiveLeases, currentActiveLeases) {
+		return nil
+	}
+
+	logrus.Infof("Updating configmap: %v", newActiveLeases)
+
+	// update the cache
+	c.activeLeases = activeLeasesMap{}
+	for key, val := range newActiveLeases {
+		c.activeLeases[key] = val
+	}
+
+	activeLeasesValue, err := json.Marshal(newActiveLeases)
+	if err != nil {
+		return err
+	}
+	c.cm.Data[activeLeasesKey] = string(activeLeasesValue)
+
+	c.cm, err = core.Instance().UpdateConfigMap(c.cm)
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/pkg/resource-gateway/semaphore_server.go b/pkg/resource-gateway/semaphore_server.go
new file mode 100644
index 0000000000..dbee501fc4
--- /dev/null
+++ b/pkg/resource-gateway/semaphore_server.go
@@ -0,0 +1,209 @@
+package resource_gateway
+
+import (
+	"context"
+	"fmt"
+	"sync"
+	"time"
+
+	"github.com/libopenstorage/operator/pkg/constants"
+	pb "github.com/libopenstorage/operator/proto"
+	"github.com/portworx/sched-ops/k8s/core"
+	"github.com/sirupsen/logrus"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+type semaphoreServer struct {
+	semaphoreMap    sync.Map
+	semaphoreConfig *SemaphoreConfig
+}
+
+// NewSemaphoreServer creates a new semaphore server instance with the provided config.
+func NewSemaphoreServer(semaphoreConfig *SemaphoreConfig) *semaphoreServer {
+	if semaphoreConfig.ConfigMapLabels == nil {
+		semaphoreConfig.ConfigMapLabels = make(map[string]string)
+	}
+	semaphoreConfig.ConfigMapLabels[constants.OperatorLabelManagedByKey] = constants.OperatorLabelManagedByValueResourceGateway
+	return &semaphoreServer{
+		semaphoreConfig: semaphoreConfig,
+	}
+}
+
+func (s *semaphoreServer) newSemaphoreConfig(req *pb.CreateRequest) *SemaphoreConfig {
+	// create a copy of the common semaphore config
+	semaphoreConfig := copySemaphoreConfig(s.semaphoreConfig)
+
+	// update the config with the required request parameters
+	semaphoreConfig.NPermits = req.GetNPermits()
+	semaphoreConfig.ConfigMapName = fmt.Sprintf("%s-%s", semaphoreConfig.ConfigMapName, req.GetResourceId())
+
+	// override config values if optional request parameters are provided
+	// if req.GetConfigMapUpdatePeriod() > 0 {
+	// 	semaphoreConfig.ConfigMapUpdatePeriod = time.Duration(req.GetConfigMapUpdatePeriod()) * time.Second
+	// }
+	if req.GetLeaseTimeout() > 0 {
+		semaphoreConfig.LeaseTimeout = time.Duration(req.GetLeaseTimeout()) * time.Second
+	}
+	if req.GetDeadNodeTimeout() > 0 {
+		semaphoreConfig.DeadClientTimeout = time.Duration(req.GetDeadNodeTimeout()) * time.Second
+	}
+	// if req.GetMaxQueueSize() > 0 {
+	// 	semaphoreConfig.MaxQueueSize = req.GetMaxQueueSize()
+	// }
+
+	return semaphoreConfig
+}
+
+// Create implements the Create RPC method of the SemaphoreService.
+//
+// Create is used to create a new semaphore instance and its backing configmap.
+// It validates that required fields are provided in the request, and an instance
+// with the same resource ID does not already exist.
+func (s *semaphoreServer) Create(ctx context.Context, req *pb.CreateRequest) (*pb.CreateResponse, error) {
+	// validate request
+	if req.GetResourceId() == "" {
+		return &pb.CreateResponse{}, status.Error(codes.InvalidArgument, "Resource ID is required")
+	}
+	if req.GetNPermits() == 0 {
+		return &pb.CreateResponse{}, status.Error(codes.InvalidArgument, "Number of leases should be greater than 0")
+	}
+	semaphoreConfig := s.newSemaphoreConfig(req)
+
+	// check if semaphore instance already exists
+	item, ok := s.semaphoreMap.Load(req.GetResourceId())
+	if !ok {
+		logrus.Infof("Create semaphore with config: %v", semaphoreConfig)
+		semaphore := NewSemaphorePriorityQueueWithConfig(semaphoreConfig)
+		s.semaphoreMap.Store(req.GetResourceId(), semaphore)
+		return &pb.CreateResponse{}, nil
+	}
+
+	semaphorePQ := item.(SemaphorePriorityQueue)
+	semaphorePQ.Update(semaphoreConfig)
+	return &pb.CreateResponse{}, status.Error(codes.AlreadyExists, "Resource already exists")
+
+}
+
+// Load loads the semaphore instances that are already created in the system.
+//
+// It fetches all the configmaps with the label managed by resource-gateway
+// and creates semaphore instances for each of them.
+func (s *semaphoreServer) Load() error {
+	configMapList, err := core.Instance().ListConfigMap(
+		s.semaphoreConfig.ConfigMapNamespace,
+		metav1.ListOptions{
+			LabelSelector: fmt.Sprintf("%s=%s",
+				constants.OperatorLabelManagedByKey, constants.OperatorLabelManagedByValueResourceGateway),
+		})
+	if err != nil {
+		return err
+	}
+	for _, remoteConfigMap := range configMapList.Items {
+		resourceId := remoteConfigMap.Name[len(s.semaphoreConfig.ConfigMapName+"-"):]
+		logrus.Infof("Loading semaphore for configmap %s and resource Id %s", remoteConfigMap.Name, resourceId)
+		// other config values will be populated later from the configMap data
+		semaphoreConfig := &SemaphoreConfig{
+			ConfigMapName:      remoteConfigMap.Name,
+			ConfigMapNamespace: remoteConfigMap.Namespace,
+		}
+		semaphore := NewSemaphorePriorityQueueWithConfigMap(semaphoreConfig)
+		s.semaphoreMap.Store(resourceId, semaphore)
+	}
+	return nil
+}
+
+// Acquire implements the Acquire RPC method of the SemaphoreService.
+//
+// Acquire is used to acquire a lease on a resource. It validates that required
+// fields are provided in the request, and the resource exists. It returns the
+// status of the lease acquisition.
+func (s *semaphoreServer) Acquire(ctx context.Context, req *pb.AcquireRequest) (*pb.AcquireResponse, error) {
+	// validate request
+	if req.GetResourceId() == "" {
+		return &pb.AcquireResponse{}, status.Error(codes.InvalidArgument, "Resource ID is required")
+	}
+	if req.GetClientId() == "" {
+		return &pb.AcquireResponse{}, status.Error(codes.InvalidArgument, "Client ID is required")
+	}
+	if req.GetAccessPriority() == pb.AccessPriority_TYPE_UNSPECIFIED {
+		return &pb.AcquireResponse{}, status.Error(codes.InvalidArgument, "Access Priority is required")
+	}
+
+	// get the semaphore instance
+	item, ok := s.semaphoreMap.Load(req.GetResourceId())
+	if !ok {
+		return &pb.AcquireResponse{}, status.Error(codes.NotFound, "Resource not found")
+	}
+	semaphorePQ := item.(SemaphorePriorityQueue)
+
+	// process request to acquire lease
+	resourceState, err := semaphorePQ.Acquire(req.ClientId, req.AccessPriority)
+	if err != nil {
+		return &pb.AcquireResponse{}, status.Error(codes.Internal, err.Error())
+	}
+	response := &pb.AcquireResponse{
+		AccessStatus: resourceState,
+	}
+	return response, nil
+}
+
+// Release implements the Release RPC method of the SemaphoreService.
+//
+// Release is used to release a lease on a resource. It validates that required
+// fields are provided in the request, and the resource exists.
+// It returns an empty response.
+func (s *semaphoreServer) Release(ctx context.Context, req *pb.ReleaseRequest) (*pb.ReleaseResponse, error) {
+	// validate request
+	if req.GetResourceId() == "" {
+		return &pb.ReleaseResponse{}, status.Error(codes.InvalidArgument, "Resource ID is required")
+	}
+	if req.GetClientId() == "" {
+		return &pb.ReleaseResponse{}, status.Error(codes.InvalidArgument, "Client ID is required")
+	}
+
+	// get the semaphore instance
+	item, ok := s.semaphoreMap.Load(req.GetResourceId())
+	if !ok {
+		return &pb.ReleaseResponse{}, status.Error(codes.NotFound, "Resource not found")
+	}
+	semaphorePQ := item.(SemaphorePriorityQueue)
+
+	// process request to release lease
+	err := semaphorePQ.Release(req.ClientId)
+	if err != nil {
+		return &pb.ReleaseResponse{}, status.Error(codes.Internal, err.Error())
+	}
+	return &pb.ReleaseResponse{}, nil
+}
+
+// Heartbeat implements the Heartbeat RPC method of the SemaphoreService.
+//
+// Heartbeat is used to keep the lease alive. It validates that required fields
+// are provided in the request, and the resource exists. It returns the status
+// of the lease.
+func (s *semaphoreServer) Heartbeat(ctx context.Context, req *pb.HeartbeatRequest) (*pb.HeartbeatResponse, error) {
+	// validate request
+	if req.GetResourceId() == "" {
+		return &pb.HeartbeatResponse{}, status.Error(codes.InvalidArgument, "Resource ID is required")
+	}
+	if req.GetClientId() == "" {
+		return &pb.HeartbeatResponse{}, status.Error(codes.InvalidArgument, "Client ID is required")
+	}
+
+	// get the semaphore instance
+	item, ok := s.semaphoreMap.Load(req.GetResourceId())
+	if !ok {
+		return &pb.HeartbeatResponse{}, status.Error(codes.NotFound, "Resource not found")
+	}
+	semaphorePQ := item.(SemaphorePriorityQueue)
+
+	// process client heartbeat
+	accessStatus := semaphorePQ.Heartbeat(req.ClientId)
+	response := &pb.HeartbeatResponse{
+		AccessStatus: accessStatus,
+	}
+	return response, nil
+}
diff --git a/pkg/resource-gateway/semaphore_server_test.go b/pkg/resource-gateway/semaphore_server_test.go
new file mode 100644
index 0000000000..3ee5d73699
--- /dev/null
+++ b/pkg/resource-gateway/semaphore_server_test.go
@@ -0,0 +1,117 @@
+package resource_gateway
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/libopenstorage/operator/pkg/constants"
+	pb "github.com/libopenstorage/operator/proto"
+	"github.com/portworx/sched-ops/k8s/core"
+	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func newSemaphoreServerTest() *semaphoreServer {
+	semaphoreConfig := &SemaphoreConfig{
+		ConfigMapName:         testConfigMapName,
+		ConfigMapNamespace:    testConfigMapNamespace,
+		ConfigMapLabels:       map[string]string{},
+		ConfigMapUpdatePeriod: testConfigMapUpdatePeriod,
+		LeaseTimeout:          testLeaseTimeout,
+		DeadClientTimeout:     testDeadClientTimeout,
+		MaxQueueSize:          1000,
+	}
+	return NewSemaphoreServer(semaphoreConfig)
+}
+
+func createTestConfigMap(t *testing.T, suffix string) {
+	configMapName := fmt.Sprintf("%s-%s", testConfigMapName, suffix)
+	_, err := core.Instance().CreateConfigMap(&corev1.ConfigMap{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      configMapName,
+			Namespace: testConfigMapNamespace,
+			Labels: map[string]string{
+				constants.OperatorLabelManagedByKey: constants.OperatorLabelManagedByValueResourceGateway,
+			},
+		},
+		Data: map[string]string{
+			activeLeasesKey:          "",
+			nPermitsKey:              "1",
+			configMapUpdatePeriodKey: testConfigMapUpdatePeriod.String(),
+			leaseTimeoutKey:          testLeaseTimeout.String(),
+			deadClientTimeoutKey:     testDeadClientTimeout.String(),
+			maxQueueSizeKey:          "1000",
+		},
+	})
+	require.NoError(t, err)
+}
+
+func TestSemaphoreServer_Create(t *testing.T) {
+	setup(t)
+
+	testResourceId := "resource-x"
+	deleteConfigMap(t, testResourceId)
+	s := newSemaphoreServerTest()
+
+	// First create request for a semaphore will create a new configmap
+	configMapName := fmt.Sprintf("%s-%s", testConfigMapName, testResourceId)
+	req := &pb.CreateRequest{
+		ResourceId:   testResourceId,
+		NPermits:     1,
+		LeaseTimeout: 10,
+	}
+	_, err := s.Create(context.Background(), req)
+	require.NoError(t, err)
+	remoteConfigMap, err := core.Instance().GetConfigMap(configMapName, testConfigMapNamespace)
+	require.NoError(t, err)
+	require.Equal(t, "1", remoteConfigMap.Data[nPermitsKey])
+
+	// Second request for the same semaphore will update the existing configmap
+	req = &pb.CreateRequest{
+		ResourceId:   testResourceId,
+		NPermits:     2,
+		LeaseTimeout: 10,
+	}
+	_, err = s.Create(context.Background(), req)
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "Resource already exists")
+	remoteConfigMap, err = core.Instance().GetConfigMap(configMapName, testConfigMapNamespace)
+	require.NoError(t, err)
+	require.Equal(t, "2", remoteConfigMap.Data[nPermitsKey])
+}
+
+func TestSemaphoreServer_Load(t *testing.T) {
+	setup(t)
+
+	s := newSemaphoreServerTest()
+	deleteConfigMap(t, "resource-1")
+	deleteConfigMap(t, "resource-2")
+
+	// Create configmaps for semaphore that should be loaded
+	createTestConfigMap(t, "resource-1")
+	createTestConfigMap(t, "resource-2")
+
+	// Load the semaphore
+	err := s.Load()
+	require.NoError(t, err)
+
+	req := &pb.AcquireRequest{
+		ResourceId:     "resource-1",
+		ClientId:       "client-1",
+		AccessPriority: pb.AccessPriority_HIGH,
+	}
+	resp, err := s.Acquire(context.Background(), req)
+	require.NoError(t, err, "Unexpected error on Acquire")
+	require.Equal(t, pb.AccessStatus_LEASED, resp.GetAccessStatus())
+
+	req = &pb.AcquireRequest{
+		ResourceId:     "resource-2",
+		ClientId:       "client-2",
+		AccessPriority: pb.AccessPriority_LOW,
+	}
+	resp, err = s.Acquire(context.Background(), req)
+	require.NoError(t, err, "Unexpected error on Acquire")
+	require.Equal(t, pb.AccessStatus_LEASED, resp.GetAccessStatus())
+}
diff --git a/pkg/resource-gateway/semaphore_test.go b/pkg/resource-gateway/semaphore_test.go
new file mode 100644
index 0000000000..b3a2885832
--- /dev/null
+++ b/pkg/resource-gateway/semaphore_test.go
@@ -0,0 +1,224 @@
+package resource_gateway
+
+import (
+	"fmt"
+	"os"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/libopenstorage/openstorage/pkg/sched"
+	pb "github.com/libopenstorage/operator/proto"
+	"github.com/portworx/sched-ops/k8s/core"
+	"github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/require"
+	k8s_errors "k8s.io/apimachinery/pkg/api/errors"
+)
+
+const (
+	// methods
+	noaction  = "NoAction"
+	acquire   = "Acquire"
+	release   = "Release"
+	heartbeat = "Heartbeat"
+
+	// priorities
+	nopriority = pb.AccessPriority_TYPE_UNSPECIFIED
+	low        = pb.AccessPriority_LOW
+	med        = pb.AccessPriority_MEDIUM
+	high       = pb.AccessPriority_HIGH
+
+	// access statuses
+	nostatus = pb.AccessStatus_TYPE_UNSPECIFIED
+	leased   = pb.AccessStatus_LEASED
+	queued   = pb.AccessStatus_QUEUED
+)
+
+var (
+	once sync.Once
+
+	testConfigMapName         = "resource-gateway-test"
+	testConfigMapNamespace    = "kube-system"
+	testConfigMapUpdatePeriod = 1 * time.Second
+	testLeaseTimeout          = 25 * time.Second
+	testDeadClientTimeout     = 15 * time.Second
+)
+
+func newSemaphorePriorityQueueTest() SemaphorePriorityQueue {
+	semaphoreConfig := &SemaphoreConfig{
+		NPermits:           uint32(2),
+		ConfigMapName:      testConfigMapName,
+		ConfigMapNamespace: testConfigMapNamespace,
+		ConfigMapLabels: map[string]string{
+			"name": testConfigMapName,
+		},
+		ConfigMapUpdatePeriod: testConfigMapUpdatePeriod,
+		LeaseTimeout:          testLeaseTimeout,
+		DeadClientTimeout:     testDeadClientTimeout,
+		MaxQueueSize:          1000,
+	}
+	return NewSemaphorePriorityQueueWithConfig(semaphoreConfig)
+}
+
+func deleteConfigMap(t *testing.T, suffix string) (err error) {
+	defer require.NoError(t, err, "Unable to delete configmap")
+	configMapName := testConfigMapName
+	if suffix != "" {
+		configMapName = fmt.Sprintf("%s-%s", testConfigMapName, suffix)
+	}
+	err = core.Instance().DeleteConfigMap(configMapName, testConfigMapNamespace)
+	if err != nil && !k8s_errors.IsNotFound(err) {
+		return err
+	}
+
+	// wait for the configmap to be deleted and check every second upto 5s
+	for i := 0; i < 5; i++ {
+		_, err = core.Instance().GetConfigMap(configMapName, testConfigMapNamespace)
+		if k8s_errors.IsNotFound(err) {
+			return nil
+		}
+		time.Sleep(time.Second * 1)
+	}
+	return err
+}
+
+func setup(t *testing.T) {
+	// init
+	once.Do(func() {
+		if sched.Instance() == nil {
+			sched.Init(time.Second)
+		}
+
+		// validate kubeconfig is set
+		if os.Getenv("KUBECONFIG") == "" {
+			fmt.Println("KUBECONFIG not set. Cannot run Semaphore UT.")
+			return
+		}
+		logrus.SetLevel(logrus.DebugLevel)
+		testOverride = true
+	})
+
+	deleteConfigMap(t, "") // cleanup
+}
+
+func validateConfigMap(t *testing.T, activeLeasesList []string) {
+	remoteConfigMap, err := core.Instance().GetConfigMap(testConfigMapName, testConfigMapNamespace)
+	cm := configMap{
+		cm: remoteConfigMap,
+	}
+	require.NoError(t, err, "Unexpected error on get configmap")
+	activeLeases, err := cm.ActiveLeases()
+	require.NoError(t, err, "Unexpected error on fetch active leases from configmap")
+	require.Equal(t, len(activeLeasesList), len(activeLeases))
+	for _, expectedClient := range activeLeasesList {
+		_, exists := activeLeases[expectedClient]
+		require.True(t, exists, "Client %s not found in configmap", expectedClient)
+	}
+}
+
+func TestSemaphore_AcquireAndRelease(t *testing.T) {
+
+	testCases := []struct {
+		name             string
+		method           string
+		delay            time.Duration
+		client           string
+		priority         pb.AccessPriority_Type
+		status           pb.AccessStatus_Type
+		activeLeasesList []string
+	}{
+		// configMapUpdatePeriod = 1s, leaseTimeout = 25s, deadClientTimeout = 15s
+		// test acquire and release
+		// tests a client can take the first lease
+		{"client-1 is granted lease", acquire, 0, "client-1", low, leased, []string{"client-1"}},
+		// 2 seconds elapsed
+		// tests a client can take the second / last lease
+		{"client-2 is granted lease", acquire, 0, "client-2", low, leased, []string{"client-1", "client-2"}},
+		// 4 seconds elapsed
+		// tests a client can be queued to low priority
+		{"client-3 is queued to low", acquire, 0, "client-3", low, queued, []string{"client-1", "client-2"}},
+		// tests a client can be queued to medium priority
+		{"client-4 is queued to med", acquire, 0, "client-4", med, queued, []string{"client-1", "client-2"}},
+		// tests a client can be queued to high priority
+		{"client-5 is queued to high", acquire, 0, "client-5", high, queued, []string{"client-1", "client-2"}},
+		// tests a client can be queued to high priority behind another high priority client
+		{"client-6 is queued to high", acquire, 0, "client-6", high, queued, []string{"client-1", "client-2"}},
+		// tests the acquire will be noop and return correct status if the client already has the lease
+		{"client-1 is already leased", acquire, 0, "client-1", low, leased, []string{"client-1", "client-2"}},
+		// tests the acquire will be noop if the client is already queued and no lease is available
+		{"client-5 cannot take the lease", acquire, 0, "client-5", high, queued, []string{"client-1", "client-2"}},
+		// tests client is able to release the lease
+		{"client-1 releases the lease", release, 0, "client-1", nopriority, nostatus, []string{"client-2"}},
+		// 6 seconds elapsed
+		// tests that heartbeats return the correct status
+		// heartbeat to keep client-2 lease alive till 21 seconds elapsed
+		{"client-2 heartbeats within lease timeout", heartbeat, 0, "client-2", nopriority, leased, []string{"client-2"}},
+		// do acquire poll for clients in queue for implicit heartbeat
+		// keeps client 3 and 4 alive till 21 seconds elapsed
+		// tests the client with lower priority will NOT get the lease if a client with higher priority is in the queue
+		{"client-3 cannot take the lease", acquire, 0, "client-3", low, queued, []string{"client-2"}},
+		{"client-4 cannot take the lease", acquire, 0, "client-4", med, queued, []string{"client-2"}},
+		// tests the client with highest priority at the front of the queue will get the lease
+		{"client-5 is granted the lease", acquire, 0, "client-5", high, leased, []string{"client-5", "client-2"}},
+		// 8 seconds elapsed
+		// keep client 6 alive till 23 seconds elapsed
+		{"client-6 cannot take the lease", acquire, 0, "client-6", high, queued, []string{"client-2", "client-5"}},
+		{"client-5 releases the lease", release, 0, "client-5", nopriority, nostatus, []string{"client-2"}},
+		// 10 seconds elapsed
+		{"client-6 is granted the lease", acquire, 0, "client-6", high, leased, []string{"client-2", "client-6"}},
+		// 12 seconds elapsed
+		// tests that heartbeats return the correct status
+		{"client-2 heartbeats within lease timeout", heartbeat, 0, "client-2", nopriority, leased, []string{"client-2", "client-6"}},
+		{"client-6 heartbeats", heartbeat, 0, "client-6", nopriority, leased, []string{"client-2", "client-6"}},
+		{"client-6 releases the lease", release, 0, "client-6", nopriority, nostatus, []string{"client-2"}},
+		// 14 seconds elapsed
+		// tests the client with medium priority will get the lease
+		{"client-4 is granted the lease", acquire, 0, "client-4", med, leased, []string{"client-2", "client-4"}},
+		// 16 seconds elasped
+		// tests that client in queue that has not polled within dead client timeout will be removed the queue
+		// sleep 7 seconds
+		{"client-3 heartbeats outside dead client timeout", heartbeat, time.Second * 7, "client-3", nopriority, nostatus, []string{"client-2", "client-4"}},
+		// 23 seconds elapsed
+		// tests that client that has held the lease for longer than the lease timeout will lose the lease
+		// sleep 5 seconds
+		{"client-2 heartbeats outside lease timeout", heartbeat, time.Second * 7, "client-2", nopriority, nostatus, []string{"client-4"}},
+		// 30 seconds elapsed
+		// tests that client that has a lease and has not heartbeated within dead client timeout will lose the lease
+		// sleep 5 seconds
+		{"client-4 heartbeats outside dead client timeout", heartbeat, time.Second * 5, "client-4", nopriority, nostatus, []string{}},
+		// 35 seconds elapsed
+	}
+
+	setup(t)
+	semPQ := newSemaphorePriorityQueueTest()
+
+	startTime := time.Now()
+
+	for _, tc := range testCases {
+		if tc.delay > 0 {
+			time.Sleep(tc.delay)
+			fmt.Println("Elapsed time (after sleep): ", time.Since(startTime).Seconds())
+		}
+		if tc.method == acquire {
+			t.Run(tc.name, func(t *testing.T) {
+				status, err := semPQ.Acquire(tc.client, tc.priority)
+				require.NoError(t, err, "Unexpected error on Acquire")
+				require.Equal(t, tc.status, status)
+			})
+		} else if tc.method == release {
+			t.Run(tc.name, func(t *testing.T) {
+				err := semPQ.Release(tc.client)
+				require.NoError(t, err, "Unexpected error on Release")
+			})
+		} else if tc.method == heartbeat {
+			t.Run(tc.name, func(t *testing.T) {
+				status := semPQ.Heartbeat(tc.client)
+				require.Equal(t, tc.status, status)
+			})
+		}
+
+		validateConfigMap(t, tc.activeLeasesList)
+
+		fmt.Println("Elapsed time (after exec): ", time.Since(startTime).Seconds())
+	}
+}
diff --git a/pkg/util/k8s/k8s.go b/pkg/util/k8s/k8s.go
index d8e31391c5..900c2d75ed 100644
--- a/pkg/util/k8s/k8s.go
+++ b/pkg/util/k8s/k8s.go
@@ -1578,7 +1578,7 @@ func CreateOrUpdatePrometheus(
 	if prometheus.Spec.PodMetadata.Labels == nil {
 		prometheus.Spec.PodMetadata.Labels = make(map[string]string)
 	}
-	prometheus.Spec.PodMetadata.Labels[constants.OperatorLabelManagedByKey] = constants.OperatorLabelManagedByValue
+	prometheus.Spec.PodMetadata.Labels[constants.OperatorLabelManagedByKey] = constants.OperatorLabelManagedByValuePortworx
 	if modified || len(prometheus.OwnerReferences) > len(existingPrometheus.OwnerReferences) {
 		prometheus.ResourceVersion = existingPrometheus.ResourceVersion
 		logrus.Infof("Updating Prometheus %s/%s", prometheus.Namespace, prometheus.Name)
@@ -1660,7 +1660,7 @@ func CreateOrUpdateAlertManager(
 	if alertManager.Spec.PodMetadata.Labels == nil {
 		alertManager.Spec.PodMetadata.Labels = make(map[string]string)
 	}
-	alertManager.Spec.PodMetadata.Labels[constants.OperatorLabelManagedByKey] = constants.OperatorLabelManagedByValue
+	alertManager.Spec.PodMetadata.Labels[constants.OperatorLabelManagedByKey] = constants.OperatorLabelManagedByValuePortworx
 	if modified || len(alertManager.OwnerReferences) > len(existingAlertManager.OwnerReferences) {
 		alertManager.ResourceVersion = existingAlertManager.ResourceVersion
 		logrus.Infof("Updating AlertManager %s/%s", alertManager.Namespace, alertManager.Name)
@@ -2330,7 +2330,7 @@ func AddManagedByOperatorLabel(om metav1.ObjectMeta) metav1.ObjectMeta {
 	if om.Labels == nil {
 		om.Labels = make(map[string]string)
 	}
-	om.Labels[constants.OperatorLabelManagedByKey] = constants.OperatorLabelManagedByValue
+	om.Labels[constants.OperatorLabelManagedByKey] = constants.OperatorLabelManagedByValuePortworx
 	return om
 }
 
diff --git a/proto/Dockerfile b/proto/Dockerfile
new file mode 100644
index 0000000000..ca40545140
--- /dev/null
+++ b/proto/Dockerfile
@@ -0,0 +1,10 @@
+# This Dockerfile is used to build base image for Resource Gateway proto files
+# The image is based on osd-proto image provided by OpenStorage
+
+FROM quay.io/openstorage/osd-proto-clients
+
+LABEL author="dgoel"
+
+RUN mkdir -p /go/src/github.com/libopenstorage/operator/proto
+
+WORKDIR /go/src/github.com/libopenstorage/operator/proto
diff --git a/proto/Makefile b/proto/Makefile
new file mode 100644
index 0000000000..e87179a0c8
--- /dev/null
+++ b/proto/Makefile
@@ -0,0 +1,53 @@
+# set defaults
+ifndef DOCKER_HUB_RESOURCE_GATEWAY_PROTO_IMG
+    DOCKER_HUB_RESOURCE_GATEWAY_PROTO_IMG := resource-gateway-proto
+    $(warning DOCKER_HUB_RESOURCE_GATEWAY_PROTO_IMG not defined, using '$(DOCKER_HUB_RESOURCE_GATEWAY_PROTO_IMG)' instead)
+endif
+ifndef DOCKER_HUB_RESOURCE_GATEWAY_PROTO_TAG
+    DOCKER_HUB_RESOURCE_GATEWAY_PROTO_TAG := latest
+    $(warning DOCKER_HUB_RESOURCE_GATEWAY_PROTO_TAG not defined, using '$(DOCKER_HUB_RESOURCE_GATEWAY_PROTO_TAG)' instead)
+endif
+
+ifndef PROTOC
+PROTOC = protoc
+endif
+
+ifndef PROTOS_PATH
+PROTOS_PATH = $(GOPATH)/src
+endif
+
+ifndef PROTOSRC_PATH
+PROTOSRC_PATH = $(PROTOS_PATH)/github.com/libopenstorage/operator/proto
+endif
+
+RESOURCE_GATEWAY_PROTO_IMG=$(DOCKER_HUB_REPO)/$(DOCKER_HUB_RESOURCE_GATEWAY_PROTO_IMG):$(DOCKER_HUB_RESOURCE_GATEWAY_PROTO_TAG)
+
+# builds the container to compile proto files
+build-docker:
+	docker build -t $(RESOURCE_GATEWAY_PROTO_IMG) .
+
+# builds the proto target inside the build container
+docker-proto:
+	docker run \
+		--privileged --rm -it \
+		-v $(shell pwd):/go/src/github.com/libopenstorage/operator/proto \
+		-e "GOPATH=/go" \
+		-e "DOCKER_PROTO=yes" \
+		-e "PATH=/bin:/usr/bin:/usr/local/bin:/go/bin:/usr/local/go/bin" \
+		$(RESOURCE_GATEWAY_PROTO_IMG) \
+		make proto
+
+# compiles the proto files - should be run inside the build container
+proto: $(GOPATH)/bin/protoc-gen-go $(GOPATH)/bin/protoc-gen-grpc-gateway $(GOPATH)/bin/protoc-gen-swagger
+ifndef DOCKER_PROTO
+	$(error Do not run directly. Run 'make docker-proto' instead.)
+endif
+	@echo ">>> Generating protobuf definitions from api/api.proto"
+	$(PROTOC) -I $(PROTOSRC_PATH) \
+		-I /usr/local/include \
+		-I $(PROTOS_PATH)/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis \
+		--go_out=plugins=grpc:. \
+		$(PROTOSRC_PATH)/resource_gateway.proto
+
+clean:
+	rm -f resource_gateway.pb.go
\ No newline at end of file
diff --git a/proto/resource_gateway.pb.go b/proto/resource_gateway.pb.go
new file mode 100644
index 0000000000..dab5676b39
--- /dev/null
+++ b/proto/resource_gateway.pb.go
@@ -0,0 +1,826 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: resource_gateway.proto
+
+package resourcegateway
+
+import proto "github.com/golang/protobuf/proto"
+import fmt "fmt"
+import math "math"
+
+import (
+	context "golang.org/x/net/context"
+	grpc "google.golang.org/grpc"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+
+// Type of priority
+type AccessPriority_Type int32
+
+const (
+	// Unspecified, do NOT use
+	AccessPriority_TYPE_UNSPECIFIED AccessPriority_Type = 0
+	// Enqueued to low priority queue
+	AccessPriority_LOW AccessPriority_Type = 1
+	// Enqueued to medium priority queue
+	AccessPriority_MEDIUM AccessPriority_Type = 2
+	// Enqueued to high priority queue
+	AccessPriority_HIGH AccessPriority_Type = 3
+)
+
+var AccessPriority_Type_name = map[int32]string{
+	0: "TYPE_UNSPECIFIED",
+	1: "LOW",
+	2: "MEDIUM",
+	3: "HIGH",
+}
+var AccessPriority_Type_value = map[string]int32{
+	"TYPE_UNSPECIFIED": 0,
+	"LOW":              1,
+	"MEDIUM":           2,
+	"HIGH":             3,
+}
+
+func (x AccessPriority_Type) String() string {
+	return proto.EnumName(AccessPriority_Type_name, int32(x))
+}
+func (AccessPriority_Type) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_resource_gateway_1e8a27e27414e1c7, []int{0, 0}
+}
+
+// Type of status
+type AccessStatus_Type int32
+
+const (
+	// Unspecified, do NOT use
+	AccessStatus_TYPE_UNSPECIFIED AccessStatus_Type = 0
+	// Enqueued for access to the resource
+	AccessStatus_QUEUED AccessStatus_Type = 1
+	// Lease acquired for the resource
+	AccessStatus_LEASED AccessStatus_Type = 2
+)
+
+var AccessStatus_Type_name = map[int32]string{
+	0: "TYPE_UNSPECIFIED",
+	1: "QUEUED",
+	2: "LEASED",
+}
+var AccessStatus_Type_value = map[string]int32{
+	"TYPE_UNSPECIFIED": 0,
+	"QUEUED":           1,
+	"LEASED":           2,
+}
+
+func (x AccessStatus_Type) String() string {
+	return proto.EnumName(AccessStatus_Type_name, int32(x))
+}
+func (AccessStatus_Type) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_resource_gateway_1e8a27e27414e1c7, []int{1, 0}
+}
+
+// AccessPriority specifies the priority of a client's access to a semaphore resource
+type AccessPriority struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *AccessPriority) Reset()         { *m = AccessPriority{} }
+func (m *AccessPriority) String() string { return proto.CompactTextString(m) }
+func (*AccessPriority) ProtoMessage()    {}
+func (*AccessPriority) Descriptor() ([]byte, []int) {
+	return fileDescriptor_resource_gateway_1e8a27e27414e1c7, []int{0}
+}
+func (m *AccessPriority) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_AccessPriority.Unmarshal(m, b)
+}
+func (m *AccessPriority) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_AccessPriority.Marshal(b, m, deterministic)
+}
+func (dst *AccessPriority) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AccessPriority.Merge(dst, src)
+}
+func (m *AccessPriority) XXX_Size() int {
+	return xxx_messageInfo_AccessPriority.Size(m)
+}
+func (m *AccessPriority) XXX_DiscardUnknown() {
+	xxx_messageInfo_AccessPriority.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_AccessPriority proto.InternalMessageInfo
+
+// AccessStatus specifies the status of a client's access to a semaphore resource
+type AccessStatus struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *AccessStatus) Reset()         { *m = AccessStatus{} }
+func (m *AccessStatus) String() string { return proto.CompactTextString(m) }
+func (*AccessStatus) ProtoMessage()    {}
+func (*AccessStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_resource_gateway_1e8a27e27414e1c7, []int{1}
+}
+func (m *AccessStatus) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_AccessStatus.Unmarshal(m, b)
+}
+func (m *AccessStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_AccessStatus.Marshal(b, m, deterministic)
+}
+func (dst *AccessStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AccessStatus.Merge(dst, src)
+}
+func (m *AccessStatus) XXX_Size() int {
+	return xxx_messageInfo_AccessStatus.Size(m)
+}
+func (m *AccessStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_AccessStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_AccessStatus proto.InternalMessageInfo
+
+// CreateRequest is the request to create a new semaphore resource
+//
+// resource_id and n_permits are required fields
+// the other fields are optional and if skipped will be set to default values
+type CreateRequest struct {
+	// Resource Id of the new semaphore resource
+	ResourceId string `protobuf:"bytes,1,opt,name=resource_id,json=resourceId" json:"resource_id,omitempty"`
+	// Number of permits that can be leased out for a resource
+	NPermits uint32 `protobuf:"varint,2,opt,name=n_permits,json=nPermits" json:"n_permits,omitempty"`
+	// Max duration for which a lease can be held
+	LeaseTimeout uint64 `protobuf:"varint,3,opt,name=lease_timeout,json=leaseTimeout" json:"lease_timeout,omitempty"`
+	// Max duration after which a client is considered dead if there is no heartbeat
+	DeadNodeTimeout      uint64   `protobuf:"varint,4,opt,name=dead_node_timeout,json=deadNodeTimeout" json:"dead_node_timeout,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CreateRequest) Reset()         { *m = CreateRequest{} }
+func (m *CreateRequest) String() string { return proto.CompactTextString(m) }
+func (*CreateRequest) ProtoMessage()    {}
+func (*CreateRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_resource_gateway_1e8a27e27414e1c7, []int{2}
+}
+func (m *CreateRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_CreateRequest.Unmarshal(m, b)
+}
+func (m *CreateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_CreateRequest.Marshal(b, m, deterministic)
+}
+func (dst *CreateRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateRequest.Merge(dst, src)
+}
+func (m *CreateRequest) XXX_Size() int {
+	return xxx_messageInfo_CreateRequest.Size(m)
+}
+func (m *CreateRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CreateRequest proto.InternalMessageInfo
+
+func (m *CreateRequest) GetResourceId() string {
+	if m != nil {
+		return m.ResourceId
+	}
+	return ""
+}
+
+func (m *CreateRequest) GetNPermits() uint32 {
+	if m != nil {
+		return m.NPermits
+	}
+	return 0
+}
+
+func (m *CreateRequest) GetLeaseTimeout() uint64 {
+	if m != nil {
+		return m.LeaseTimeout
+	}
+	return 0
+}
+
+func (m *CreateRequest) GetDeadNodeTimeout() uint64 {
+	if m != nil {
+		return m.DeadNodeTimeout
+	}
+	return 0
+}
+
+// CreateResponse is the response to create a new semaphore resource
+type CreateResponse struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CreateResponse) Reset()         { *m = CreateResponse{} }
+func (m *CreateResponse) String() string { return proto.CompactTextString(m) }
+func (*CreateResponse) ProtoMessage()    {}
+func (*CreateResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_resource_gateway_1e8a27e27414e1c7, []int{3}
+}
+func (m *CreateResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_CreateResponse.Unmarshal(m, b)
+}
+func (m *CreateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_CreateResponse.Marshal(b, m, deterministic)
+}
+func (dst *CreateResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateResponse.Merge(dst, src)
+}
+func (m *CreateResponse) XXX_Size() int {
+	return xxx_messageInfo_CreateResponse.Size(m)
+}
+func (m *CreateResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CreateResponse proto.InternalMessageInfo
+
+// AcquireRequest is the request to acquire a lease for a semaphore resource
+type AcquireRequest struct {
+	// Resource Id to acquire the lease for
+	// It should be the same as the resource_id in the CreateRequest
+	ResourceId string `protobuf:"bytes,1,opt,name=resource_id,json=resourceId" json:"resource_id,omitempty"`
+	// Client Id who is acquiring the lease
+	// client_id can be any unique identifier for the client
+	ClientId string `protobuf:"bytes,2,opt,name=client_id,json=clientId" json:"client_id,omitempty"`
+	// Priority of the client's access to the resource
+	AccessPriority       AccessPriority_Type `protobuf:"varint,3,opt,name=access_priority,json=accessPriority,enum=operator.resourcegateway.AccessPriority_Type" json:"access_priority,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
+	XXX_unrecognized     []byte              `json:"-"`
+	XXX_sizecache        int32               `json:"-"`
+}
+
+func (m *AcquireRequest) Reset()         { *m = AcquireRequest{} }
+func (m *AcquireRequest) String() string { return proto.CompactTextString(m) }
+func (*AcquireRequest) ProtoMessage()    {}
+func (*AcquireRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_resource_gateway_1e8a27e27414e1c7, []int{4}
+}
+func (m *AcquireRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_AcquireRequest.Unmarshal(m, b)
+}
+func (m *AcquireRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_AcquireRequest.Marshal(b, m, deterministic)
+}
+func (dst *AcquireRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AcquireRequest.Merge(dst, src)
+}
+func (m *AcquireRequest) XXX_Size() int {
+	return xxx_messageInfo_AcquireRequest.Size(m)
+}
+func (m *AcquireRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_AcquireRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_AcquireRequest proto.InternalMessageInfo
+
+func (m *AcquireRequest) GetResourceId() string {
+	if m != nil {
+		return m.ResourceId
+	}
+	return ""
+}
+
+func (m *AcquireRequest) GetClientId() string {
+	if m != nil {
+		return m.ClientId
+	}
+	return ""
+}
+
+func (m *AcquireRequest) GetAccessPriority() AccessPriority_Type {
+	if m != nil {
+		return m.AccessPriority
+	}
+	return AccessPriority_TYPE_UNSPECIFIED
+}
+
+// AcquireResponse is the response to acquire a semaphore lock
+type AcquireResponse struct {
+	// Status of the client's access to the resource
+	AccessStatus         AccessStatus_Type `protobuf:"varint,1,opt,name=access_status,json=accessStatus,enum=operator.resourcegateway.AccessStatus_Type" json:"access_status,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *AcquireResponse) Reset()         { *m = AcquireResponse{} }
+func (m *AcquireResponse) String() string { return proto.CompactTextString(m) }
+func (*AcquireResponse) ProtoMessage()    {}
+func (*AcquireResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_resource_gateway_1e8a27e27414e1c7, []int{5}
+}
+func (m *AcquireResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_AcquireResponse.Unmarshal(m, b)
+}
+func (m *AcquireResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_AcquireResponse.Marshal(b, m, deterministic)
+}
+func (dst *AcquireResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AcquireResponse.Merge(dst, src)
+}
+func (m *AcquireResponse) XXX_Size() int {
+	return xxx_messageInfo_AcquireResponse.Size(m)
+}
+func (m *AcquireResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_AcquireResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_AcquireResponse proto.InternalMessageInfo
+
+func (m *AcquireResponse) GetAccessStatus() AccessStatus_Type {
+	if m != nil {
+		return m.AccessStatus
+	}
+	return AccessStatus_TYPE_UNSPECIFIED
+}
+
+// ReleaseRequest is the request to release a semaphore lock
+type ReleaseRequest struct {
+	// Resource Id to release the lease for
+	ResourceId string `protobuf:"bytes,1,opt,name=resource_id,json=resourceId" json:"resource_id,omitempty"`
+	// Client Id who is releasing the lease
+	ClientId             string   `protobuf:"bytes,2,opt,name=client_id,json=clientId" json:"client_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ReleaseRequest) Reset()         { *m = ReleaseRequest{} }
+func (m *ReleaseRequest) String() string { return proto.CompactTextString(m) }
+func (*ReleaseRequest) ProtoMessage()    {}
+func (*ReleaseRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_resource_gateway_1e8a27e27414e1c7, []int{6}
+}
+func (m *ReleaseRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ReleaseRequest.Unmarshal(m, b)
+}
+func (m *ReleaseRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ReleaseRequest.Marshal(b, m, deterministic)
+}
+func (dst *ReleaseRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ReleaseRequest.Merge(dst, src)
+}
+func (m *ReleaseRequest) XXX_Size() int {
+	return xxx_messageInfo_ReleaseRequest.Size(m)
+}
+func (m *ReleaseRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ReleaseRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ReleaseRequest proto.InternalMessageInfo
+
+func (m *ReleaseRequest) GetResourceId() string {
+	if m != nil {
+		return m.ResourceId
+	}
+	return ""
+}
+
+func (m *ReleaseRequest) GetClientId() string {
+	if m != nil {
+		return m.ClientId
+	}
+	return ""
+}
+
+// ReleaseResponse is the response to release a semaphore lock
+type ReleaseResponse struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ReleaseResponse) Reset()         { *m = ReleaseResponse{} }
+func (m *ReleaseResponse) String() string { return proto.CompactTextString(m) }
+func (*ReleaseResponse) ProtoMessage()    {}
+func (*ReleaseResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_resource_gateway_1e8a27e27414e1c7, []int{7}
+}
+func (m *ReleaseResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ReleaseResponse.Unmarshal(m, b)
+}
+func (m *ReleaseResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ReleaseResponse.Marshal(b, m, deterministic)
+}
+func (dst *ReleaseResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ReleaseResponse.Merge(dst, src)
+}
+func (m *ReleaseResponse) XXX_Size() int {
+	return xxx_messageInfo_ReleaseResponse.Size(m)
+}
+func (m *ReleaseResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ReleaseResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ReleaseResponse proto.InternalMessageInfo
+
+// HeartbeatRequest is the request to send a heartbeat to the semaphore service
+type HeartbeatRequest struct {
+	// Resource ID to keep the lease alive for
+	ResourceId string `protobuf:"bytes,1,opt,name=resource_id,json=resourceId" json:"resource_id,omitempty"`
+	// Client ID to keep the lease alive for
+	ClientId             string   `protobuf:"bytes,2,opt,name=client_id,json=clientId" json:"client_id,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *HeartbeatRequest) Reset()         { *m = HeartbeatRequest{} }
+func (m *HeartbeatRequest) String() string { return proto.CompactTextString(m) }
+func (*HeartbeatRequest) ProtoMessage()    {}
+func (*HeartbeatRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_resource_gateway_1e8a27e27414e1c7, []int{8}
+}
+func (m *HeartbeatRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_HeartbeatRequest.Unmarshal(m, b)
+}
+func (m *HeartbeatRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_HeartbeatRequest.Marshal(b, m, deterministic)
+}
+func (dst *HeartbeatRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HeartbeatRequest.Merge(dst, src)
+}
+func (m *HeartbeatRequest) XXX_Size() int {
+	return xxx_messageInfo_HeartbeatRequest.Size(m)
+}
+func (m *HeartbeatRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_HeartbeatRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HeartbeatRequest proto.InternalMessageInfo
+
+func (m *HeartbeatRequest) GetResourceId() string {
+	if m != nil {
+		return m.ResourceId
+	}
+	return ""
+}
+
+func (m *HeartbeatRequest) GetClientId() string {
+	if m != nil {
+		return m.ClientId
+	}
+	return ""
+}
+
+// HeartbeatLockResponse is the response to keep a semaphore lock alive
+type HeartbeatResponse struct {
+	// Status of the client's access to the resource
+	AccessStatus         AccessStatus_Type `protobuf:"varint,1,opt,name=access_status,json=accessStatus,enum=operator.resourcegateway.AccessStatus_Type" json:"access_status,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
+	XXX_unrecognized     []byte            `json:"-"`
+	XXX_sizecache        int32             `json:"-"`
+}
+
+func (m *HeartbeatResponse) Reset()         { *m = HeartbeatResponse{} }
+func (m *HeartbeatResponse) String() string { return proto.CompactTextString(m) }
+func (*HeartbeatResponse) ProtoMessage()    {}
+func (*HeartbeatResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_resource_gateway_1e8a27e27414e1c7, []int{9}
+}
+func (m *HeartbeatResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_HeartbeatResponse.Unmarshal(m, b)
+}
+func (m *HeartbeatResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_HeartbeatResponse.Marshal(b, m, deterministic)
+}
+func (dst *HeartbeatResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HeartbeatResponse.Merge(dst, src)
+}
+func (m *HeartbeatResponse) XXX_Size() int {
+	return xxx_messageInfo_HeartbeatResponse.Size(m)
+}
+func (m *HeartbeatResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_HeartbeatResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HeartbeatResponse proto.InternalMessageInfo
+
+func (m *HeartbeatResponse) GetAccessStatus() AccessStatus_Type {
+	if m != nil {
+		return m.AccessStatus
+	}
+	return AccessStatus_TYPE_UNSPECIFIED
+}
+
+func init() {
+	proto.RegisterType((*AccessPriority)(nil), "operator.resourcegateway.AccessPriority")
+	proto.RegisterType((*AccessStatus)(nil), "operator.resourcegateway.AccessStatus")
+	proto.RegisterType((*CreateRequest)(nil), "operator.resourcegateway.CreateRequest")
+	proto.RegisterType((*CreateResponse)(nil), "operator.resourcegateway.CreateResponse")
+	proto.RegisterType((*AcquireRequest)(nil), "operator.resourcegateway.AcquireRequest")
+	proto.RegisterType((*AcquireResponse)(nil), "operator.resourcegateway.AcquireResponse")
+	proto.RegisterType((*ReleaseRequest)(nil), "operator.resourcegateway.ReleaseRequest")
+	proto.RegisterType((*ReleaseResponse)(nil), "operator.resourcegateway.ReleaseResponse")
+	proto.RegisterType((*HeartbeatRequest)(nil), "operator.resourcegateway.HeartbeatRequest")
+	proto.RegisterType((*HeartbeatResponse)(nil), "operator.resourcegateway.HeartbeatResponse")
+	proto.RegisterEnum("operator.resourcegateway.AccessPriority_Type", AccessPriority_Type_name, AccessPriority_Type_value)
+	proto.RegisterEnum("operator.resourcegateway.AccessStatus_Type", AccessStatus_Type_name, AccessStatus_Type_value)
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// Client API for SemaphoreService service
+
+type SemaphoreServiceClient interface {
+	// Create creates a new semaphore resource
+	// It initializes a semaphore for the resource in memory and persists it in the backend
+	//
+	// resource_id and n_permits are required fields
+	// the other fields are optional and if skipped will be set to default values
+	//
+	// The first request every client makes to the semaphore service should be a create request
+	//
+	// Only the first request received by the semaphore service will create the resource
+	// Any subsequent requests will be ignored
+	Create(ctx context.Context, in *CreateRequest, opts ...grpc.CallOption) (*CreateResponse, error)
+	// Acquire acquires a lease for the resource or reserves a place in the queue
+	//
+	// Clients will poll this endpoint to acquire a lease for the resource
+	// On the first poll, they will either be granted a lease or enqueued
+	// If enqueued, the client should poll periodically to check if the lease is granted
+	//
+	// The client is enqueued in the priority queue corresponding to the access_priority
+	// Leases are granted according to priority that is,
+	// first all high priority clients are granted leases followed by the others in order
+	//
+	// A client can be starved by other clients with higher priority
+	// Consider implementing a client-side timeout for how long to wait for the lease
+	// before bypassing the semaphore access (if possible)
+	// The priority can not be bumped up once the client is enqueued (Future work)
+	//
+	// No need to send a heartbeat while the client is enqueued
+	// Heartbeats are updated implicitly on every Acquire request
+	Acquire(ctx context.Context, in *AcquireRequest, opts ...grpc.CallOption) (*AcquireResponse, error)
+	// Release releases the lease on the resource
+	//
+	// If the lease has expired, the release request will be a noop
+	Release(ctx context.Context, in *ReleaseRequest, opts ...grpc.CallOption) (*ReleaseResponse, error)
+	// Heartbeat keeps the lease alive for the resource
+	//
+	// Clients should periodically send heartbeats once they have acquired the lease
+	// If no heartbeat is received within the dead_node_timeout, the lease will be revoked
+	//
+	// Client should monitor the access status returned to check if the lease is still valid
+	// if the lease is lost the client should take the necessary action
+	//
+	//
+	Heartbeat(ctx context.Context, in *HeartbeatRequest, opts ...grpc.CallOption) (*HeartbeatResponse, error)
+}
+
+type semaphoreServiceClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewSemaphoreServiceClient(cc *grpc.ClientConn) SemaphoreServiceClient {
+	return &semaphoreServiceClient{cc}
+}
+
+func (c *semaphoreServiceClient) Create(ctx context.Context, in *CreateRequest, opts ...grpc.CallOption) (*CreateResponse, error) {
+	out := new(CreateResponse)
+	err := grpc.Invoke(ctx, "/operator.resourcegateway.SemaphoreService/Create", in, out, c.cc, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *semaphoreServiceClient) Acquire(ctx context.Context, in *AcquireRequest, opts ...grpc.CallOption) (*AcquireResponse, error) {
+	out := new(AcquireResponse)
+	err := grpc.Invoke(ctx, "/operator.resourcegateway.SemaphoreService/Acquire", in, out, c.cc, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *semaphoreServiceClient) Release(ctx context.Context, in *ReleaseRequest, opts ...grpc.CallOption) (*ReleaseResponse, error) {
+	out := new(ReleaseResponse)
+	err := grpc.Invoke(ctx, "/operator.resourcegateway.SemaphoreService/Release", in, out, c.cc, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *semaphoreServiceClient) Heartbeat(ctx context.Context, in *HeartbeatRequest, opts ...grpc.CallOption) (*HeartbeatResponse, error) {
+	out := new(HeartbeatResponse)
+	err := grpc.Invoke(ctx, "/operator.resourcegateway.SemaphoreService/Heartbeat", in, out, c.cc, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// Server API for SemaphoreService service
+
+type SemaphoreServiceServer interface {
+	// Create creates a new semaphore resource
+	// It initializes a semaphore for the resource in memory and persists it in the backend
+	//
+	// resource_id and n_permits are required fields
+	// the other fields are optional and if skipped will be set to default values
+	//
+	// The first request every client makes to the semaphore service should be a create request
+	//
+	// Only the first request received by the semaphore service will create the resource
+	// Any subsequent requests will be ignored
+	Create(context.Context, *CreateRequest) (*CreateResponse, error)
+	// Acquire acquires a lease for the resource or reserves a place in the queue
+	//
+	// Clients will poll this endpoint to acquire a lease for the resource
+	// On the first poll, they will either be granted a lease or enqueued
+	// If enqueued, the client should poll periodically to check if the lease is granted
+	//
+	// The client is enqueued in the priority queue corresponding to the access_priority
+	// Leases are granted according to priority that is,
+	// first all high priority clients are granted leases followed by the others in order
+	//
+	// A client can be starved by other clients with higher priority
+	// Consider implementing a client-side timeout for how long to wait for the lease
+	// before bypassing the semaphore access (if possible)
+	// The priority can not be bumped up once the client is enqueued (Future work)
+	//
+	// No need to send a heartbeat while the client is enqueued
+	// Heartbeats are updated implicitly on every Acquire request
+	Acquire(context.Context, *AcquireRequest) (*AcquireResponse, error)
+	// Release releases the lease on the resource
+	//
+	// If the lease has expired, the release request will be a noop
+	Release(context.Context, *ReleaseRequest) (*ReleaseResponse, error)
+	// Heartbeat keeps the lease alive for the resource
+	//
+	// Clients should periodically send heartbeats once they have acquired the lease
+	// If no heartbeat is received within the dead_node_timeout, the lease will be revoked
+	//
+	// Client should monitor the access status returned to check if the lease is still valid
+	// if the lease is lost the client should take the necessary action
+	//
+	//
+	Heartbeat(context.Context, *HeartbeatRequest) (*HeartbeatResponse, error)
+}
+
+func RegisterSemaphoreServiceServer(s *grpc.Server, srv SemaphoreServiceServer) {
+	s.RegisterService(&_SemaphoreService_serviceDesc, srv)
+}
+
+func _SemaphoreService_Create_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(SemaphoreServiceServer).Create(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/operator.resourcegateway.SemaphoreService/Create",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(SemaphoreServiceServer).Create(ctx, req.(*CreateRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _SemaphoreService_Acquire_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AcquireRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(SemaphoreServiceServer).Acquire(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/operator.resourcegateway.SemaphoreService/Acquire",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(SemaphoreServiceServer).Acquire(ctx, req.(*AcquireRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _SemaphoreService_Release_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ReleaseRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(SemaphoreServiceServer).Release(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/operator.resourcegateway.SemaphoreService/Release",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(SemaphoreServiceServer).Release(ctx, req.(*ReleaseRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _SemaphoreService_Heartbeat_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(HeartbeatRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(SemaphoreServiceServer).Heartbeat(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/operator.resourcegateway.SemaphoreService/Heartbeat",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(SemaphoreServiceServer).Heartbeat(ctx, req.(*HeartbeatRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _SemaphoreService_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "operator.resourcegateway.SemaphoreService",
+	HandlerType: (*SemaphoreServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Create",
+			Handler:    _SemaphoreService_Create_Handler,
+		},
+		{
+			MethodName: "Acquire",
+			Handler:    _SemaphoreService_Acquire_Handler,
+		},
+		{
+			MethodName: "Release",
+			Handler:    _SemaphoreService_Release_Handler,
+		},
+		{
+			MethodName: "Heartbeat",
+			Handler:    _SemaphoreService_Heartbeat_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "resource_gateway.proto",
+}
+
+func init() {
+	proto.RegisterFile("resource_gateway.proto", fileDescriptor_resource_gateway_1e8a27e27414e1c7)
+}
+
+var fileDescriptor_resource_gateway_1e8a27e27414e1c7 = []byte{
+	// 535 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x54, 0x51, 0x8f, 0xd2, 0x4c,
+	0x14, 0xa5, 0x40, 0x58, 0xb8, 0x1f, 0x94, 0x32, 0xd9, 0x7c, 0x21, 0x68, 0x22, 0xa9, 0x0f, 0xe2,
+	0x6e, 0xc4, 0x04, 0x7d, 0xdb, 0xa7, 0xdd, 0xa5, 0x2e, 0x4d, 0x16, 0xac, 0x05, 0x34, 0x9a, 0x98,
+	0x3a, 0xdb, 0x5e, 0xb5, 0xc9, 0xc2, 0x74, 0x67, 0x06, 0x0d, 0x3f, 0x46, 0x1f, 0xfd, 0x9d, 0xa6,
+	0x9d, 0x16, 0x81, 0x04, 0x76, 0x4d, 0xd6, 0xc7, 0xde, 0x7b, 0xe6, 0x9e, 0xd3, 0x73, 0xee, 0x0c,
+	0xfc, 0xcf, 0x51, 0xb0, 0x05, 0xf7, 0xd1, 0xfb, 0x42, 0x25, 0x7e, 0xa7, 0xcb, 0x6e, 0xc4, 0x99,
+	0x64, 0xa4, 0xc9, 0x22, 0xe4, 0x54, 0x32, 0xde, 0xcd, 0x00, 0x69, 0xdf, 0x1c, 0x82, 0x7e, 0xea,
+	0xfb, 0x28, 0x84, 0xc3, 0x43, 0xc6, 0x43, 0xb9, 0x34, 0x4f, 0xa0, 0x38, 0x59, 0x46, 0x48, 0x0e,
+	0xc1, 0x98, 0xbc, 0x77, 0x2c, 0x6f, 0x3a, 0x1a, 0x3b, 0xd6, 0xb9, 0xfd, 0xca, 0xb6, 0xfa, 0x46,
+	0x8e, 0x1c, 0x40, 0xe1, 0xf2, 0xf5, 0x3b, 0x43, 0x23, 0x00, 0xa5, 0xa1, 0xd5, 0xb7, 0xa7, 0x43,
+	0x23, 0x4f, 0xca, 0x50, 0x1c, 0xd8, 0x17, 0x03, 0xa3, 0x60, 0xf6, 0xa1, 0xaa, 0xc6, 0x8d, 0x25,
+	0x95, 0x0b, 0x61, 0xbe, 0xdc, 0x3b, 0x0c, 0xa0, 0xf4, 0x66, 0x6a, 0x4d, 0xad, 0xbe, 0x9a, 0x77,
+	0x69, 0x9d, 0x8e, 0xad, 0xbe, 0x91, 0x37, 0x7f, 0x6a, 0x50, 0x3b, 0xe7, 0x48, 0x25, 0xba, 0x78,
+	0xb3, 0x40, 0x21, 0xc9, 0x23, 0xf8, 0x6f, 0xf5, 0x6b, 0x61, 0xd0, 0xd4, 0xda, 0x5a, 0xa7, 0xe2,
+	0x42, 0x56, 0xb2, 0x03, 0xf2, 0x00, 0x2a, 0x73, 0x2f, 0x42, 0x3e, 0x0b, 0xa5, 0x68, 0xe6, 0xdb,
+	0x5a, 0xa7, 0xe6, 0x96, 0xe7, 0x8e, 0xfa, 0x26, 0x8f, 0xa1, 0x76, 0x8d, 0x54, 0xa0, 0x27, 0xc3,
+	0x19, 0xb2, 0x85, 0x6c, 0x16, 0xda, 0x5a, 0xa7, 0xe8, 0x56, 0x93, 0xe2, 0x44, 0xd5, 0xc8, 0x11,
+	0x34, 0x02, 0xa4, 0x81, 0x37, 0x67, 0xc1, 0x1f, 0x60, 0x31, 0x01, 0xd6, 0xe3, 0xc6, 0x88, 0x05,
+	0x19, 0xd6, 0x34, 0x40, 0xcf, 0xf4, 0x89, 0x88, 0xcd, 0x05, 0x9a, 0xbf, 0xb4, 0xd8, 0xc8, 0x9b,
+	0x45, 0xc8, 0xff, 0x4a, 0xb3, 0x7f, 0x1d, 0xe2, 0x5c, 0xc6, 0xed, 0x7c, 0xd2, 0x2e, 0xab, 0x82,
+	0x1d, 0x90, 0xb7, 0x50, 0xa7, 0x89, 0x93, 0x5e, 0x94, 0x26, 0x93, 0xa8, 0xd6, 0x7b, 0xcf, 0xba,
+	0xbb, 0xc2, 0xec, 0x6e, 0x26, 0xd9, 0x8d, 0x9d, 0x77, 0x75, 0xba, 0x19, 0xaf, 0x0f, 0xf5, 0x95,
+	0x4e, 0xa5, 0x9d, 0x38, 0x50, 0x4b, 0xa9, 0x44, 0x92, 0x5a, 0x22, 0x55, 0xef, 0x1d, 0xdf, 0x46,
+	0xa4, 0x32, 0x56, 0x34, 0x55, 0xba, 0x1e, 0xfb, 0x08, 0x74, 0x17, 0x13, 0x77, 0xef, 0xc5, 0x0c,
+	0xb3, 0x01, 0xf5, 0xd5, 0xbc, 0xd4, 0x70, 0x07, 0x8c, 0x01, 0x52, 0x2e, 0xaf, 0x90, 0xca, 0xfb,
+	0x21, 0x41, 0x68, 0xac, 0x4d, 0xfc, 0x57, 0xde, 0xf4, 0x7e, 0x14, 0xc0, 0x18, 0xe3, 0x8c, 0x46,
+	0x5f, 0x19, 0xc7, 0x31, 0xf2, 0x6f, 0xa1, 0x8f, 0xe4, 0x23, 0x94, 0xd4, 0x42, 0x91, 0x27, 0xbb,
+	0x27, 0x6f, 0x5c, 0x89, 0x56, 0xe7, 0x76, 0x60, 0x6a, 0x55, 0x8e, 0x7c, 0x82, 0x83, 0x34, 0x74,
+	0xd2, 0xd9, 0xa7, 0x7c, 0x7d, 0x7f, 0x5b, 0x4f, 0xef, 0x80, 0x5c, 0x67, 0x48, 0x13, 0xda, 0xc7,
+	0xb0, 0xb9, 0x14, 0xfb, 0x18, 0xb6, 0xe3, 0xce, 0x91, 0xcf, 0x50, 0x59, 0xc5, 0x43, 0x8e, 0x76,
+	0x9f, 0xdc, 0xde, 0x8a, 0xd6, 0xf1, 0x9d, 0xb0, 0x19, 0xcf, 0x99, 0x0d, 0x0f, 0x7d, 0x36, 0xdb,
+	0x79, 0xe6, 0xec, 0xd0, 0x4d, 0x0b, 0x17, 0xaa, 0xe0, 0xc4, 0x2f, 0xac, 0xa3, 0x7d, 0x68, 0x3c,
+	0x3f, 0xd9, 0x82, 0x5e, 0x95, 0x92, 0xd7, 0xf7, 0xc5, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0x30,
+	0x19, 0x29, 0x38, 0x97, 0x05, 0x00, 0x00,
+}
diff --git a/proto/resource_gateway.proto b/proto/resource_gateway.proto
new file mode 100644
index 0000000000..2aedfff44f
--- /dev/null
+++ b/proto/resource_gateway.proto
@@ -0,0 +1,152 @@
+syntax = "proto3";
+
+package operator.resourcegateway;
+
+option go_package = "/;resourcegateway";
+option java_multiple_files = true;
+option java_package = "com.operator.resourcegateway";
+option java_outer_classname = "ResourceGatewayProto";
+
+// SemaphoreService provides a counting semaphore to limit access to resources
+// and a priority queue to distinguish between different types of clients/requests
+service SemaphoreService {
+  // Create creates a new semaphore resource
+  // It initializes a semaphore for the resource in memory and persists it in the backend
+  // 
+  // resource_id and n_permits are required fields
+  // the other fields are optional and if skipped will be set to default values
+  //
+  // The first request every client makes to the semaphore service should be a create request
+  //
+  // Only the first request received by the semaphore service will create the resource
+  // Any subsequent requests will be ignored
+  rpc Create(CreateRequest)
+    returns (CreateResponse) {}
+
+  // Acquire acquires a lease for the resource or reserves a place in the queue
+  //
+  // Clients will poll this endpoint to acquire a lease for the resource
+  // On the first poll, they will either be granted a lease or enqueued
+  // If enqueued, the client should poll periodically to check if the lease is granted
+  //
+  // The client is enqueued in the priority queue corresponding to the access_priority
+  // Leases are granted according to priority that is,
+  // first all high priority clients are granted leases followed by the others in order
+  //
+  // A client can be starved by other clients with higher priority
+  // Consider implementing a client-side timeout for how long to wait for the lease
+  // before bypassing the semaphore access (if possible)
+  // The priority can not be bumped up once the client is enqueued (Future work)
+  //
+  // No need to send a heartbeat while the client is enqueued
+  // Heartbeats are updated implicitly on every Acquire request
+  rpc Acquire(AcquireRequest)
+    returns (AcquireResponse) {}
+
+  // Release releases the lease on the resource
+  //
+  // If the lease has expired, the release request will be a noop
+rpc Release (ReleaseRequest)
+  returns (ReleaseResponse) {}
+
+  // Heartbeat keeps the lease alive for the resource
+  //
+  // Clients should periodically send heartbeats once they have acquired the lease
+  // If no heartbeat is received within the dead_node_timeout, the lease will be revoked
+  //
+  // Client should monitor the access status returned to check if the lease is still valid
+  // if the lease is lost the client should take the necessary action
+  //
+  // 
+  rpc Heartbeat (HeartbeatRequest)
+  returns (HeartbeatResponse) {}
+}
+
+// AccessPriority specifies the priority of a client's access to a semaphore resource
+message AccessPriority {
+  // Type of priority
+  enum Type {
+    // Unspecified, do NOT use
+    TYPE_UNSPECIFIED = 0;
+    // Enqueued to low priority queue
+    LOW = 1;
+    // Enqueued to medium priority queue
+    MEDIUM = 2;
+    // Enqueued to high priority queue
+    HIGH = 3;
+  }
+}
+
+// AccessStatus specifies the status of a client's access to a semaphore resource
+message AccessStatus{
+  // Type of status
+  enum Type {
+    // Unspecified, do NOT use
+    TYPE_UNSPECIFIED = 0;
+    // Enqueued for access to the resource
+    QUEUED = 1;
+    // Lease acquired for the resource
+    LEASED = 2;
+  }
+}
+
+// CreateRequest is the request to create a new semaphore resource
+// 
+// resource_id and n_permits are required fields
+// the other fields are optional and if skipped will be set to default values
+message CreateRequest {
+  // Resource Id of the new semaphore resource
+  string resource_id = 1;
+  // Number of permits that can be leased out for a resource
+  uint32 n_permits = 2;
+  // Max duration for which a lease can be held
+  uint64 lease_timeout = 3;
+  // Max duration after which a client is considered dead if there is no heartbeat
+  uint64 dead_node_timeout = 4;
+}
+
+// CreateResponse is the response to create a new semaphore resource
+message CreateResponse {}
+
+// AcquireRequest is the request to acquire a lease for a semaphore resource
+message AcquireRequest {
+  // Resource Id to acquire the lease for
+  // It should be the same as the resource_id in the CreateRequest
+  string resource_id = 1;
+  // Client Id who is acquiring the lease
+  // client_id can be any unique identifier for the client
+  string client_id = 2;
+  // Priority of the client's access to the resource
+  AccessPriority.Type access_priority = 3;
+}
+
+// AcquireResponse is the response to acquire a semaphore lock
+message AcquireResponse {
+  // Status of the client's access to the resource
+  AccessStatus.Type access_status = 1;
+}
+
+// ReleaseRequest is the request to release a semaphore lock
+message ReleaseRequest {
+  // Resource Id to release the lease for
+  string resource_id = 1;
+  // Client Id who is releasing the lease
+  string client_id = 2;
+}
+
+// ReleaseResponse is the response to release a semaphore lock
+message ReleaseResponse {}
+
+// HeartbeatRequest is the request to send a heartbeat to the semaphore service
+message HeartbeatRequest {
+  // Resource ID to keep the lease alive for
+  string resource_id = 1;
+  // Client ID to keep the lease alive for
+  string client_id = 2;
+}
+
+// HeartbeatLockResponse is the response to keep a semaphore lock alive
+message HeartbeatResponse {
+  // Status of the client's access to the resource
+  AccessStatus.Type access_status = 1;
+}
diff --git a/vendor/github.com/cespare/xxhash/v2/README.md b/vendor/github.com/cespare/xxhash/v2/README.md
index 8bf0e5b781..33c88305c4 100644
--- a/vendor/github.com/cespare/xxhash/v2/README.md
+++ b/vendor/github.com/cespare/xxhash/v2/README.md
@@ -70,3 +70,5 @@ benchstat <(go test -benchtime 500ms -count 15 -bench 'Sum64$')
 - [VictoriaMetrics](https://github.com/VictoriaMetrics/VictoriaMetrics)
 - [FreeCache](https://github.com/coocood/freecache)
 - [FastCache](https://github.com/VictoriaMetrics/fastcache)
+- [Ristretto](https://github.com/dgraph-io/ristretto)
+- [Badger](https://github.com/dgraph-io/badger)
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash.go b/vendor/github.com/cespare/xxhash/v2/xxhash.go
index a9e0d45c9d..78bddf1cee 100644
--- a/vendor/github.com/cespare/xxhash/v2/xxhash.go
+++ b/vendor/github.com/cespare/xxhash/v2/xxhash.go
@@ -19,10 +19,13 @@ const (
 // Store the primes in an array as well.
 //
 // The consts are used when possible in Go code to avoid MOVs but we need a
-// contiguous array of the assembly code.
+// contiguous array for the assembly code.
 var primes = [...]uint64{prime1, prime2, prime3, prime4, prime5}
 
 // Digest implements hash.Hash64.
+//
+// Note that a zero-valued Digest is not ready to receive writes.
+// Call Reset or create a Digest using New before calling other methods.
 type Digest struct {
 	v1    uint64
 	v2    uint64
@@ -33,19 +36,31 @@ type Digest struct {
 	n     int // how much of mem is used
 }
 
-// New creates a new Digest that computes the 64-bit xxHash algorithm.
+// New creates a new Digest with a zero seed.
 func New() *Digest {
+	return NewWithSeed(0)
+}
+
+// NewWithSeed creates a new Digest with the given seed.
+func NewWithSeed(seed uint64) *Digest {
 	var d Digest
-	d.Reset()
+	d.ResetWithSeed(seed)
 	return &d
 }
 
 // Reset clears the Digest's state so that it can be reused.
+// It uses a seed value of zero.
 func (d *Digest) Reset() {
-	d.v1 = primes[0] + prime2
-	d.v2 = prime2
-	d.v3 = 0
-	d.v4 = -primes[0]
+	d.ResetWithSeed(0)
+}
+
+// ResetWithSeed clears the Digest's state so that it can be reused.
+// It uses the given seed to initialize the state.
+func (d *Digest) ResetWithSeed(seed uint64) {
+	d.v1 = seed + prime1 + prime2
+	d.v2 = seed + prime2
+	d.v3 = seed
+	d.v4 = seed - prime1
 	d.total = 0
 	d.n = 0
 }
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash_asm.go b/vendor/github.com/cespare/xxhash/v2/xxhash_asm.go
index 9216e0a40c..78f95f2561 100644
--- a/vendor/github.com/cespare/xxhash/v2/xxhash_asm.go
+++ b/vendor/github.com/cespare/xxhash/v2/xxhash_asm.go
@@ -6,7 +6,7 @@
 
 package xxhash
 
-// Sum64 computes the 64-bit xxHash digest of b.
+// Sum64 computes the 64-bit xxHash digest of b with a zero seed.
 //
 //go:noescape
 func Sum64(b []byte) uint64
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash_other.go b/vendor/github.com/cespare/xxhash/v2/xxhash_other.go
index 26df13bba4..118e49e819 100644
--- a/vendor/github.com/cespare/xxhash/v2/xxhash_other.go
+++ b/vendor/github.com/cespare/xxhash/v2/xxhash_other.go
@@ -3,7 +3,7 @@
 
 package xxhash
 
-// Sum64 computes the 64-bit xxHash digest of b.
+// Sum64 computes the 64-bit xxHash digest of b with a zero seed.
 func Sum64(b []byte) uint64 {
 	// A simpler version would be
 	//   d := New()
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash_safe.go b/vendor/github.com/cespare/xxhash/v2/xxhash_safe.go
index e86f1b5fd8..05f5e7dfe7 100644
--- a/vendor/github.com/cespare/xxhash/v2/xxhash_safe.go
+++ b/vendor/github.com/cespare/xxhash/v2/xxhash_safe.go
@@ -5,7 +5,7 @@
 
 package xxhash
 
-// Sum64String computes the 64-bit xxHash digest of s.
+// Sum64String computes the 64-bit xxHash digest of s with a zero seed.
 func Sum64String(s string) uint64 {
 	return Sum64([]byte(s))
 }
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash_unsafe.go b/vendor/github.com/cespare/xxhash/v2/xxhash_unsafe.go
index 1c1638fd88..cf9d42aed5 100644
--- a/vendor/github.com/cespare/xxhash/v2/xxhash_unsafe.go
+++ b/vendor/github.com/cespare/xxhash/v2/xxhash_unsafe.go
@@ -33,7 +33,7 @@ import (
 //
 // See https://github.com/golang/go/issues/42739 for discussion.
 
-// Sum64String computes the 64-bit xxHash digest of s.
+// Sum64String computes the 64-bit xxHash digest of s with a zero seed.
 // It may be faster than Sum64([]byte(s)) by avoiding a copy.
 func Sum64String(s string) uint64 {
 	b := *(*[]byte)(unsafe.Pointer(&sliceHeader{s, len(s)}))
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/LICENSE b/vendor/github.com/coreos/go-oidc/v3/LICENSE
similarity index 99%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/LICENSE
rename to vendor/github.com/coreos/go-oidc/v3/LICENSE
index 8dada3edaf..e06d208186 100644
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/LICENSE
+++ b/vendor/github.com/coreos/go-oidc/v3/LICENSE
@@ -1,4 +1,4 @@
-                                 Apache License
+Apache License
                            Version 2.0, January 2004
                         http://www.apache.org/licenses/
 
@@ -199,3 +199,4 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
+
diff --git a/vendor/github.com/coreos/go-oidc/v3/NOTICE b/vendor/github.com/coreos/go-oidc/v3/NOTICE
new file mode 100644
index 0000000000..b39ddfa5cb
--- /dev/null
+++ b/vendor/github.com/coreos/go-oidc/v3/NOTICE
@@ -0,0 +1,5 @@
+CoreOS Project
+Copyright 2014 CoreOS, Inc
+
+This product includes software developed at CoreOS, Inc.
+(http://www.coreos.com/).
diff --git a/vendor/github.com/coreos/go-oidc/v3/oidc/jose.go b/vendor/github.com/coreos/go-oidc/v3/oidc/jose.go
new file mode 100644
index 0000000000..f42d37d481
--- /dev/null
+++ b/vendor/github.com/coreos/go-oidc/v3/oidc/jose.go
@@ -0,0 +1,32 @@
+package oidc
+
+import jose "github.com/go-jose/go-jose/v4"
+
+// JOSE asymmetric signing algorithm values as defined by RFC 7518
+//
+// see: https://tools.ietf.org/html/rfc7518#section-3.1
+const (
+	RS256 = "RS256" // RSASSA-PKCS-v1.5 using SHA-256
+	RS384 = "RS384" // RSASSA-PKCS-v1.5 using SHA-384
+	RS512 = "RS512" // RSASSA-PKCS-v1.5 using SHA-512
+	ES256 = "ES256" // ECDSA using P-256 and SHA-256
+	ES384 = "ES384" // ECDSA using P-384 and SHA-384
+	ES512 = "ES512" // ECDSA using P-521 and SHA-512
+	PS256 = "PS256" // RSASSA-PSS using SHA256 and MGF1-SHA256
+	PS384 = "PS384" // RSASSA-PSS using SHA384 and MGF1-SHA384
+	PS512 = "PS512" // RSASSA-PSS using SHA512 and MGF1-SHA512
+	EdDSA = "EdDSA" // Ed25519 using SHA-512
+)
+
+var allAlgs = []jose.SignatureAlgorithm{
+	jose.RS256,
+	jose.RS384,
+	jose.RS512,
+	jose.ES256,
+	jose.ES384,
+	jose.ES512,
+	jose.PS256,
+	jose.PS384,
+	jose.PS512,
+	jose.EdDSA,
+}
diff --git a/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go b/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go
new file mode 100644
index 0000000000..6a846ece95
--- /dev/null
+++ b/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go
@@ -0,0 +1,269 @@
+package oidc
+
+import (
+	"context"
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/rsa"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"sync"
+	"time"
+
+	jose "github.com/go-jose/go-jose/v4"
+)
+
+// StaticKeySet is a verifier that validates JWT against a static set of public keys.
+type StaticKeySet struct {
+	// PublicKeys used to verify the JWT. Supported types are *rsa.PublicKey and
+	// *ecdsa.PublicKey.
+	PublicKeys []crypto.PublicKey
+}
+
+// VerifySignature compares the signature against a static set of public keys.
+func (s *StaticKeySet) VerifySignature(ctx context.Context, jwt string) ([]byte, error) {
+	// Algorithms are already checked by Verifier, so this parse method accepts
+	// any algorithm.
+	jws, err := jose.ParseSigned(jwt, allAlgs)
+	if err != nil {
+		return nil, fmt.Errorf("parsing jwt: %v", err)
+	}
+	for _, pub := range s.PublicKeys {
+		switch pub.(type) {
+		case *rsa.PublicKey:
+		case *ecdsa.PublicKey:
+		case ed25519.PublicKey:
+		default:
+			return nil, fmt.Errorf("invalid public key type provided: %T", pub)
+		}
+		payload, err := jws.Verify(pub)
+		if err != nil {
+			continue
+		}
+		return payload, nil
+	}
+	return nil, fmt.Errorf("no public keys able to verify jwt")
+}
+
+// NewRemoteKeySet returns a KeySet that can validate JSON web tokens by using HTTP
+// GETs to fetch JSON web token sets hosted at a remote URL. This is automatically
+// used by NewProvider using the URLs returned by OpenID Connect discovery, but is
+// exposed for providers that don't support discovery or to prevent round trips to the
+// discovery URL.
+//
+// The returned KeySet is a long lived verifier that caches keys based on any
+// keys change. Reuse a common remote key set instead of creating new ones as needed.
+func NewRemoteKeySet(ctx context.Context, jwksURL string) *RemoteKeySet {
+	return newRemoteKeySet(ctx, jwksURL, time.Now)
+}
+
+func newRemoteKeySet(ctx context.Context, jwksURL string, now func() time.Time) *RemoteKeySet {
+	if now == nil {
+		now = time.Now
+	}
+	return &RemoteKeySet{
+		jwksURL: jwksURL,
+		now:     now,
+		// For historical reasons, this package uses contexts for configuration, not just
+		// cancellation. In hindsight, this was a bad idea.
+		//
+		// Attemps to reason about how cancels should work with background requests have
+		// largely lead to confusion. Use the context here as a config bag-of-values and
+		// ignore the cancel function.
+		ctx: context.WithoutCancel(ctx),
+	}
+}
+
+// RemoteKeySet is a KeySet implementation that validates JSON web tokens against
+// a jwks_uri endpoint.
+type RemoteKeySet struct {
+	jwksURL string
+	now     func() time.Time
+
+	// Used for configuration. Cancelation is ignored.
+	ctx context.Context
+
+	// guard all other fields
+	mu sync.RWMutex
+
+	// inflight suppresses parallel execution of updateKeys and allows
+	// multiple goroutines to wait for its result.
+	inflight *inflight
+
+	// A set of cached keys.
+	cachedKeys []jose.JSONWebKey
+}
+
+// inflight is used to wait on some in-flight request from multiple goroutines.
+type inflight struct {
+	doneCh chan struct{}
+
+	keys []jose.JSONWebKey
+	err  error
+}
+
+func newInflight() *inflight {
+	return &inflight{doneCh: make(chan struct{})}
+}
+
+// wait returns a channel that multiple goroutines can receive on. Once it returns
+// a value, the inflight request is done and result() can be inspected.
+func (i *inflight) wait() <-chan struct{} {
+	return i.doneCh
+}
+
+// done can only be called by a single goroutine. It records the result of the
+// inflight request and signals other goroutines that the result is safe to
+// inspect.
+func (i *inflight) done(keys []jose.JSONWebKey, err error) {
+	i.keys = keys
+	i.err = err
+	close(i.doneCh)
+}
+
+// result cannot be called until the wait() channel has returned a value.
+func (i *inflight) result() ([]jose.JSONWebKey, error) {
+	return i.keys, i.err
+}
+
+// paresdJWTKey is a context key that allows common setups to avoid parsing the
+// JWT twice. It holds a *jose.JSONWebSignature value.
+var parsedJWTKey contextKey
+
+// VerifySignature validates a payload against a signature from the jwks_uri.
+//
+// Users MUST NOT call this method directly and should use an IDTokenVerifier
+// instead. This method skips critical validations such as 'alg' values and is
+// only exported to implement the KeySet interface.
+func (r *RemoteKeySet) VerifySignature(ctx context.Context, jwt string) ([]byte, error) {
+	jws, ok := ctx.Value(parsedJWTKey).(*jose.JSONWebSignature)
+	if !ok {
+		// The algorithm values are already enforced by the Validator, which also sets
+		// the context value above to pre-parsed signature.
+		//
+		// Practically, this codepath isn't called in normal use of this package, but
+		// if it is, the algorithms have already been checked.
+		var err error
+		jws, err = jose.ParseSigned(jwt, allAlgs)
+		if err != nil {
+			return nil, fmt.Errorf("oidc: malformed jwt: %v", err)
+		}
+	}
+	return r.verify(ctx, jws)
+}
+
+func (r *RemoteKeySet) verify(ctx context.Context, jws *jose.JSONWebSignature) ([]byte, error) {
+	// We don't support JWTs signed with multiple signatures.
+	keyID := ""
+	for _, sig := range jws.Signatures {
+		keyID = sig.Header.KeyID
+		break
+	}
+
+	keys := r.keysFromCache()
+	for _, key := range keys {
+		if keyID == "" || key.KeyID == keyID {
+			if payload, err := jws.Verify(&key); err == nil {
+				return payload, nil
+			}
+		}
+	}
+
+	// If the kid doesn't match, check for new keys from the remote. This is the
+	// strategy recommended by the spec.
+	//
+	// https://openid.net/specs/openid-connect-core-1_0.html#RotateSigKeys
+	keys, err := r.keysFromRemote(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("fetching keys %w", err)
+	}
+
+	for _, key := range keys {
+		if keyID == "" || key.KeyID == keyID {
+			if payload, err := jws.Verify(&key); err == nil {
+				return payload, nil
+			}
+		}
+	}
+	return nil, errors.New("failed to verify id token signature")
+}
+
+func (r *RemoteKeySet) keysFromCache() (keys []jose.JSONWebKey) {
+	r.mu.RLock()
+	defer r.mu.RUnlock()
+	return r.cachedKeys
+}
+
+// keysFromRemote syncs the key set from the remote set, records the values in the
+// cache, and returns the key set.
+func (r *RemoteKeySet) keysFromRemote(ctx context.Context) ([]jose.JSONWebKey, error) {
+	// Need to lock to inspect the inflight request field.
+	r.mu.Lock()
+	// If there's not a current inflight request, create one.
+	if r.inflight == nil {
+		r.inflight = newInflight()
+
+		// This goroutine has exclusive ownership over the current inflight
+		// request. It releases the resource by nil'ing the inflight field
+		// once the goroutine is done.
+		go func() {
+			// Sync keys and finish inflight when that's done.
+			keys, err := r.updateKeys()
+
+			r.inflight.done(keys, err)
+
+			// Lock to update the keys and indicate that there is no longer an
+			// inflight request.
+			r.mu.Lock()
+			defer r.mu.Unlock()
+
+			if err == nil {
+				r.cachedKeys = keys
+			}
+
+			// Free inflight so a different request can run.
+			r.inflight = nil
+		}()
+	}
+	inflight := r.inflight
+	r.mu.Unlock()
+
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	case <-inflight.wait():
+		return inflight.result()
+	}
+}
+
+func (r *RemoteKeySet) updateKeys() ([]jose.JSONWebKey, error) {
+	req, err := http.NewRequest("GET", r.jwksURL, nil)
+	if err != nil {
+		return nil, fmt.Errorf("oidc: can't create request: %v", err)
+	}
+
+	resp, err := doRequest(r.ctx, req)
+	if err != nil {
+		return nil, fmt.Errorf("oidc: get keys failed %w", err)
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("unable to read response body: %v", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("oidc: get keys failed: %s %s", resp.Status, body)
+	}
+
+	var keySet jose.JSONWebKeySet
+	err = unmarshalResp(resp, body, &keySet)
+	if err != nil {
+		return nil, fmt.Errorf("oidc: failed to decode keys: %v %s", err, body)
+	}
+	return keySet.Keys, nil
+}
diff --git a/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go b/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go
new file mode 100644
index 0000000000..17419f3883
--- /dev/null
+++ b/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go
@@ -0,0 +1,554 @@
+// Package oidc implements OpenID Connect client logic for the golang.org/x/oauth2 package.
+package oidc
+
+import (
+	"context"
+	"crypto/sha256"
+	"crypto/sha512"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"hash"
+	"io"
+	"mime"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+
+	"golang.org/x/oauth2"
+)
+
+const (
+	// ScopeOpenID is the mandatory scope for all OpenID Connect OAuth2 requests.
+	ScopeOpenID = "openid"
+
+	// ScopeOfflineAccess is an optional scope defined by OpenID Connect for requesting
+	// OAuth2 refresh tokens.
+	//
+	// Support for this scope differs between OpenID Connect providers. For instance
+	// Google rejects it, favoring appending "access_type=offline" as part of the
+	// authorization request instead.
+	//
+	// See: https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess
+	ScopeOfflineAccess = "offline_access"
+)
+
+var (
+	errNoAtHash      = errors.New("id token did not have an access token hash")
+	errInvalidAtHash = errors.New("access token hash does not match value in ID token")
+)
+
+type contextKey int
+
+var issuerURLKey contextKey
+
+// ClientContext returns a new Context that carries the provided HTTP client.
+//
+// This method sets the same context key used by the golang.org/x/oauth2 package,
+// so the returned context works for that package too.
+//
+//	myClient := &http.Client{}
+//	ctx := oidc.ClientContext(parentContext, myClient)
+//
+//	// This will use the custom client
+//	provider, err := oidc.NewProvider(ctx, "https://accounts.example.com")
+func ClientContext(ctx context.Context, client *http.Client) context.Context {
+	return context.WithValue(ctx, oauth2.HTTPClient, client)
+}
+
+func getClient(ctx context.Context) *http.Client {
+	if c, ok := ctx.Value(oauth2.HTTPClient).(*http.Client); ok {
+		return c
+	}
+	return nil
+}
+
+// InsecureIssuerURLContext allows discovery to work when the issuer_url reported
+// by upstream is mismatched with the discovery URL. This is meant for integration
+// with off-spec providers such as Azure.
+//
+//	discoveryBaseURL := "https://login.microsoftonline.com/organizations/v2.0"
+//	issuerURL := "https://login.microsoftonline.com/my-tenantid/v2.0"
+//
+//	ctx := oidc.InsecureIssuerURLContext(parentContext, issuerURL)
+//
+//	// Provider will be discovered with the discoveryBaseURL, but use issuerURL
+//	// for future issuer validation.
+//	provider, err := oidc.NewProvider(ctx, discoveryBaseURL)
+//
+// This is insecure because validating the correct issuer is critical for multi-tenant
+// providers. Any overrides here MUST be carefully reviewed.
+func InsecureIssuerURLContext(ctx context.Context, issuerURL string) context.Context {
+	return context.WithValue(ctx, issuerURLKey, issuerURL)
+}
+
+func doRequest(ctx context.Context, req *http.Request) (*http.Response, error) {
+	client := http.DefaultClient
+	if c := getClient(ctx); c != nil {
+		client = c
+	}
+	return client.Do(req.WithContext(ctx))
+}
+
+// Provider represents an OpenID Connect server's configuration.
+type Provider struct {
+	issuer        string
+	authURL       string
+	tokenURL      string
+	deviceAuthURL string
+	userInfoURL   string
+	jwksURL       string
+	algorithms    []string
+
+	// Raw claims returned by the server.
+	rawClaims []byte
+
+	// Guards all of the following fields.
+	mu sync.Mutex
+	// HTTP client specified from the initial NewProvider request. This is used
+	// when creating the common key set.
+	client *http.Client
+	// A key set that uses context.Background() and is shared between all code paths
+	// that don't have a convinent way of supplying a unique context.
+	commonRemoteKeySet KeySet
+}
+
+func (p *Provider) remoteKeySet() KeySet {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+	if p.commonRemoteKeySet == nil {
+		ctx := context.Background()
+		if p.client != nil {
+			ctx = ClientContext(ctx, p.client)
+		}
+		p.commonRemoteKeySet = NewRemoteKeySet(ctx, p.jwksURL)
+	}
+	return p.commonRemoteKeySet
+}
+
+type providerJSON struct {
+	Issuer        string   `json:"issuer"`
+	AuthURL       string   `json:"authorization_endpoint"`
+	TokenURL      string   `json:"token_endpoint"`
+	DeviceAuthURL string   `json:"device_authorization_endpoint"`
+	JWKSURL       string   `json:"jwks_uri"`
+	UserInfoURL   string   `json:"userinfo_endpoint"`
+	Algorithms    []string `json:"id_token_signing_alg_values_supported"`
+}
+
+// supportedAlgorithms is a list of algorithms explicitly supported by this
+// package. If a provider supports other algorithms, such as HS256 or none,
+// those values won't be passed to the IDTokenVerifier.
+var supportedAlgorithms = map[string]bool{
+	RS256: true,
+	RS384: true,
+	RS512: true,
+	ES256: true,
+	ES384: true,
+	ES512: true,
+	PS256: true,
+	PS384: true,
+	PS512: true,
+	EdDSA: true,
+}
+
+// ProviderConfig allows creating providers when discovery isn't supported. It's
+// generally easier to use NewProvider directly.
+type ProviderConfig struct {
+	// IssuerURL is the identity of the provider, and the string it uses to sign
+	// ID tokens with. For example "https://accounts.google.com". This value MUST
+	// match ID tokens exactly.
+	IssuerURL string
+	// AuthURL is the endpoint used by the provider to support the OAuth 2.0
+	// authorization endpoint.
+	AuthURL string
+	// TokenURL is the endpoint used by the provider to support the OAuth 2.0
+	// token endpoint.
+	TokenURL string
+	// DeviceAuthURL is the endpoint used by the provider to support the OAuth 2.0
+	// device authorization endpoint.
+	DeviceAuthURL string
+	// UserInfoURL is the endpoint used by the provider to support the OpenID
+	// Connect UserInfo flow.
+	//
+	// https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
+	UserInfoURL string
+	// JWKSURL is the endpoint used by the provider to advertise public keys to
+	// verify issued ID tokens. This endpoint is polled as new keys are made
+	// available.
+	JWKSURL string
+
+	// Algorithms, if provided, indicate a list of JWT algorithms allowed to sign
+	// ID tokens. If not provided, this defaults to the algorithms advertised by
+	// the JWK endpoint, then the set of algorithms supported by this package.
+	Algorithms []string
+}
+
+// NewProvider initializes a provider from a set of endpoints, rather than
+// through discovery.
+func (p *ProviderConfig) NewProvider(ctx context.Context) *Provider {
+	return &Provider{
+		issuer:        p.IssuerURL,
+		authURL:       p.AuthURL,
+		tokenURL:      p.TokenURL,
+		deviceAuthURL: p.DeviceAuthURL,
+		userInfoURL:   p.UserInfoURL,
+		jwksURL:       p.JWKSURL,
+		algorithms:    p.Algorithms,
+		client:        getClient(ctx),
+	}
+}
+
+// NewProvider uses the OpenID Connect discovery mechanism to construct a Provider.
+//
+// The issuer is the URL identifier for the service. For example: "https://accounts.google.com"
+// or "https://login.salesforce.com".
+func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
+	wellKnown := strings.TrimSuffix(issuer, "/") + "/.well-known/openid-configuration"
+	req, err := http.NewRequest("GET", wellKnown, nil)
+	if err != nil {
+		return nil, err
+	}
+	resp, err := doRequest(ctx, req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("unable to read response body: %v", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("%s: %s", resp.Status, body)
+	}
+
+	var p providerJSON
+	err = unmarshalResp(resp, body, &p)
+	if err != nil {
+		return nil, fmt.Errorf("oidc: failed to decode provider discovery object: %v", err)
+	}
+
+	issuerURL, skipIssuerValidation := ctx.Value(issuerURLKey).(string)
+	if !skipIssuerValidation {
+		issuerURL = issuer
+	}
+	if p.Issuer != issuerURL && !skipIssuerValidation {
+		return nil, fmt.Errorf("oidc: issuer did not match the issuer returned by provider, expected %q got %q", issuer, p.Issuer)
+	}
+	var algs []string
+	for _, a := range p.Algorithms {
+		if supportedAlgorithms[a] {
+			algs = append(algs, a)
+		}
+	}
+	return &Provider{
+		issuer:        issuerURL,
+		authURL:       p.AuthURL,
+		tokenURL:      p.TokenURL,
+		deviceAuthURL: p.DeviceAuthURL,
+		userInfoURL:   p.UserInfoURL,
+		jwksURL:       p.JWKSURL,
+		algorithms:    algs,
+		rawClaims:     body,
+		client:        getClient(ctx),
+	}, nil
+}
+
+// Claims unmarshals raw fields returned by the server during discovery.
+//
+//	var claims struct {
+//	    ScopesSupported []string `json:"scopes_supported"`
+//	    ClaimsSupported []string `json:"claims_supported"`
+//	}
+//
+//	if err := provider.Claims(&claims); err != nil {
+//	    // handle unmarshaling error
+//	}
+//
+// For a list of fields defined by the OpenID Connect spec see:
+// https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
+func (p *Provider) Claims(v interface{}) error {
+	if p.rawClaims == nil {
+		return errors.New("oidc: claims not set")
+	}
+	return json.Unmarshal(p.rawClaims, v)
+}
+
+// Endpoint returns the OAuth2 auth and token endpoints for the given provider.
+func (p *Provider) Endpoint() oauth2.Endpoint {
+	return oauth2.Endpoint{AuthURL: p.authURL, DeviceAuthURL: p.deviceAuthURL, TokenURL: p.tokenURL}
+}
+
+// UserInfoEndpoint returns the OpenID Connect userinfo endpoint for the given
+// provider.
+func (p *Provider) UserInfoEndpoint() string {
+	return p.userInfoURL
+}
+
+// UserInfo represents the OpenID Connect userinfo claims.
+type UserInfo struct {
+	Subject       string `json:"sub"`
+	Profile       string `json:"profile"`
+	Email         string `json:"email"`
+	EmailVerified bool   `json:"email_verified"`
+
+	claims []byte
+}
+
+type userInfoRaw struct {
+	Subject string `json:"sub"`
+	Profile string `json:"profile"`
+	Email   string `json:"email"`
+	// Handle providers that return email_verified as a string
+	// https://forums.aws.amazon.com/thread.jspa?messageID=949441&#949441 and
+	// https://discuss.elastic.co/t/openid-error-after-authenticating-against-aws-cognito/206018/11
+	EmailVerified stringAsBool `json:"email_verified"`
+}
+
+// Claims unmarshals the raw JSON object claims into the provided object.
+func (u *UserInfo) Claims(v interface{}) error {
+	if u.claims == nil {
+		return errors.New("oidc: claims not set")
+	}
+	return json.Unmarshal(u.claims, v)
+}
+
+// UserInfo uses the token source to query the provider's user info endpoint.
+func (p *Provider) UserInfo(ctx context.Context, tokenSource oauth2.TokenSource) (*UserInfo, error) {
+	if p.userInfoURL == "" {
+		return nil, errors.New("oidc: user info endpoint is not supported by this provider")
+	}
+
+	req, err := http.NewRequest("GET", p.userInfoURL, nil)
+	if err != nil {
+		return nil, fmt.Errorf("oidc: create GET request: %v", err)
+	}
+
+	token, err := tokenSource.Token()
+	if err != nil {
+		return nil, fmt.Errorf("oidc: get access token: %v", err)
+	}
+	token.SetAuthHeader(req)
+
+	resp, err := doRequest(ctx, req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("%s: %s", resp.Status, body)
+	}
+
+	ct := resp.Header.Get("Content-Type")
+	mediaType, _, parseErr := mime.ParseMediaType(ct)
+	if parseErr == nil && mediaType == "application/jwt" {
+		payload, err := p.remoteKeySet().VerifySignature(ctx, string(body))
+		if err != nil {
+			return nil, fmt.Errorf("oidc: invalid userinfo jwt signature %v", err)
+		}
+		body = payload
+	}
+
+	var userInfo userInfoRaw
+	if err := json.Unmarshal(body, &userInfo); err != nil {
+		return nil, fmt.Errorf("oidc: failed to decode userinfo: %v", err)
+	}
+	return &UserInfo{
+		Subject:       userInfo.Subject,
+		Profile:       userInfo.Profile,
+		Email:         userInfo.Email,
+		EmailVerified: bool(userInfo.EmailVerified),
+		claims:        body,
+	}, nil
+}
+
+// IDToken is an OpenID Connect extension that provides a predictable representation
+// of an authorization event.
+//
+// The ID Token only holds fields OpenID Connect requires. To access additional
+// claims returned by the server, use the Claims method.
+type IDToken struct {
+	// The URL of the server which issued this token. OpenID Connect
+	// requires this value always be identical to the URL used for
+	// initial discovery.
+	//
+	// Note: Because of a known issue with Google Accounts' implementation
+	// this value may differ when using Google.
+	//
+	// See: https://developers.google.com/identity/protocols/OpenIDConnect#obtainuserinfo
+	Issuer string
+
+	// The client ID, or set of client IDs, that this token is issued for. For
+	// common uses, this is the client that initialized the auth flow.
+	//
+	// This package ensures the audience contains an expected value.
+	Audience []string
+
+	// A unique string which identifies the end user.
+	Subject string
+
+	// Expiry of the token. Ths package will not process tokens that have
+	// expired unless that validation is explicitly turned off.
+	Expiry time.Time
+	// When the token was issued by the provider.
+	IssuedAt time.Time
+
+	// Initial nonce provided during the authentication redirect.
+	//
+	// This package does NOT provided verification on the value of this field
+	// and it's the user's responsibility to ensure it contains a valid value.
+	Nonce string
+
+	// at_hash claim, if set in the ID token. Callers can verify an access token
+	// that corresponds to the ID token using the VerifyAccessToken method.
+	AccessTokenHash string
+
+	// signature algorithm used for ID token, needed to compute a verification hash of an
+	// access token
+	sigAlgorithm string
+
+	// Raw payload of the id_token.
+	claims []byte
+
+	// Map of distributed claim names to claim sources
+	distributedClaims map[string]claimSource
+}
+
+// Claims unmarshals the raw JSON payload of the ID Token into a provided struct.
+//
+//	idToken, err := idTokenVerifier.Verify(rawIDToken)
+//	if err != nil {
+//		// handle error
+//	}
+//	var claims struct {
+//		Email         string `json:"email"`
+//		EmailVerified bool   `json:"email_verified"`
+//	}
+//	if err := idToken.Claims(&claims); err != nil {
+//		// handle error
+//	}
+func (i *IDToken) Claims(v interface{}) error {
+	if i.claims == nil {
+		return errors.New("oidc: claims not set")
+	}
+	return json.Unmarshal(i.claims, v)
+}
+
+// VerifyAccessToken verifies that the hash of the access token that corresponds to the iD token
+// matches the hash in the id token. It returns an error if the hashes  don't match.
+// It is the caller's responsibility to ensure that the optional access token hash is present for the ID token
+// before calling this method. See https://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken
+func (i *IDToken) VerifyAccessToken(accessToken string) error {
+	if i.AccessTokenHash == "" {
+		return errNoAtHash
+	}
+	var h hash.Hash
+	switch i.sigAlgorithm {
+	case RS256, ES256, PS256:
+		h = sha256.New()
+	case RS384, ES384, PS384:
+		h = sha512.New384()
+	case RS512, ES512, PS512, EdDSA:
+		h = sha512.New()
+	default:
+		return fmt.Errorf("oidc: unsupported signing algorithm %q", i.sigAlgorithm)
+	}
+	h.Write([]byte(accessToken)) // hash documents that Write will never return an error
+	sum := h.Sum(nil)[:h.Size()/2]
+	actual := base64.RawURLEncoding.EncodeToString(sum)
+	if actual != i.AccessTokenHash {
+		return errInvalidAtHash
+	}
+	return nil
+}
+
+type idToken struct {
+	Issuer       string                 `json:"iss"`
+	Subject      string                 `json:"sub"`
+	Audience     audience               `json:"aud"`
+	Expiry       jsonTime               `json:"exp"`
+	IssuedAt     jsonTime               `json:"iat"`
+	NotBefore    *jsonTime              `json:"nbf"`
+	Nonce        string                 `json:"nonce"`
+	AtHash       string                 `json:"at_hash"`
+	ClaimNames   map[string]string      `json:"_claim_names"`
+	ClaimSources map[string]claimSource `json:"_claim_sources"`
+}
+
+type claimSource struct {
+	Endpoint    string `json:"endpoint"`
+	AccessToken string `json:"access_token"`
+}
+
+type stringAsBool bool
+
+func (sb *stringAsBool) UnmarshalJSON(b []byte) error {
+	switch string(b) {
+	case "true", `"true"`:
+		*sb = true
+	case "false", `"false"`:
+		*sb = false
+	default:
+		return errors.New("invalid value for boolean")
+	}
+	return nil
+}
+
+type audience []string
+
+func (a *audience) UnmarshalJSON(b []byte) error {
+	var s string
+	if json.Unmarshal(b, &s) == nil {
+		*a = audience{s}
+		return nil
+	}
+	var auds []string
+	if err := json.Unmarshal(b, &auds); err != nil {
+		return err
+	}
+	*a = auds
+	return nil
+}
+
+type jsonTime time.Time
+
+func (j *jsonTime) UnmarshalJSON(b []byte) error {
+	var n json.Number
+	if err := json.Unmarshal(b, &n); err != nil {
+		return err
+	}
+	var unix int64
+
+	if t, err := n.Int64(); err == nil {
+		unix = t
+	} else {
+		f, err := n.Float64()
+		if err != nil {
+			return err
+		}
+		unix = int64(f)
+	}
+	*j = jsonTime(time.Unix(unix, 0))
+	return nil
+}
+
+func unmarshalResp(r *http.Response, body []byte, v interface{}) error {
+	err := json.Unmarshal(body, &v)
+	if err == nil {
+		return nil
+	}
+	ct := r.Header.Get("Content-Type")
+	mediaType, _, parseErr := mime.ParseMediaType(ct)
+	if parseErr == nil && mediaType == "application/json" {
+		return fmt.Errorf("got Content-Type = application/json, but could not unmarshal as JSON: %v", err)
+	}
+	return fmt.Errorf("expected Content-Type = application/json, got %q: %v", ct, err)
+}
diff --git a/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go b/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go
new file mode 100644
index 0000000000..52b27b746a
--- /dev/null
+++ b/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go
@@ -0,0 +1,355 @@
+package oidc
+
+import (
+	"bytes"
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	jose "github.com/go-jose/go-jose/v4"
+	"golang.org/x/oauth2"
+)
+
+const (
+	issuerGoogleAccounts         = "https://accounts.google.com"
+	issuerGoogleAccountsNoScheme = "accounts.google.com"
+)
+
+// TokenExpiredError indicates that Verify failed because the token was expired. This
+// error does NOT indicate that the token is not also invalid for other reasons. Other
+// checks might have failed if the expiration check had not failed.
+type TokenExpiredError struct {
+	// Expiry is the time when the token expired.
+	Expiry time.Time
+}
+
+func (e *TokenExpiredError) Error() string {
+	return fmt.Sprintf("oidc: token is expired (Token Expiry: %v)", e.Expiry)
+}
+
+// KeySet is a set of publc JSON Web Keys that can be used to validate the signature
+// of JSON web tokens. This is expected to be backed by a remote key set through
+// provider metadata discovery or an in-memory set of keys delivered out-of-band.
+type KeySet interface {
+	// VerifySignature parses the JSON web token, verifies the signature, and returns
+	// the raw payload. Header and claim fields are validated by other parts of the
+	// package. For example, the KeySet does not need to check values such as signature
+	// algorithm, issuer, and audience since the IDTokenVerifier validates these values
+	// independently.
+	//
+	// If VerifySignature makes HTTP requests to verify the token, it's expected to
+	// use any HTTP client associated with the context through ClientContext.
+	VerifySignature(ctx context.Context, jwt string) (payload []byte, err error)
+}
+
+// IDTokenVerifier provides verification for ID Tokens.
+type IDTokenVerifier struct {
+	keySet KeySet
+	config *Config
+	issuer string
+}
+
+// NewVerifier returns a verifier manually constructed from a key set and issuer URL.
+//
+// It's easier to use provider discovery to construct an IDTokenVerifier than creating
+// one directly. This method is intended to be used with provider that don't support
+// metadata discovery, or avoiding round trips when the key set URL is already known.
+//
+// This constructor can be used to create a verifier directly using the issuer URL and
+// JSON Web Key Set URL without using discovery:
+//
+//	keySet := oidc.NewRemoteKeySet(ctx, "https://www.googleapis.com/oauth2/v3/certs")
+//	verifier := oidc.NewVerifier("https://accounts.google.com", keySet, config)
+//
+// Or a static key set (e.g. for testing):
+//
+//	keySet := &oidc.StaticKeySet{PublicKeys: []crypto.PublicKey{pub1, pub2}}
+//	verifier := oidc.NewVerifier("https://accounts.google.com", keySet, config)
+func NewVerifier(issuerURL string, keySet KeySet, config *Config) *IDTokenVerifier {
+	return &IDTokenVerifier{keySet: keySet, config: config, issuer: issuerURL}
+}
+
+// Config is the configuration for an IDTokenVerifier.
+type Config struct {
+	// Expected audience of the token. For a majority of the cases this is expected to be
+	// the ID of the client that initialized the login flow. It may occasionally differ if
+	// the provider supports the authorizing party (azp) claim.
+	//
+	// If not provided, users must explicitly set SkipClientIDCheck.
+	ClientID string
+	// If specified, only this set of algorithms may be used to sign the JWT.
+	//
+	// If the IDTokenVerifier is created from a provider with (*Provider).Verifier, this
+	// defaults to the set of algorithms the provider supports. Otherwise this values
+	// defaults to RS256.
+	SupportedSigningAlgs []string
+
+	// If true, no ClientID check performed. Must be true if ClientID field is empty.
+	SkipClientIDCheck bool
+	// If true, token expiry is not checked.
+	SkipExpiryCheck bool
+
+	// SkipIssuerCheck is intended for specialized cases where the the caller wishes to
+	// defer issuer validation. When enabled, callers MUST independently verify the Token's
+	// Issuer is a known good value.
+	//
+	// Mismatched issuers often indicate client mis-configuration. If mismatches are
+	// unexpected, evaluate if the provided issuer URL is incorrect instead of enabling
+	// this option.
+	SkipIssuerCheck bool
+
+	// Time function to check Token expiry. Defaults to time.Now
+	Now func() time.Time
+
+	// InsecureSkipSignatureCheck causes this package to skip JWT signature validation.
+	// It's intended for special cases where providers (such as Azure), use the "none"
+	// algorithm.
+	//
+	// This option can only be enabled safely when the ID Token is received directly
+	// from the provider after the token exchange.
+	//
+	// This option MUST NOT be used when receiving an ID Token from sources other
+	// than the token endpoint.
+	InsecureSkipSignatureCheck bool
+}
+
+// VerifierContext returns an IDTokenVerifier that uses the provider's key set to
+// verify JWTs. As opposed to Verifier, the context is used to configure requests
+// to the upstream JWKs endpoint. The provided context's cancellation is ignored.
+func (p *Provider) VerifierContext(ctx context.Context, config *Config) *IDTokenVerifier {
+	return p.newVerifier(NewRemoteKeySet(ctx, p.jwksURL), config)
+}
+
+// Verifier returns an IDTokenVerifier that uses the provider's key set to verify JWTs.
+//
+// The returned verifier uses a background context for all requests to the upstream
+// JWKs endpoint. To control that context, use VerifierContext instead.
+func (p *Provider) Verifier(config *Config) *IDTokenVerifier {
+	return p.newVerifier(p.remoteKeySet(), config)
+}
+
+func (p *Provider) newVerifier(keySet KeySet, config *Config) *IDTokenVerifier {
+	if len(config.SupportedSigningAlgs) == 0 && len(p.algorithms) > 0 {
+		// Make a copy so we don't modify the config values.
+		cp := &Config{}
+		*cp = *config
+		cp.SupportedSigningAlgs = p.algorithms
+		config = cp
+	}
+	return NewVerifier(p.issuer, keySet, config)
+}
+
+func parseJWT(p string) ([]byte, error) {
+	parts := strings.Split(p, ".")
+	if len(parts) < 2 {
+		return nil, fmt.Errorf("oidc: malformed jwt, expected 3 parts got %d", len(parts))
+	}
+	payload, err := base64.RawURLEncoding.DecodeString(parts[1])
+	if err != nil {
+		return nil, fmt.Errorf("oidc: malformed jwt payload: %v", err)
+	}
+	return payload, nil
+}
+
+func contains(sli []string, ele string) bool {
+	for _, s := range sli {
+		if s == ele {
+			return true
+		}
+	}
+	return false
+}
+
+// Returns the Claims from the distributed JWT token
+func resolveDistributedClaim(ctx context.Context, verifier *IDTokenVerifier, src claimSource) ([]byte, error) {
+	req, err := http.NewRequest("GET", src.Endpoint, nil)
+	if err != nil {
+		return nil, fmt.Errorf("malformed request: %v", err)
+	}
+	if src.AccessToken != "" {
+		req.Header.Set("Authorization", "Bearer "+src.AccessToken)
+	}
+
+	resp, err := doRequest(ctx, req)
+	if err != nil {
+		return nil, fmt.Errorf("oidc: Request to endpoint failed: %v", err)
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("unable to read response body: %v", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("oidc: request failed: %v", resp.StatusCode)
+	}
+
+	token, err := verifier.Verify(ctx, string(body))
+	if err != nil {
+		return nil, fmt.Errorf("malformed response body: %v", err)
+	}
+
+	return token.claims, nil
+}
+
+// Verify parses a raw ID Token, verifies it's been signed by the provider, performs
+// any additional checks depending on the Config, and returns the payload.
+//
+// Verify does NOT do nonce validation, which is the callers responsibility.
+//
+// See: https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
+//
+//	oauth2Token, err := oauth2Config.Exchange(ctx, r.URL.Query().Get("code"))
+//	if err != nil {
+//	    // handle error
+//	}
+//
+//	// Extract the ID Token from oauth2 token.
+//	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
+//	if !ok {
+//	    // handle error
+//	}
+//
+//	token, err := verifier.Verify(ctx, rawIDToken)
+func (v *IDTokenVerifier) Verify(ctx context.Context, rawIDToken string) (*IDToken, error) {
+	// Throw out tokens with invalid claims before trying to verify the token. This lets
+	// us do cheap checks before possibly re-syncing keys.
+	payload, err := parseJWT(rawIDToken)
+	if err != nil {
+		return nil, fmt.Errorf("oidc: malformed jwt: %v", err)
+	}
+	var token idToken
+	if err := json.Unmarshal(payload, &token); err != nil {
+		return nil, fmt.Errorf("oidc: failed to unmarshal claims: %v", err)
+	}
+
+	distributedClaims := make(map[string]claimSource)
+
+	//step through the token to map claim names to claim sources"
+	for cn, src := range token.ClaimNames {
+		if src == "" {
+			return nil, fmt.Errorf("oidc: failed to obtain source from claim name")
+		}
+		s, ok := token.ClaimSources[src]
+		if !ok {
+			return nil, fmt.Errorf("oidc: source does not exist")
+		}
+		distributedClaims[cn] = s
+	}
+
+	t := &IDToken{
+		Issuer:            token.Issuer,
+		Subject:           token.Subject,
+		Audience:          []string(token.Audience),
+		Expiry:            time.Time(token.Expiry),
+		IssuedAt:          time.Time(token.IssuedAt),
+		Nonce:             token.Nonce,
+		AccessTokenHash:   token.AtHash,
+		claims:            payload,
+		distributedClaims: distributedClaims,
+	}
+
+	// Check issuer.
+	if !v.config.SkipIssuerCheck && t.Issuer != v.issuer {
+		// Google sometimes returns "accounts.google.com" as the issuer claim instead of
+		// the required "https://accounts.google.com". Detect this case and allow it only
+		// for Google.
+		//
+		// We will not add hooks to let other providers go off spec like this.
+		if !(v.issuer == issuerGoogleAccounts && t.Issuer == issuerGoogleAccountsNoScheme) {
+			return nil, fmt.Errorf("oidc: id token issued by a different provider, expected %q got %q", v.issuer, t.Issuer)
+		}
+	}
+
+	// If a client ID has been provided, make sure it's part of the audience. SkipClientIDCheck must be true if ClientID is empty.
+	//
+	// This check DOES NOT ensure that the ClientID is the party to which the ID Token was issued (i.e. Authorized party).
+	if !v.config.SkipClientIDCheck {
+		if v.config.ClientID != "" {
+			if !contains(t.Audience, v.config.ClientID) {
+				return nil, fmt.Errorf("oidc: expected audience %q got %q", v.config.ClientID, t.Audience)
+			}
+		} else {
+			return nil, fmt.Errorf("oidc: invalid configuration, clientID must be provided or SkipClientIDCheck must be set")
+		}
+	}
+
+	// If a SkipExpiryCheck is false, make sure token is not expired.
+	if !v.config.SkipExpiryCheck {
+		now := time.Now
+		if v.config.Now != nil {
+			now = v.config.Now
+		}
+		nowTime := now()
+
+		if t.Expiry.Before(nowTime) {
+			return nil, &TokenExpiredError{Expiry: t.Expiry}
+		}
+
+		// If nbf claim is provided in token, ensure that it is indeed in the past.
+		if token.NotBefore != nil {
+			nbfTime := time.Time(*token.NotBefore)
+			// Set to 5 minutes since this is what other OpenID Connect providers do to deal with clock skew.
+			// https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/6.12.2/src/Microsoft.IdentityModel.Tokens/TokenValidationParameters.cs#L149-L153
+			leeway := 5 * time.Minute
+
+			if nowTime.Add(leeway).Before(nbfTime) {
+				return nil, fmt.Errorf("oidc: current time %v before the nbf (not before) time: %v", nowTime, nbfTime)
+			}
+		}
+	}
+
+	if v.config.InsecureSkipSignatureCheck {
+		return t, nil
+	}
+
+	var supportedSigAlgs []jose.SignatureAlgorithm
+	for _, alg := range v.config.SupportedSigningAlgs {
+		supportedSigAlgs = append(supportedSigAlgs, jose.SignatureAlgorithm(alg))
+	}
+	if len(supportedSigAlgs) == 0 {
+		// If no algorithms were specified by both the config and discovery, default
+		// to the one mandatory algorithm "RS256".
+		supportedSigAlgs = []jose.SignatureAlgorithm{jose.RS256}
+	}
+	jws, err := jose.ParseSigned(rawIDToken, supportedSigAlgs)
+	if err != nil {
+		return nil, fmt.Errorf("oidc: malformed jwt: %v", err)
+	}
+
+	switch len(jws.Signatures) {
+	case 0:
+		return nil, fmt.Errorf("oidc: id token not signed")
+	case 1:
+	default:
+		return nil, fmt.Errorf("oidc: multiple signatures on id token not supported")
+	}
+	sig := jws.Signatures[0]
+	t.sigAlgorithm = sig.Header.Algorithm
+
+	ctx = context.WithValue(ctx, parsedJWTKey, jws)
+	gotPayload, err := v.keySet.VerifySignature(ctx, rawIDToken)
+	if err != nil {
+		return nil, fmt.Errorf("failed to verify signature: %v", err)
+	}
+
+	// Ensure that the payload returned by the square actually matches the payload parsed earlier.
+	if !bytes.Equal(gotPayload, payload) {
+		return nil, errors.New("oidc: internal error, payload parsed did not match previous payload")
+	}
+
+	return t, nil
+}
+
+// Nonce returns an auth code option which requires the ID Token created by the
+// OpenID Connect provider to contain the specified nonce.
+func Nonce(nonce string) oauth2.AuthCodeOption {
+	return oauth2.SetAuthURLParam("nonce", nonce)
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/.gitignore b/vendor/github.com/go-jose/go-jose/v4/.gitignore
new file mode 100644
index 0000000000..eb29ebaefd
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/.gitignore
@@ -0,0 +1,2 @@
+jose-util/jose-util
+jose-util.t.err
\ No newline at end of file
diff --git a/vendor/github.com/go-jose/go-jose/v4/.golangci.yml b/vendor/github.com/go-jose/go-jose/v4/.golangci.yml
new file mode 100644
index 0000000000..2a577a8f95
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/.golangci.yml
@@ -0,0 +1,53 @@
+# https://github.com/golangci/golangci-lint
+
+run:
+  skip-files:
+    - doc_test.go
+  modules-download-mode: readonly
+
+linters:
+  enable-all: true
+  disable:
+    - gochecknoglobals
+    - goconst
+    - lll
+    - maligned
+    - nakedret
+    - scopelint
+    - unparam
+    - funlen # added in 1.18 (requires go-jose changes before it can be enabled)
+
+linters-settings:
+  gocyclo:
+    min-complexity: 35
+
+issues:
+  exclude-rules:
+    - text: "don't use ALL_CAPS in Go names"
+      linters:
+        - golint
+    - text: "hardcoded credentials"
+      linters:
+        - gosec
+    - text: "weak cryptographic primitive"
+      linters:
+        - gosec
+    - path: json/
+      linters:
+        - dupl
+        - errcheck
+        - gocritic
+        - gocyclo
+        - golint
+        - govet
+        - ineffassign
+        - staticcheck
+        - structcheck
+        - stylecheck
+        - unused
+    - path: _test\.go
+      linters:
+        - scopelint
+    - path: jwk.go
+      linters:
+        - gocyclo
diff --git a/vendor/github.com/go-jose/go-jose/v4/.travis.yml b/vendor/github.com/go-jose/go-jose/v4/.travis.yml
new file mode 100644
index 0000000000..48de631b00
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/.travis.yml
@@ -0,0 +1,33 @@
+language: go
+
+matrix:
+  fast_finish: true
+  allow_failures:
+    - go: tip
+
+go:
+  - "1.13.x"
+  - "1.14.x"
+  - tip
+
+before_script:
+  - export PATH=$HOME/.local/bin:$PATH
+
+before_install:
+  - go get -u github.com/mattn/goveralls github.com/wadey/gocovmerge
+  - curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.18.0
+  - pip install cram --user
+
+script:
+  - go test -v -covermode=count -coverprofile=profile.cov .
+  - go test -v -covermode=count -coverprofile=cryptosigner/profile.cov ./cryptosigner
+  - go test -v -covermode=count -coverprofile=cipher/profile.cov ./cipher
+  - go test -v -covermode=count -coverprofile=jwt/profile.cov ./jwt
+  - go test -v ./json  # no coverage for forked encoding/json package
+  - golangci-lint run
+  - cd jose-util && go build && PATH=$PWD:$PATH cram -v jose-util.t # cram tests jose-util
+  - cd ..
+
+after_success:
+  - gocovmerge *.cov */*.cov > merged.coverprofile
+  - goveralls -coverprofile merged.coverprofile -service=travis-ci
diff --git a/vendor/github.com/go-jose/go-jose/v4/CHANGELOG.md b/vendor/github.com/go-jose/go-jose/v4/CHANGELOG.md
new file mode 100644
index 0000000000..246979f161
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/CHANGELOG.md
@@ -0,0 +1,89 @@
+# v4.0.3
+
+## Changed
+
+ - Allow unmarshalling JSONWebKeySets with unsupported key types (#130)
+ - Document that OpaqueKeyEncrypter can't be implemented (for now) (#129)
+ - Dependency updates
+
+# v4.0.2
+
+## Changed
+
+ - Improved documentation of Verify() to note that JSONWebKeySet is a supported
+   argument type (#104)
+ - Defined exported error values for missing x5c header and unsupported elliptic
+   curves error cases (#117)
+
+# v4.0.1
+
+## Fixed
+
+ - An attacker could send a JWE containing compressed data that used large
+   amounts of memory and CPU when decompressed by `Decrypt` or `DecryptMulti`.
+   Those functions now return an error if the decompressed data would exceed
+   250kB or 10x the compressed size (whichever is larger). Thanks to
+   Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab (@zer0yu and @chenjj)
+   for reporting.
+
+# v4.0.0
+
+This release makes some breaking changes in order to more thoroughly
+address the vulnerabilities discussed in [Three New Attacks Against JSON Web
+Tokens][1], "Sign/encrypt confusion", "Billion hash attack", and "Polyglot
+token".
+
+## Changed
+
+ - Limit JWT encryption types (exclude password or public key types) (#78)
+ - Enforce minimum length for HMAC keys (#85)
+ - jwt: match any audience in a list, rather than requiring all audiences (#81)
+ - jwt: accept only Compact Serialization (#75)
+ - jws: Add expected algorithms for signatures (#74)
+ - Require specifying expected algorithms for ParseEncrypted,
+   ParseSigned, ParseDetached, jwt.ParseEncrypted, jwt.ParseSigned,
+   jwt.ParseSignedAndEncrypted (#69, #74)
+   - Usually there is a small, known set of appropriate algorithms for a program
+     to use and it's a mistake to allow unexpected algorithms. For instance the
+     "billion hash attack" relies in part on programs accepting the PBES2
+     encryption algorithm and doing the necessary work even if they weren't
+     specifically configured to allow PBES2.
+ - Revert "Strip padding off base64 strings" (#82)
+  - The specs require base64url encoding without padding.
+ - Minimum supported Go version is now 1.21
+
+## Added
+
+ - ParseSignedCompact, ParseSignedJSON, ParseEncryptedCompact, ParseEncryptedJSON.
+   - These allow parsing a specific serialization, as opposed to ParseSigned and
+     ParseEncrypted, which try to automatically detect which serialization was
+     provided. It's common to require a specific serialization for a specific
+     protocol - for instance JWT requires Compact serialization.
+
+[1]: https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf
+
+# v3.0.2
+
+## Fixed
+
+ - DecryptMulti: handle decompression error (#19)
+
+## Changed
+
+ - jwe/CompactSerialize: improve performance (#67)
+ - Increase the default number of PBKDF2 iterations to 600k (#48)
+ - Return the proper algorithm for ECDSA keys (#45)
+
+## Added
+
+ - Add Thumbprint support for opaque signers (#38)
+
+# v3.0.1
+
+## Fixed
+
+ - Security issue: an attacker specifying a large "p2c" value can cause
+   JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti to consume large
+   amounts of CPU, causing a DoS. Thanks to Matt Schwager (@mschwager) for the
+   disclosure and to Tom Tervoort for originally publishing the category of attack.
+   https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf
diff --git a/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md b/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md
new file mode 100644
index 0000000000..b63e1f8fee
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md
@@ -0,0 +1,15 @@
+# Contributing
+
+If you would like to contribute code to go-jose you can do so through GitHub by
+forking the repository and sending a pull request.
+
+When submitting code, please make every effort to follow existing conventions
+and style in order to keep the code as readable as possible. Please also make
+sure all tests pass by running `go test`, and format your code with `go fmt`.
+We also recommend using `golint` and `errcheck`.
+
+Before your code can be accepted into the project you must also sign the
+Individual Contributor License Agreement.  We use [cla-assistant.io][1] and you
+will be prompted to sign once a pull request is opened.
+
+[1]: https://cla-assistant.io/
diff --git a/vendor/google.golang.org/appengine/LICENSE b/vendor/github.com/go-jose/go-jose/v4/LICENSE
similarity index 100%
rename from vendor/google.golang.org/appengine/LICENSE
rename to vendor/github.com/go-jose/go-jose/v4/LICENSE
diff --git a/vendor/github.com/go-jose/go-jose/v4/README.md b/vendor/github.com/go-jose/go-jose/v4/README.md
new file mode 100644
index 0000000000..79a7c5ecc8
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/README.md
@@ -0,0 +1,114 @@
+# Go JOSE
+
+[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4)
+[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4/jwt.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4/jwt)
+[![license](https://img.shields.io/badge/license-apache_2.0-blue.svg?style=flat)](https://raw.githubusercontent.com/go-jose/go-jose/master/LICENSE)
+[![test](https://img.shields.io/github/checks-status/go-jose/go-jose/v4)](https://github.com/go-jose/go-jose/actions)
+
+Package jose aims to provide an implementation of the Javascript Object Signing
+and Encryption set of standards. This includes support for JSON Web Encryption,
+JSON Web Signature, and JSON Web Token standards.
+
+**Disclaimer**: This library contains encryption software that is subject to
+the U.S. Export Administration Regulations. You may not export, re-export,
+transfer or download this code or any part of it in violation of any United
+States law, directive or regulation. In particular this software may not be
+exported or re-exported in any form or on any media to Iran, North Sudan,
+Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any
+US maintained blocked list.
+
+## Overview
+
+The implementation follows the
+[JSON Web Encryption](https://dx.doi.org/10.17487/RFC7516) (RFC 7516),
+[JSON Web Signature](https://dx.doi.org/10.17487/RFC7515) (RFC 7515), and
+[JSON Web Token](https://dx.doi.org/10.17487/RFC7519) (RFC 7519) specifications.
+Tables of supported algorithms are shown below. The library supports both
+the compact and JWS/JWE JSON Serialization formats, and has optional support for
+multiple recipients. It also comes with a small command-line utility
+([`jose-util`](https://pkg.go.dev/github.com/go-jose/go-jose/jose-util))
+for dealing with JOSE messages in a shell.
+
+**Note**: We use a forked version of the `encoding/json` package from the Go
+standard library which uses case-sensitive matching for member names (instead
+of [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html)).
+This is to avoid differences in interpretation of messages between go-jose and
+libraries in other languages.
+
+### Versions
+
+[Version 4](https://github.com/go-jose/go-jose)
+([branch](https://github.com/go-jose/go-jose/tree/main),
+[doc](https://pkg.go.dev/github.com/go-jose/go-jose/v4), [releases](https://github.com/go-jose/go-jose/releases)) is the current stable version:
+
+    import "github.com/go-jose/go-jose/v4"
+
+The old [square/go-jose](https://github.com/square/go-jose) repo contains the prior v1 and v2 versions, which
+are still useable but not actively developed anymore.
+
+Version 3, in this repo, is still receiving security fixes but not functionality
+updates.
+
+### Supported algorithms
+
+See below for a table of supported algorithms. Algorithm identifiers match
+the names in the [JSON Web Algorithms](https://dx.doi.org/10.17487/RFC7518)
+standard where possible. The Godoc reference has a list of constants.
+
+ Key encryption             | Algorithm identifier(s)
+ :------------------------- | :------------------------------
+ RSA-PKCS#1v1.5             | RSA1_5
+ RSA-OAEP                   | RSA-OAEP, RSA-OAEP-256
+ AES key wrap               | A128KW, A192KW, A256KW
+ AES-GCM key wrap           | A128GCMKW, A192GCMKW, A256GCMKW
+ ECDH-ES + AES key wrap     | ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW
+ ECDH-ES (direct)           | ECDH-ES<sup>1</sup>
+ Direct encryption          | dir<sup>1</sup>
+
+<sup>1. Not supported in multi-recipient mode</sup>
+
+ Signing / MAC              | Algorithm identifier(s)
+ :------------------------- | :------------------------------
+ RSASSA-PKCS#1v1.5          | RS256, RS384, RS512
+ RSASSA-PSS                 | PS256, PS384, PS512
+ HMAC                       | HS256, HS384, HS512
+ ECDSA                      | ES256, ES384, ES512
+ Ed25519                    | EdDSA<sup>2</sup>
+
+<sup>2. Only available in version 2 of the package</sup>
+
+ Content encryption         | Algorithm identifier(s)
+ :------------------------- | :------------------------------
+ AES-CBC+HMAC               | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512
+ AES-GCM                    | A128GCM, A192GCM, A256GCM
+
+ Compression                | Algorithm identifiers(s)
+ :------------------------- | -------------------------------
+ DEFLATE (RFC 1951)         | DEF
+
+### Supported key types
+
+See below for a table of supported key types. These are understood by the
+library, and can be passed to corresponding functions such as `NewEncrypter` or
+`NewSigner`. Each of these keys can also be wrapped in a JWK if desired, which
+allows attaching a key id.
+
+ Algorithm(s)               | Corresponding types
+ :------------------------- | -------------------------------
+ RSA                        | *[rsa.PublicKey](https://pkg.go.dev/crypto/rsa/#PublicKey), *[rsa.PrivateKey](https://pkg.go.dev/crypto/rsa/#PrivateKey)
+ ECDH, ECDSA                | *[ecdsa.PublicKey](https://pkg.go.dev/crypto/ecdsa/#PublicKey), *[ecdsa.PrivateKey](https://pkg.go.dev/crypto/ecdsa/#PrivateKey)
+ EdDSA<sup>1</sup>          | [ed25519.PublicKey](https://pkg.go.dev/crypto/ed25519#PublicKey), [ed25519.PrivateKey](https://pkg.go.dev/crypto/ed25519#PrivateKey)
+ AES, HMAC                  | []byte
+
+<sup>1. Only available in version 2 or later of the package</sup>
+
+## Examples
+
+[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4)
+[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4/jwt.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4/jwt)
+
+Examples can be found in the Godoc
+reference for this package. The
+[`jose-util`](https://github.com/go-jose/go-jose/tree/v4/jose-util)
+subdirectory also contains a small command-line utility which might be useful
+as an example as well.
diff --git a/vendor/github.com/go-jose/go-jose/v4/SECURITY.md b/vendor/github.com/go-jose/go-jose/v4/SECURITY.md
new file mode 100644
index 0000000000..2f18a75a82
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+This document explains how to contact the Let's Encrypt security team to report security vulnerabilities.
+
+## Supported Versions
+| Version | Supported |
+| ------- | ----------|
+| >= v3   | &check; |
+| v2      | &cross; |
+| v1      | &cross; |
+
+## Reporting a vulnerability
+
+Please see [https://letsencrypt.org/contact/#security](https://letsencrypt.org/contact/#security) for the email address to report a vulnerability. Ensure that the subject line for your report contains the word `vulnerability` and is descriptive. Your email should be acknowledged within 24 hours. If you do not receive a response within 24 hours, please follow-up again with another email.
diff --git a/vendor/github.com/go-jose/go-jose/v4/asymmetric.go b/vendor/github.com/go-jose/go-jose/v4/asymmetric.go
new file mode 100644
index 0000000000..f8d5774ef5
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/asymmetric.go
@@ -0,0 +1,595 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"crypto"
+	"crypto/aes"
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha1"
+	"crypto/sha256"
+	"errors"
+	"fmt"
+	"math/big"
+
+	josecipher "github.com/go-jose/go-jose/v4/cipher"
+	"github.com/go-jose/go-jose/v4/json"
+)
+
+// A generic RSA-based encrypter/verifier
+type rsaEncrypterVerifier struct {
+	publicKey *rsa.PublicKey
+}
+
+// A generic RSA-based decrypter/signer
+type rsaDecrypterSigner struct {
+	privateKey *rsa.PrivateKey
+}
+
+// A generic EC-based encrypter/verifier
+type ecEncrypterVerifier struct {
+	publicKey *ecdsa.PublicKey
+}
+
+type edEncrypterVerifier struct {
+	publicKey ed25519.PublicKey
+}
+
+// A key generator for ECDH-ES
+type ecKeyGenerator struct {
+	size      int
+	algID     string
+	publicKey *ecdsa.PublicKey
+}
+
+// A generic EC-based decrypter/signer
+type ecDecrypterSigner struct {
+	privateKey *ecdsa.PrivateKey
+}
+
+type edDecrypterSigner struct {
+	privateKey ed25519.PrivateKey
+}
+
+// newRSARecipient creates recipientKeyInfo based on the given key.
+func newRSARecipient(keyAlg KeyAlgorithm, publicKey *rsa.PublicKey) (recipientKeyInfo, error) {
+	// Verify that key management algorithm is supported by this encrypter
+	switch keyAlg {
+	case RSA1_5, RSA_OAEP, RSA_OAEP_256:
+	default:
+		return recipientKeyInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	if publicKey == nil {
+		return recipientKeyInfo{}, errors.New("invalid public key")
+	}
+
+	return recipientKeyInfo{
+		keyAlg: keyAlg,
+		keyEncrypter: &rsaEncrypterVerifier{
+			publicKey: publicKey,
+		},
+	}, nil
+}
+
+// newRSASigner creates a recipientSigInfo based on the given key.
+func newRSASigner(sigAlg SignatureAlgorithm, privateKey *rsa.PrivateKey) (recipientSigInfo, error) {
+	// Verify that key management algorithm is supported by this encrypter
+	switch sigAlg {
+	case RS256, RS384, RS512, PS256, PS384, PS512:
+	default:
+		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	if privateKey == nil {
+		return recipientSigInfo{}, errors.New("invalid private key")
+	}
+
+	return recipientSigInfo{
+		sigAlg: sigAlg,
+		publicKey: staticPublicKey(&JSONWebKey{
+			Key: privateKey.Public(),
+		}),
+		signer: &rsaDecrypterSigner{
+			privateKey: privateKey,
+		},
+	}, nil
+}
+
+func newEd25519Signer(sigAlg SignatureAlgorithm, privateKey ed25519.PrivateKey) (recipientSigInfo, error) {
+	if sigAlg != EdDSA {
+		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	if privateKey == nil {
+		return recipientSigInfo{}, errors.New("invalid private key")
+	}
+	return recipientSigInfo{
+		sigAlg: sigAlg,
+		publicKey: staticPublicKey(&JSONWebKey{
+			Key: privateKey.Public(),
+		}),
+		signer: &edDecrypterSigner{
+			privateKey: privateKey,
+		},
+	}, nil
+}
+
+// newECDHRecipient creates recipientKeyInfo based on the given key.
+func newECDHRecipient(keyAlg KeyAlgorithm, publicKey *ecdsa.PublicKey) (recipientKeyInfo, error) {
+	// Verify that key management algorithm is supported by this encrypter
+	switch keyAlg {
+	case ECDH_ES, ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW:
+	default:
+		return recipientKeyInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	if publicKey == nil || !publicKey.Curve.IsOnCurve(publicKey.X, publicKey.Y) {
+		return recipientKeyInfo{}, errors.New("invalid public key")
+	}
+
+	return recipientKeyInfo{
+		keyAlg: keyAlg,
+		keyEncrypter: &ecEncrypterVerifier{
+			publicKey: publicKey,
+		},
+	}, nil
+}
+
+// newECDSASigner creates a recipientSigInfo based on the given key.
+func newECDSASigner(sigAlg SignatureAlgorithm, privateKey *ecdsa.PrivateKey) (recipientSigInfo, error) {
+	// Verify that key management algorithm is supported by this encrypter
+	switch sigAlg {
+	case ES256, ES384, ES512:
+	default:
+		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	if privateKey == nil {
+		return recipientSigInfo{}, errors.New("invalid private key")
+	}
+
+	return recipientSigInfo{
+		sigAlg: sigAlg,
+		publicKey: staticPublicKey(&JSONWebKey{
+			Key: privateKey.Public(),
+		}),
+		signer: &ecDecrypterSigner{
+			privateKey: privateKey,
+		},
+	}, nil
+}
+
+// Encrypt the given payload and update the object.
+func (ctx rsaEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) {
+	encryptedKey, err := ctx.encrypt(cek, alg)
+	if err != nil {
+		return recipientInfo{}, err
+	}
+
+	return recipientInfo{
+		encryptedKey: encryptedKey,
+		header:       &rawHeader{},
+	}, nil
+}
+
+// Encrypt the given payload. Based on the key encryption algorithm,
+// this will either use RSA-PKCS1v1.5 or RSA-OAEP (with SHA-1 or SHA-256).
+func (ctx rsaEncrypterVerifier) encrypt(cek []byte, alg KeyAlgorithm) ([]byte, error) {
+	switch alg {
+	case RSA1_5:
+		return rsa.EncryptPKCS1v15(RandReader, ctx.publicKey, cek)
+	case RSA_OAEP:
+		return rsa.EncryptOAEP(sha1.New(), RandReader, ctx.publicKey, cek, []byte{})
+	case RSA_OAEP_256:
+		return rsa.EncryptOAEP(sha256.New(), RandReader, ctx.publicKey, cek, []byte{})
+	}
+
+	return nil, ErrUnsupportedAlgorithm
+}
+
+// Decrypt the given payload and return the content encryption key.
+func (ctx rsaDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
+	return ctx.decrypt(recipient.encryptedKey, headers.getAlgorithm(), generator)
+}
+
+// Decrypt the given payload. Based on the key encryption algorithm,
+// this will either use RSA-PKCS1v1.5 or RSA-OAEP (with SHA-1 or SHA-256).
+func (ctx rsaDecrypterSigner) decrypt(jek []byte, alg KeyAlgorithm, generator keyGenerator) ([]byte, error) {
+	// Note: The random reader on decrypt operations is only used for blinding,
+	// so stubbing is meanlingless (hence the direct use of rand.Reader).
+	switch alg {
+	case RSA1_5:
+		defer func() {
+			// DecryptPKCS1v15SessionKey sometimes panics on an invalid payload
+			// because of an index out of bounds error, which we want to ignore.
+			// This has been fixed in Go 1.3.1 (released 2014/08/13), the recover()
+			// only exists for preventing crashes with unpatched versions.
+			// See: https://groups.google.com/forum/#!topic/golang-dev/7ihX6Y6kx9k
+			// See: https://code.google.com/p/go/source/detail?r=58ee390ff31602edb66af41ed10901ec95904d33
+			_ = recover()
+		}()
+
+		// Perform some input validation.
+		keyBytes := ctx.privateKey.PublicKey.N.BitLen() / 8
+		if keyBytes != len(jek) {
+			// Input size is incorrect, the encrypted payload should always match
+			// the size of the public modulus (e.g. using a 2048 bit key will
+			// produce 256 bytes of output). Reject this since it's invalid input.
+			return nil, ErrCryptoFailure
+		}
+
+		cek, _, err := generator.genKey()
+		if err != nil {
+			return nil, ErrCryptoFailure
+		}
+
+		// When decrypting an RSA-PKCS1v1.5 payload, we must take precautions to
+		// prevent chosen-ciphertext attacks as described in RFC 3218, "Preventing
+		// the Million Message Attack on Cryptographic Message Syntax". We are
+		// therefore deliberately ignoring errors here.
+		_ = rsa.DecryptPKCS1v15SessionKey(rand.Reader, ctx.privateKey, jek, cek)
+
+		return cek, nil
+	case RSA_OAEP:
+		// Use rand.Reader for RSA blinding
+		return rsa.DecryptOAEP(sha1.New(), rand.Reader, ctx.privateKey, jek, []byte{})
+	case RSA_OAEP_256:
+		// Use rand.Reader for RSA blinding
+		return rsa.DecryptOAEP(sha256.New(), rand.Reader, ctx.privateKey, jek, []byte{})
+	}
+
+	return nil, ErrUnsupportedAlgorithm
+}
+
+// Sign the given payload
+func (ctx rsaDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+	var hash crypto.Hash
+
+	switch alg {
+	case RS256, PS256:
+		hash = crypto.SHA256
+	case RS384, PS384:
+		hash = crypto.SHA384
+	case RS512, PS512:
+		hash = crypto.SHA512
+	default:
+		return Signature{}, ErrUnsupportedAlgorithm
+	}
+
+	hasher := hash.New()
+
+	// According to documentation, Write() on hash never fails
+	_, _ = hasher.Write(payload)
+	hashed := hasher.Sum(nil)
+
+	var out []byte
+	var err error
+
+	switch alg {
+	case RS256, RS384, RS512:
+		// TODO(https://github.com/go-jose/go-jose/issues/40): As of go1.20, the
+		// random parameter is legacy and ignored, and it can be nil.
+		// https://cs.opensource.google/go/go/+/refs/tags/go1.20:src/crypto/rsa/pkcs1v15.go;l=263;bpv=0;bpt=1
+		out, err = rsa.SignPKCS1v15(RandReader, ctx.privateKey, hash, hashed)
+	case PS256, PS384, PS512:
+		out, err = rsa.SignPSS(RandReader, ctx.privateKey, hash, hashed, &rsa.PSSOptions{
+			SaltLength: rsa.PSSSaltLengthEqualsHash,
+		})
+	}
+
+	if err != nil {
+		return Signature{}, err
+	}
+
+	return Signature{
+		Signature: out,
+		protected: &rawHeader{},
+	}, nil
+}
+
+// Verify the given payload
+func (ctx rsaEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
+	var hash crypto.Hash
+
+	switch alg {
+	case RS256, PS256:
+		hash = crypto.SHA256
+	case RS384, PS384:
+		hash = crypto.SHA384
+	case RS512, PS512:
+		hash = crypto.SHA512
+	default:
+		return ErrUnsupportedAlgorithm
+	}
+
+	hasher := hash.New()
+
+	// According to documentation, Write() on hash never fails
+	_, _ = hasher.Write(payload)
+	hashed := hasher.Sum(nil)
+
+	switch alg {
+	case RS256, RS384, RS512:
+		return rsa.VerifyPKCS1v15(ctx.publicKey, hash, hashed, signature)
+	case PS256, PS384, PS512:
+		return rsa.VerifyPSS(ctx.publicKey, hash, hashed, signature, nil)
+	}
+
+	return ErrUnsupportedAlgorithm
+}
+
+// Encrypt the given payload and update the object.
+func (ctx ecEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) {
+	switch alg {
+	case ECDH_ES:
+		// ECDH-ES mode doesn't wrap a key, the shared secret is used directly as the key.
+		return recipientInfo{
+			header: &rawHeader{},
+		}, nil
+	case ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW:
+	default:
+		return recipientInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	generator := ecKeyGenerator{
+		algID:     string(alg),
+		publicKey: ctx.publicKey,
+	}
+
+	switch alg {
+	case ECDH_ES_A128KW:
+		generator.size = 16
+	case ECDH_ES_A192KW:
+		generator.size = 24
+	case ECDH_ES_A256KW:
+		generator.size = 32
+	}
+
+	kek, header, err := generator.genKey()
+	if err != nil {
+		return recipientInfo{}, err
+	}
+
+	block, err := aes.NewCipher(kek)
+	if err != nil {
+		return recipientInfo{}, err
+	}
+
+	jek, err := josecipher.KeyWrap(block, cek)
+	if err != nil {
+		return recipientInfo{}, err
+	}
+
+	return recipientInfo{
+		encryptedKey: jek,
+		header:       &header,
+	}, nil
+}
+
+// Get key size for EC key generator
+func (ctx ecKeyGenerator) keySize() int {
+	return ctx.size
+}
+
+// Get a content encryption key for ECDH-ES
+func (ctx ecKeyGenerator) genKey() ([]byte, rawHeader, error) {
+	priv, err := ecdsa.GenerateKey(ctx.publicKey.Curve, RandReader)
+	if err != nil {
+		return nil, rawHeader{}, err
+	}
+
+	out := josecipher.DeriveECDHES(ctx.algID, []byte{}, []byte{}, priv, ctx.publicKey, ctx.size)
+
+	b, err := json.Marshal(&JSONWebKey{
+		Key: &priv.PublicKey,
+	})
+	if err != nil {
+		return nil, nil, err
+	}
+
+	headers := rawHeader{
+		headerEPK: makeRawMessage(b),
+	}
+
+	return out, headers, nil
+}
+
+// Decrypt the given payload and return the content encryption key.
+func (ctx ecDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
+	epk, err := headers.getEPK()
+	if err != nil {
+		return nil, errors.New("go-jose/go-jose: invalid epk header")
+	}
+	if epk == nil {
+		return nil, errors.New("go-jose/go-jose: missing epk header")
+	}
+
+	publicKey, ok := epk.Key.(*ecdsa.PublicKey)
+	if publicKey == nil || !ok {
+		return nil, errors.New("go-jose/go-jose: invalid epk header")
+	}
+
+	if !ctx.privateKey.Curve.IsOnCurve(publicKey.X, publicKey.Y) {
+		return nil, errors.New("go-jose/go-jose: invalid public key in epk header")
+	}
+
+	apuData, err := headers.getAPU()
+	if err != nil {
+		return nil, errors.New("go-jose/go-jose: invalid apu header")
+	}
+	apvData, err := headers.getAPV()
+	if err != nil {
+		return nil, errors.New("go-jose/go-jose: invalid apv header")
+	}
+
+	deriveKey := func(algID string, size int) []byte {
+		return josecipher.DeriveECDHES(algID, apuData.bytes(), apvData.bytes(), ctx.privateKey, publicKey, size)
+	}
+
+	var keySize int
+
+	algorithm := headers.getAlgorithm()
+	switch algorithm {
+	case ECDH_ES:
+		// ECDH-ES uses direct key agreement, no key unwrapping necessary.
+		return deriveKey(string(headers.getEncryption()), generator.keySize()), nil
+	case ECDH_ES_A128KW:
+		keySize = 16
+	case ECDH_ES_A192KW:
+		keySize = 24
+	case ECDH_ES_A256KW:
+		keySize = 32
+	default:
+		return nil, ErrUnsupportedAlgorithm
+	}
+
+	key := deriveKey(string(algorithm), keySize)
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	return josecipher.KeyUnwrap(block, recipient.encryptedKey)
+}
+
+func (ctx edDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+	if alg != EdDSA {
+		return Signature{}, ErrUnsupportedAlgorithm
+	}
+
+	sig, err := ctx.privateKey.Sign(RandReader, payload, crypto.Hash(0))
+	if err != nil {
+		return Signature{}, err
+	}
+
+	return Signature{
+		Signature: sig,
+		protected: &rawHeader{},
+	}, nil
+}
+
+func (ctx edEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
+	if alg != EdDSA {
+		return ErrUnsupportedAlgorithm
+	}
+	ok := ed25519.Verify(ctx.publicKey, payload, signature)
+	if !ok {
+		return errors.New("go-jose/go-jose: ed25519 signature failed to verify")
+	}
+	return nil
+}
+
+// Sign the given payload
+func (ctx ecDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+	var expectedBitSize int
+	var hash crypto.Hash
+
+	switch alg {
+	case ES256:
+		expectedBitSize = 256
+		hash = crypto.SHA256
+	case ES384:
+		expectedBitSize = 384
+		hash = crypto.SHA384
+	case ES512:
+		expectedBitSize = 521
+		hash = crypto.SHA512
+	}
+
+	curveBits := ctx.privateKey.Curve.Params().BitSize
+	if expectedBitSize != curveBits {
+		return Signature{}, fmt.Errorf("go-jose/go-jose: expected %d bit key, got %d bits instead", expectedBitSize, curveBits)
+	}
+
+	hasher := hash.New()
+
+	// According to documentation, Write() on hash never fails
+	_, _ = hasher.Write(payload)
+	hashed := hasher.Sum(nil)
+
+	r, s, err := ecdsa.Sign(RandReader, ctx.privateKey, hashed)
+	if err != nil {
+		return Signature{}, err
+	}
+
+	keyBytes := curveBits / 8
+	if curveBits%8 > 0 {
+		keyBytes++
+	}
+
+	// We serialize the outputs (r and s) into big-endian byte arrays and pad
+	// them with zeros on the left to make sure the sizes work out. Both arrays
+	// must be keyBytes long, and the output must be 2*keyBytes long.
+	rBytes := r.Bytes()
+	rBytesPadded := make([]byte, keyBytes)
+	copy(rBytesPadded[keyBytes-len(rBytes):], rBytes)
+
+	sBytes := s.Bytes()
+	sBytesPadded := make([]byte, keyBytes)
+	copy(sBytesPadded[keyBytes-len(sBytes):], sBytes)
+
+	out := append(rBytesPadded, sBytesPadded...)
+
+	return Signature{
+		Signature: out,
+		protected: &rawHeader{},
+	}, nil
+}
+
+// Verify the given payload
+func (ctx ecEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
+	var keySize int
+	var hash crypto.Hash
+
+	switch alg {
+	case ES256:
+		keySize = 32
+		hash = crypto.SHA256
+	case ES384:
+		keySize = 48
+		hash = crypto.SHA384
+	case ES512:
+		keySize = 66
+		hash = crypto.SHA512
+	default:
+		return ErrUnsupportedAlgorithm
+	}
+
+	if len(signature) != 2*keySize {
+		return fmt.Errorf("go-jose/go-jose: invalid signature size, have %d bytes, wanted %d", len(signature), 2*keySize)
+	}
+
+	hasher := hash.New()
+
+	// According to documentation, Write() on hash never fails
+	_, _ = hasher.Write(payload)
+	hashed := hasher.Sum(nil)
+
+	r := big.NewInt(0).SetBytes(signature[:keySize])
+	s := big.NewInt(0).SetBytes(signature[keySize:])
+
+	match := ecdsa.Verify(ctx.publicKey, hashed, r, s)
+	if !match {
+		return errors.New("go-jose/go-jose: ecdsa signature failed to verify")
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/cipher/cbc_hmac.go b/vendor/github.com/go-jose/go-jose/v4/cipher/cbc_hmac.go
new file mode 100644
index 0000000000..af029cec0b
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/cipher/cbc_hmac.go
@@ -0,0 +1,196 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package josecipher
+
+import (
+	"bytes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/sha256"
+	"crypto/sha512"
+	"crypto/subtle"
+	"encoding/binary"
+	"errors"
+	"hash"
+)
+
+const (
+	nonceBytes = 16
+)
+
+// NewCBCHMAC instantiates a new AEAD based on CBC+HMAC.
+func NewCBCHMAC(key []byte, newBlockCipher func([]byte) (cipher.Block, error)) (cipher.AEAD, error) {
+	keySize := len(key) / 2
+	integrityKey := key[:keySize]
+	encryptionKey := key[keySize:]
+
+	blockCipher, err := newBlockCipher(encryptionKey)
+	if err != nil {
+		return nil, err
+	}
+
+	var hash func() hash.Hash
+	switch keySize {
+	case 16:
+		hash = sha256.New
+	case 24:
+		hash = sha512.New384
+	case 32:
+		hash = sha512.New
+	}
+
+	return &cbcAEAD{
+		hash:         hash,
+		blockCipher:  blockCipher,
+		authtagBytes: keySize,
+		integrityKey: integrityKey,
+	}, nil
+}
+
+// An AEAD based on CBC+HMAC
+type cbcAEAD struct {
+	hash         func() hash.Hash
+	authtagBytes int
+	integrityKey []byte
+	blockCipher  cipher.Block
+}
+
+func (ctx *cbcAEAD) NonceSize() int {
+	return nonceBytes
+}
+
+func (ctx *cbcAEAD) Overhead() int {
+	// Maximum overhead is block size (for padding) plus auth tag length, where
+	// the length of the auth tag is equivalent to the key size.
+	return ctx.blockCipher.BlockSize() + ctx.authtagBytes
+}
+
+// Seal encrypts and authenticates the plaintext.
+func (ctx *cbcAEAD) Seal(dst, nonce, plaintext, data []byte) []byte {
+	// Output buffer -- must take care not to mangle plaintext input.
+	ciphertext := make([]byte, uint64(len(plaintext))+uint64(ctx.Overhead()))[:len(plaintext)]
+	copy(ciphertext, plaintext)
+	ciphertext = padBuffer(ciphertext, ctx.blockCipher.BlockSize())
+
+	cbc := cipher.NewCBCEncrypter(ctx.blockCipher, nonce)
+
+	cbc.CryptBlocks(ciphertext, ciphertext)
+	authtag := ctx.computeAuthTag(data, nonce, ciphertext)
+
+	ret, out := resize(dst, uint64(len(dst))+uint64(len(ciphertext))+uint64(len(authtag)))
+	copy(out, ciphertext)
+	copy(out[len(ciphertext):], authtag)
+
+	return ret
+}
+
+// Open decrypts and authenticates the ciphertext.
+func (ctx *cbcAEAD) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
+	if len(ciphertext) < ctx.authtagBytes {
+		return nil, errors.New("go-jose/go-jose: invalid ciphertext (too short)")
+	}
+
+	offset := len(ciphertext) - ctx.authtagBytes
+	expectedTag := ctx.computeAuthTag(data, nonce, ciphertext[:offset])
+	match := subtle.ConstantTimeCompare(expectedTag, ciphertext[offset:])
+	if match != 1 {
+		return nil, errors.New("go-jose/go-jose: invalid ciphertext (auth tag mismatch)")
+	}
+
+	cbc := cipher.NewCBCDecrypter(ctx.blockCipher, nonce)
+
+	// Make copy of ciphertext buffer, don't want to modify in place
+	buffer := append([]byte{}, ciphertext[:offset]...)
+
+	if len(buffer)%ctx.blockCipher.BlockSize() > 0 {
+		return nil, errors.New("go-jose/go-jose: invalid ciphertext (invalid length)")
+	}
+
+	cbc.CryptBlocks(buffer, buffer)
+
+	// Remove padding
+	plaintext, err := unpadBuffer(buffer, ctx.blockCipher.BlockSize())
+	if err != nil {
+		return nil, err
+	}
+
+	ret, out := resize(dst, uint64(len(dst))+uint64(len(plaintext)))
+	copy(out, plaintext)
+
+	return ret, nil
+}
+
+// Compute an authentication tag
+func (ctx *cbcAEAD) computeAuthTag(aad, nonce, ciphertext []byte) []byte {
+	buffer := make([]byte, uint64(len(aad))+uint64(len(nonce))+uint64(len(ciphertext))+8)
+	n := 0
+	n += copy(buffer, aad)
+	n += copy(buffer[n:], nonce)
+	n += copy(buffer[n:], ciphertext)
+	binary.BigEndian.PutUint64(buffer[n:], uint64(len(aad))*8)
+
+	// According to documentation, Write() on hash.Hash never fails.
+	hmac := hmac.New(ctx.hash, ctx.integrityKey)
+	_, _ = hmac.Write(buffer)
+
+	return hmac.Sum(nil)[:ctx.authtagBytes]
+}
+
+// resize ensures that the given slice has a capacity of at least n bytes.
+// If the capacity of the slice is less than n, a new slice is allocated
+// and the existing data will be copied.
+func resize(in []byte, n uint64) (head, tail []byte) {
+	if uint64(cap(in)) >= n {
+		head = in[:n]
+	} else {
+		head = make([]byte, n)
+		copy(head, in)
+	}
+
+	tail = head[len(in):]
+	return
+}
+
+// Apply padding
+func padBuffer(buffer []byte, blockSize int) []byte {
+	missing := blockSize - (len(buffer) % blockSize)
+	ret, out := resize(buffer, uint64(len(buffer))+uint64(missing))
+	padding := bytes.Repeat([]byte{byte(missing)}, missing)
+	copy(out, padding)
+	return ret
+}
+
+// Remove padding
+func unpadBuffer(buffer []byte, blockSize int) ([]byte, error) {
+	if len(buffer)%blockSize != 0 {
+		return nil, errors.New("go-jose/go-jose: invalid padding")
+	}
+
+	last := buffer[len(buffer)-1]
+	count := int(last)
+
+	if count == 0 || count > blockSize || count > len(buffer) {
+		return nil, errors.New("go-jose/go-jose: invalid padding")
+	}
+
+	padding := bytes.Repeat([]byte{last}, count)
+	if !bytes.HasSuffix(buffer, padding) {
+		return nil, errors.New("go-jose/go-jose: invalid padding")
+	}
+
+	return buffer[:len(buffer)-count], nil
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/cipher/concat_kdf.go b/vendor/github.com/go-jose/go-jose/v4/cipher/concat_kdf.go
new file mode 100644
index 0000000000..f62c3bdba5
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/cipher/concat_kdf.go
@@ -0,0 +1,75 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package josecipher
+
+import (
+	"crypto"
+	"encoding/binary"
+	"hash"
+	"io"
+)
+
+type concatKDF struct {
+	z, info []byte
+	i       uint32
+	cache   []byte
+	hasher  hash.Hash
+}
+
+// NewConcatKDF builds a KDF reader based on the given inputs.
+func NewConcatKDF(hash crypto.Hash, z, algID, ptyUInfo, ptyVInfo, supPubInfo, supPrivInfo []byte) io.Reader {
+	buffer := make([]byte, uint64(len(algID))+uint64(len(ptyUInfo))+uint64(len(ptyVInfo))+uint64(len(supPubInfo))+uint64(len(supPrivInfo)))
+	n := 0
+	n += copy(buffer, algID)
+	n += copy(buffer[n:], ptyUInfo)
+	n += copy(buffer[n:], ptyVInfo)
+	n += copy(buffer[n:], supPubInfo)
+	copy(buffer[n:], supPrivInfo)
+
+	hasher := hash.New()
+
+	return &concatKDF{
+		z:      z,
+		info:   buffer,
+		hasher: hasher,
+		cache:  []byte{},
+		i:      1,
+	}
+}
+
+func (ctx *concatKDF) Read(out []byte) (int, error) {
+	copied := copy(out, ctx.cache)
+	ctx.cache = ctx.cache[copied:]
+
+	for copied < len(out) {
+		ctx.hasher.Reset()
+
+		// Write on a hash.Hash never fails
+		_ = binary.Write(ctx.hasher, binary.BigEndian, ctx.i)
+		_, _ = ctx.hasher.Write(ctx.z)
+		_, _ = ctx.hasher.Write(ctx.info)
+
+		hash := ctx.hasher.Sum(nil)
+		chunkCopied := copy(out[copied:], hash)
+		copied += chunkCopied
+		ctx.cache = hash[chunkCopied:]
+
+		ctx.i++
+	}
+
+	return copied, nil
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/cipher/ecdh_es.go b/vendor/github.com/go-jose/go-jose/v4/cipher/ecdh_es.go
new file mode 100644
index 0000000000..093c646740
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/cipher/ecdh_es.go
@@ -0,0 +1,86 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package josecipher
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"encoding/binary"
+)
+
+// DeriveECDHES derives a shared encryption key using ECDH/ConcatKDF as described in JWE/JWA.
+// It is an error to call this function with a private/public key that are not on the same
+// curve. Callers must ensure that the keys are valid before calling this function. Output
+// size may be at most 1<<16 bytes (64 KiB).
+func DeriveECDHES(alg string, apuData, apvData []byte, priv *ecdsa.PrivateKey, pub *ecdsa.PublicKey, size int) []byte {
+	if size > 1<<16 {
+		panic("ECDH-ES output size too large, must be less than or equal to 1<<16")
+	}
+
+	// algId, partyUInfo, partyVInfo inputs must be prefixed with the length
+	algID := lengthPrefixed([]byte(alg))
+	ptyUInfo := lengthPrefixed(apuData)
+	ptyVInfo := lengthPrefixed(apvData)
+
+	// suppPubInfo is the encoded length of the output size in bits
+	supPubInfo := make([]byte, 4)
+	binary.BigEndian.PutUint32(supPubInfo, uint32(size)*8)
+
+	if !priv.PublicKey.Curve.IsOnCurve(pub.X, pub.Y) {
+		panic("public key not on same curve as private key")
+	}
+
+	z, _ := priv.Curve.ScalarMult(pub.X, pub.Y, priv.D.Bytes())
+	zBytes := z.Bytes()
+
+	// Note that calling z.Bytes() on a big.Int may strip leading zero bytes from
+	// the returned byte array. This can lead to a problem where zBytes will be
+	// shorter than expected which breaks the key derivation. Therefore we must pad
+	// to the full length of the expected coordinate here before calling the KDF.
+	octSize := dSize(priv.Curve)
+	if len(zBytes) != octSize {
+		zBytes = append(bytes.Repeat([]byte{0}, octSize-len(zBytes)), zBytes...)
+	}
+
+	reader := NewConcatKDF(crypto.SHA256, zBytes, algID, ptyUInfo, ptyVInfo, supPubInfo, []byte{})
+	key := make([]byte, size)
+
+	// Read on the KDF will never fail
+	_, _ = reader.Read(key)
+
+	return key
+}
+
+// dSize returns the size in octets for a coordinate on a elliptic curve.
+func dSize(curve elliptic.Curve) int {
+	order := curve.Params().P
+	bitLen := order.BitLen()
+	size := bitLen / 8
+	if bitLen%8 != 0 {
+		size++
+	}
+	return size
+}
+
+func lengthPrefixed(data []byte) []byte {
+	out := make([]byte, len(data)+4)
+	binary.BigEndian.PutUint32(out, uint32(len(data)))
+	copy(out[4:], data)
+	return out
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go b/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go
new file mode 100644
index 0000000000..b9effbca8a
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go
@@ -0,0 +1,109 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package josecipher
+
+import (
+	"crypto/cipher"
+	"crypto/subtle"
+	"encoding/binary"
+	"errors"
+)
+
+var defaultIV = []byte{0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6}
+
+// KeyWrap implements NIST key wrapping; it wraps a content encryption key (cek) with the given block cipher.
+func KeyWrap(block cipher.Block, cek []byte) ([]byte, error) {
+	if len(cek)%8 != 0 {
+		return nil, errors.New("go-jose/go-jose: key wrap input must be 8 byte blocks")
+	}
+
+	n := len(cek) / 8
+	r := make([][]byte, n)
+
+	for i := range r {
+		r[i] = make([]byte, 8)
+		copy(r[i], cek[i*8:])
+	}
+
+	buffer := make([]byte, 16)
+	tBytes := make([]byte, 8)
+	copy(buffer, defaultIV)
+
+	for t := 0; t < 6*n; t++ {
+		copy(buffer[8:], r[t%n])
+
+		block.Encrypt(buffer, buffer)
+
+		binary.BigEndian.PutUint64(tBytes, uint64(t+1))
+
+		for i := 0; i < 8; i++ {
+			buffer[i] ^= tBytes[i]
+		}
+		copy(r[t%n], buffer[8:])
+	}
+
+	out := make([]byte, (n+1)*8)
+	copy(out, buffer[:8])
+	for i := range r {
+		copy(out[(i+1)*8:], r[i])
+	}
+
+	return out, nil
+}
+
+// KeyUnwrap implements NIST key unwrapping; it unwraps a content encryption key (cek) with the given block cipher.
+func KeyUnwrap(block cipher.Block, ciphertext []byte) ([]byte, error) {
+	if len(ciphertext)%8 != 0 {
+		return nil, errors.New("go-jose/go-jose: key wrap input must be 8 byte blocks")
+	}
+
+	n := (len(ciphertext) / 8) - 1
+	r := make([][]byte, n)
+
+	for i := range r {
+		r[i] = make([]byte, 8)
+		copy(r[i], ciphertext[(i+1)*8:])
+	}
+
+	buffer := make([]byte, 16)
+	tBytes := make([]byte, 8)
+	copy(buffer[:8], ciphertext[:8])
+
+	for t := 6*n - 1; t >= 0; t-- {
+		binary.BigEndian.PutUint64(tBytes, uint64(t+1))
+
+		for i := 0; i < 8; i++ {
+			buffer[i] ^= tBytes[i]
+		}
+		copy(buffer[8:], r[t%n])
+
+		block.Decrypt(buffer, buffer)
+
+		copy(r[t%n], buffer[8:])
+	}
+
+	if subtle.ConstantTimeCompare(buffer[:8], defaultIV) == 0 {
+		return nil, errors.New("go-jose/go-jose: failed to unwrap key")
+	}
+
+	out := make([]byte, n*8)
+	for i := range r {
+		copy(out[i*8:], r[i])
+	}
+
+	return out, nil
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/crypter.go b/vendor/github.com/go-jose/go-jose/v4/crypter.go
new file mode 100644
index 0000000000..d81b03b447
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/crypter.go
@@ -0,0 +1,599 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"crypto/ecdsa"
+	"crypto/rsa"
+	"errors"
+	"fmt"
+
+	"github.com/go-jose/go-jose/v4/json"
+)
+
+// Encrypter represents an encrypter which produces an encrypted JWE object.
+type Encrypter interface {
+	Encrypt(plaintext []byte) (*JSONWebEncryption, error)
+	EncryptWithAuthData(plaintext []byte, aad []byte) (*JSONWebEncryption, error)
+	Options() EncrypterOptions
+}
+
+// A generic content cipher
+type contentCipher interface {
+	keySize() int
+	encrypt(cek []byte, aad, plaintext []byte) (*aeadParts, error)
+	decrypt(cek []byte, aad []byte, parts *aeadParts) ([]byte, error)
+}
+
+// A key generator (for generating/getting a CEK)
+type keyGenerator interface {
+	keySize() int
+	genKey() ([]byte, rawHeader, error)
+}
+
+// A generic key encrypter
+type keyEncrypter interface {
+	encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) // Encrypt a key
+}
+
+// A generic key decrypter
+type keyDecrypter interface {
+	decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) // Decrypt a key
+}
+
+// A generic encrypter based on the given key encrypter and content cipher.
+type genericEncrypter struct {
+	contentAlg     ContentEncryption
+	compressionAlg CompressionAlgorithm
+	cipher         contentCipher
+	recipients     []recipientKeyInfo
+	keyGenerator   keyGenerator
+	extraHeaders   map[HeaderKey]interface{}
+}
+
+type recipientKeyInfo struct {
+	keyID        string
+	keyAlg       KeyAlgorithm
+	keyEncrypter keyEncrypter
+}
+
+// EncrypterOptions represents options that can be set on new encrypters.
+type EncrypterOptions struct {
+	Compression CompressionAlgorithm
+
+	// Optional map of name/value pairs to be inserted into the protected
+	// header of a JWS object. Some specifications which make use of
+	// JWS require additional values here.
+	//
+	// Values will be serialized by [json.Marshal] and must be valid inputs to
+	// that function.
+	//
+	// [json.Marshal]: https://pkg.go.dev/encoding/json#Marshal
+	ExtraHeaders map[HeaderKey]interface{}
+}
+
+// WithHeader adds an arbitrary value to the ExtraHeaders map, initializing it
+// if necessary, and returns the updated EncrypterOptions.
+//
+// The v parameter will be serialized by [json.Marshal] and must be a valid
+// input to that function.
+//
+// [json.Marshal]: https://pkg.go.dev/encoding/json#Marshal
+func (eo *EncrypterOptions) WithHeader(k HeaderKey, v interface{}) *EncrypterOptions {
+	if eo.ExtraHeaders == nil {
+		eo.ExtraHeaders = map[HeaderKey]interface{}{}
+	}
+	eo.ExtraHeaders[k] = v
+	return eo
+}
+
+// WithContentType adds a content type ("cty") header and returns the updated
+// EncrypterOptions.
+func (eo *EncrypterOptions) WithContentType(contentType ContentType) *EncrypterOptions {
+	return eo.WithHeader(HeaderContentType, contentType)
+}
+
+// WithType adds a type ("typ") header and returns the updated EncrypterOptions.
+func (eo *EncrypterOptions) WithType(typ ContentType) *EncrypterOptions {
+	return eo.WithHeader(HeaderType, typ)
+}
+
+// Recipient represents an algorithm/key to encrypt messages to.
+//
+// PBES2Count and PBES2Salt correspond with the  "p2c" and "p2s" headers used
+// on the password-based encryption algorithms PBES2-HS256+A128KW,
+// PBES2-HS384+A192KW, and PBES2-HS512+A256KW. If they are not provided a safe
+// default of 100000 will be used for the count and a 128-bit random salt will
+// be generated.
+type Recipient struct {
+	Algorithm KeyAlgorithm
+	// Key must have one of these types:
+	//  - ed25519.PublicKey
+	//  - *ecdsa.PublicKey
+	//  - *rsa.PublicKey
+	//  - *JSONWebKey
+	//  - JSONWebKey
+	//  - []byte (a symmetric key)
+	//  - Any type that satisfies the OpaqueKeyEncrypter interface
+	//
+	// The type of Key must match the value of Algorithm.
+	Key        interface{}
+	KeyID      string
+	PBES2Count int
+	PBES2Salt  []byte
+}
+
+// NewEncrypter creates an appropriate encrypter based on the key type
+func NewEncrypter(enc ContentEncryption, rcpt Recipient, opts *EncrypterOptions) (Encrypter, error) {
+	encrypter := &genericEncrypter{
+		contentAlg: enc,
+		recipients: []recipientKeyInfo{},
+		cipher:     getContentCipher(enc),
+	}
+	if opts != nil {
+		encrypter.compressionAlg = opts.Compression
+		encrypter.extraHeaders = opts.ExtraHeaders
+	}
+
+	if encrypter.cipher == nil {
+		return nil, ErrUnsupportedAlgorithm
+	}
+
+	var keyID string
+	var rawKey interface{}
+	switch encryptionKey := rcpt.Key.(type) {
+	case JSONWebKey:
+		keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key
+	case *JSONWebKey:
+		keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key
+	case OpaqueKeyEncrypter:
+		keyID, rawKey = encryptionKey.KeyID(), encryptionKey
+	default:
+		rawKey = encryptionKey
+	}
+
+	switch rcpt.Algorithm {
+	case DIRECT:
+		// Direct encryption mode must be treated differently
+		keyBytes, ok := rawKey.([]byte)
+		if !ok {
+			return nil, ErrUnsupportedKeyType
+		}
+		if encrypter.cipher.keySize() != len(keyBytes) {
+			return nil, ErrInvalidKeySize
+		}
+		encrypter.keyGenerator = staticKeyGenerator{
+			key: keyBytes,
+		}
+		recipientInfo, _ := newSymmetricRecipient(rcpt.Algorithm, keyBytes)
+		recipientInfo.keyID = keyID
+		if rcpt.KeyID != "" {
+			recipientInfo.keyID = rcpt.KeyID
+		}
+		encrypter.recipients = []recipientKeyInfo{recipientInfo}
+		return encrypter, nil
+	case ECDH_ES:
+		// ECDH-ES (w/o key wrapping) is similar to DIRECT mode
+		keyDSA, ok := rawKey.(*ecdsa.PublicKey)
+		if !ok {
+			return nil, ErrUnsupportedKeyType
+		}
+		encrypter.keyGenerator = ecKeyGenerator{
+			size:      encrypter.cipher.keySize(),
+			algID:     string(enc),
+			publicKey: keyDSA,
+		}
+		recipientInfo, _ := newECDHRecipient(rcpt.Algorithm, keyDSA)
+		recipientInfo.keyID = keyID
+		if rcpt.KeyID != "" {
+			recipientInfo.keyID = rcpt.KeyID
+		}
+		encrypter.recipients = []recipientKeyInfo{recipientInfo}
+		return encrypter, nil
+	default:
+		// Can just add a standard recipient
+		encrypter.keyGenerator = randomKeyGenerator{
+			size: encrypter.cipher.keySize(),
+		}
+		err := encrypter.addRecipient(rcpt)
+		return encrypter, err
+	}
+}
+
+// NewMultiEncrypter creates a multi-encrypter based on the given parameters
+func NewMultiEncrypter(enc ContentEncryption, rcpts []Recipient, opts *EncrypterOptions) (Encrypter, error) {
+	cipher := getContentCipher(enc)
+
+	if cipher == nil {
+		return nil, ErrUnsupportedAlgorithm
+	}
+	if len(rcpts) == 0 {
+		return nil, fmt.Errorf("go-jose/go-jose: recipients is nil or empty")
+	}
+
+	encrypter := &genericEncrypter{
+		contentAlg: enc,
+		recipients: []recipientKeyInfo{},
+		cipher:     cipher,
+		keyGenerator: randomKeyGenerator{
+			size: cipher.keySize(),
+		},
+	}
+
+	if opts != nil {
+		encrypter.compressionAlg = opts.Compression
+		encrypter.extraHeaders = opts.ExtraHeaders
+	}
+
+	for _, recipient := range rcpts {
+		err := encrypter.addRecipient(recipient)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return encrypter, nil
+}
+
+func (ctx *genericEncrypter) addRecipient(recipient Recipient) (err error) {
+	var recipientInfo recipientKeyInfo
+
+	switch recipient.Algorithm {
+	case DIRECT, ECDH_ES:
+		return fmt.Errorf("go-jose/go-jose: key algorithm '%s' not supported in multi-recipient mode", recipient.Algorithm)
+	}
+
+	recipientInfo, err = makeJWERecipient(recipient.Algorithm, recipient.Key)
+	if recipient.KeyID != "" {
+		recipientInfo.keyID = recipient.KeyID
+	}
+
+	switch recipient.Algorithm {
+	case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW:
+		if sr, ok := recipientInfo.keyEncrypter.(*symmetricKeyCipher); ok {
+			sr.p2c = recipient.PBES2Count
+			sr.p2s = recipient.PBES2Salt
+		}
+	}
+
+	if err == nil {
+		ctx.recipients = append(ctx.recipients, recipientInfo)
+	}
+	return err
+}
+
+func makeJWERecipient(alg KeyAlgorithm, encryptionKey interface{}) (recipientKeyInfo, error) {
+	switch encryptionKey := encryptionKey.(type) {
+	case *rsa.PublicKey:
+		return newRSARecipient(alg, encryptionKey)
+	case *ecdsa.PublicKey:
+		return newECDHRecipient(alg, encryptionKey)
+	case []byte:
+		return newSymmetricRecipient(alg, encryptionKey)
+	case string:
+		return newSymmetricRecipient(alg, []byte(encryptionKey))
+	case *JSONWebKey:
+		recipient, err := makeJWERecipient(alg, encryptionKey.Key)
+		recipient.keyID = encryptionKey.KeyID
+		return recipient, err
+	case OpaqueKeyEncrypter:
+		return newOpaqueKeyEncrypter(alg, encryptionKey)
+	}
+	return recipientKeyInfo{}, ErrUnsupportedKeyType
+}
+
+// newDecrypter creates an appropriate decrypter based on the key type
+func newDecrypter(decryptionKey interface{}) (keyDecrypter, error) {
+	switch decryptionKey := decryptionKey.(type) {
+	case *rsa.PrivateKey:
+		return &rsaDecrypterSigner{
+			privateKey: decryptionKey,
+		}, nil
+	case *ecdsa.PrivateKey:
+		return &ecDecrypterSigner{
+			privateKey: decryptionKey,
+		}, nil
+	case []byte:
+		return &symmetricKeyCipher{
+			key: decryptionKey,
+		}, nil
+	case string:
+		return &symmetricKeyCipher{
+			key: []byte(decryptionKey),
+		}, nil
+	case JSONWebKey:
+		return newDecrypter(decryptionKey.Key)
+	case *JSONWebKey:
+		return newDecrypter(decryptionKey.Key)
+	case OpaqueKeyDecrypter:
+		return &opaqueKeyDecrypter{decrypter: decryptionKey}, nil
+	default:
+		return nil, ErrUnsupportedKeyType
+	}
+}
+
+// Implementation of encrypt method producing a JWE object.
+func (ctx *genericEncrypter) Encrypt(plaintext []byte) (*JSONWebEncryption, error) {
+	return ctx.EncryptWithAuthData(plaintext, nil)
+}
+
+// Implementation of encrypt method producing a JWE object.
+func (ctx *genericEncrypter) EncryptWithAuthData(plaintext, aad []byte) (*JSONWebEncryption, error) {
+	obj := &JSONWebEncryption{}
+	obj.aad = aad
+
+	obj.protected = &rawHeader{}
+	err := obj.protected.set(headerEncryption, ctx.contentAlg)
+	if err != nil {
+		return nil, err
+	}
+
+	obj.recipients = make([]recipientInfo, len(ctx.recipients))
+
+	if len(ctx.recipients) == 0 {
+		return nil, fmt.Errorf("go-jose/go-jose: no recipients to encrypt to")
+	}
+
+	cek, headers, err := ctx.keyGenerator.genKey()
+	if err != nil {
+		return nil, err
+	}
+
+	obj.protected.merge(&headers)
+
+	for i, info := range ctx.recipients {
+		recipient, err := info.keyEncrypter.encryptKey(cek, info.keyAlg)
+		if err != nil {
+			return nil, err
+		}
+
+		err = recipient.header.set(headerAlgorithm, info.keyAlg)
+		if err != nil {
+			return nil, err
+		}
+
+		if info.keyID != "" {
+			err = recipient.header.set(headerKeyID, info.keyID)
+			if err != nil {
+				return nil, err
+			}
+		}
+		obj.recipients[i] = recipient
+	}
+
+	if len(ctx.recipients) == 1 {
+		// Move per-recipient headers into main protected header if there's
+		// only a single recipient.
+		obj.protected.merge(obj.recipients[0].header)
+		obj.recipients[0].header = nil
+	}
+
+	if ctx.compressionAlg != NONE {
+		plaintext, err = compress(ctx.compressionAlg, plaintext)
+		if err != nil {
+			return nil, err
+		}
+
+		err = obj.protected.set(headerCompression, ctx.compressionAlg)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	for k, v := range ctx.extraHeaders {
+		b, err := json.Marshal(v)
+		if err != nil {
+			return nil, err
+		}
+		(*obj.protected)[k] = makeRawMessage(b)
+	}
+
+	authData := obj.computeAuthData()
+	parts, err := ctx.cipher.encrypt(cek, authData, plaintext)
+	if err != nil {
+		return nil, err
+	}
+
+	obj.iv = parts.iv
+	obj.ciphertext = parts.ciphertext
+	obj.tag = parts.tag
+
+	return obj, nil
+}
+
+func (ctx *genericEncrypter) Options() EncrypterOptions {
+	return EncrypterOptions{
+		Compression:  ctx.compressionAlg,
+		ExtraHeaders: ctx.extraHeaders,
+	}
+}
+
+// Decrypt and validate the object and return the plaintext. This
+// function does not support multi-recipient. If you desire multi-recipient
+// decryption use DecryptMulti instead.
+//
+// The decryptionKey argument must contain a private or symmetric key
+// and must have one of these types:
+//   - *ecdsa.PrivateKey
+//   - *rsa.PrivateKey
+//   - *JSONWebKey
+//   - JSONWebKey
+//   - *JSONWebKeySet
+//   - JSONWebKeySet
+//   - []byte (a symmetric key)
+//   - string (a symmetric key)
+//   - Any type that satisfies the OpaqueKeyDecrypter interface.
+//
+// Note that ed25519 is only available for signatures, not encryption, so is
+// not an option here.
+//
+// Automatically decompresses plaintext, but returns an error if the decompressed
+// data would be >250kB or >10x the size of the compressed data, whichever is larger.
+func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error) {
+	headers := obj.mergedHeaders(nil)
+
+	if len(obj.recipients) > 1 {
+		return nil, errors.New("go-jose/go-jose: too many recipients in payload; expecting only one")
+	}
+
+	critical, err := headers.getCritical()
+	if err != nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid crit header")
+	}
+
+	if len(critical) > 0 {
+		return nil, fmt.Errorf("go-jose/go-jose: unsupported crit header")
+	}
+
+	key, err := tryJWKS(decryptionKey, obj.Header)
+	if err != nil {
+		return nil, err
+	}
+	decrypter, err := newDecrypter(key)
+	if err != nil {
+		return nil, err
+	}
+
+	cipher := getContentCipher(headers.getEncryption())
+	if cipher == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: unsupported enc value '%s'", string(headers.getEncryption()))
+	}
+
+	generator := randomKeyGenerator{
+		size: cipher.keySize(),
+	}
+
+	parts := &aeadParts{
+		iv:         obj.iv,
+		ciphertext: obj.ciphertext,
+		tag:        obj.tag,
+	}
+
+	authData := obj.computeAuthData()
+
+	var plaintext []byte
+	recipient := obj.recipients[0]
+	recipientHeaders := obj.mergedHeaders(&recipient)
+
+	cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator)
+	if err == nil {
+		// Found a valid CEK -- let's try to decrypt.
+		plaintext, err = cipher.decrypt(cek, authData, parts)
+	}
+
+	if plaintext == nil {
+		return nil, ErrCryptoFailure
+	}
+
+	// The "zip" header parameter may only be present in the protected header.
+	if comp := obj.protected.getCompression(); comp != "" {
+		plaintext, err = decompress(comp, plaintext)
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: failed to decompress plaintext: %v", err)
+		}
+	}
+
+	return plaintext, nil
+}
+
+// DecryptMulti decrypts and validates the object and returns the plaintexts,
+// with support for multiple recipients. It returns the index of the recipient
+// for which the decryption was successful, the merged headers for that recipient,
+// and the plaintext.
+//
+// The decryptionKey argument must have one of the types allowed for the
+// decryptionKey argument of Decrypt().
+//
+// Automatically decompresses plaintext, but returns an error if the decompressed
+// data would be >250kB or >3x the size of the compressed data, whichever is larger.
+func (obj JSONWebEncryption) DecryptMulti(decryptionKey interface{}) (int, Header, []byte, error) {
+	globalHeaders := obj.mergedHeaders(nil)
+
+	critical, err := globalHeaders.getCritical()
+	if err != nil {
+		return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: invalid crit header")
+	}
+
+	if len(critical) > 0 {
+		return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: unsupported crit header")
+	}
+
+	key, err := tryJWKS(decryptionKey, obj.Header)
+	if err != nil {
+		return -1, Header{}, nil, err
+	}
+	decrypter, err := newDecrypter(key)
+	if err != nil {
+		return -1, Header{}, nil, err
+	}
+
+	encryption := globalHeaders.getEncryption()
+	cipher := getContentCipher(encryption)
+	if cipher == nil {
+		return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: unsupported enc value '%s'", string(encryption))
+	}
+
+	generator := randomKeyGenerator{
+		size: cipher.keySize(),
+	}
+
+	parts := &aeadParts{
+		iv:         obj.iv,
+		ciphertext: obj.ciphertext,
+		tag:        obj.tag,
+	}
+
+	authData := obj.computeAuthData()
+
+	index := -1
+	var plaintext []byte
+	var headers rawHeader
+
+	for i, recipient := range obj.recipients {
+		recipientHeaders := obj.mergedHeaders(&recipient)
+
+		cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator)
+		if err == nil {
+			// Found a valid CEK -- let's try to decrypt.
+			plaintext, err = cipher.decrypt(cek, authData, parts)
+			if err == nil {
+				index = i
+				headers = recipientHeaders
+				break
+			}
+		}
+	}
+
+	if plaintext == nil {
+		return -1, Header{}, nil, ErrCryptoFailure
+	}
+
+	// The "zip" header parameter may only be present in the protected header.
+	if comp := obj.protected.getCompression(); comp != "" {
+		plaintext, err = decompress(comp, plaintext)
+		if err != nil {
+			return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: failed to decompress plaintext: %v", err)
+		}
+	}
+
+	sanitized, err := headers.sanitized()
+	if err != nil {
+		return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: failed to sanitize header: %v", err)
+	}
+
+	return index, sanitized, plaintext, err
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/doc.go b/vendor/github.com/go-jose/go-jose/v4/doc.go
new file mode 100644
index 0000000000..0ad40ca085
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/doc.go
@@ -0,0 +1,25 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+Package jose aims to provide an implementation of the Javascript Object Signing
+and Encryption set of standards. It implements encryption and signing based on
+the JSON Web Encryption and JSON Web Signature standards, with optional JSON Web
+Token support available in a sub-package. The library supports both the compact
+and JWS/JWE JSON Serialization formats, and has optional support for multiple
+recipients.
+*/
+package jose
diff --git a/vendor/github.com/go-jose/go-jose/v4/encoding.go b/vendor/github.com/go-jose/go-jose/v4/encoding.go
new file mode 100644
index 0000000000..4f6e0d4a5c
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/encoding.go
@@ -0,0 +1,228 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"bytes"
+	"compress/flate"
+	"encoding/base64"
+	"encoding/binary"
+	"fmt"
+	"io"
+	"math/big"
+	"strings"
+	"unicode"
+
+	"github.com/go-jose/go-jose/v4/json"
+)
+
+// Helper function to serialize known-good objects.
+// Precondition: value is not a nil pointer.
+func mustSerializeJSON(value interface{}) []byte {
+	out, err := json.Marshal(value)
+	if err != nil {
+		panic(err)
+	}
+	// We never want to serialize the top-level value "null," since it's not a
+	// valid JOSE message. But if a caller passes in a nil pointer to this method,
+	// MarshalJSON will happily serialize it as the top-level value "null". If
+	// that value is then embedded in another operation, for instance by being
+	// base64-encoded and fed as input to a signing algorithm
+	// (https://github.com/go-jose/go-jose/issues/22), the result will be
+	// incorrect. Because this method is intended for known-good objects, and a nil
+	// pointer is not a known-good object, we are free to panic in this case.
+	// Note: It's not possible to directly check whether the data pointed at by an
+	// interface is a nil pointer, so we do this hacky workaround.
+	// https://groups.google.com/forum/#!topic/golang-nuts/wnH302gBa4I
+	if string(out) == "null" {
+		panic("Tried to serialize a nil pointer.")
+	}
+	return out
+}
+
+// Strip all newlines and whitespace
+func stripWhitespace(data string) string {
+	buf := strings.Builder{}
+	buf.Grow(len(data))
+	for _, r := range data {
+		if !unicode.IsSpace(r) {
+			buf.WriteRune(r)
+		}
+	}
+	return buf.String()
+}
+
+// Perform compression based on algorithm
+func compress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) {
+	switch algorithm {
+	case DEFLATE:
+		return deflate(input)
+	default:
+		return nil, ErrUnsupportedAlgorithm
+	}
+}
+
+// Perform decompression based on algorithm
+func decompress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) {
+	switch algorithm {
+	case DEFLATE:
+		return inflate(input)
+	default:
+		return nil, ErrUnsupportedAlgorithm
+	}
+}
+
+// deflate compresses the input.
+func deflate(input []byte) ([]byte, error) {
+	output := new(bytes.Buffer)
+
+	// Writing to byte buffer, err is always nil
+	writer, _ := flate.NewWriter(output, 1)
+	_, _ = io.Copy(writer, bytes.NewBuffer(input))
+
+	err := writer.Close()
+	return output.Bytes(), err
+}
+
+// inflate decompresses the input.
+//
+// Errors if the decompressed data would be >250kB or >10x the size of the
+// compressed data, whichever is larger.
+func inflate(input []byte) ([]byte, error) {
+	output := new(bytes.Buffer)
+	reader := flate.NewReader(bytes.NewBuffer(input))
+
+	maxCompressedSize := max(250_000, 10*int64(len(input)))
+
+	limit := maxCompressedSize + 1
+	n, err := io.CopyN(output, reader, limit)
+	if err != nil && err != io.EOF {
+		return nil, err
+	}
+	if n == limit {
+		return nil, fmt.Errorf("uncompressed data would be too large (>%d bytes)", maxCompressedSize)
+	}
+
+	err = reader.Close()
+	return output.Bytes(), err
+}
+
+// byteBuffer represents a slice of bytes that can be serialized to url-safe base64.
+type byteBuffer struct {
+	data []byte
+}
+
+func newBuffer(data []byte) *byteBuffer {
+	if data == nil {
+		return nil
+	}
+	return &byteBuffer{
+		data: data,
+	}
+}
+
+func newFixedSizeBuffer(data []byte, length int) *byteBuffer {
+	if len(data) > length {
+		panic("go-jose/go-jose: invalid call to newFixedSizeBuffer (len(data) > length)")
+	}
+	pad := make([]byte, length-len(data))
+	return newBuffer(append(pad, data...))
+}
+
+func newBufferFromInt(num uint64) *byteBuffer {
+	data := make([]byte, 8)
+	binary.BigEndian.PutUint64(data, num)
+	return newBuffer(bytes.TrimLeft(data, "\x00"))
+}
+
+func (b *byteBuffer) MarshalJSON() ([]byte, error) {
+	return json.Marshal(b.base64())
+}
+
+func (b *byteBuffer) UnmarshalJSON(data []byte) error {
+	var encoded string
+	err := json.Unmarshal(data, &encoded)
+	if err != nil {
+		return err
+	}
+
+	if encoded == "" {
+		return nil
+	}
+
+	decoded, err := base64.RawURLEncoding.DecodeString(encoded)
+	if err != nil {
+		return err
+	}
+
+	*b = *newBuffer(decoded)
+
+	return nil
+}
+
+func (b *byteBuffer) base64() string {
+	return base64.RawURLEncoding.EncodeToString(b.data)
+}
+
+func (b *byteBuffer) bytes() []byte {
+	// Handling nil here allows us to transparently handle nil slices when serializing.
+	if b == nil {
+		return nil
+	}
+	return b.data
+}
+
+func (b byteBuffer) bigInt() *big.Int {
+	return new(big.Int).SetBytes(b.data)
+}
+
+func (b byteBuffer) toInt() int {
+	return int(b.bigInt().Int64())
+}
+
+func base64EncodeLen(sl []byte) int {
+	return base64.RawURLEncoding.EncodedLen(len(sl))
+}
+
+func base64JoinWithDots(inputs ...[]byte) string {
+	if len(inputs) == 0 {
+		return ""
+	}
+
+	// Count of dots.
+	totalCount := len(inputs) - 1
+
+	for _, input := range inputs {
+		totalCount += base64EncodeLen(input)
+	}
+
+	out := make([]byte, totalCount)
+	startEncode := 0
+	for i, input := range inputs {
+		base64.RawURLEncoding.Encode(out[startEncode:], input)
+
+		if i == len(inputs)-1 {
+			continue
+		}
+
+		startEncode += base64EncodeLen(input)
+		out[startEncode] = '.'
+		startEncode++
+	}
+
+	return string(out)
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/json/LICENSE b/vendor/github.com/go-jose/go-jose/v4/json/LICENSE
new file mode 100644
index 0000000000..7448756763
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/json/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2012 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/go-jose/go-jose/v4/json/README.md b/vendor/github.com/go-jose/go-jose/v4/json/README.md
new file mode 100644
index 0000000000..86de5e5581
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/json/README.md
@@ -0,0 +1,13 @@
+# Safe JSON
+
+This repository contains a fork of the `encoding/json` package from Go 1.6.
+
+The following changes were made:
+
+* Object deserialization uses case-sensitive member name matching instead of
+  [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html).
+  This is to avoid differences in the interpretation of JOSE messages between
+  go-jose and libraries written in other languages.
+* When deserializing a JSON object, we check for duplicate keys and reject the
+  input whenever we detect a duplicate. Rather than trying to work with malformed
+  data, we prefer to reject it right away.
diff --git a/vendor/github.com/go-jose/go-jose/v4/json/decode.go b/vendor/github.com/go-jose/go-jose/v4/json/decode.go
new file mode 100644
index 0000000000..50634dd847
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/json/decode.go
@@ -0,0 +1,1216 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Represents JSON data structure using native Go types: booleans, floats,
+// strings, arrays, and maps.
+
+package json
+
+import (
+	"bytes"
+	"encoding"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"math"
+	"reflect"
+	"runtime"
+	"strconv"
+	"unicode"
+	"unicode/utf16"
+	"unicode/utf8"
+)
+
+// Unmarshal parses the JSON-encoded data and stores the result
+// in the value pointed to by v.
+//
+// Unmarshal uses the inverse of the encodings that
+// Marshal uses, allocating maps, slices, and pointers as necessary,
+// with the following additional rules:
+//
+// To unmarshal JSON into a pointer, Unmarshal first handles the case of
+// the JSON being the JSON literal null.  In that case, Unmarshal sets
+// the pointer to nil.  Otherwise, Unmarshal unmarshals the JSON into
+// the value pointed at by the pointer.  If the pointer is nil, Unmarshal
+// allocates a new value for it to point to.
+//
+// To unmarshal JSON into a struct, Unmarshal matches incoming object
+// keys to the keys used by Marshal (either the struct field name or its tag),
+// preferring an exact match but also accepting a case-insensitive match.
+// Unmarshal will only set exported fields of the struct.
+//
+// To unmarshal JSON into an interface value,
+// Unmarshal stores one of these in the interface value:
+//
+//	bool, for JSON booleans
+//	float64, for JSON numbers
+//	string, for JSON strings
+//	[]interface{}, for JSON arrays
+//	map[string]interface{}, for JSON objects
+//	nil for JSON null
+//
+// To unmarshal a JSON array into a slice, Unmarshal resets the slice length
+// to zero and then appends each element to the slice.
+// As a special case, to unmarshal an empty JSON array into a slice,
+// Unmarshal replaces the slice with a new empty slice.
+//
+// To unmarshal a JSON array into a Go array, Unmarshal decodes
+// JSON array elements into corresponding Go array elements.
+// If the Go array is smaller than the JSON array,
+// the additional JSON array elements are discarded.
+// If the JSON array is smaller than the Go array,
+// the additional Go array elements are set to zero values.
+//
+// To unmarshal a JSON object into a string-keyed map, Unmarshal first
+// establishes a map to use, If the map is nil, Unmarshal allocates a new map.
+// Otherwise Unmarshal reuses the existing map, keeping existing entries.
+// Unmarshal then stores key-value pairs from the JSON object into the map.
+//
+// If a JSON value is not appropriate for a given target type,
+// or if a JSON number overflows the target type, Unmarshal
+// skips that field and completes the unmarshaling as best it can.
+// If no more serious errors are encountered, Unmarshal returns
+// an UnmarshalTypeError describing the earliest such error.
+//
+// The JSON null value unmarshals into an interface, map, pointer, or slice
+// by setting that Go value to nil. Because null is often used in JSON to mean
+// “not present,” unmarshaling a JSON null into any other Go type has no effect
+// on the value and produces no error.
+//
+// When unmarshaling quoted strings, invalid UTF-8 or
+// invalid UTF-16 surrogate pairs are not treated as an error.
+// Instead, they are replaced by the Unicode replacement
+// character U+FFFD.
+func Unmarshal(data []byte, v interface{}) error {
+	// Check for well-formedness.
+	// Avoids filling out half a data structure
+	// before discovering a JSON syntax error.
+	var d decodeState
+	err := checkValid(data, &d.scan)
+	if err != nil {
+		return err
+	}
+
+	d.init(data)
+	return d.unmarshal(v)
+}
+
+// Unmarshaler is the interface implemented by objects
+// that can unmarshal a JSON description of themselves.
+// The input can be assumed to be a valid encoding of
+// a JSON value. UnmarshalJSON must copy the JSON data
+// if it wishes to retain the data after returning.
+type Unmarshaler interface {
+	UnmarshalJSON([]byte) error
+}
+
+// An UnmarshalTypeError describes a JSON value that was
+// not appropriate for a value of a specific Go type.
+type UnmarshalTypeError struct {
+	Value  string       // description of JSON value - "bool", "array", "number -5"
+	Type   reflect.Type // type of Go value it could not be assigned to
+	Offset int64        // error occurred after reading Offset bytes
+}
+
+func (e *UnmarshalTypeError) Error() string {
+	return "json: cannot unmarshal " + e.Value + " into Go value of type " + e.Type.String()
+}
+
+// An UnmarshalFieldError describes a JSON object key that
+// led to an unexported (and therefore unwritable) struct field.
+// (No longer used; kept for compatibility.)
+type UnmarshalFieldError struct {
+	Key   string
+	Type  reflect.Type
+	Field reflect.StructField
+}
+
+func (e *UnmarshalFieldError) Error() string {
+	return "json: cannot unmarshal object key " + strconv.Quote(e.Key) + " into unexported field " + e.Field.Name + " of type " + e.Type.String()
+}
+
+// An InvalidUnmarshalError describes an invalid argument passed to Unmarshal.
+// (The argument to Unmarshal must be a non-nil pointer.)
+type InvalidUnmarshalError struct {
+	Type reflect.Type
+}
+
+func (e *InvalidUnmarshalError) Error() string {
+	if e.Type == nil {
+		return "json: Unmarshal(nil)"
+	}
+
+	if e.Type.Kind() != reflect.Ptr {
+		return "json: Unmarshal(non-pointer " + e.Type.String() + ")"
+	}
+	return "json: Unmarshal(nil " + e.Type.String() + ")"
+}
+
+func (d *decodeState) unmarshal(v interface{}) (err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			if _, ok := r.(runtime.Error); ok {
+				panic(r)
+			}
+			err = r.(error)
+		}
+	}()
+
+	rv := reflect.ValueOf(v)
+	if rv.Kind() != reflect.Ptr || rv.IsNil() {
+		return &InvalidUnmarshalError{reflect.TypeOf(v)}
+	}
+
+	d.scan.reset()
+	// We decode rv not rv.Elem because the Unmarshaler interface
+	// test must be applied at the top level of the value.
+	d.value(rv)
+	return d.savedError
+}
+
+// A Number represents a JSON number literal.
+type Number string
+
+// String returns the literal text of the number.
+func (n Number) String() string { return string(n) }
+
+// Float64 returns the number as a float64.
+func (n Number) Float64() (float64, error) {
+	return strconv.ParseFloat(string(n), 64)
+}
+
+// Int64 returns the number as an int64.
+func (n Number) Int64() (int64, error) {
+	return strconv.ParseInt(string(n), 10, 64)
+}
+
+// isValidNumber reports whether s is a valid JSON number literal.
+func isValidNumber(s string) bool {
+	// This function implements the JSON numbers grammar.
+	// See https://tools.ietf.org/html/rfc7159#section-6
+	// and http://json.org/number.gif
+
+	if s == "" {
+		return false
+	}
+
+	// Optional -
+	if s[0] == '-' {
+		s = s[1:]
+		if s == "" {
+			return false
+		}
+	}
+
+	// Digits
+	switch {
+	default:
+		return false
+
+	case s[0] == '0':
+		s = s[1:]
+
+	case '1' <= s[0] && s[0] <= '9':
+		s = s[1:]
+		for len(s) > 0 && '0' <= s[0] && s[0] <= '9' {
+			s = s[1:]
+		}
+	}
+
+	// . followed by 1 or more digits.
+	if len(s) >= 2 && s[0] == '.' && '0' <= s[1] && s[1] <= '9' {
+		s = s[2:]
+		for len(s) > 0 && '0' <= s[0] && s[0] <= '9' {
+			s = s[1:]
+		}
+	}
+
+	// e or E followed by an optional - or + and
+	// 1 or more digits.
+	if len(s) >= 2 && (s[0] == 'e' || s[0] == 'E') {
+		s = s[1:]
+		if s[0] == '+' || s[0] == '-' {
+			s = s[1:]
+			if s == "" {
+				return false
+			}
+		}
+		for len(s) > 0 && '0' <= s[0] && s[0] <= '9' {
+			s = s[1:]
+		}
+	}
+
+	// Make sure we are at the end.
+	return s == ""
+}
+
+type NumberUnmarshalType int
+
+const (
+	// unmarshal a JSON number into an interface{} as a float64
+	UnmarshalFloat NumberUnmarshalType = iota
+	// unmarshal a JSON number into an interface{} as a `json.Number`
+	UnmarshalJSONNumber
+	// unmarshal a JSON number into an interface{} as a int64
+	// if value is an integer otherwise float64
+	UnmarshalIntOrFloat
+)
+
+// decodeState represents the state while decoding a JSON value.
+type decodeState struct {
+	data       []byte
+	off        int // read offset in data
+	scan       scanner
+	nextscan   scanner // for calls to nextValue
+	savedError error
+	numberType NumberUnmarshalType
+}
+
+// errPhase is used for errors that should not happen unless
+// there is a bug in the JSON decoder or something is editing
+// the data slice while the decoder executes.
+var errPhase = errors.New("JSON decoder out of sync - data changing underfoot?")
+
+func (d *decodeState) init(data []byte) *decodeState {
+	d.data = data
+	d.off = 0
+	d.savedError = nil
+	return d
+}
+
+// error aborts the decoding by panicking with err.
+func (d *decodeState) error(err error) {
+	panic(err)
+}
+
+// saveError saves the first err it is called with,
+// for reporting at the end of the unmarshal.
+func (d *decodeState) saveError(err error) {
+	if d.savedError == nil {
+		d.savedError = err
+	}
+}
+
+// next cuts off and returns the next full JSON value in d.data[d.off:].
+// The next value is known to be an object or array, not a literal.
+func (d *decodeState) next() []byte {
+	c := d.data[d.off]
+	item, rest, err := nextValue(d.data[d.off:], &d.nextscan)
+	if err != nil {
+		d.error(err)
+	}
+	d.off = len(d.data) - len(rest)
+
+	// Our scanner has seen the opening brace/bracket
+	// and thinks we're still in the middle of the object.
+	// invent a closing brace/bracket to get it out.
+	if c == '{' {
+		d.scan.step(&d.scan, '}')
+	} else {
+		d.scan.step(&d.scan, ']')
+	}
+
+	return item
+}
+
+// scanWhile processes bytes in d.data[d.off:] until it
+// receives a scan code not equal to op.
+// It updates d.off and returns the new scan code.
+func (d *decodeState) scanWhile(op int) int {
+	var newOp int
+	for {
+		if d.off >= len(d.data) {
+			newOp = d.scan.eof()
+			d.off = len(d.data) + 1 // mark processed EOF with len+1
+		} else {
+			c := d.data[d.off]
+			d.off++
+			newOp = d.scan.step(&d.scan, c)
+		}
+		if newOp != op {
+			break
+		}
+	}
+	return newOp
+}
+
+// value decodes a JSON value from d.data[d.off:] into the value.
+// it updates d.off to point past the decoded value.
+func (d *decodeState) value(v reflect.Value) {
+	if !v.IsValid() {
+		_, rest, err := nextValue(d.data[d.off:], &d.nextscan)
+		if err != nil {
+			d.error(err)
+		}
+		d.off = len(d.data) - len(rest)
+
+		// d.scan thinks we're still at the beginning of the item.
+		// Feed in an empty string - the shortest, simplest value -
+		// so that it knows we got to the end of the value.
+		if d.scan.redo {
+			// rewind.
+			d.scan.redo = false
+			d.scan.step = stateBeginValue
+		}
+		d.scan.step(&d.scan, '"')
+		d.scan.step(&d.scan, '"')
+
+		n := len(d.scan.parseState)
+		if n > 0 && d.scan.parseState[n-1] == parseObjectKey {
+			// d.scan thinks we just read an object key; finish the object
+			d.scan.step(&d.scan, ':')
+			d.scan.step(&d.scan, '"')
+			d.scan.step(&d.scan, '"')
+			d.scan.step(&d.scan, '}')
+		}
+
+		return
+	}
+
+	switch op := d.scanWhile(scanSkipSpace); op {
+	default:
+		d.error(errPhase)
+
+	case scanBeginArray:
+		d.array(v)
+
+	case scanBeginObject:
+		d.object(v)
+
+	case scanBeginLiteral:
+		d.literal(v)
+	}
+}
+
+type unquotedValue struct{}
+
+// valueQuoted is like value but decodes a
+// quoted string literal or literal null into an interface value.
+// If it finds anything other than a quoted string literal or null,
+// valueQuoted returns unquotedValue{}.
+func (d *decodeState) valueQuoted() interface{} {
+	switch op := d.scanWhile(scanSkipSpace); op {
+	default:
+		d.error(errPhase)
+
+	case scanBeginArray:
+		d.array(reflect.Value{})
+
+	case scanBeginObject:
+		d.object(reflect.Value{})
+
+	case scanBeginLiteral:
+		switch v := d.literalInterface().(type) {
+		case nil, string:
+			return v
+		}
+	}
+	return unquotedValue{}
+}
+
+// indirect walks down v allocating pointers as needed,
+// until it gets to a non-pointer.
+// if it encounters an Unmarshaler, indirect stops and returns that.
+// if decodingNull is true, indirect stops at the last pointer so it can be set to nil.
+func (d *decodeState) indirect(v reflect.Value, decodingNull bool) (Unmarshaler, encoding.TextUnmarshaler, reflect.Value) {
+	// If v is a named type and is addressable,
+	// start with its address, so that if the type has pointer methods,
+	// we find them.
+	if v.Kind() != reflect.Ptr && v.Type().Name() != "" && v.CanAddr() {
+		v = v.Addr()
+	}
+	for {
+		// Load value from interface, but only if the result will be
+		// usefully addressable.
+		if v.Kind() == reflect.Interface && !v.IsNil() {
+			e := v.Elem()
+			if e.Kind() == reflect.Ptr && !e.IsNil() && (!decodingNull || e.Elem().Kind() == reflect.Ptr) {
+				v = e
+				continue
+			}
+		}
+
+		if v.Kind() != reflect.Ptr {
+			break
+		}
+
+		if v.Elem().Kind() != reflect.Ptr && decodingNull && v.CanSet() {
+			break
+		}
+		if v.IsNil() {
+			v.Set(reflect.New(v.Type().Elem()))
+		}
+		if v.Type().NumMethod() > 0 {
+			if u, ok := v.Interface().(Unmarshaler); ok {
+				return u, nil, reflect.Value{}
+			}
+			if u, ok := v.Interface().(encoding.TextUnmarshaler); ok {
+				return nil, u, reflect.Value{}
+			}
+		}
+		v = v.Elem()
+	}
+	return nil, nil, v
+}
+
+// array consumes an array from d.data[d.off-1:], decoding into the value v.
+// the first byte of the array ('[') has been read already.
+func (d *decodeState) array(v reflect.Value) {
+	// Check for unmarshaler.
+	u, ut, pv := d.indirect(v, false)
+	if u != nil {
+		d.off--
+		err := u.UnmarshalJSON(d.next())
+		if err != nil {
+			d.error(err)
+		}
+		return
+	}
+	if ut != nil {
+		d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)})
+		d.off--
+		d.next()
+		return
+	}
+
+	v = pv
+
+	// Check type of target.
+	switch v.Kind() {
+	case reflect.Interface:
+		if v.NumMethod() == 0 {
+			// Decoding into nil interface?  Switch to non-reflect code.
+			v.Set(reflect.ValueOf(d.arrayInterface()))
+			return
+		}
+		// Otherwise it's invalid.
+		fallthrough
+	default:
+		d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)})
+		d.off--
+		d.next()
+		return
+	case reflect.Array:
+	case reflect.Slice:
+		break
+	}
+
+	i := 0
+	for {
+		// Look ahead for ] - can only happen on first iteration.
+		op := d.scanWhile(scanSkipSpace)
+		if op == scanEndArray {
+			break
+		}
+
+		// Back up so d.value can have the byte we just read.
+		d.off--
+		d.scan.undo(op)
+
+		// Get element of array, growing if necessary.
+		if v.Kind() == reflect.Slice {
+			// Grow slice if necessary
+			if i >= v.Cap() {
+				newcap := v.Cap() + v.Cap()/2
+				if newcap < 4 {
+					newcap = 4
+				}
+				newv := reflect.MakeSlice(v.Type(), v.Len(), newcap)
+				reflect.Copy(newv, v)
+				v.Set(newv)
+			}
+			if i >= v.Len() {
+				v.SetLen(i + 1)
+			}
+		}
+
+		if i < v.Len() {
+			// Decode into element.
+			d.value(v.Index(i))
+		} else {
+			// Ran out of fixed array: skip.
+			d.value(reflect.Value{})
+		}
+		i++
+
+		// Next token must be , or ].
+		op = d.scanWhile(scanSkipSpace)
+		if op == scanEndArray {
+			break
+		}
+		if op != scanArrayValue {
+			d.error(errPhase)
+		}
+	}
+
+	if i < v.Len() {
+		if v.Kind() == reflect.Array {
+			// Array.  Zero the rest.
+			z := reflect.Zero(v.Type().Elem())
+			for ; i < v.Len(); i++ {
+				v.Index(i).Set(z)
+			}
+		} else {
+			v.SetLen(i)
+		}
+	}
+	if i == 0 && v.Kind() == reflect.Slice {
+		v.Set(reflect.MakeSlice(v.Type(), 0, 0))
+	}
+}
+
+var nullLiteral = []byte("null")
+
+// object consumes an object from d.data[d.off-1:], decoding into the value v.
+// the first byte ('{') of the object has been read already.
+func (d *decodeState) object(v reflect.Value) {
+	// Check for unmarshaler.
+	u, ut, pv := d.indirect(v, false)
+	if u != nil {
+		d.off--
+		err := u.UnmarshalJSON(d.next())
+		if err != nil {
+			d.error(err)
+		}
+		return
+	}
+	if ut != nil {
+		d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)})
+		d.off--
+		d.next() // skip over { } in input
+		return
+	}
+	v = pv
+
+	// Decoding into nil interface?  Switch to non-reflect code.
+	if v.Kind() == reflect.Interface && v.NumMethod() == 0 {
+		v.Set(reflect.ValueOf(d.objectInterface()))
+		return
+	}
+
+	// Check type of target: struct or map[string]T
+	switch v.Kind() {
+	case reflect.Map:
+		// map must have string kind
+		t := v.Type()
+		if t.Key().Kind() != reflect.String {
+			d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)})
+			d.off--
+			d.next() // skip over { } in input
+			return
+		}
+		if v.IsNil() {
+			v.Set(reflect.MakeMap(t))
+		}
+	case reflect.Struct:
+
+	default:
+		d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)})
+		d.off--
+		d.next() // skip over { } in input
+		return
+	}
+
+	var mapElem reflect.Value
+	keys := map[string]bool{}
+
+	for {
+		// Read opening " of string key or closing }.
+		op := d.scanWhile(scanSkipSpace)
+		if op == scanEndObject {
+			// closing } - can only happen on first iteration.
+			break
+		}
+		if op != scanBeginLiteral {
+			d.error(errPhase)
+		}
+
+		// Read key.
+		start := d.off - 1
+		op = d.scanWhile(scanContinue)
+		item := d.data[start : d.off-1]
+		key, ok := unquote(item)
+		if !ok {
+			d.error(errPhase)
+		}
+
+		// Check for duplicate keys.
+		_, ok = keys[key]
+		if !ok {
+			keys[key] = true
+		} else {
+			d.error(fmt.Errorf("json: duplicate key '%s' in object", key))
+		}
+
+		// Figure out field corresponding to key.
+		var subv reflect.Value
+		destring := false // whether the value is wrapped in a string to be decoded first
+
+		if v.Kind() == reflect.Map {
+			elemType := v.Type().Elem()
+			if !mapElem.IsValid() {
+				mapElem = reflect.New(elemType).Elem()
+			} else {
+				mapElem.Set(reflect.Zero(elemType))
+			}
+			subv = mapElem
+		} else {
+			var f *field
+			fields := cachedTypeFields(v.Type())
+			for i := range fields {
+				ff := &fields[i]
+				if bytes.Equal(ff.nameBytes, []byte(key)) {
+					f = ff
+					break
+				}
+			}
+			if f != nil {
+				subv = v
+				destring = f.quoted
+				for _, i := range f.index {
+					if subv.Kind() == reflect.Ptr {
+						if subv.IsNil() {
+							subv.Set(reflect.New(subv.Type().Elem()))
+						}
+						subv = subv.Elem()
+					}
+					subv = subv.Field(i)
+				}
+			}
+		}
+
+		// Read : before value.
+		if op == scanSkipSpace {
+			op = d.scanWhile(scanSkipSpace)
+		}
+		if op != scanObjectKey {
+			d.error(errPhase)
+		}
+
+		// Read value.
+		if destring {
+			switch qv := d.valueQuoted().(type) {
+			case nil:
+				d.literalStore(nullLiteral, subv, false)
+			case string:
+				d.literalStore([]byte(qv), subv, true)
+			default:
+				d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal unquoted value into %v", subv.Type()))
+			}
+		} else {
+			d.value(subv)
+		}
+
+		// Write value back to map;
+		// if using struct, subv points into struct already.
+		if v.Kind() == reflect.Map {
+			kv := reflect.ValueOf(key).Convert(v.Type().Key())
+			v.SetMapIndex(kv, subv)
+		}
+
+		// Next token must be , or }.
+		op = d.scanWhile(scanSkipSpace)
+		if op == scanEndObject {
+			break
+		}
+		if op != scanObjectValue {
+			d.error(errPhase)
+		}
+	}
+}
+
+// literal consumes a literal from d.data[d.off-1:], decoding into the value v.
+// The first byte of the literal has been read already
+// (that's how the caller knows it's a literal).
+func (d *decodeState) literal(v reflect.Value) {
+	// All bytes inside literal return scanContinue op code.
+	start := d.off - 1
+	op := d.scanWhile(scanContinue)
+
+	// Scan read one byte too far; back up.
+	d.off--
+	d.scan.undo(op)
+
+	d.literalStore(d.data[start:d.off], v, false)
+}
+
+// convertNumber converts the number literal s to a float64, int64 or a Number
+// depending on d.numberDecodeType.
+func (d *decodeState) convertNumber(s string) (interface{}, error) {
+	switch d.numberType {
+
+	case UnmarshalJSONNumber:
+		return Number(s), nil
+	case UnmarshalIntOrFloat:
+		v, err := strconv.ParseInt(s, 10, 64)
+		if err == nil {
+			return v, nil
+		}
+
+		// tries to parse integer number in scientific notation
+		f, err := strconv.ParseFloat(s, 64)
+		if err != nil {
+			return nil, &UnmarshalTypeError{"number " + s, reflect.TypeOf(0.0), int64(d.off)}
+		}
+
+		// if it has no decimal value use int64
+		if fi, fd := math.Modf(f); fd == 0.0 {
+			return int64(fi), nil
+		}
+		return f, nil
+	default:
+		f, err := strconv.ParseFloat(s, 64)
+		if err != nil {
+			return nil, &UnmarshalTypeError{"number " + s, reflect.TypeOf(0.0), int64(d.off)}
+		}
+		return f, nil
+	}
+
+}
+
+var numberType = reflect.TypeOf(Number(""))
+
+// literalStore decodes a literal stored in item into v.
+//
+// fromQuoted indicates whether this literal came from unwrapping a
+// string from the ",string" struct tag option. this is used only to
+// produce more helpful error messages.
+func (d *decodeState) literalStore(item []byte, v reflect.Value, fromQuoted bool) {
+	// Check for unmarshaler.
+	if len(item) == 0 {
+		//Empty string given
+		d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+		return
+	}
+	wantptr := item[0] == 'n' // null
+	u, ut, pv := d.indirect(v, wantptr)
+	if u != nil {
+		err := u.UnmarshalJSON(item)
+		if err != nil {
+			d.error(err)
+		}
+		return
+	}
+	if ut != nil {
+		if item[0] != '"' {
+			if fromQuoted {
+				d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)})
+			}
+			return
+		}
+		s, ok := unquoteBytes(item)
+		if !ok {
+			if fromQuoted {
+				d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.error(errPhase)
+			}
+		}
+		err := ut.UnmarshalText(s)
+		if err != nil {
+			d.error(err)
+		}
+		return
+	}
+
+	v = pv
+
+	switch c := item[0]; c {
+	case 'n': // null
+		switch v.Kind() {
+		case reflect.Interface, reflect.Ptr, reflect.Map, reflect.Slice:
+			v.Set(reflect.Zero(v.Type()))
+			// otherwise, ignore null for primitives/string
+		}
+	case 't', 'f': // true, false
+		value := c == 't'
+		switch v.Kind() {
+		default:
+			if fromQuoted {
+				d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)})
+			}
+		case reflect.Bool:
+			v.SetBool(value)
+		case reflect.Interface:
+			if v.NumMethod() == 0 {
+				v.Set(reflect.ValueOf(value))
+			} else {
+				d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)})
+			}
+		}
+
+	case '"': // string
+		s, ok := unquoteBytes(item)
+		if !ok {
+			if fromQuoted {
+				d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.error(errPhase)
+			}
+		}
+		switch v.Kind() {
+		default:
+			d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)})
+		case reflect.Slice:
+			if v.Type().Elem().Kind() != reflect.Uint8 {
+				d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)})
+				break
+			}
+			b := make([]byte, base64.StdEncoding.DecodedLen(len(s)))
+			n, err := base64.StdEncoding.Decode(b, s)
+			if err != nil {
+				d.saveError(err)
+				break
+			}
+			v.SetBytes(b[:n])
+		case reflect.String:
+			v.SetString(string(s))
+		case reflect.Interface:
+			if v.NumMethod() == 0 {
+				v.Set(reflect.ValueOf(string(s)))
+			} else {
+				d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)})
+			}
+		}
+
+	default: // number
+		if c != '-' && (c < '0' || c > '9') {
+			if fromQuoted {
+				d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.error(errPhase)
+			}
+		}
+		s := string(item)
+		switch v.Kind() {
+		default:
+			if v.Kind() == reflect.String && v.Type() == numberType {
+				v.SetString(s)
+				if !isValidNumber(s) {
+					d.error(fmt.Errorf("json: invalid number literal, trying to unmarshal %q into Number", item))
+				}
+				break
+			}
+			if fromQuoted {
+				d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.error(&UnmarshalTypeError{"number", v.Type(), int64(d.off)})
+			}
+		case reflect.Interface:
+			n, err := d.convertNumber(s)
+			if err != nil {
+				d.saveError(err)
+				break
+			}
+			if v.NumMethod() != 0 {
+				d.saveError(&UnmarshalTypeError{"number", v.Type(), int64(d.off)})
+				break
+			}
+			v.Set(reflect.ValueOf(n))
+
+		case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+			n, err := strconv.ParseInt(s, 10, 64)
+			if err != nil || v.OverflowInt(n) {
+				d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)})
+				break
+			}
+			v.SetInt(n)
+
+		case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+			n, err := strconv.ParseUint(s, 10, 64)
+			if err != nil || v.OverflowUint(n) {
+				d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)})
+				break
+			}
+			v.SetUint(n)
+
+		case reflect.Float32, reflect.Float64:
+			n, err := strconv.ParseFloat(s, v.Type().Bits())
+			if err != nil || v.OverflowFloat(n) {
+				d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)})
+				break
+			}
+			v.SetFloat(n)
+		}
+	}
+}
+
+// The xxxInterface routines build up a value to be stored
+// in an empty interface.  They are not strictly necessary,
+// but they avoid the weight of reflection in this common case.
+
+// valueInterface is like value but returns interface{}
+func (d *decodeState) valueInterface() interface{} {
+	switch d.scanWhile(scanSkipSpace) {
+	default:
+		d.error(errPhase)
+		panic("unreachable")
+	case scanBeginArray:
+		return d.arrayInterface()
+	case scanBeginObject:
+		return d.objectInterface()
+	case scanBeginLiteral:
+		return d.literalInterface()
+	}
+}
+
+// arrayInterface is like array but returns []interface{}.
+func (d *decodeState) arrayInterface() []interface{} {
+	var v = make([]interface{}, 0)
+	for {
+		// Look ahead for ] - can only happen on first iteration.
+		op := d.scanWhile(scanSkipSpace)
+		if op == scanEndArray {
+			break
+		}
+
+		// Back up so d.value can have the byte we just read.
+		d.off--
+		d.scan.undo(op)
+
+		v = append(v, d.valueInterface())
+
+		// Next token must be , or ].
+		op = d.scanWhile(scanSkipSpace)
+		if op == scanEndArray {
+			break
+		}
+		if op != scanArrayValue {
+			d.error(errPhase)
+		}
+	}
+	return v
+}
+
+// objectInterface is like object but returns map[string]interface{}.
+func (d *decodeState) objectInterface() map[string]interface{} {
+	m := make(map[string]interface{})
+	keys := map[string]bool{}
+
+	for {
+		// Read opening " of string key or closing }.
+		op := d.scanWhile(scanSkipSpace)
+		if op == scanEndObject {
+			// closing } - can only happen on first iteration.
+			break
+		}
+		if op != scanBeginLiteral {
+			d.error(errPhase)
+		}
+
+		// Read string key.
+		start := d.off - 1
+		op = d.scanWhile(scanContinue)
+		item := d.data[start : d.off-1]
+		key, ok := unquote(item)
+		if !ok {
+			d.error(errPhase)
+		}
+
+		// Check for duplicate keys.
+		_, ok = keys[key]
+		if !ok {
+			keys[key] = true
+		} else {
+			d.error(fmt.Errorf("json: duplicate key '%s' in object", key))
+		}
+
+		// Read : before value.
+		if op == scanSkipSpace {
+			op = d.scanWhile(scanSkipSpace)
+		}
+		if op != scanObjectKey {
+			d.error(errPhase)
+		}
+
+		// Read value.
+		m[key] = d.valueInterface()
+
+		// Next token must be , or }.
+		op = d.scanWhile(scanSkipSpace)
+		if op == scanEndObject {
+			break
+		}
+		if op != scanObjectValue {
+			d.error(errPhase)
+		}
+	}
+	return m
+}
+
+// literalInterface is like literal but returns an interface value.
+func (d *decodeState) literalInterface() interface{} {
+	// All bytes inside literal return scanContinue op code.
+	start := d.off - 1
+	op := d.scanWhile(scanContinue)
+
+	// Scan read one byte too far; back up.
+	d.off--
+	d.scan.undo(op)
+	item := d.data[start:d.off]
+
+	switch c := item[0]; c {
+	case 'n': // null
+		return nil
+
+	case 't', 'f': // true, false
+		return c == 't'
+
+	case '"': // string
+		s, ok := unquote(item)
+		if !ok {
+			d.error(errPhase)
+		}
+		return s
+
+	default: // number
+		if c != '-' && (c < '0' || c > '9') {
+			d.error(errPhase)
+		}
+		n, err := d.convertNumber(string(item))
+		if err != nil {
+			d.saveError(err)
+		}
+		return n
+	}
+}
+
+// getu4 decodes \uXXXX from the beginning of s, returning the hex value,
+// or it returns -1.
+func getu4(s []byte) rune {
+	if len(s) < 6 || s[0] != '\\' || s[1] != 'u' {
+		return -1
+	}
+	r, err := strconv.ParseUint(string(s[2:6]), 16, 64)
+	if err != nil {
+		return -1
+	}
+	return rune(r)
+}
+
+// unquote converts a quoted JSON string literal s into an actual string t.
+// The rules are different than for Go, so cannot use strconv.Unquote.
+func unquote(s []byte) (t string, ok bool) {
+	s, ok = unquoteBytes(s)
+	t = string(s)
+	return
+}
+
+func unquoteBytes(s []byte) (t []byte, ok bool) {
+	if len(s) < 2 || s[0] != '"' || s[len(s)-1] != '"' {
+		return
+	}
+	s = s[1 : len(s)-1]
+
+	// Check for unusual characters. If there are none,
+	// then no unquoting is needed, so return a slice of the
+	// original bytes.
+	r := 0
+	for r < len(s) {
+		c := s[r]
+		if c == '\\' || c == '"' || c < ' ' {
+			break
+		}
+		if c < utf8.RuneSelf {
+			r++
+			continue
+		}
+		rr, size := utf8.DecodeRune(s[r:])
+		if rr == utf8.RuneError && size == 1 {
+			break
+		}
+		r += size
+	}
+	if r == len(s) {
+		return s, true
+	}
+
+	b := make([]byte, len(s)+2*utf8.UTFMax)
+	w := copy(b, s[0:r])
+	for r < len(s) {
+		// Out of room?  Can only happen if s is full of
+		// malformed UTF-8 and we're replacing each
+		// byte with RuneError.
+		if w >= len(b)-2*utf8.UTFMax {
+			nb := make([]byte, (len(b)+utf8.UTFMax)*2)
+			copy(nb, b[0:w])
+			b = nb
+		}
+		switch c := s[r]; {
+		case c == '\\':
+			r++
+			if r >= len(s) {
+				return
+			}
+			switch s[r] {
+			default:
+				return
+			case '"', '\\', '/', '\'':
+				b[w] = s[r]
+				r++
+				w++
+			case 'b':
+				b[w] = '\b'
+				r++
+				w++
+			case 'f':
+				b[w] = '\f'
+				r++
+				w++
+			case 'n':
+				b[w] = '\n'
+				r++
+				w++
+			case 'r':
+				b[w] = '\r'
+				r++
+				w++
+			case 't':
+				b[w] = '\t'
+				r++
+				w++
+			case 'u':
+				r--
+				rr := getu4(s[r:])
+				if rr < 0 {
+					return
+				}
+				r += 6
+				if utf16.IsSurrogate(rr) {
+					rr1 := getu4(s[r:])
+					if dec := utf16.DecodeRune(rr, rr1); dec != unicode.ReplacementChar {
+						// A valid pair; consume.
+						r += 6
+						w += utf8.EncodeRune(b[w:], dec)
+						break
+					}
+					// Invalid surrogate; fall back to replacement rune.
+					rr = unicode.ReplacementChar
+				}
+				w += utf8.EncodeRune(b[w:], rr)
+			}
+
+		// Quote, control characters are invalid.
+		case c == '"', c < ' ':
+			return
+
+		// ASCII
+		case c < utf8.RuneSelf:
+			b[w] = c
+			r++
+			w++
+
+		// Coerce to well-formed UTF-8.
+		default:
+			rr, size := utf8.DecodeRune(s[r:])
+			r += size
+			w += utf8.EncodeRune(b[w:], rr)
+		}
+	}
+	return b[0:w], true
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/json/encode.go b/vendor/github.com/go-jose/go-jose/v4/json/encode.go
new file mode 100644
index 0000000000..98de68ce1e
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/json/encode.go
@@ -0,0 +1,1197 @@
+// Copyright 2010 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package json implements encoding and decoding of JSON objects as defined in
+// RFC 4627. The mapping between JSON objects and Go values is described
+// in the documentation for the Marshal and Unmarshal functions.
+//
+// See "JSON and Go" for an introduction to this package:
+// https://golang.org/doc/articles/json_and_go.html
+package json
+
+import (
+	"bytes"
+	"encoding"
+	"encoding/base64"
+	"fmt"
+	"math"
+	"reflect"
+	"runtime"
+	"sort"
+	"strconv"
+	"strings"
+	"sync"
+	"unicode"
+	"unicode/utf8"
+)
+
+// Marshal returns the JSON encoding of v.
+//
+// Marshal traverses the value v recursively.
+// If an encountered value implements the Marshaler interface
+// and is not a nil pointer, Marshal calls its MarshalJSON method
+// to produce JSON. If no MarshalJSON method is present but the
+// value implements encoding.TextMarshaler instead, Marshal calls
+// its MarshalText method.
+// The nil pointer exception is not strictly necessary
+// but mimics a similar, necessary exception in the behavior of
+// UnmarshalJSON.
+//
+// Otherwise, Marshal uses the following type-dependent default encodings:
+//
+// Boolean values encode as JSON booleans.
+//
+// Floating point, integer, and Number values encode as JSON numbers.
+//
+// String values encode as JSON strings coerced to valid UTF-8,
+// replacing invalid bytes with the Unicode replacement rune.
+// The angle brackets "<" and ">" are escaped to "\u003c" and "\u003e"
+// to keep some browsers from misinterpreting JSON output as HTML.
+// Ampersand "&" is also escaped to "\u0026" for the same reason.
+//
+// Array and slice values encode as JSON arrays, except that
+// []byte encodes as a base64-encoded string, and a nil slice
+// encodes as the null JSON object.
+//
+// Struct values encode as JSON objects. Each exported struct field
+// becomes a member of the object unless
+//   - the field's tag is "-", or
+//   - the field is empty and its tag specifies the "omitempty" option.
+//
+// The empty values are false, 0, any
+// nil pointer or interface value, and any array, slice, map, or string of
+// length zero. The object's default key string is the struct field name
+// but can be specified in the struct field's tag value. The "json" key in
+// the struct field's tag value is the key name, followed by an optional comma
+// and options. Examples:
+//
+//	// Field is ignored by this package.
+//	Field int `json:"-"`
+//
+//	// Field appears in JSON as key "myName".
+//	Field int `json:"myName"`
+//
+//	// Field appears in JSON as key "myName" and
+//	// the field is omitted from the object if its value is empty,
+//	// as defined above.
+//	Field int `json:"myName,omitempty"`
+//
+//	// Field appears in JSON as key "Field" (the default), but
+//	// the field is skipped if empty.
+//	// Note the leading comma.
+//	Field int `json:",omitempty"`
+//
+// The "string" option signals that a field is stored as JSON inside a
+// JSON-encoded string. It applies only to fields of string, floating point,
+// integer, or boolean types. This extra level of encoding is sometimes used
+// when communicating with JavaScript programs:
+//
+//	Int64String int64 `json:",string"`
+//
+// The key name will be used if it's a non-empty string consisting of
+// only Unicode letters, digits, dollar signs, percent signs, hyphens,
+// underscores and slashes.
+//
+// Anonymous struct fields are usually marshaled as if their inner exported fields
+// were fields in the outer struct, subject to the usual Go visibility rules amended
+// as described in the next paragraph.
+// An anonymous struct field with a name given in its JSON tag is treated as
+// having that name, rather than being anonymous.
+// An anonymous struct field of interface type is treated the same as having
+// that type as its name, rather than being anonymous.
+//
+// The Go visibility rules for struct fields are amended for JSON when
+// deciding which field to marshal or unmarshal. If there are
+// multiple fields at the same level, and that level is the least
+// nested (and would therefore be the nesting level selected by the
+// usual Go rules), the following extra rules apply:
+//
+// 1) Of those fields, if any are JSON-tagged, only tagged fields are considered,
+// even if there are multiple untagged fields that would otherwise conflict.
+// 2) If there is exactly one field (tagged or not according to the first rule), that is selected.
+// 3) Otherwise there are multiple fields, and all are ignored; no error occurs.
+//
+// Handling of anonymous struct fields is new in Go 1.1.
+// Prior to Go 1.1, anonymous struct fields were ignored. To force ignoring of
+// an anonymous struct field in both current and earlier versions, give the field
+// a JSON tag of "-".
+//
+// Map values encode as JSON objects.
+// The map's key type must be string; the map keys are used as JSON object
+// keys, subject to the UTF-8 coercion described for string values above.
+//
+// Pointer values encode as the value pointed to.
+// A nil pointer encodes as the null JSON object.
+//
+// Interface values encode as the value contained in the interface.
+// A nil interface value encodes as the null JSON object.
+//
+// Channel, complex, and function values cannot be encoded in JSON.
+// Attempting to encode such a value causes Marshal to return
+// an UnsupportedTypeError.
+//
+// JSON cannot represent cyclic data structures and Marshal does not
+// handle them.  Passing cyclic structures to Marshal will result in
+// an infinite recursion.
+func Marshal(v interface{}) ([]byte, error) {
+	e := &encodeState{}
+	err := e.marshal(v)
+	if err != nil {
+		return nil, err
+	}
+	return e.Bytes(), nil
+}
+
+// MarshalIndent is like Marshal but applies Indent to format the output.
+func MarshalIndent(v interface{}, prefix, indent string) ([]byte, error) {
+	b, err := Marshal(v)
+	if err != nil {
+		return nil, err
+	}
+	var buf bytes.Buffer
+	err = Indent(&buf, b, prefix, indent)
+	if err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+// HTMLEscape appends to dst the JSON-encoded src with <, >, &, U+2028 and U+2029
+// characters inside string literals changed to \u003c, \u003e, \u0026, \u2028, \u2029
+// so that the JSON will be safe to embed inside HTML <script> tags.
+// For historical reasons, web browsers don't honor standard HTML
+// escaping within <script> tags, so an alternative JSON encoding must
+// be used.
+func HTMLEscape(dst *bytes.Buffer, src []byte) {
+	// The characters can only appear in string literals,
+	// so just scan the string one byte at a time.
+	start := 0
+	for i, c := range src {
+		if c == '<' || c == '>' || c == '&' {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u00`)
+			dst.WriteByte(hex[c>>4])
+			dst.WriteByte(hex[c&0xF])
+			start = i + 1
+		}
+		// Convert U+2028 and U+2029 (E2 80 A8 and E2 80 A9).
+		if c == 0xE2 && i+2 < len(src) && src[i+1] == 0x80 && src[i+2]&^1 == 0xA8 {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u202`)
+			dst.WriteByte(hex[src[i+2]&0xF])
+			start = i + 3
+		}
+	}
+	if start < len(src) {
+		dst.Write(src[start:])
+	}
+}
+
+// Marshaler is the interface implemented by objects that
+// can marshal themselves into valid JSON.
+type Marshaler interface {
+	MarshalJSON() ([]byte, error)
+}
+
+// An UnsupportedTypeError is returned by Marshal when attempting
+// to encode an unsupported value type.
+type UnsupportedTypeError struct {
+	Type reflect.Type
+}
+
+func (e *UnsupportedTypeError) Error() string {
+	return "json: unsupported type: " + e.Type.String()
+}
+
+type UnsupportedValueError struct {
+	Value reflect.Value
+	Str   string
+}
+
+func (e *UnsupportedValueError) Error() string {
+	return "json: unsupported value: " + e.Str
+}
+
+// Before Go 1.2, an InvalidUTF8Error was returned by Marshal when
+// attempting to encode a string value with invalid UTF-8 sequences.
+// As of Go 1.2, Marshal instead coerces the string to valid UTF-8 by
+// replacing invalid bytes with the Unicode replacement rune U+FFFD.
+// This error is no longer generated but is kept for backwards compatibility
+// with programs that might mention it.
+type InvalidUTF8Error struct {
+	S string // the whole string value that caused the error
+}
+
+func (e *InvalidUTF8Error) Error() string {
+	return "json: invalid UTF-8 in string: " + strconv.Quote(e.S)
+}
+
+type MarshalerError struct {
+	Type reflect.Type
+	Err  error
+}
+
+func (e *MarshalerError) Error() string {
+	return "json: error calling MarshalJSON for type " + e.Type.String() + ": " + e.Err.Error()
+}
+
+var hex = "0123456789abcdef"
+
+// An encodeState encodes JSON into a bytes.Buffer.
+type encodeState struct {
+	bytes.Buffer // accumulated output
+	scratch      [64]byte
+}
+
+var encodeStatePool sync.Pool
+
+func newEncodeState() *encodeState {
+	if v := encodeStatePool.Get(); v != nil {
+		e := v.(*encodeState)
+		e.Reset()
+		return e
+	}
+	return new(encodeState)
+}
+
+func (e *encodeState) marshal(v interface{}) (err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			if _, ok := r.(runtime.Error); ok {
+				panic(r)
+			}
+			if s, ok := r.(string); ok {
+				panic(s)
+			}
+			err = r.(error)
+		}
+	}()
+	e.reflectValue(reflect.ValueOf(v))
+	return nil
+}
+
+func (e *encodeState) error(err error) {
+	panic(err)
+}
+
+func isEmptyValue(v reflect.Value) bool {
+	switch v.Kind() {
+	case reflect.Array, reflect.Map, reflect.Slice, reflect.String:
+		return v.Len() == 0
+	case reflect.Bool:
+		return !v.Bool()
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return v.Int() == 0
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return v.Uint() == 0
+	case reflect.Float32, reflect.Float64:
+		return v.Float() == 0
+	case reflect.Interface, reflect.Ptr:
+		return v.IsNil()
+	}
+	return false
+}
+
+func (e *encodeState) reflectValue(v reflect.Value) {
+	valueEncoder(v)(e, v, false)
+}
+
+type encoderFunc func(e *encodeState, v reflect.Value, quoted bool)
+
+var encoderCache struct {
+	sync.RWMutex
+	m map[reflect.Type]encoderFunc
+}
+
+func valueEncoder(v reflect.Value) encoderFunc {
+	if !v.IsValid() {
+		return invalidValueEncoder
+	}
+	return typeEncoder(v.Type())
+}
+
+func typeEncoder(t reflect.Type) encoderFunc {
+	encoderCache.RLock()
+	f := encoderCache.m[t]
+	encoderCache.RUnlock()
+	if f != nil {
+		return f
+	}
+
+	// To deal with recursive types, populate the map with an
+	// indirect func before we build it. This type waits on the
+	// real func (f) to be ready and then calls it.  This indirect
+	// func is only used for recursive types.
+	encoderCache.Lock()
+	if encoderCache.m == nil {
+		encoderCache.m = make(map[reflect.Type]encoderFunc)
+	}
+	var wg sync.WaitGroup
+	wg.Add(1)
+	encoderCache.m[t] = func(e *encodeState, v reflect.Value, quoted bool) {
+		wg.Wait()
+		f(e, v, quoted)
+	}
+	encoderCache.Unlock()
+
+	// Compute fields without lock.
+	// Might duplicate effort but won't hold other computations back.
+	f = newTypeEncoder(t, true)
+	wg.Done()
+	encoderCache.Lock()
+	encoderCache.m[t] = f
+	encoderCache.Unlock()
+	return f
+}
+
+var (
+	marshalerType     = reflect.TypeOf(new(Marshaler)).Elem()
+	textMarshalerType = reflect.TypeOf(new(encoding.TextMarshaler)).Elem()
+)
+
+// newTypeEncoder constructs an encoderFunc for a type.
+// The returned encoder only checks CanAddr when allowAddr is true.
+func newTypeEncoder(t reflect.Type, allowAddr bool) encoderFunc {
+	if t.Implements(marshalerType) {
+		return marshalerEncoder
+	}
+	if t.Kind() != reflect.Ptr && allowAddr {
+		if reflect.PtrTo(t).Implements(marshalerType) {
+			return newCondAddrEncoder(addrMarshalerEncoder, newTypeEncoder(t, false))
+		}
+	}
+
+	if t.Implements(textMarshalerType) {
+		return textMarshalerEncoder
+	}
+	if t.Kind() != reflect.Ptr && allowAddr {
+		if reflect.PtrTo(t).Implements(textMarshalerType) {
+			return newCondAddrEncoder(addrTextMarshalerEncoder, newTypeEncoder(t, false))
+		}
+	}
+
+	switch t.Kind() {
+	case reflect.Bool:
+		return boolEncoder
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return intEncoder
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return uintEncoder
+	case reflect.Float32:
+		return float32Encoder
+	case reflect.Float64:
+		return float64Encoder
+	case reflect.String:
+		return stringEncoder
+	case reflect.Interface:
+		return interfaceEncoder
+	case reflect.Struct:
+		return newStructEncoder(t)
+	case reflect.Map:
+		return newMapEncoder(t)
+	case reflect.Slice:
+		return newSliceEncoder(t)
+	case reflect.Array:
+		return newArrayEncoder(t)
+	case reflect.Ptr:
+		return newPtrEncoder(t)
+	default:
+		return unsupportedTypeEncoder
+	}
+}
+
+func invalidValueEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	e.WriteString("null")
+}
+
+func marshalerEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	if v.Kind() == reflect.Ptr && v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m := v.Interface().(Marshaler)
+	b, err := m.MarshalJSON()
+	if err == nil {
+		// copy JSON into buffer, checking validity.
+		err = compact(&e.Buffer, b, true)
+	}
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err})
+	}
+}
+
+func addrMarshalerEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	va := v.Addr()
+	if va.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m := va.Interface().(Marshaler)
+	b, err := m.MarshalJSON()
+	if err == nil {
+		// copy JSON into buffer, checking validity.
+		err = compact(&e.Buffer, b, true)
+	}
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err})
+	}
+}
+
+func textMarshalerEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	if v.Kind() == reflect.Ptr && v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m := v.Interface().(encoding.TextMarshaler)
+	b, err := m.MarshalText()
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err})
+	}
+	e.stringBytes(b)
+}
+
+func addrTextMarshalerEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	va := v.Addr()
+	if va.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m := va.Interface().(encoding.TextMarshaler)
+	b, err := m.MarshalText()
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err})
+	}
+	e.stringBytes(b)
+}
+
+func boolEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	if quoted {
+		e.WriteByte('"')
+	}
+	if v.Bool() {
+		e.WriteString("true")
+	} else {
+		e.WriteString("false")
+	}
+	if quoted {
+		e.WriteByte('"')
+	}
+}
+
+func intEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	b := strconv.AppendInt(e.scratch[:0], v.Int(), 10)
+	if quoted {
+		e.WriteByte('"')
+	}
+	e.Write(b)
+	if quoted {
+		e.WriteByte('"')
+	}
+}
+
+func uintEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	b := strconv.AppendUint(e.scratch[:0], v.Uint(), 10)
+	if quoted {
+		e.WriteByte('"')
+	}
+	e.Write(b)
+	if quoted {
+		e.WriteByte('"')
+	}
+}
+
+type floatEncoder int // number of bits
+
+func (bits floatEncoder) encode(e *encodeState, v reflect.Value, quoted bool) {
+	f := v.Float()
+	if math.IsInf(f, 0) || math.IsNaN(f) {
+		e.error(&UnsupportedValueError{v, strconv.FormatFloat(f, 'g', -1, int(bits))})
+	}
+	b := strconv.AppendFloat(e.scratch[:0], f, 'g', -1, int(bits))
+	if quoted {
+		e.WriteByte('"')
+	}
+	e.Write(b)
+	if quoted {
+		e.WriteByte('"')
+	}
+}
+
+var (
+	float32Encoder = (floatEncoder(32)).encode
+	float64Encoder = (floatEncoder(64)).encode
+)
+
+func stringEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	if v.Type() == numberType {
+		numStr := v.String()
+		// In Go1.5 the empty string encodes to "0", while this is not a valid number literal
+		// we keep compatibility so check validity after this.
+		if numStr == "" {
+			numStr = "0" // Number's zero-val
+		}
+		if !isValidNumber(numStr) {
+			e.error(fmt.Errorf("json: invalid number literal %q", numStr))
+		}
+		e.WriteString(numStr)
+		return
+	}
+	if quoted {
+		sb, err := Marshal(v.String())
+		if err != nil {
+			e.error(err)
+		}
+		e.string(string(sb))
+	} else {
+		e.string(v.String())
+	}
+}
+
+func interfaceEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	e.reflectValue(v.Elem())
+}
+
+func unsupportedTypeEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	e.error(&UnsupportedTypeError{v.Type()})
+}
+
+type structEncoder struct {
+	fields    []field
+	fieldEncs []encoderFunc
+}
+
+func (se *structEncoder) encode(e *encodeState, v reflect.Value, quoted bool) {
+	e.WriteByte('{')
+	first := true
+	for i, f := range se.fields {
+		fv := fieldByIndex(v, f.index)
+		if !fv.IsValid() || f.omitEmpty && isEmptyValue(fv) {
+			continue
+		}
+		if first {
+			first = false
+		} else {
+			e.WriteByte(',')
+		}
+		e.string(f.name)
+		e.WriteByte(':')
+		se.fieldEncs[i](e, fv, f.quoted)
+	}
+	e.WriteByte('}')
+}
+
+func newStructEncoder(t reflect.Type) encoderFunc {
+	fields := cachedTypeFields(t)
+	se := &structEncoder{
+		fields:    fields,
+		fieldEncs: make([]encoderFunc, len(fields)),
+	}
+	for i, f := range fields {
+		se.fieldEncs[i] = typeEncoder(typeByIndex(t, f.index))
+	}
+	return se.encode
+}
+
+type mapEncoder struct {
+	elemEnc encoderFunc
+}
+
+func (me *mapEncoder) encode(e *encodeState, v reflect.Value, _ bool) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	e.WriteByte('{')
+	var sv stringValues = v.MapKeys()
+	sort.Sort(sv)
+	for i, k := range sv {
+		if i > 0 {
+			e.WriteByte(',')
+		}
+		e.string(k.String())
+		e.WriteByte(':')
+		me.elemEnc(e, v.MapIndex(k), false)
+	}
+	e.WriteByte('}')
+}
+
+func newMapEncoder(t reflect.Type) encoderFunc {
+	if t.Key().Kind() != reflect.String {
+		return unsupportedTypeEncoder
+	}
+	me := &mapEncoder{typeEncoder(t.Elem())}
+	return me.encode
+}
+
+func encodeByteSlice(e *encodeState, v reflect.Value, _ bool) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	s := v.Bytes()
+	e.WriteByte('"')
+	if len(s) < 1024 {
+		// for small buffers, using Encode directly is much faster.
+		dst := make([]byte, base64.StdEncoding.EncodedLen(len(s)))
+		base64.StdEncoding.Encode(dst, s)
+		e.Write(dst)
+	} else {
+		// for large buffers, avoid unnecessary extra temporary
+		// buffer space.
+		enc := base64.NewEncoder(base64.StdEncoding, e)
+		_, _ = enc.Write(s)
+		enc.Close()
+	}
+	e.WriteByte('"')
+}
+
+// sliceEncoder just wraps an arrayEncoder, checking to make sure the value isn't nil.
+type sliceEncoder struct {
+	arrayEnc encoderFunc
+}
+
+func (se *sliceEncoder) encode(e *encodeState, v reflect.Value, _ bool) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	se.arrayEnc(e, v, false)
+}
+
+func newSliceEncoder(t reflect.Type) encoderFunc {
+	// Byte slices get special treatment; arrays don't.
+	if t.Elem().Kind() == reflect.Uint8 {
+		return encodeByteSlice
+	}
+	enc := &sliceEncoder{newArrayEncoder(t)}
+	return enc.encode
+}
+
+type arrayEncoder struct {
+	elemEnc encoderFunc
+}
+
+func (ae *arrayEncoder) encode(e *encodeState, v reflect.Value, _ bool) {
+	e.WriteByte('[')
+	n := v.Len()
+	for i := 0; i < n; i++ {
+		if i > 0 {
+			e.WriteByte(',')
+		}
+		ae.elemEnc(e, v.Index(i), false)
+	}
+	e.WriteByte(']')
+}
+
+func newArrayEncoder(t reflect.Type) encoderFunc {
+	enc := &arrayEncoder{typeEncoder(t.Elem())}
+	return enc.encode
+}
+
+type ptrEncoder struct {
+	elemEnc encoderFunc
+}
+
+func (pe *ptrEncoder) encode(e *encodeState, v reflect.Value, quoted bool) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	pe.elemEnc(e, v.Elem(), quoted)
+}
+
+func newPtrEncoder(t reflect.Type) encoderFunc {
+	enc := &ptrEncoder{typeEncoder(t.Elem())}
+	return enc.encode
+}
+
+type condAddrEncoder struct {
+	canAddrEnc, elseEnc encoderFunc
+}
+
+func (ce *condAddrEncoder) encode(e *encodeState, v reflect.Value, quoted bool) {
+	if v.CanAddr() {
+		ce.canAddrEnc(e, v, quoted)
+	} else {
+		ce.elseEnc(e, v, quoted)
+	}
+}
+
+// newCondAddrEncoder returns an encoder that checks whether its value
+// CanAddr and delegates to canAddrEnc if so, else to elseEnc.
+func newCondAddrEncoder(canAddrEnc, elseEnc encoderFunc) encoderFunc {
+	enc := &condAddrEncoder{canAddrEnc: canAddrEnc, elseEnc: elseEnc}
+	return enc.encode
+}
+
+func isValidTag(s string) bool {
+	if s == "" {
+		return false
+	}
+	for _, c := range s {
+		switch {
+		case strings.ContainsRune("!#$%&()*+-./:<=>?@[]^_{|}~ ", c):
+			// Backslash and quote chars are reserved, but
+			// otherwise any punctuation chars are allowed
+			// in a tag name.
+		default:
+			if !unicode.IsLetter(c) && !unicode.IsDigit(c) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+func fieldByIndex(v reflect.Value, index []int) reflect.Value {
+	for _, i := range index {
+		if v.Kind() == reflect.Ptr {
+			if v.IsNil() {
+				return reflect.Value{}
+			}
+			v = v.Elem()
+		}
+		v = v.Field(i)
+	}
+	return v
+}
+
+func typeByIndex(t reflect.Type, index []int) reflect.Type {
+	for _, i := range index {
+		if t.Kind() == reflect.Ptr {
+			t = t.Elem()
+		}
+		t = t.Field(i).Type
+	}
+	return t
+}
+
+// stringValues is a slice of reflect.Value holding *reflect.StringValue.
+// It implements the methods to sort by string.
+type stringValues []reflect.Value
+
+func (sv stringValues) Len() int           { return len(sv) }
+func (sv stringValues) Swap(i, j int)      { sv[i], sv[j] = sv[j], sv[i] }
+func (sv stringValues) Less(i, j int) bool { return sv.get(i) < sv.get(j) }
+func (sv stringValues) get(i int) string   { return sv[i].String() }
+
+// NOTE: keep in sync with stringBytes below.
+func (e *encodeState) string(s string) int {
+	len0 := e.Len()
+	e.WriteByte('"')
+	start := 0
+	for i := 0; i < len(s); {
+		if b := s[i]; b < utf8.RuneSelf {
+			if 0x20 <= b && b != '\\' && b != '"' && b != '<' && b != '>' && b != '&' {
+				i++
+				continue
+			}
+			if start < i {
+				e.WriteString(s[start:i])
+			}
+			switch b {
+			case '\\', '"':
+				e.WriteByte('\\')
+				e.WriteByte(b)
+			case '\n':
+				e.WriteByte('\\')
+				e.WriteByte('n')
+			case '\r':
+				e.WriteByte('\\')
+				e.WriteByte('r')
+			case '\t':
+				e.WriteByte('\\')
+				e.WriteByte('t')
+			default:
+				// This encodes bytes < 0x20 except for \n and \r,
+				// as well as <, > and &. The latter are escaped because they
+				// can lead to security holes when user-controlled strings
+				// are rendered into JSON and served to some browsers.
+				e.WriteString(`\u00`)
+				e.WriteByte(hex[b>>4])
+				e.WriteByte(hex[b&0xF])
+			}
+			i++
+			start = i
+			continue
+		}
+		c, size := utf8.DecodeRuneInString(s[i:])
+		if c == utf8.RuneError && size == 1 {
+			if start < i {
+				e.WriteString(s[start:i])
+			}
+			e.WriteString(`\ufffd`)
+			i += size
+			start = i
+			continue
+		}
+		// U+2028 is LINE SEPARATOR.
+		// U+2029 is PARAGRAPH SEPARATOR.
+		// They are both technically valid characters in JSON strings,
+		// but don't work in JSONP, which has to be evaluated as JavaScript,
+		// and can lead to security holes there. It is valid JSON to
+		// escape them, so we do so unconditionally.
+		// See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion.
+		if c == '\u2028' || c == '\u2029' {
+			if start < i {
+				e.WriteString(s[start:i])
+			}
+			e.WriteString(`\u202`)
+			e.WriteByte(hex[c&0xF])
+			i += size
+			start = i
+			continue
+		}
+		i += size
+	}
+	if start < len(s) {
+		e.WriteString(s[start:])
+	}
+	e.WriteByte('"')
+	return e.Len() - len0
+}
+
+// NOTE: keep in sync with string above.
+func (e *encodeState) stringBytes(s []byte) int {
+	len0 := e.Len()
+	e.WriteByte('"')
+	start := 0
+	for i := 0; i < len(s); {
+		if b := s[i]; b < utf8.RuneSelf {
+			if 0x20 <= b && b != '\\' && b != '"' && b != '<' && b != '>' && b != '&' {
+				i++
+				continue
+			}
+			if start < i {
+				e.Write(s[start:i])
+			}
+			switch b {
+			case '\\', '"':
+				e.WriteByte('\\')
+				e.WriteByte(b)
+			case '\n':
+				e.WriteByte('\\')
+				e.WriteByte('n')
+			case '\r':
+				e.WriteByte('\\')
+				e.WriteByte('r')
+			case '\t':
+				e.WriteByte('\\')
+				e.WriteByte('t')
+			default:
+				// This encodes bytes < 0x20 except for \n and \r,
+				// as well as <, >, and &. The latter are escaped because they
+				// can lead to security holes when user-controlled strings
+				// are rendered into JSON and served to some browsers.
+				e.WriteString(`\u00`)
+				e.WriteByte(hex[b>>4])
+				e.WriteByte(hex[b&0xF])
+			}
+			i++
+			start = i
+			continue
+		}
+		c, size := utf8.DecodeRune(s[i:])
+		if c == utf8.RuneError && size == 1 {
+			if start < i {
+				e.Write(s[start:i])
+			}
+			e.WriteString(`\ufffd`)
+			i += size
+			start = i
+			continue
+		}
+		// U+2028 is LINE SEPARATOR.
+		// U+2029 is PARAGRAPH SEPARATOR.
+		// They are both technically valid characters in JSON strings,
+		// but don't work in JSONP, which has to be evaluated as JavaScript,
+		// and can lead to security holes there. It is valid JSON to
+		// escape them, so we do so unconditionally.
+		// See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion.
+		if c == '\u2028' || c == '\u2029' {
+			if start < i {
+				e.Write(s[start:i])
+			}
+			e.WriteString(`\u202`)
+			e.WriteByte(hex[c&0xF])
+			i += size
+			start = i
+			continue
+		}
+		i += size
+	}
+	if start < len(s) {
+		e.Write(s[start:])
+	}
+	e.WriteByte('"')
+	return e.Len() - len0
+}
+
+// A field represents a single field found in a struct.
+type field struct {
+	name      string
+	nameBytes []byte // []byte(name)
+
+	tag       bool
+	index     []int
+	typ       reflect.Type
+	omitEmpty bool
+	quoted    bool
+}
+
+func fillField(f field) field {
+	f.nameBytes = []byte(f.name)
+	return f
+}
+
+// byName sorts field by name, breaking ties with depth,
+// then breaking ties with "name came from json tag", then
+// breaking ties with index sequence.
+type byName []field
+
+func (x byName) Len() int { return len(x) }
+
+func (x byName) Swap(i, j int) { x[i], x[j] = x[j], x[i] }
+
+func (x byName) Less(i, j int) bool {
+	if x[i].name != x[j].name {
+		return x[i].name < x[j].name
+	}
+	if len(x[i].index) != len(x[j].index) {
+		return len(x[i].index) < len(x[j].index)
+	}
+	if x[i].tag != x[j].tag {
+		return x[i].tag
+	}
+	return byIndex(x).Less(i, j)
+}
+
+// byIndex sorts field by index sequence.
+type byIndex []field
+
+func (x byIndex) Len() int { return len(x) }
+
+func (x byIndex) Swap(i, j int) { x[i], x[j] = x[j], x[i] }
+
+func (x byIndex) Less(i, j int) bool {
+	for k, xik := range x[i].index {
+		if k >= len(x[j].index) {
+			return false
+		}
+		if xik != x[j].index[k] {
+			return xik < x[j].index[k]
+		}
+	}
+	return len(x[i].index) < len(x[j].index)
+}
+
+// typeFields returns a list of fields that JSON should recognize for the given type.
+// The algorithm is breadth-first search over the set of structs to include - the top struct
+// and then any reachable anonymous structs.
+func typeFields(t reflect.Type) []field {
+	// Anonymous fields to explore at the current level and the next.
+	current := []field{}
+	next := []field{{typ: t}}
+
+	// Count of queued names for current level and the next.
+	count := map[reflect.Type]int{}
+	nextCount := map[reflect.Type]int{}
+
+	// Types already visited at an earlier level.
+	visited := map[reflect.Type]bool{}
+
+	// Fields found.
+	var fields []field
+
+	for len(next) > 0 {
+		current, next = next, current[:0]
+		count, nextCount = nextCount, map[reflect.Type]int{}
+
+		for _, f := range current {
+			if visited[f.typ] {
+				continue
+			}
+			visited[f.typ] = true
+
+			// Scan f.typ for fields to include.
+			for i := 0; i < f.typ.NumField(); i++ {
+				sf := f.typ.Field(i)
+				if sf.PkgPath != "" && !sf.Anonymous { // unexported
+					continue
+				}
+				tag := sf.Tag.Get("json")
+				if tag == "-" {
+					continue
+				}
+				name, opts := parseTag(tag)
+				if !isValidTag(name) {
+					name = ""
+				}
+				index := make([]int, len(f.index)+1)
+				copy(index, f.index)
+				index[len(f.index)] = i
+
+				ft := sf.Type
+				if ft.Name() == "" && ft.Kind() == reflect.Ptr {
+					// Follow pointer.
+					ft = ft.Elem()
+				}
+
+				// Only strings, floats, integers, and booleans can be quoted.
+				quoted := false
+				if opts.Contains("string") {
+					switch ft.Kind() {
+					case reflect.Bool,
+						reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64,
+						reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64,
+						reflect.Float32, reflect.Float64,
+						reflect.String:
+						quoted = true
+					}
+				}
+
+				// Record found field and index sequence.
+				if name != "" || !sf.Anonymous || ft.Kind() != reflect.Struct {
+					tagged := name != ""
+					if name == "" {
+						name = sf.Name
+					}
+					fields = append(fields, fillField(field{
+						name:      name,
+						tag:       tagged,
+						index:     index,
+						typ:       ft,
+						omitEmpty: opts.Contains("omitempty"),
+						quoted:    quoted,
+					}))
+					if count[f.typ] > 1 {
+						// If there were multiple instances, add a second,
+						// so that the annihilation code will see a duplicate.
+						// It only cares about the distinction between 1 or 2,
+						// so don't bother generating any more copies.
+						fields = append(fields, fields[len(fields)-1])
+					}
+					continue
+				}
+
+				// Record new anonymous struct to explore in next round.
+				nextCount[ft]++
+				if nextCount[ft] == 1 {
+					next = append(next, fillField(field{name: ft.Name(), index: index, typ: ft}))
+				}
+			}
+		}
+	}
+
+	sort.Sort(byName(fields))
+
+	// Delete all fields that are hidden by the Go rules for embedded fields,
+	// except that fields with JSON tags are promoted.
+
+	// The fields are sorted in primary order of name, secondary order
+	// of field index length. Loop over names; for each name, delete
+	// hidden fields by choosing the one dominant field that survives.
+	out := fields[:0]
+	for advance, i := 0, 0; i < len(fields); i += advance {
+		// One iteration per name.
+		// Find the sequence of fields with the name of this first field.
+		fi := fields[i]
+		name := fi.name
+		for advance = 1; i+advance < len(fields); advance++ {
+			fj := fields[i+advance]
+			if fj.name != name {
+				break
+			}
+		}
+		if advance == 1 { // Only one field with this name
+			out = append(out, fi)
+			continue
+		}
+		dominant, ok := dominantField(fields[i : i+advance])
+		if ok {
+			out = append(out, dominant)
+		}
+	}
+
+	fields = out
+	sort.Sort(byIndex(fields))
+
+	return fields
+}
+
+// dominantField looks through the fields, all of which are known to
+// have the same name, to find the single field that dominates the
+// others using Go's embedding rules, modified by the presence of
+// JSON tags. If there are multiple top-level fields, the boolean
+// will be false: This condition is an error in Go and we skip all
+// the fields.
+func dominantField(fields []field) (field, bool) {
+	// The fields are sorted in increasing index-length order. The winner
+	// must therefore be one with the shortest index length. Drop all
+	// longer entries, which is easy: just truncate the slice.
+	length := len(fields[0].index)
+	tagged := -1 // Index of first tagged field.
+	for i, f := range fields {
+		if len(f.index) > length {
+			fields = fields[:i]
+			break
+		}
+		if f.tag {
+			if tagged >= 0 {
+				// Multiple tagged fields at the same level: conflict.
+				// Return no field.
+				return field{}, false
+			}
+			tagged = i
+		}
+	}
+	if tagged >= 0 {
+		return fields[tagged], true
+	}
+	// All remaining fields have the same length. If there's more than one,
+	// we have a conflict (two fields named "X" at the same level) and we
+	// return no field.
+	if len(fields) > 1 {
+		return field{}, false
+	}
+	return fields[0], true
+}
+
+var fieldCache struct {
+	sync.RWMutex
+	m map[reflect.Type][]field
+}
+
+// cachedTypeFields is like typeFields but uses a cache to avoid repeated work.
+func cachedTypeFields(t reflect.Type) []field {
+	fieldCache.RLock()
+	f := fieldCache.m[t]
+	fieldCache.RUnlock()
+	if f != nil {
+		return f
+	}
+
+	// Compute fields without lock.
+	// Might duplicate effort but won't hold other computations back.
+	f = typeFields(t)
+	if f == nil {
+		f = []field{}
+	}
+
+	fieldCache.Lock()
+	if fieldCache.m == nil {
+		fieldCache.m = map[reflect.Type][]field{}
+	}
+	fieldCache.m[t] = f
+	fieldCache.Unlock()
+	return f
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/json/indent.go b/vendor/github.com/go-jose/go-jose/v4/json/indent.go
new file mode 100644
index 0000000000..7cd9f4db18
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/json/indent.go
@@ -0,0 +1,141 @@
+// Copyright 2010 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+import "bytes"
+
+// Compact appends to dst the JSON-encoded src with
+// insignificant space characters elided.
+func Compact(dst *bytes.Buffer, src []byte) error {
+	return compact(dst, src, false)
+}
+
+func compact(dst *bytes.Buffer, src []byte, escape bool) error {
+	origLen := dst.Len()
+	var scan scanner
+	scan.reset()
+	start := 0
+	for i, c := range src {
+		if escape && (c == '<' || c == '>' || c == '&') {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u00`)
+			dst.WriteByte(hex[c>>4])
+			dst.WriteByte(hex[c&0xF])
+			start = i + 1
+		}
+		// Convert U+2028 and U+2029 (E2 80 A8 and E2 80 A9).
+		if c == 0xE2 && i+2 < len(src) && src[i+1] == 0x80 && src[i+2]&^1 == 0xA8 {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u202`)
+			dst.WriteByte(hex[src[i+2]&0xF])
+			start = i + 3
+		}
+		v := scan.step(&scan, c)
+		if v >= scanSkipSpace {
+			if v == scanError {
+				break
+			}
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			start = i + 1
+		}
+	}
+	if scan.eof() == scanError {
+		dst.Truncate(origLen)
+		return scan.err
+	}
+	if start < len(src) {
+		dst.Write(src[start:])
+	}
+	return nil
+}
+
+func newline(dst *bytes.Buffer, prefix, indent string, depth int) {
+	dst.WriteByte('\n')
+	dst.WriteString(prefix)
+	for i := 0; i < depth; i++ {
+		dst.WriteString(indent)
+	}
+}
+
+// Indent appends to dst an indented form of the JSON-encoded src.
+// Each element in a JSON object or array begins on a new,
+// indented line beginning with prefix followed by one or more
+// copies of indent according to the indentation nesting.
+// The data appended to dst does not begin with the prefix nor
+// any indentation, to make it easier to embed inside other formatted JSON data.
+// Although leading space characters (space, tab, carriage return, newline)
+// at the beginning of src are dropped, trailing space characters
+// at the end of src are preserved and copied to dst.
+// For example, if src has no trailing spaces, neither will dst;
+// if src ends in a trailing newline, so will dst.
+func Indent(dst *bytes.Buffer, src []byte, prefix, indent string) error {
+	origLen := dst.Len()
+	var scan scanner
+	scan.reset()
+	needIndent := false
+	depth := 0
+	for _, c := range src {
+		scan.bytes++
+		v := scan.step(&scan, c)
+		if v == scanSkipSpace {
+			continue
+		}
+		if v == scanError {
+			break
+		}
+		if needIndent && v != scanEndObject && v != scanEndArray {
+			needIndent = false
+			depth++
+			newline(dst, prefix, indent, depth)
+		}
+
+		// Emit semantically uninteresting bytes
+		// (in particular, punctuation in strings) unmodified.
+		if v == scanContinue {
+			dst.WriteByte(c)
+			continue
+		}
+
+		// Add spacing around real punctuation.
+		switch c {
+		case '{', '[':
+			// delay indent so that empty object and array are formatted as {} and [].
+			needIndent = true
+			dst.WriteByte(c)
+
+		case ',':
+			dst.WriteByte(c)
+			newline(dst, prefix, indent, depth)
+
+		case ':':
+			dst.WriteByte(c)
+			dst.WriteByte(' ')
+
+		case '}', ']':
+			if needIndent {
+				// suppress indent in empty object/array
+				needIndent = false
+			} else {
+				depth--
+				newline(dst, prefix, indent, depth)
+			}
+			dst.WriteByte(c)
+
+		default:
+			dst.WriteByte(c)
+		}
+	}
+	if scan.eof() == scanError {
+		dst.Truncate(origLen)
+		return scan.err
+	}
+	return nil
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/json/scanner.go b/vendor/github.com/go-jose/go-jose/v4/json/scanner.go
new file mode 100644
index 0000000000..ee6622e8cf
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/json/scanner.go
@@ -0,0 +1,623 @@
+// Copyright 2010 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+// JSON value parser state machine.
+// Just about at the limit of what is reasonable to write by hand.
+// Some parts are a bit tedious, but overall it nicely factors out the
+// otherwise common code from the multiple scanning functions
+// in this package (Compact, Indent, checkValid, nextValue, etc).
+//
+// This file starts with two simple examples using the scanner
+// before diving into the scanner itself.
+
+import "strconv"
+
+// checkValid verifies that data is valid JSON-encoded data.
+// scan is passed in for use by checkValid to avoid an allocation.
+func checkValid(data []byte, scan *scanner) error {
+	scan.reset()
+	for _, c := range data {
+		scan.bytes++
+		if scan.step(scan, c) == scanError {
+			return scan.err
+		}
+	}
+	if scan.eof() == scanError {
+		return scan.err
+	}
+	return nil
+}
+
+// nextValue splits data after the next whole JSON value,
+// returning that value and the bytes that follow it as separate slices.
+// scan is passed in for use by nextValue to avoid an allocation.
+func nextValue(data []byte, scan *scanner) (value, rest []byte, err error) {
+	scan.reset()
+	for i, c := range data {
+		v := scan.step(scan, c)
+		if v >= scanEndObject {
+			switch v {
+			// probe the scanner with a space to determine whether we will
+			// get scanEnd on the next character. Otherwise, if the next character
+			// is not a space, scanEndTop allocates a needless error.
+			case scanEndObject, scanEndArray:
+				if scan.step(scan, ' ') == scanEnd {
+					return data[:i+1], data[i+1:], nil
+				}
+			case scanError:
+				return nil, nil, scan.err
+			case scanEnd:
+				return data[:i], data[i:], nil
+			}
+		}
+	}
+	if scan.eof() == scanError {
+		return nil, nil, scan.err
+	}
+	return data, nil, nil
+}
+
+// A SyntaxError is a description of a JSON syntax error.
+type SyntaxError struct {
+	msg    string // description of error
+	Offset int64  // error occurred after reading Offset bytes
+}
+
+func (e *SyntaxError) Error() string { return e.msg }
+
+// A scanner is a JSON scanning state machine.
+// Callers call scan.reset() and then pass bytes in one at a time
+// by calling scan.step(&scan, c) for each byte.
+// The return value, referred to as an opcode, tells the
+// caller about significant parsing events like beginning
+// and ending literals, objects, and arrays, so that the
+// caller can follow along if it wishes.
+// The return value scanEnd indicates that a single top-level
+// JSON value has been completed, *before* the byte that
+// just got passed in.  (The indication must be delayed in order
+// to recognize the end of numbers: is 123 a whole value or
+// the beginning of 12345e+6?).
+type scanner struct {
+	// The step is a func to be called to execute the next transition.
+	// Also tried using an integer constant and a single func
+	// with a switch, but using the func directly was 10% faster
+	// on a 64-bit Mac Mini, and it's nicer to read.
+	step func(*scanner, byte) int
+
+	// Reached end of top-level value.
+	endTop bool
+
+	// Stack of what we're in the middle of - array values, object keys, object values.
+	parseState []int
+
+	// Error that happened, if any.
+	err error
+
+	// 1-byte redo (see undo method)
+	redo      bool
+	redoCode  int
+	redoState func(*scanner, byte) int
+
+	// total bytes consumed, updated by decoder.Decode
+	bytes int64
+}
+
+// These values are returned by the state transition functions
+// assigned to scanner.state and the method scanner.eof.
+// They give details about the current state of the scan that
+// callers might be interested to know about.
+// It is okay to ignore the return value of any particular
+// call to scanner.state: if one call returns scanError,
+// every subsequent call will return scanError too.
+const (
+	// Continue.
+	scanContinue     = iota // uninteresting byte
+	scanBeginLiteral        // end implied by next result != scanContinue
+	scanBeginObject         // begin object
+	scanObjectKey           // just finished object key (string)
+	scanObjectValue         // just finished non-last object value
+	scanEndObject           // end object (implies scanObjectValue if possible)
+	scanBeginArray          // begin array
+	scanArrayValue          // just finished array value
+	scanEndArray            // end array (implies scanArrayValue if possible)
+	scanSkipSpace           // space byte; can skip; known to be last "continue" result
+
+	// Stop.
+	scanEnd   // top-level value ended *before* this byte; known to be first "stop" result
+	scanError // hit an error, scanner.err.
+)
+
+// These values are stored in the parseState stack.
+// They give the current state of a composite value
+// being scanned.  If the parser is inside a nested value
+// the parseState describes the nested state, outermost at entry 0.
+const (
+	parseObjectKey   = iota // parsing object key (before colon)
+	parseObjectValue        // parsing object value (after colon)
+	parseArrayValue         // parsing array value
+)
+
+// reset prepares the scanner for use.
+// It must be called before calling s.step.
+func (s *scanner) reset() {
+	s.step = stateBeginValue
+	s.parseState = s.parseState[0:0]
+	s.err = nil
+	s.redo = false
+	s.endTop = false
+}
+
+// eof tells the scanner that the end of input has been reached.
+// It returns a scan status just as s.step does.
+func (s *scanner) eof() int {
+	if s.err != nil {
+		return scanError
+	}
+	if s.endTop {
+		return scanEnd
+	}
+	s.step(s, ' ')
+	if s.endTop {
+		return scanEnd
+	}
+	if s.err == nil {
+		s.err = &SyntaxError{"unexpected end of JSON input", s.bytes}
+	}
+	return scanError
+}
+
+// pushParseState pushes a new parse state p onto the parse stack.
+func (s *scanner) pushParseState(p int) {
+	s.parseState = append(s.parseState, p)
+}
+
+// popParseState pops a parse state (already obtained) off the stack
+// and updates s.step accordingly.
+func (s *scanner) popParseState() {
+	n := len(s.parseState) - 1
+	s.parseState = s.parseState[0:n]
+	s.redo = false
+	if n == 0 {
+		s.step = stateEndTop
+		s.endTop = true
+	} else {
+		s.step = stateEndValue
+	}
+}
+
+func isSpace(c byte) bool {
+	return c == ' ' || c == '\t' || c == '\r' || c == '\n'
+}
+
+// stateBeginValueOrEmpty is the state after reading `[`.
+func stateBeginValueOrEmpty(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	if c == ']' {
+		return stateEndValue(s, c)
+	}
+	return stateBeginValue(s, c)
+}
+
+// stateBeginValue is the state at the beginning of the input.
+func stateBeginValue(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	switch c {
+	case '{':
+		s.step = stateBeginStringOrEmpty
+		s.pushParseState(parseObjectKey)
+		return scanBeginObject
+	case '[':
+		s.step = stateBeginValueOrEmpty
+		s.pushParseState(parseArrayValue)
+		return scanBeginArray
+	case '"':
+		s.step = stateInString
+		return scanBeginLiteral
+	case '-':
+		s.step = stateNeg
+		return scanBeginLiteral
+	case '0': // beginning of 0.123
+		s.step = state0
+		return scanBeginLiteral
+	case 't': // beginning of true
+		s.step = stateT
+		return scanBeginLiteral
+	case 'f': // beginning of false
+		s.step = stateF
+		return scanBeginLiteral
+	case 'n': // beginning of null
+		s.step = stateN
+		return scanBeginLiteral
+	}
+	if '1' <= c && c <= '9' { // beginning of 1234.5
+		s.step = state1
+		return scanBeginLiteral
+	}
+	return s.error(c, "looking for beginning of value")
+}
+
+// stateBeginStringOrEmpty is the state after reading `{`.
+func stateBeginStringOrEmpty(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	if c == '}' {
+		n := len(s.parseState)
+		s.parseState[n-1] = parseObjectValue
+		return stateEndValue(s, c)
+	}
+	return stateBeginString(s, c)
+}
+
+// stateBeginString is the state after reading `{"key": value,`.
+func stateBeginString(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	if c == '"' {
+		s.step = stateInString
+		return scanBeginLiteral
+	}
+	return s.error(c, "looking for beginning of object key string")
+}
+
+// stateEndValue is the state after completing a value,
+// such as after reading `{}` or `true` or `["x"`.
+func stateEndValue(s *scanner, c byte) int {
+	n := len(s.parseState)
+	if n == 0 {
+		// Completed top-level before the current byte.
+		s.step = stateEndTop
+		s.endTop = true
+		return stateEndTop(s, c)
+	}
+	if c <= ' ' && isSpace(c) {
+		s.step = stateEndValue
+		return scanSkipSpace
+	}
+	ps := s.parseState[n-1]
+	switch ps {
+	case parseObjectKey:
+		if c == ':' {
+			s.parseState[n-1] = parseObjectValue
+			s.step = stateBeginValue
+			return scanObjectKey
+		}
+		return s.error(c, "after object key")
+	case parseObjectValue:
+		if c == ',' {
+			s.parseState[n-1] = parseObjectKey
+			s.step = stateBeginString
+			return scanObjectValue
+		}
+		if c == '}' {
+			s.popParseState()
+			return scanEndObject
+		}
+		return s.error(c, "after object key:value pair")
+	case parseArrayValue:
+		if c == ',' {
+			s.step = stateBeginValue
+			return scanArrayValue
+		}
+		if c == ']' {
+			s.popParseState()
+			return scanEndArray
+		}
+		return s.error(c, "after array element")
+	}
+	return s.error(c, "")
+}
+
+// stateEndTop is the state after finishing the top-level value,
+// such as after reading `{}` or `[1,2,3]`.
+// Only space characters should be seen now.
+func stateEndTop(s *scanner, c byte) int {
+	if c != ' ' && c != '\t' && c != '\r' && c != '\n' {
+		// Complain about non-space byte on next call.
+		s.error(c, "after top-level value")
+	}
+	return scanEnd
+}
+
+// stateInString is the state after reading `"`.
+func stateInString(s *scanner, c byte) int {
+	if c == '"' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	if c == '\\' {
+		s.step = stateInStringEsc
+		return scanContinue
+	}
+	if c < 0x20 {
+		return s.error(c, "in string literal")
+	}
+	return scanContinue
+}
+
+// stateInStringEsc is the state after reading `"\` during a quoted string.
+func stateInStringEsc(s *scanner, c byte) int {
+	switch c {
+	case 'b', 'f', 'n', 'r', 't', '\\', '/', '"':
+		s.step = stateInString
+		return scanContinue
+	case 'u':
+		s.step = stateInStringEscU
+		return scanContinue
+	}
+	return s.error(c, "in string escape code")
+}
+
+// stateInStringEscU is the state after reading `"\u` during a quoted string.
+func stateInStringEscU(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInStringEscU1
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateInStringEscU1 is the state after reading `"\u1` during a quoted string.
+func stateInStringEscU1(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInStringEscU12
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateInStringEscU12 is the state after reading `"\u12` during a quoted string.
+func stateInStringEscU12(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInStringEscU123
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateInStringEscU123 is the state after reading `"\u123` during a quoted string.
+func stateInStringEscU123(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInString
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateNeg is the state after reading `-` during a number.
+func stateNeg(s *scanner, c byte) int {
+	if c == '0' {
+		s.step = state0
+		return scanContinue
+	}
+	if '1' <= c && c <= '9' {
+		s.step = state1
+		return scanContinue
+	}
+	return s.error(c, "in numeric literal")
+}
+
+// state1 is the state after reading a non-zero integer during a number,
+// such as after reading `1` or `100` but not `0`.
+func state1(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		s.step = state1
+		return scanContinue
+	}
+	return state0(s, c)
+}
+
+// state0 is the state after reading `0` during a number.
+func state0(s *scanner, c byte) int {
+	if c == '.' {
+		s.step = stateDot
+		return scanContinue
+	}
+	if c == 'e' || c == 'E' {
+		s.step = stateE
+		return scanContinue
+	}
+	return stateEndValue(s, c)
+}
+
+// stateDot is the state after reading the integer and decimal point in a number,
+// such as after reading `1.`.
+func stateDot(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		s.step = stateDot0
+		return scanContinue
+	}
+	return s.error(c, "after decimal point in numeric literal")
+}
+
+// stateDot0 is the state after reading the integer, decimal point, and subsequent
+// digits of a number, such as after reading `3.14`.
+func stateDot0(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		return scanContinue
+	}
+	if c == 'e' || c == 'E' {
+		s.step = stateE
+		return scanContinue
+	}
+	return stateEndValue(s, c)
+}
+
+// stateE is the state after reading the mantissa and e in a number,
+// such as after reading `314e` or `0.314e`.
+func stateE(s *scanner, c byte) int {
+	if c == '+' || c == '-' {
+		s.step = stateESign
+		return scanContinue
+	}
+	return stateESign(s, c)
+}
+
+// stateESign is the state after reading the mantissa, e, and sign in a number,
+// such as after reading `314e-` or `0.314e+`.
+func stateESign(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		s.step = stateE0
+		return scanContinue
+	}
+	return s.error(c, "in exponent of numeric literal")
+}
+
+// stateE0 is the state after reading the mantissa, e, optional sign,
+// and at least one digit of the exponent in a number,
+// such as after reading `314e-2` or `0.314e+1` or `3.14e0`.
+func stateE0(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		return scanContinue
+	}
+	return stateEndValue(s, c)
+}
+
+// stateT is the state after reading `t`.
+func stateT(s *scanner, c byte) int {
+	if c == 'r' {
+		s.step = stateTr
+		return scanContinue
+	}
+	return s.error(c, "in literal true (expecting 'r')")
+}
+
+// stateTr is the state after reading `tr`.
+func stateTr(s *scanner, c byte) int {
+	if c == 'u' {
+		s.step = stateTru
+		return scanContinue
+	}
+	return s.error(c, "in literal true (expecting 'u')")
+}
+
+// stateTru is the state after reading `tru`.
+func stateTru(s *scanner, c byte) int {
+	if c == 'e' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	return s.error(c, "in literal true (expecting 'e')")
+}
+
+// stateF is the state after reading `f`.
+func stateF(s *scanner, c byte) int {
+	if c == 'a' {
+		s.step = stateFa
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 'a')")
+}
+
+// stateFa is the state after reading `fa`.
+func stateFa(s *scanner, c byte) int {
+	if c == 'l' {
+		s.step = stateFal
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 'l')")
+}
+
+// stateFal is the state after reading `fal`.
+func stateFal(s *scanner, c byte) int {
+	if c == 's' {
+		s.step = stateFals
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 's')")
+}
+
+// stateFals is the state after reading `fals`.
+func stateFals(s *scanner, c byte) int {
+	if c == 'e' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 'e')")
+}
+
+// stateN is the state after reading `n`.
+func stateN(s *scanner, c byte) int {
+	if c == 'u' {
+		s.step = stateNu
+		return scanContinue
+	}
+	return s.error(c, "in literal null (expecting 'u')")
+}
+
+// stateNu is the state after reading `nu`.
+func stateNu(s *scanner, c byte) int {
+	if c == 'l' {
+		s.step = stateNul
+		return scanContinue
+	}
+	return s.error(c, "in literal null (expecting 'l')")
+}
+
+// stateNul is the state after reading `nul`.
+func stateNul(s *scanner, c byte) int {
+	if c == 'l' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	return s.error(c, "in literal null (expecting 'l')")
+}
+
+// stateError is the state after reaching a syntax error,
+// such as after reading `[1}` or `5.1.2`.
+func stateError(s *scanner, c byte) int {
+	return scanError
+}
+
+// error records an error and switches to the error state.
+func (s *scanner) error(c byte, context string) int {
+	s.step = stateError
+	s.err = &SyntaxError{"invalid character " + quoteChar(c) + " " + context, s.bytes}
+	return scanError
+}
+
+// quoteChar formats c as a quoted character literal
+func quoteChar(c byte) string {
+	// special cases - different from quoted strings
+	if c == '\'' {
+		return `'\''`
+	}
+	if c == '"' {
+		return `'"'`
+	}
+
+	// use quoted string with different quotation marks
+	s := strconv.Quote(string(c))
+	return "'" + s[1:len(s)-1] + "'"
+}
+
+// undo causes the scanner to return scanCode from the next state transition.
+// This gives callers a simple 1-byte undo mechanism.
+func (s *scanner) undo(scanCode int) {
+	if s.redo {
+		panic("json: invalid use of scanner")
+	}
+	s.redoCode = scanCode
+	s.redoState = s.step
+	s.step = stateRedo
+	s.redo = true
+}
+
+// stateRedo helps implement the scanner's 1-byte undo.
+func stateRedo(s *scanner, c byte) int {
+	s.redo = false
+	s.step = s.redoState
+	return s.redoCode
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/json/stream.go b/vendor/github.com/go-jose/go-jose/v4/json/stream.go
new file mode 100644
index 0000000000..f03b171e6a
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/json/stream.go
@@ -0,0 +1,484 @@
+// Copyright 2010 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+import (
+	"bytes"
+	"errors"
+	"io"
+)
+
+// A Decoder reads and decodes JSON objects from an input stream.
+type Decoder struct {
+	r     io.Reader
+	buf   []byte
+	d     decodeState
+	scanp int // start of unread data in buf
+	scan  scanner
+	err   error
+
+	tokenState int
+	tokenStack []int
+}
+
+// NewDecoder returns a new decoder that reads from r.
+//
+// The decoder introduces its own buffering and may
+// read data from r beyond the JSON values requested.
+func NewDecoder(r io.Reader) *Decoder {
+	return &Decoder{r: r}
+}
+
+// Deprecated: Use `SetNumberType` instead
+// UseNumber causes the Decoder to unmarshal a number into an interface{} as a
+// Number instead of as a float64.
+func (dec *Decoder) UseNumber() { dec.d.numberType = UnmarshalJSONNumber }
+
+// SetNumberType causes the Decoder to unmarshal a number into an interface{} as a
+// Number, float64 or int64 depending on `t` enum value.
+func (dec *Decoder) SetNumberType(t NumberUnmarshalType) { dec.d.numberType = t }
+
+// Decode reads the next JSON-encoded value from its
+// input and stores it in the value pointed to by v.
+//
+// See the documentation for Unmarshal for details about
+// the conversion of JSON into a Go value.
+func (dec *Decoder) Decode(v interface{}) error {
+	if dec.err != nil {
+		return dec.err
+	}
+
+	if err := dec.tokenPrepareForDecode(); err != nil {
+		return err
+	}
+
+	if !dec.tokenValueAllowed() {
+		return &SyntaxError{msg: "not at beginning of value"}
+	}
+
+	// Read whole value into buffer.
+	n, err := dec.readValue()
+	if err != nil {
+		return err
+	}
+	dec.d.init(dec.buf[dec.scanp : dec.scanp+n])
+	dec.scanp += n
+
+	// Don't save err from unmarshal into dec.err:
+	// the connection is still usable since we read a complete JSON
+	// object from it before the error happened.
+	err = dec.d.unmarshal(v)
+
+	// fixup token streaming state
+	dec.tokenValueEnd()
+
+	return err
+}
+
+// Buffered returns a reader of the data remaining in the Decoder's
+// buffer. The reader is valid until the next call to Decode.
+func (dec *Decoder) Buffered() io.Reader {
+	return bytes.NewReader(dec.buf[dec.scanp:])
+}
+
+// readValue reads a JSON value into dec.buf.
+// It returns the length of the encoding.
+func (dec *Decoder) readValue() (int, error) {
+	dec.scan.reset()
+
+	scanp := dec.scanp
+	var err error
+Input:
+	for {
+		// Look in the buffer for a new value.
+		for i, c := range dec.buf[scanp:] {
+			dec.scan.bytes++
+			v := dec.scan.step(&dec.scan, c)
+			if v == scanEnd {
+				scanp += i
+				break Input
+			}
+			// scanEnd is delayed one byte.
+			// We might block trying to get that byte from src,
+			// so instead invent a space byte.
+			if (v == scanEndObject || v == scanEndArray) && dec.scan.step(&dec.scan, ' ') == scanEnd {
+				scanp += i + 1
+				break Input
+			}
+			if v == scanError {
+				dec.err = dec.scan.err
+				return 0, dec.scan.err
+			}
+		}
+		scanp = len(dec.buf)
+
+		// Did the last read have an error?
+		// Delayed until now to allow buffer scan.
+		if err != nil {
+			if err == io.EOF {
+				if dec.scan.step(&dec.scan, ' ') == scanEnd {
+					break Input
+				}
+				if nonSpace(dec.buf) {
+					err = io.ErrUnexpectedEOF
+				}
+			}
+			dec.err = err
+			return 0, err
+		}
+
+		n := scanp - dec.scanp
+		err = dec.refill()
+		scanp = dec.scanp + n
+	}
+	return scanp - dec.scanp, nil
+}
+
+func (dec *Decoder) refill() error {
+	// Make room to read more into the buffer.
+	// First slide down data already consumed.
+	if dec.scanp > 0 {
+		n := copy(dec.buf, dec.buf[dec.scanp:])
+		dec.buf = dec.buf[:n]
+		dec.scanp = 0
+	}
+
+	// Grow buffer if not large enough.
+	const minRead = 512
+	if cap(dec.buf)-len(dec.buf) < minRead {
+		newBuf := make([]byte, len(dec.buf), 2*cap(dec.buf)+minRead)
+		copy(newBuf, dec.buf)
+		dec.buf = newBuf
+	}
+
+	// Read.  Delay error for next iteration (after scan).
+	n, err := dec.r.Read(dec.buf[len(dec.buf):cap(dec.buf)])
+	dec.buf = dec.buf[0 : len(dec.buf)+n]
+
+	return err
+}
+
+func nonSpace(b []byte) bool {
+	for _, c := range b {
+		if !isSpace(c) {
+			return true
+		}
+	}
+	return false
+}
+
+// An Encoder writes JSON objects to an output stream.
+type Encoder struct {
+	w   io.Writer
+	err error
+}
+
+// NewEncoder returns a new encoder that writes to w.
+func NewEncoder(w io.Writer) *Encoder {
+	return &Encoder{w: w}
+}
+
+// Encode writes the JSON encoding of v to the stream,
+// followed by a newline character.
+//
+// See the documentation for Marshal for details about the
+// conversion of Go values to JSON.
+func (enc *Encoder) Encode(v interface{}) error {
+	if enc.err != nil {
+		return enc.err
+	}
+	e := newEncodeState()
+	err := e.marshal(v)
+	if err != nil {
+		return err
+	}
+
+	// Terminate each value with a newline.
+	// This makes the output look a little nicer
+	// when debugging, and some kind of space
+	// is required if the encoded value was a number,
+	// so that the reader knows there aren't more
+	// digits coming.
+	e.WriteByte('\n')
+
+	if _, err = enc.w.Write(e.Bytes()); err != nil {
+		enc.err = err
+	}
+	encodeStatePool.Put(e)
+	return err
+}
+
+// RawMessage is a raw encoded JSON object.
+// It implements Marshaler and Unmarshaler and can
+// be used to delay JSON decoding or precompute a JSON encoding.
+type RawMessage []byte
+
+// MarshalJSON returns *m as the JSON encoding of m.
+func (m *RawMessage) MarshalJSON() ([]byte, error) {
+	return *m, nil
+}
+
+// UnmarshalJSON sets *m to a copy of data.
+func (m *RawMessage) UnmarshalJSON(data []byte) error {
+	if m == nil {
+		return errors.New("json.RawMessage: UnmarshalJSON on nil pointer")
+	}
+	*m = append((*m)[0:0], data...)
+	return nil
+}
+
+var _ Marshaler = (*RawMessage)(nil)
+var _ Unmarshaler = (*RawMessage)(nil)
+
+// A Token holds a value of one of these types:
+//
+//	Delim, for the four JSON delimiters [ ] { }
+//	bool, for JSON booleans
+//	float64, for JSON numbers
+//	Number, for JSON numbers
+//	string, for JSON string literals
+//	nil, for JSON null
+type Token interface{}
+
+const (
+	tokenTopValue = iota
+	tokenArrayStart
+	tokenArrayValue
+	tokenArrayComma
+	tokenObjectStart
+	tokenObjectKey
+	tokenObjectColon
+	tokenObjectValue
+	tokenObjectComma
+)
+
+// advance tokenstate from a separator state to a value state
+func (dec *Decoder) tokenPrepareForDecode() error {
+	// Note: Not calling peek before switch, to avoid
+	// putting peek into the standard Decode path.
+	// peek is only called when using the Token API.
+	switch dec.tokenState {
+	case tokenArrayComma:
+		c, err := dec.peek()
+		if err != nil {
+			return err
+		}
+		if c != ',' {
+			return &SyntaxError{"expected comma after array element", 0}
+		}
+		dec.scanp++
+		dec.tokenState = tokenArrayValue
+	case tokenObjectColon:
+		c, err := dec.peek()
+		if err != nil {
+			return err
+		}
+		if c != ':' {
+			return &SyntaxError{"expected colon after object key", 0}
+		}
+		dec.scanp++
+		dec.tokenState = tokenObjectValue
+	}
+	return nil
+}
+
+func (dec *Decoder) tokenValueAllowed() bool {
+	switch dec.tokenState {
+	case tokenTopValue, tokenArrayStart, tokenArrayValue, tokenObjectValue:
+		return true
+	}
+	return false
+}
+
+func (dec *Decoder) tokenValueEnd() {
+	switch dec.tokenState {
+	case tokenArrayStart, tokenArrayValue:
+		dec.tokenState = tokenArrayComma
+	case tokenObjectValue:
+		dec.tokenState = tokenObjectComma
+	}
+}
+
+// A Delim is a JSON array or object delimiter, one of [ ] { or }.
+type Delim rune
+
+func (d Delim) String() string {
+	return string(d)
+}
+
+// Token returns the next JSON token in the input stream.
+// At the end of the input stream, Token returns nil, io.EOF.
+//
+// Token guarantees that the delimiters [ ] { } it returns are
+// properly nested and matched: if Token encounters an unexpected
+// delimiter in the input, it will return an error.
+//
+// The input stream consists of basic JSON values—bool, string,
+// number, and null—along with delimiters [ ] { } of type Delim
+// to mark the start and end of arrays and objects.
+// Commas and colons are elided.
+func (dec *Decoder) Token() (Token, error) {
+	for {
+		c, err := dec.peek()
+		if err != nil {
+			return nil, err
+		}
+		switch c {
+		case '[':
+			if !dec.tokenValueAllowed() {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenStack = append(dec.tokenStack, dec.tokenState)
+			dec.tokenState = tokenArrayStart
+			return Delim('['), nil
+
+		case ']':
+			if dec.tokenState != tokenArrayStart && dec.tokenState != tokenArrayComma {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenState = dec.tokenStack[len(dec.tokenStack)-1]
+			dec.tokenStack = dec.tokenStack[:len(dec.tokenStack)-1]
+			dec.tokenValueEnd()
+			return Delim(']'), nil
+
+		case '{':
+			if !dec.tokenValueAllowed() {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenStack = append(dec.tokenStack, dec.tokenState)
+			dec.tokenState = tokenObjectStart
+			return Delim('{'), nil
+
+		case '}':
+			if dec.tokenState != tokenObjectStart && dec.tokenState != tokenObjectComma {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenState = dec.tokenStack[len(dec.tokenStack)-1]
+			dec.tokenStack = dec.tokenStack[:len(dec.tokenStack)-1]
+			dec.tokenValueEnd()
+			return Delim('}'), nil
+
+		case ':':
+			if dec.tokenState != tokenObjectColon {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenState = tokenObjectValue
+			continue
+
+		case ',':
+			if dec.tokenState == tokenArrayComma {
+				dec.scanp++
+				dec.tokenState = tokenArrayValue
+				continue
+			}
+			if dec.tokenState == tokenObjectComma {
+				dec.scanp++
+				dec.tokenState = tokenObjectKey
+				continue
+			}
+			return dec.tokenError(c)
+
+		case '"':
+			if dec.tokenState == tokenObjectStart || dec.tokenState == tokenObjectKey {
+				var x string
+				old := dec.tokenState
+				dec.tokenState = tokenTopValue
+				err := dec.Decode(&x)
+				dec.tokenState = old
+				if err != nil {
+					clearOffset(err)
+					return nil, err
+				}
+				dec.tokenState = tokenObjectColon
+				return x, nil
+			}
+			fallthrough
+
+		default:
+			if !dec.tokenValueAllowed() {
+				return dec.tokenError(c)
+			}
+			var x interface{}
+			if err := dec.Decode(&x); err != nil {
+				clearOffset(err)
+				return nil, err
+			}
+			return x, nil
+		}
+	}
+}
+
+func clearOffset(err error) {
+	if s, ok := err.(*SyntaxError); ok {
+		s.Offset = 0
+	}
+}
+
+func (dec *Decoder) tokenError(c byte) (Token, error) {
+	var context string
+	switch dec.tokenState {
+	case tokenTopValue:
+		context = " looking for beginning of value"
+	case tokenArrayStart, tokenArrayValue, tokenObjectValue:
+		context = " looking for beginning of value"
+	case tokenArrayComma:
+		context = " after array element"
+	case tokenObjectKey:
+		context = " looking for beginning of object key string"
+	case tokenObjectColon:
+		context = " after object key"
+	case tokenObjectComma:
+		context = " after object key:value pair"
+	}
+	return nil, &SyntaxError{"invalid character " + quoteChar(c) + " " + context, 0}
+}
+
+// More reports whether there is another element in the
+// current array or object being parsed.
+func (dec *Decoder) More() bool {
+	c, err := dec.peek()
+	return err == nil && c != ']' && c != '}'
+}
+
+func (dec *Decoder) peek() (byte, error) {
+	var err error
+	for {
+		for i := dec.scanp; i < len(dec.buf); i++ {
+			c := dec.buf[i]
+			if isSpace(c) {
+				continue
+			}
+			dec.scanp = i
+			return c, nil
+		}
+		// buffer has been scanned, now report any error
+		if err != nil {
+			return 0, err
+		}
+		err = dec.refill()
+	}
+}
+
+/*
+TODO
+
+// EncodeToken writes the given JSON token to the stream.
+// It returns an error if the delimiters [ ] { } are not properly used.
+//
+// EncodeToken does not call Flush, because usually it is part of
+// a larger operation such as Encode, and those will call Flush when finished.
+// Callers that create an Encoder and then invoke EncodeToken directly,
+// without using Encode, need to call Flush when finished to ensure that
+// the JSON is written to the underlying writer.
+func (e *Encoder) EncodeToken(t Token) error  {
+	...
+}
+
+*/
diff --git a/vendor/github.com/go-jose/go-jose/v4/json/tags.go b/vendor/github.com/go-jose/go-jose/v4/json/tags.go
new file mode 100644
index 0000000000..c38fd5102f
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/json/tags.go
@@ -0,0 +1,44 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+import (
+	"strings"
+)
+
+// tagOptions is the string following a comma in a struct field's "json"
+// tag, or the empty string. It does not include the leading comma.
+type tagOptions string
+
+// parseTag splits a struct field's json tag into its name and
+// comma-separated options.
+func parseTag(tag string) (string, tagOptions) {
+	if idx := strings.Index(tag, ","); idx != -1 {
+		return tag[:idx], tagOptions(tag[idx+1:])
+	}
+	return tag, tagOptions("")
+}
+
+// Contains reports whether a comma-separated list of options
+// contains a particular substr flag. substr must be surrounded by a
+// string boundary or commas.
+func (o tagOptions) Contains(optionName string) bool {
+	if len(o) == 0 {
+		return false
+	}
+	s := string(o)
+	for s != "" {
+		var next string
+		i := strings.Index(s, ",")
+		if i >= 0 {
+			s, next = s[:i], s[i+1:]
+		}
+		if s == optionName {
+			return true
+		}
+		s = next
+	}
+	return false
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/jwe.go b/vendor/github.com/go-jose/go-jose/v4/jwe.go
new file mode 100644
index 0000000000..89f03ee3e1
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/jwe.go
@@ -0,0 +1,381 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/go-jose/go-jose/v4/json"
+)
+
+// rawJSONWebEncryption represents a raw JWE JSON object. Used for parsing/serializing.
+type rawJSONWebEncryption struct {
+	Protected    *byteBuffer        `json:"protected,omitempty"`
+	Unprotected  *rawHeader         `json:"unprotected,omitempty"`
+	Header       *rawHeader         `json:"header,omitempty"`
+	Recipients   []rawRecipientInfo `json:"recipients,omitempty"`
+	Aad          *byteBuffer        `json:"aad,omitempty"`
+	EncryptedKey *byteBuffer        `json:"encrypted_key,omitempty"`
+	Iv           *byteBuffer        `json:"iv,omitempty"`
+	Ciphertext   *byteBuffer        `json:"ciphertext,omitempty"`
+	Tag          *byteBuffer        `json:"tag,omitempty"`
+}
+
+// rawRecipientInfo represents a raw JWE Per-Recipient header JSON object. Used for parsing/serializing.
+type rawRecipientInfo struct {
+	Header       *rawHeader `json:"header,omitempty"`
+	EncryptedKey string     `json:"encrypted_key,omitempty"`
+}
+
+// JSONWebEncryption represents an encrypted JWE object after parsing.
+type JSONWebEncryption struct {
+	Header                   Header
+	protected, unprotected   *rawHeader
+	recipients               []recipientInfo
+	aad, iv, ciphertext, tag []byte
+	original                 *rawJSONWebEncryption
+}
+
+// recipientInfo represents a raw JWE Per-Recipient header JSON object after parsing.
+type recipientInfo struct {
+	header       *rawHeader
+	encryptedKey []byte
+}
+
+// GetAuthData retrieves the (optional) authenticated data attached to the object.
+func (obj JSONWebEncryption) GetAuthData() []byte {
+	if obj.aad != nil {
+		out := make([]byte, len(obj.aad))
+		copy(out, obj.aad)
+		return out
+	}
+
+	return nil
+}
+
+// Get the merged header values
+func (obj JSONWebEncryption) mergedHeaders(recipient *recipientInfo) rawHeader {
+	out := rawHeader{}
+	out.merge(obj.protected)
+	out.merge(obj.unprotected)
+
+	if recipient != nil {
+		out.merge(recipient.header)
+	}
+
+	return out
+}
+
+// Get the additional authenticated data from a JWE object.
+func (obj JSONWebEncryption) computeAuthData() []byte {
+	var protected string
+
+	switch {
+	case obj.original != nil && obj.original.Protected != nil:
+		protected = obj.original.Protected.base64()
+	case obj.protected != nil:
+		protected = base64.RawURLEncoding.EncodeToString(mustSerializeJSON((obj.protected)))
+	default:
+		protected = ""
+	}
+
+	output := []byte(protected)
+	if obj.aad != nil {
+		output = append(output, '.')
+		output = append(output, []byte(base64.RawURLEncoding.EncodeToString(obj.aad))...)
+	}
+
+	return output
+}
+
+func containsKeyAlgorithm(haystack []KeyAlgorithm, needle KeyAlgorithm) bool {
+	for _, algorithm := range haystack {
+		if algorithm == needle {
+			return true
+		}
+	}
+	return false
+}
+
+func containsContentEncryption(haystack []ContentEncryption, needle ContentEncryption) bool {
+	for _, algorithm := range haystack {
+		if algorithm == needle {
+			return true
+		}
+	}
+	return false
+}
+
+// ParseEncrypted parses an encrypted message in JWE Compact or JWE JSON Serialization.
+//
+// https://datatracker.ietf.org/doc/html/rfc7516#section-3.1
+// https://datatracker.ietf.org/doc/html/rfc7516#section-3.2
+//
+// The keyAlgorithms and contentEncryption parameters are used to validate the "alg" and "enc"
+// header parameters respectively. They must be nonempty, and each "alg" or "enc" header in
+// parsed data must contain a value that is present in the corresponding parameter. That
+// includes the protected and unprotected headers as well as all recipients. To accept
+// multiple algorithms, pass a slice of all the algorithms you want to accept.
+func ParseEncrypted(input string,
+	keyEncryptionAlgorithms []KeyAlgorithm,
+	contentEncryption []ContentEncryption,
+) (*JSONWebEncryption, error) {
+	input = stripWhitespace(input)
+	if strings.HasPrefix(input, "{") {
+		return ParseEncryptedJSON(input, keyEncryptionAlgorithms, contentEncryption)
+	}
+
+	return ParseEncryptedCompact(input, keyEncryptionAlgorithms, contentEncryption)
+}
+
+// ParseEncryptedJSON parses a message in JWE JSON Serialization.
+//
+// https://datatracker.ietf.org/doc/html/rfc7516#section-3.2
+func ParseEncryptedJSON(
+	input string,
+	keyEncryptionAlgorithms []KeyAlgorithm,
+	contentEncryption []ContentEncryption,
+) (*JSONWebEncryption, error) {
+	var parsed rawJSONWebEncryption
+	err := json.Unmarshal([]byte(input), &parsed)
+	if err != nil {
+		return nil, err
+	}
+
+	return parsed.sanitized(keyEncryptionAlgorithms, contentEncryption)
+}
+
+// sanitized produces a cleaned-up JWE object from the raw JSON.
+func (parsed *rawJSONWebEncryption) sanitized(
+	keyEncryptionAlgorithms []KeyAlgorithm,
+	contentEncryption []ContentEncryption,
+) (*JSONWebEncryption, error) {
+	if len(keyEncryptionAlgorithms) == 0 {
+		return nil, errors.New("go-jose/go-jose: no key algorithms provided")
+	}
+	if len(contentEncryption) == 0 {
+		return nil, errors.New("go-jose/go-jose: no content encryption algorithms provided")
+	}
+
+	obj := &JSONWebEncryption{
+		original:    parsed,
+		unprotected: parsed.Unprotected,
+	}
+
+	// Check that there is not a nonce in the unprotected headers
+	if parsed.Unprotected != nil {
+		if nonce := parsed.Unprotected.getNonce(); nonce != "" {
+			return nil, ErrUnprotectedNonce
+		}
+	}
+	if parsed.Header != nil {
+		if nonce := parsed.Header.getNonce(); nonce != "" {
+			return nil, ErrUnprotectedNonce
+		}
+	}
+
+	if parsed.Protected != nil && len(parsed.Protected.bytes()) > 0 {
+		err := json.Unmarshal(parsed.Protected.bytes(), &obj.protected)
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid protected header: %s, %s", err, parsed.Protected.base64())
+		}
+	}
+
+	// Note: this must be called _after_ we parse the protected header,
+	// otherwise fields from the protected header will not get picked up.
+	var err error
+	mergedHeaders := obj.mergedHeaders(nil)
+	obj.Header, err = mergedHeaders.sanitized()
+	if err != nil {
+		return nil, fmt.Errorf("go-jose/go-jose: cannot sanitize merged headers: %v (%v)", err, mergedHeaders)
+	}
+
+	if len(parsed.Recipients) == 0 {
+		obj.recipients = []recipientInfo{
+			{
+				header:       parsed.Header,
+				encryptedKey: parsed.EncryptedKey.bytes(),
+			},
+		}
+	} else {
+		obj.recipients = make([]recipientInfo, len(parsed.Recipients))
+		for r := range parsed.Recipients {
+			encryptedKey, err := base64.RawURLEncoding.DecodeString(parsed.Recipients[r].EncryptedKey)
+			if err != nil {
+				return nil, err
+			}
+
+			// Check that there is not a nonce in the unprotected header
+			if parsed.Recipients[r].Header != nil && parsed.Recipients[r].Header.getNonce() != "" {
+				return nil, ErrUnprotectedNonce
+			}
+
+			obj.recipients[r].header = parsed.Recipients[r].Header
+			obj.recipients[r].encryptedKey = encryptedKey
+		}
+	}
+
+	for i, recipient := range obj.recipients {
+		headers := obj.mergedHeaders(&recipient)
+		if headers.getAlgorithm() == "" {
+			return nil, fmt.Errorf(`go-jose/go-jose: recipient %d: missing header "alg"`, i)
+		}
+		if headers.getEncryption() == "" {
+			return nil, fmt.Errorf(`go-jose/go-jose: recipient %d: missing header "enc"`, i)
+		}
+		err := validateAlgEnc(headers, keyEncryptionAlgorithms, contentEncryption)
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: recipient %d: %s", i, err)
+		}
+
+	}
+
+	if obj.protected != nil {
+		err := validateAlgEnc(*obj.protected, keyEncryptionAlgorithms, contentEncryption)
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: protected header: %s", err)
+		}
+	}
+	if obj.unprotected != nil {
+		err := validateAlgEnc(*obj.unprotected, keyEncryptionAlgorithms, contentEncryption)
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: unprotected header: %s", err)
+		}
+	}
+
+	obj.iv = parsed.Iv.bytes()
+	obj.ciphertext = parsed.Ciphertext.bytes()
+	obj.tag = parsed.Tag.bytes()
+	obj.aad = parsed.Aad.bytes()
+
+	return obj, nil
+}
+
+func validateAlgEnc(headers rawHeader, keyAlgorithms []KeyAlgorithm, contentEncryption []ContentEncryption) error {
+	alg := headers.getAlgorithm()
+	enc := headers.getEncryption()
+	if alg != "" && !containsKeyAlgorithm(keyAlgorithms, alg) {
+		return fmt.Errorf("unexpected key algorithm %q; expected %q", alg, keyAlgorithms)
+	}
+	if alg != "" && !containsContentEncryption(contentEncryption, enc) {
+		return fmt.Errorf("unexpected content encryption algorithm %q; expected %q", enc, contentEncryption)
+	}
+	return nil
+}
+
+// ParseEncryptedCompact parses a message in JWE Compact Serialization.
+//
+// https://datatracker.ietf.org/doc/html/rfc7516#section-3.1
+func ParseEncryptedCompact(
+	input string,
+	keyAlgorithms []KeyAlgorithm,
+	contentEncryption []ContentEncryption,
+) (*JSONWebEncryption, error) {
+	parts := strings.Split(input, ".")
+	if len(parts) != 5 {
+		return nil, fmt.Errorf("go-jose/go-jose: compact JWE format must have five parts")
+	}
+
+	rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
+	if err != nil {
+		return nil, err
+	}
+
+	encryptedKey, err := base64.RawURLEncoding.DecodeString(parts[1])
+	if err != nil {
+		return nil, err
+	}
+
+	iv, err := base64.RawURLEncoding.DecodeString(parts[2])
+	if err != nil {
+		return nil, err
+	}
+
+	ciphertext, err := base64.RawURLEncoding.DecodeString(parts[3])
+	if err != nil {
+		return nil, err
+	}
+
+	tag, err := base64.RawURLEncoding.DecodeString(parts[4])
+	if err != nil {
+		return nil, err
+	}
+
+	raw := &rawJSONWebEncryption{
+		Protected:    newBuffer(rawProtected),
+		EncryptedKey: newBuffer(encryptedKey),
+		Iv:           newBuffer(iv),
+		Ciphertext:   newBuffer(ciphertext),
+		Tag:          newBuffer(tag),
+	}
+
+	return raw.sanitized(keyAlgorithms, contentEncryption)
+}
+
+// CompactSerialize serializes an object using the compact serialization format.
+func (obj JSONWebEncryption) CompactSerialize() (string, error) {
+	if len(obj.recipients) != 1 || obj.unprotected != nil ||
+		obj.protected == nil || obj.recipients[0].header != nil {
+		return "", ErrNotSupported
+	}
+
+	serializedProtected := mustSerializeJSON(obj.protected)
+
+	return base64JoinWithDots(
+		serializedProtected,
+		obj.recipients[0].encryptedKey,
+		obj.iv,
+		obj.ciphertext,
+		obj.tag,
+	), nil
+}
+
+// FullSerialize serializes an object using the full JSON serialization format.
+func (obj JSONWebEncryption) FullSerialize() string {
+	raw := rawJSONWebEncryption{
+		Unprotected:  obj.unprotected,
+		Iv:           newBuffer(obj.iv),
+		Ciphertext:   newBuffer(obj.ciphertext),
+		EncryptedKey: newBuffer(obj.recipients[0].encryptedKey),
+		Tag:          newBuffer(obj.tag),
+		Aad:          newBuffer(obj.aad),
+		Recipients:   []rawRecipientInfo{},
+	}
+
+	if len(obj.recipients) > 1 {
+		for _, recipient := range obj.recipients {
+			info := rawRecipientInfo{
+				Header:       recipient.header,
+				EncryptedKey: base64.RawURLEncoding.EncodeToString(recipient.encryptedKey),
+			}
+			raw.Recipients = append(raw.Recipients, info)
+		}
+	} else {
+		// Use flattened serialization
+		raw.Header = obj.recipients[0].header
+		raw.EncryptedKey = newBuffer(obj.recipients[0].encryptedKey)
+	}
+
+	if obj.protected != nil {
+		raw.Protected = newBuffer(mustSerializeJSON(obj.protected))
+	}
+
+	return string(mustSerializeJSON(raw))
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/jwk.go b/vendor/github.com/go-jose/go-jose/v4/jwk.go
new file mode 100644
index 0000000000..e78bc6a4c6
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/jwk.go
@@ -0,0 +1,866 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/elliptic"
+	"crypto/rsa"
+	"crypto/sha1"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"math/big"
+	"net/url"
+	"reflect"
+	"strings"
+
+	"github.com/go-jose/go-jose/v4/json"
+)
+
+// rawJSONWebKey represents a public or private key in JWK format, used for parsing/serializing.
+type rawJSONWebKey struct {
+	Use string      `json:"use,omitempty"`
+	Kty string      `json:"kty,omitempty"`
+	Kid string      `json:"kid,omitempty"`
+	Crv string      `json:"crv,omitempty"`
+	Alg string      `json:"alg,omitempty"`
+	K   *byteBuffer `json:"k,omitempty"`
+	X   *byteBuffer `json:"x,omitempty"`
+	Y   *byteBuffer `json:"y,omitempty"`
+	N   *byteBuffer `json:"n,omitempty"`
+	E   *byteBuffer `json:"e,omitempty"`
+	// -- Following fields are only used for private keys --
+	// RSA uses D, P and Q, while ECDSA uses only D. Fields Dp, Dq, and Qi are
+	// completely optional. Therefore for RSA/ECDSA, D != nil is a contract that
+	// we have a private key whereas D == nil means we have only a public key.
+	D  *byteBuffer `json:"d,omitempty"`
+	P  *byteBuffer `json:"p,omitempty"`
+	Q  *byteBuffer `json:"q,omitempty"`
+	Dp *byteBuffer `json:"dp,omitempty"`
+	Dq *byteBuffer `json:"dq,omitempty"`
+	Qi *byteBuffer `json:"qi,omitempty"`
+	// Certificates
+	X5c       []string `json:"x5c,omitempty"`
+	X5u       string   `json:"x5u,omitempty"`
+	X5tSHA1   string   `json:"x5t,omitempty"`
+	X5tSHA256 string   `json:"x5t#S256,omitempty"`
+}
+
+// JSONWebKey represents a public or private key in JWK format. It can be
+// marshaled into JSON and unmarshaled from JSON.
+type JSONWebKey struct {
+	// Key is the Go in-memory representation of this key. It must have one
+	// of these types:
+	//  - ed25519.PublicKey
+	//  - ed25519.PrivateKey
+	//  - *ecdsa.PublicKey
+	//  - *ecdsa.PrivateKey
+	//  - *rsa.PublicKey
+	//  - *rsa.PrivateKey
+	//  - []byte (a symmetric key)
+	//
+	// When marshaling this JSONWebKey into JSON, the "kty" header parameter
+	// will be automatically set based on the type of this field.
+	Key interface{}
+	// Key identifier, parsed from `kid` header.
+	KeyID string
+	// Key algorithm, parsed from `alg` header.
+	Algorithm string
+	// Key use, parsed from `use` header.
+	Use string
+
+	// X.509 certificate chain, parsed from `x5c` header.
+	Certificates []*x509.Certificate
+	// X.509 certificate URL, parsed from `x5u` header.
+	CertificatesURL *url.URL
+	// X.509 certificate thumbprint (SHA-1), parsed from `x5t` header.
+	CertificateThumbprintSHA1 []byte
+	// X.509 certificate thumbprint (SHA-256), parsed from `x5t#S256` header.
+	CertificateThumbprintSHA256 []byte
+}
+
+// MarshalJSON serializes the given key to its JSON representation.
+func (k JSONWebKey) MarshalJSON() ([]byte, error) {
+	var raw *rawJSONWebKey
+	var err error
+
+	switch key := k.Key.(type) {
+	case ed25519.PublicKey:
+		raw = fromEdPublicKey(key)
+	case *ecdsa.PublicKey:
+		raw, err = fromEcPublicKey(key)
+	case *rsa.PublicKey:
+		raw = fromRsaPublicKey(key)
+	case ed25519.PrivateKey:
+		raw, err = fromEdPrivateKey(key)
+	case *ecdsa.PrivateKey:
+		raw, err = fromEcPrivateKey(key)
+	case *rsa.PrivateKey:
+		raw, err = fromRsaPrivateKey(key)
+	case []byte:
+		raw, err = fromSymmetricKey(key)
+	default:
+		return nil, fmt.Errorf("go-jose/go-jose: unknown key type '%s'", reflect.TypeOf(key))
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	raw.Kid = k.KeyID
+	raw.Alg = k.Algorithm
+	raw.Use = k.Use
+
+	for _, cert := range k.Certificates {
+		raw.X5c = append(raw.X5c, base64.StdEncoding.EncodeToString(cert.Raw))
+	}
+
+	x5tSHA1Len := len(k.CertificateThumbprintSHA1)
+	x5tSHA256Len := len(k.CertificateThumbprintSHA256)
+	if x5tSHA1Len > 0 {
+		if x5tSHA1Len != sha1.Size {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid SHA-1 thumbprint (must be %d bytes, not %d)", sha1.Size, x5tSHA1Len)
+		}
+		raw.X5tSHA1 = base64.RawURLEncoding.EncodeToString(k.CertificateThumbprintSHA1)
+	}
+	if x5tSHA256Len > 0 {
+		if x5tSHA256Len != sha256.Size {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid SHA-256 thumbprint (must be %d bytes, not %d)", sha256.Size, x5tSHA256Len)
+		}
+		raw.X5tSHA256 = base64.RawURLEncoding.EncodeToString(k.CertificateThumbprintSHA256)
+	}
+
+	// If cert chain is attached (as opposed to being behind a URL), check the
+	// keys thumbprints to make sure they match what is expected. This is to
+	// ensure we don't accidentally produce a JWK with semantically inconsistent
+	// data in the headers.
+	if len(k.Certificates) > 0 {
+		expectedSHA1 := sha1.Sum(k.Certificates[0].Raw)
+		expectedSHA256 := sha256.Sum256(k.Certificates[0].Raw)
+
+		if len(k.CertificateThumbprintSHA1) > 0 && !bytes.Equal(k.CertificateThumbprintSHA1, expectedSHA1[:]) {
+			return nil, errors.New("go-jose/go-jose: invalid SHA-1 thumbprint, does not match cert chain")
+		}
+		if len(k.CertificateThumbprintSHA256) > 0 && !bytes.Equal(k.CertificateThumbprintSHA256, expectedSHA256[:]) {
+			return nil, errors.New("go-jose/go-jose: invalid or SHA-256 thumbprint, does not match cert chain")
+		}
+	}
+
+	if k.CertificatesURL != nil {
+		raw.X5u = k.CertificatesURL.String()
+	}
+
+	return json.Marshal(raw)
+}
+
+var errUnsupportedJWK = errors.New("go-jose/go-jose: unsupported json web key")
+
+// UnmarshalJSON reads a key from its JSON representation.
+//
+// Returns ErrUnsupportedKeyType for unrecognized or unsupported "kty" header values.
+func (k *JSONWebKey) UnmarshalJSON(data []byte) (err error) {
+	var raw rawJSONWebKey
+	err = json.Unmarshal(data, &raw)
+	if err != nil {
+		return err
+	}
+
+	certs, err := parseCertificateChain(raw.X5c)
+	if err != nil {
+		return fmt.Errorf("go-jose/go-jose: failed to unmarshal x5c field: %s", err)
+	}
+
+	var key interface{}
+	var certPub interface{}
+	var keyPub interface{}
+
+	if len(certs) > 0 {
+		// We need to check that leaf public key matches the key embedded in this
+		// JWK, as required by the standard (see RFC 7517, Section 4.7). Otherwise
+		// the JWK parsed could be semantically invalid. Technically, should also
+		// check key usage fields and other extensions on the cert here, but the
+		// standard doesn't exactly explain how they're supposed to map from the
+		// JWK representation to the X.509 extensions.
+		certPub = certs[0].PublicKey
+	}
+
+	switch raw.Kty {
+	case "EC":
+		if raw.D != nil {
+			key, err = raw.ecPrivateKey()
+			if err == nil {
+				keyPub = key.(*ecdsa.PrivateKey).Public()
+			}
+		} else {
+			key, err = raw.ecPublicKey()
+			keyPub = key
+		}
+	case "RSA":
+		if raw.D != nil {
+			key, err = raw.rsaPrivateKey()
+			if err == nil {
+				keyPub = key.(*rsa.PrivateKey).Public()
+			}
+		} else {
+			key, err = raw.rsaPublicKey()
+			keyPub = key
+		}
+	case "oct":
+		if certPub != nil {
+			return errors.New("go-jose/go-jose: invalid JWK, found 'oct' (symmetric) key with cert chain")
+		}
+		key, err = raw.symmetricKey()
+	case "OKP":
+		if raw.Crv == "Ed25519" {
+			if raw.D != nil {
+				key, err = raw.edPrivateKey()
+				if err == nil {
+					keyPub = key.(ed25519.PrivateKey).Public()
+				}
+			} else {
+				key, err = raw.edPublicKey()
+				keyPub = key
+			}
+		}
+	case "":
+		// kty MUST be present
+		err = fmt.Errorf("go-jose/go-jose: missing json web key type")
+	}
+
+	if err != nil {
+		return
+	}
+
+	if key == nil {
+		// RFC 7517:
+		// 5.  JWK Set Format
+		// ...
+		//     Implementations SHOULD ignore JWKs within a JWK Set that use "kty"
+		//     (key type) values that are not understood by them, that are missing
+		//     required members, or for which values are out of the supported
+		//     ranges.
+		return ErrUnsupportedKeyType
+	}
+
+	if certPub != nil && keyPub != nil {
+		if !reflect.DeepEqual(certPub, keyPub) {
+			return errors.New("go-jose/go-jose: invalid JWK, public keys in key and x5c fields do not match")
+		}
+	}
+
+	*k = JSONWebKey{Key: key, KeyID: raw.Kid, Algorithm: raw.Alg, Use: raw.Use, Certificates: certs}
+
+	if raw.X5u != "" {
+		k.CertificatesURL, err = url.Parse(raw.X5u)
+		if err != nil {
+			return fmt.Errorf("go-jose/go-jose: invalid JWK, x5u header is invalid URL: %w", err)
+		}
+	}
+
+	// x5t parameters are base64url-encoded SHA thumbprints
+	// See RFC 7517, Section 4.8, https://tools.ietf.org/html/rfc7517#section-4.8
+	x5tSHA1bytes, err := base64.RawURLEncoding.DecodeString(raw.X5tSHA1)
+	if err != nil {
+		return errors.New("go-jose/go-jose: invalid JWK, x5t header has invalid encoding")
+	}
+
+	// RFC 7517, Section 4.8 is ambiguous as to whether the digest output should be byte or hex,
+	// for this reason, after base64 decoding, if the size is sha1.Size it's likely that the value is a byte encoded
+	// checksum so we skip this. Otherwise if the checksum was hex encoded we expect a 40 byte sized array so we'll
+	// try to hex decode it. When Marshalling this value we'll always use a base64 encoded version of byte format checksum.
+	if len(x5tSHA1bytes) == 2*sha1.Size {
+		hx, err := hex.DecodeString(string(x5tSHA1bytes))
+		if err != nil {
+			return fmt.Errorf("go-jose/go-jose: invalid JWK, unable to hex decode x5t: %v", err)
+
+		}
+		x5tSHA1bytes = hx
+	}
+
+	k.CertificateThumbprintSHA1 = x5tSHA1bytes
+
+	x5tSHA256bytes, err := base64.RawURLEncoding.DecodeString(raw.X5tSHA256)
+	if err != nil {
+		return errors.New("go-jose/go-jose: invalid JWK, x5t#S256 header has invalid encoding")
+	}
+
+	if len(x5tSHA256bytes) == 2*sha256.Size {
+		hx256, err := hex.DecodeString(string(x5tSHA256bytes))
+		if err != nil {
+			return fmt.Errorf("go-jose/go-jose: invalid JWK, unable to hex decode x5t#S256: %v", err)
+		}
+		x5tSHA256bytes = hx256
+	}
+
+	k.CertificateThumbprintSHA256 = x5tSHA256bytes
+
+	x5tSHA1Len := len(k.CertificateThumbprintSHA1)
+	x5tSHA256Len := len(k.CertificateThumbprintSHA256)
+	if x5tSHA1Len > 0 && x5tSHA1Len != sha1.Size {
+		return errors.New("go-jose/go-jose: invalid JWK, x5t header is of incorrect size")
+	}
+	if x5tSHA256Len > 0 && x5tSHA256Len != sha256.Size {
+		return errors.New("go-jose/go-jose: invalid JWK, x5t#S256 header is of incorrect size")
+	}
+
+	// If certificate chain *and* thumbprints are set, verify correctness.
+	if len(k.Certificates) > 0 {
+		leaf := k.Certificates[0]
+		sha1sum := sha1.Sum(leaf.Raw)
+		sha256sum := sha256.Sum256(leaf.Raw)
+
+		if len(k.CertificateThumbprintSHA1) > 0 && !bytes.Equal(sha1sum[:], k.CertificateThumbprintSHA1) {
+			return errors.New("go-jose/go-jose: invalid JWK, x5c thumbprint does not match x5t value")
+		}
+
+		if len(k.CertificateThumbprintSHA256) > 0 && !bytes.Equal(sha256sum[:], k.CertificateThumbprintSHA256) {
+			return errors.New("go-jose/go-jose: invalid JWK, x5c thumbprint does not match x5t#S256 value")
+		}
+	}
+
+	return
+}
+
+// JSONWebKeySet represents a JWK Set object.
+type JSONWebKeySet struct {
+	Keys []JSONWebKey `json:"keys"`
+}
+
+// Key convenience method returns keys by key ID. Specification states
+// that a JWK Set "SHOULD" use distinct key IDs, but allows for some
+// cases where they are not distinct. Hence method returns a slice
+// of JSONWebKeys.
+func (s *JSONWebKeySet) Key(kid string) []JSONWebKey {
+	var keys []JSONWebKey
+	for _, key := range s.Keys {
+		if key.KeyID == kid {
+			keys = append(keys, key)
+		}
+	}
+
+	return keys
+}
+
+func (s *JSONWebKeySet) UnmarshalJSON(data []byte) (err error) {
+	s.Keys = nil
+
+	type rawJSONWebKeySet struct {
+		Keys []json.RawMessage `json:"keys"`
+	}
+
+	var rs rawJSONWebKeySet
+	err = json.Unmarshal(data, &rs)
+	if err != nil {
+		return err
+	}
+
+	for _, rk := range rs.Keys {
+		var k JSONWebKey
+		err = json.Unmarshal(rk, &k)
+		if err != nil {
+			// Skip key and continue unmarshalling the rest of the JWK Set
+			if !errors.Is(err, ErrUnsupportedKeyType) {
+				return err
+			}
+		} else {
+			s.Keys = append(s.Keys, k)
+		}
+	}
+
+	return nil
+}
+
+const rsaThumbprintTemplate = `{"e":"%s","kty":"RSA","n":"%s"}`
+const ecThumbprintTemplate = `{"crv":"%s","kty":"EC","x":"%s","y":"%s"}`
+const edThumbprintTemplate = `{"crv":"%s","kty":"OKP","x":"%s"}`
+
+func ecThumbprintInput(curve elliptic.Curve, x, y *big.Int) (string, error) {
+	coordLength := curveSize(curve)
+	crv, err := curveName(curve)
+	if err != nil {
+		return "", err
+	}
+
+	if len(x.Bytes()) > coordLength || len(y.Bytes()) > coordLength {
+		return "", errors.New("go-jose/go-jose: invalid elliptic key (too large)")
+	}
+
+	return fmt.Sprintf(ecThumbprintTemplate, crv,
+		newFixedSizeBuffer(x.Bytes(), coordLength).base64(),
+		newFixedSizeBuffer(y.Bytes(), coordLength).base64()), nil
+}
+
+func rsaThumbprintInput(n *big.Int, e int) (string, error) {
+	return fmt.Sprintf(rsaThumbprintTemplate,
+		newBufferFromInt(uint64(e)).base64(),
+		newBuffer(n.Bytes()).base64()), nil
+}
+
+func edThumbprintInput(ed ed25519.PublicKey) (string, error) {
+	crv := "Ed25519"
+	if len(ed) > 32 {
+		return "", errors.New("go-jose/go-jose: invalid elliptic key (too large)")
+	}
+	return fmt.Sprintf(edThumbprintTemplate, crv,
+		newFixedSizeBuffer(ed, 32).base64()), nil
+}
+
+// Thumbprint computes the JWK Thumbprint of a key using the
+// indicated hash algorithm.
+func (k *JSONWebKey) Thumbprint(hash crypto.Hash) ([]byte, error) {
+	var input string
+	var err error
+	switch key := k.Key.(type) {
+	case ed25519.PublicKey:
+		input, err = edThumbprintInput(key)
+	case *ecdsa.PublicKey:
+		input, err = ecThumbprintInput(key.Curve, key.X, key.Y)
+	case *ecdsa.PrivateKey:
+		input, err = ecThumbprintInput(key.Curve, key.X, key.Y)
+	case *rsa.PublicKey:
+		input, err = rsaThumbprintInput(key.N, key.E)
+	case *rsa.PrivateKey:
+		input, err = rsaThumbprintInput(key.N, key.E)
+	case ed25519.PrivateKey:
+		input, err = edThumbprintInput(ed25519.PublicKey(key[32:]))
+	case OpaqueSigner:
+		return key.Public().Thumbprint(hash)
+	default:
+		return nil, fmt.Errorf("go-jose/go-jose: unknown key type '%s'", reflect.TypeOf(key))
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	h := hash.New()
+	_, _ = h.Write([]byte(input))
+	return h.Sum(nil), nil
+}
+
+// IsPublic returns true if the JWK represents a public key (not symmetric, not private).
+func (k *JSONWebKey) IsPublic() bool {
+	switch k.Key.(type) {
+	case *ecdsa.PublicKey, *rsa.PublicKey, ed25519.PublicKey:
+		return true
+	default:
+		return false
+	}
+}
+
+// Public creates JSONWebKey with corresponding public key if JWK represents asymmetric private key.
+func (k *JSONWebKey) Public() JSONWebKey {
+	if k.IsPublic() {
+		return *k
+	}
+	ret := *k
+	switch key := k.Key.(type) {
+	case *ecdsa.PrivateKey:
+		ret.Key = key.Public()
+	case *rsa.PrivateKey:
+		ret.Key = key.Public()
+	case ed25519.PrivateKey:
+		ret.Key = key.Public()
+	default:
+		return JSONWebKey{} // returning invalid key
+	}
+	return ret
+}
+
+// Valid checks that the key contains the expected parameters.
+func (k *JSONWebKey) Valid() bool {
+	if k.Key == nil {
+		return false
+	}
+	switch key := k.Key.(type) {
+	case *ecdsa.PublicKey:
+		if key.Curve == nil || key.X == nil || key.Y == nil {
+			return false
+		}
+	case *ecdsa.PrivateKey:
+		if key.Curve == nil || key.X == nil || key.Y == nil || key.D == nil {
+			return false
+		}
+	case *rsa.PublicKey:
+		if key.N == nil || key.E == 0 {
+			return false
+		}
+	case *rsa.PrivateKey:
+		if key.N == nil || key.E == 0 || key.D == nil || len(key.Primes) < 2 {
+			return false
+		}
+	case ed25519.PublicKey:
+		if len(key) != 32 {
+			return false
+		}
+	case ed25519.PrivateKey:
+		if len(key) != 64 {
+			return false
+		}
+	default:
+		return false
+	}
+	return true
+}
+
+func (key rawJSONWebKey) rsaPublicKey() (*rsa.PublicKey, error) {
+	if key.N == nil || key.E == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid RSA key, missing n/e values")
+	}
+
+	return &rsa.PublicKey{
+		N: key.N.bigInt(),
+		E: key.E.toInt(),
+	}, nil
+}
+
+func fromEdPublicKey(pub ed25519.PublicKey) *rawJSONWebKey {
+	return &rawJSONWebKey{
+		Kty: "OKP",
+		Crv: "Ed25519",
+		X:   newBuffer(pub),
+	}
+}
+
+func fromRsaPublicKey(pub *rsa.PublicKey) *rawJSONWebKey {
+	return &rawJSONWebKey{
+		Kty: "RSA",
+		N:   newBuffer(pub.N.Bytes()),
+		E:   newBufferFromInt(uint64(pub.E)),
+	}
+}
+
+func (key rawJSONWebKey) ecPublicKey() (*ecdsa.PublicKey, error) {
+	var curve elliptic.Curve
+	switch key.Crv {
+	case "P-256":
+		curve = elliptic.P256()
+	case "P-384":
+		curve = elliptic.P384()
+	case "P-521":
+		curve = elliptic.P521()
+	default:
+		return nil, fmt.Errorf("go-jose/go-jose: unsupported elliptic curve '%s'", key.Crv)
+	}
+
+	if key.X == nil || key.Y == nil {
+		return nil, errors.New("go-jose/go-jose: invalid EC key, missing x/y values")
+	}
+
+	// The length of this octet string MUST be the full size of a coordinate for
+	// the curve specified in the "crv" parameter.
+	// https://tools.ietf.org/html/rfc7518#section-6.2.1.2
+	if curveSize(curve) != len(key.X.data) {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC public key, wrong length for x")
+	}
+
+	if curveSize(curve) != len(key.Y.data) {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC public key, wrong length for y")
+	}
+
+	x := key.X.bigInt()
+	y := key.Y.bigInt()
+
+	if !curve.IsOnCurve(x, y) {
+		return nil, errors.New("go-jose/go-jose: invalid EC key, X/Y are not on declared curve")
+	}
+
+	return &ecdsa.PublicKey{
+		Curve: curve,
+		X:     x,
+		Y:     y,
+	}, nil
+}
+
+func fromEcPublicKey(pub *ecdsa.PublicKey) (*rawJSONWebKey, error) {
+	if pub == nil || pub.X == nil || pub.Y == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC key (nil, or X/Y missing)")
+	}
+
+	name, err := curveName(pub.Curve)
+	if err != nil {
+		return nil, err
+	}
+
+	size := curveSize(pub.Curve)
+
+	xBytes := pub.X.Bytes()
+	yBytes := pub.Y.Bytes()
+
+	if len(xBytes) > size || len(yBytes) > size {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC key (X/Y too large)")
+	}
+
+	key := &rawJSONWebKey{
+		Kty: "EC",
+		Crv: name,
+		X:   newFixedSizeBuffer(xBytes, size),
+		Y:   newFixedSizeBuffer(yBytes, size),
+	}
+
+	return key, nil
+}
+
+func (key rawJSONWebKey) edPrivateKey() (ed25519.PrivateKey, error) {
+	var missing []string
+	switch {
+	case key.D == nil:
+		missing = append(missing, "D")
+	case key.X == nil:
+		missing = append(missing, "X")
+	}
+
+	if len(missing) > 0 {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid Ed25519 private key, missing %s value(s)", strings.Join(missing, ", "))
+	}
+
+	privateKey := make([]byte, ed25519.PrivateKeySize)
+	copy(privateKey[0:32], key.D.bytes())
+	copy(privateKey[32:], key.X.bytes())
+	rv := ed25519.PrivateKey(privateKey)
+	return rv, nil
+}
+
+func (key rawJSONWebKey) edPublicKey() (ed25519.PublicKey, error) {
+	if key.X == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid Ed key, missing x value")
+	}
+	publicKey := make([]byte, ed25519.PublicKeySize)
+	copy(publicKey[0:32], key.X.bytes())
+	rv := ed25519.PublicKey(publicKey)
+	return rv, nil
+}
+
+func (key rawJSONWebKey) rsaPrivateKey() (*rsa.PrivateKey, error) {
+	var missing []string
+	switch {
+	case key.N == nil:
+		missing = append(missing, "N")
+	case key.E == nil:
+		missing = append(missing, "E")
+	case key.D == nil:
+		missing = append(missing, "D")
+	case key.P == nil:
+		missing = append(missing, "P")
+	case key.Q == nil:
+		missing = append(missing, "Q")
+	}
+
+	if len(missing) > 0 {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid RSA private key, missing %s value(s)", strings.Join(missing, ", "))
+	}
+
+	rv := &rsa.PrivateKey{
+		PublicKey: rsa.PublicKey{
+			N: key.N.bigInt(),
+			E: key.E.toInt(),
+		},
+		D: key.D.bigInt(),
+		Primes: []*big.Int{
+			key.P.bigInt(),
+			key.Q.bigInt(),
+		},
+	}
+
+	if key.Dp != nil {
+		rv.Precomputed.Dp = key.Dp.bigInt()
+	}
+	if key.Dq != nil {
+		rv.Precomputed.Dq = key.Dq.bigInt()
+	}
+	if key.Qi != nil {
+		rv.Precomputed.Qinv = key.Qi.bigInt()
+	}
+
+	err := rv.Validate()
+	return rv, err
+}
+
+func fromEdPrivateKey(ed ed25519.PrivateKey) (*rawJSONWebKey, error) {
+	raw := fromEdPublicKey(ed25519.PublicKey(ed[32:]))
+
+	raw.D = newBuffer(ed[0:32])
+	return raw, nil
+}
+
+func fromRsaPrivateKey(rsa *rsa.PrivateKey) (*rawJSONWebKey, error) {
+	if len(rsa.Primes) != 2 {
+		return nil, ErrUnsupportedKeyType
+	}
+
+	raw := fromRsaPublicKey(&rsa.PublicKey)
+
+	raw.D = newBuffer(rsa.D.Bytes())
+	raw.P = newBuffer(rsa.Primes[0].Bytes())
+	raw.Q = newBuffer(rsa.Primes[1].Bytes())
+
+	if rsa.Precomputed.Dp != nil {
+		raw.Dp = newBuffer(rsa.Precomputed.Dp.Bytes())
+	}
+	if rsa.Precomputed.Dq != nil {
+		raw.Dq = newBuffer(rsa.Precomputed.Dq.Bytes())
+	}
+	if rsa.Precomputed.Qinv != nil {
+		raw.Qi = newBuffer(rsa.Precomputed.Qinv.Bytes())
+	}
+
+	return raw, nil
+}
+
+func (key rawJSONWebKey) ecPrivateKey() (*ecdsa.PrivateKey, error) {
+	var curve elliptic.Curve
+	switch key.Crv {
+	case "P-256":
+		curve = elliptic.P256()
+	case "P-384":
+		curve = elliptic.P384()
+	case "P-521":
+		curve = elliptic.P521()
+	default:
+		return nil, fmt.Errorf("go-jose/go-jose: unsupported elliptic curve '%s'", key.Crv)
+	}
+
+	if key.X == nil || key.Y == nil || key.D == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC private key, missing x/y/d values")
+	}
+
+	// The length of this octet string MUST be the full size of a coordinate for
+	// the curve specified in the "crv" parameter.
+	// https://tools.ietf.org/html/rfc7518#section-6.2.1.2
+	if curveSize(curve) != len(key.X.data) {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC private key, wrong length for x")
+	}
+
+	if curveSize(curve) != len(key.Y.data) {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC private key, wrong length for y")
+	}
+
+	// https://tools.ietf.org/html/rfc7518#section-6.2.2.1
+	if dSize(curve) != len(key.D.data) {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC private key, wrong length for d")
+	}
+
+	x := key.X.bigInt()
+	y := key.Y.bigInt()
+
+	if !curve.IsOnCurve(x, y) {
+		return nil, errors.New("go-jose/go-jose: invalid EC key, X/Y are not on declared curve")
+	}
+
+	return &ecdsa.PrivateKey{
+		PublicKey: ecdsa.PublicKey{
+			Curve: curve,
+			X:     x,
+			Y:     y,
+		},
+		D: key.D.bigInt(),
+	}, nil
+}
+
+func fromEcPrivateKey(ec *ecdsa.PrivateKey) (*rawJSONWebKey, error) {
+	raw, err := fromEcPublicKey(&ec.PublicKey)
+	if err != nil {
+		return nil, err
+	}
+
+	if ec.D == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC private key")
+	}
+
+	raw.D = newFixedSizeBuffer(ec.D.Bytes(), dSize(ec.PublicKey.Curve))
+
+	return raw, nil
+}
+
+// dSize returns the size in octets for the "d" member of an elliptic curve
+// private key.
+// The length of this octet string MUST be ceiling(log-base-2(n)/8)
+// octets (where n is the order of the curve).
+// https://tools.ietf.org/html/rfc7518#section-6.2.2.1
+func dSize(curve elliptic.Curve) int {
+	order := curve.Params().P
+	bitLen := order.BitLen()
+	size := bitLen / 8
+	if bitLen%8 != 0 {
+		size++
+	}
+	return size
+}
+
+func fromSymmetricKey(key []byte) (*rawJSONWebKey, error) {
+	return &rawJSONWebKey{
+		Kty: "oct",
+		K:   newBuffer(key),
+	}, nil
+}
+
+func (key rawJSONWebKey) symmetricKey() ([]byte, error) {
+	if key.K == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid OCT (symmetric) key, missing k value")
+	}
+	return key.K.bytes(), nil
+}
+
+var (
+	// ErrJWKSKidNotFound is returned when a JWKS does not contain a JWK with a
+	// key ID which matches one in the provided tokens headers.
+	ErrJWKSKidNotFound = errors.New("go-jose/go-jose: JWK with matching kid not found in JWK Set")
+)
+
+func tryJWKS(key interface{}, headers ...Header) (interface{}, error) {
+	var jwks JSONWebKeySet
+
+	switch jwksType := key.(type) {
+	case *JSONWebKeySet:
+		jwks = *jwksType
+	case JSONWebKeySet:
+		jwks = jwksType
+	default:
+		// If the specified key is not a JWKS, return as is.
+		return key, nil
+	}
+
+	// Determine the KID to search for from the headers.
+	var kid string
+	for _, header := range headers {
+		if header.KeyID != "" {
+			kid = header.KeyID
+			break
+		}
+	}
+
+	// If no KID is specified in the headers, reject.
+	if kid == "" {
+		return nil, ErrJWKSKidNotFound
+	}
+
+	// Find the JWK with the matching KID. If no JWK with the specified KID is
+	// found, reject.
+	keys := jwks.Key(kid)
+	if len(keys) == 0 {
+		return nil, ErrJWKSKidNotFound
+	}
+
+	return keys[0].Key, nil
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/jws.go b/vendor/github.com/go-jose/go-jose/v4/jws.go
new file mode 100644
index 0000000000..3a912301af
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/jws.go
@@ -0,0 +1,421 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"bytes"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/go-jose/go-jose/v4/json"
+)
+
+// rawJSONWebSignature represents a raw JWS JSON object. Used for parsing/serializing.
+type rawJSONWebSignature struct {
+	Payload    *byteBuffer        `json:"payload,omitempty"`
+	Signatures []rawSignatureInfo `json:"signatures,omitempty"`
+	Protected  *byteBuffer        `json:"protected,omitempty"`
+	Header     *rawHeader         `json:"header,omitempty"`
+	Signature  *byteBuffer        `json:"signature,omitempty"`
+}
+
+// rawSignatureInfo represents a single JWS signature over the JWS payload and protected header.
+type rawSignatureInfo struct {
+	Protected *byteBuffer `json:"protected,omitempty"`
+	Header    *rawHeader  `json:"header,omitempty"`
+	Signature *byteBuffer `json:"signature,omitempty"`
+}
+
+// JSONWebSignature represents a signed JWS object after parsing.
+type JSONWebSignature struct {
+	payload []byte
+	// Signatures attached to this object (may be more than one for multi-sig).
+	// Be careful about accessing these directly, prefer to use Verify() or
+	// VerifyMulti() to ensure that the data you're getting is verified.
+	Signatures []Signature
+}
+
+// Signature represents a single signature over the JWS payload and protected header.
+type Signature struct {
+	// Merged header fields. Contains both protected and unprotected header
+	// values. Prefer using Protected and Unprotected fields instead of this.
+	// Values in this header may or may not have been signed and in general
+	// should not be trusted.
+	Header Header
+
+	// Protected header. Values in this header were signed and
+	// will be verified as part of the signature verification process.
+	Protected Header
+
+	// Unprotected header. Values in this header were not signed
+	// and in general should not be trusted.
+	Unprotected Header
+
+	// The actual signature value
+	Signature []byte
+
+	protected *rawHeader
+	header    *rawHeader
+	original  *rawSignatureInfo
+}
+
+// ParseSigned parses a signed message in JWS Compact or JWS JSON Serialization.
+//
+// https://datatracker.ietf.org/doc/html/rfc7515#section-7
+func ParseSigned(
+	signature string,
+	signatureAlgorithms []SignatureAlgorithm,
+) (*JSONWebSignature, error) {
+	signature = stripWhitespace(signature)
+	if strings.HasPrefix(signature, "{") {
+		return ParseSignedJSON(signature, signatureAlgorithms)
+	}
+
+	return parseSignedCompact(signature, nil, signatureAlgorithms)
+}
+
+// ParseSignedCompact parses a message in JWS Compact Serialization.
+//
+// https://datatracker.ietf.org/doc/html/rfc7515#section-7.1
+func ParseSignedCompact(
+	signature string,
+	signatureAlgorithms []SignatureAlgorithm,
+) (*JSONWebSignature, error) {
+	return parseSignedCompact(signature, nil, signatureAlgorithms)
+}
+
+// ParseDetached parses a signed message in compact serialization format with detached payload.
+func ParseDetached(
+	signature string,
+	payload []byte,
+	signatureAlgorithms []SignatureAlgorithm,
+) (*JSONWebSignature, error) {
+	if payload == nil {
+		return nil, errors.New("go-jose/go-jose: nil payload")
+	}
+	return parseSignedCompact(stripWhitespace(signature), payload, signatureAlgorithms)
+}
+
+// Get a header value
+func (sig Signature) mergedHeaders() rawHeader {
+	out := rawHeader{}
+	out.merge(sig.protected)
+	out.merge(sig.header)
+	return out
+}
+
+// Compute data to be signed
+func (obj JSONWebSignature) computeAuthData(payload []byte, signature *Signature) ([]byte, error) {
+	var authData bytes.Buffer
+
+	protectedHeader := new(rawHeader)
+
+	if signature.original != nil && signature.original.Protected != nil {
+		if err := json.Unmarshal(signature.original.Protected.bytes(), protectedHeader); err != nil {
+			return nil, err
+		}
+		authData.WriteString(signature.original.Protected.base64())
+	} else if signature.protected != nil {
+		protectedHeader = signature.protected
+		authData.WriteString(base64.RawURLEncoding.EncodeToString(mustSerializeJSON(protectedHeader)))
+	}
+
+	needsBase64 := true
+
+	if protectedHeader != nil {
+		var err error
+		if needsBase64, err = protectedHeader.getB64(); err != nil {
+			needsBase64 = true
+		}
+	}
+
+	authData.WriteByte('.')
+
+	if needsBase64 {
+		authData.WriteString(base64.RawURLEncoding.EncodeToString(payload))
+	} else {
+		authData.Write(payload)
+	}
+
+	return authData.Bytes(), nil
+}
+
+// ParseSignedJSON parses a message in JWS JSON Serialization.
+//
+// https://datatracker.ietf.org/doc/html/rfc7515#section-7.2
+func ParseSignedJSON(
+	input string,
+	signatureAlgorithms []SignatureAlgorithm,
+) (*JSONWebSignature, error) {
+	var parsed rawJSONWebSignature
+	err := json.Unmarshal([]byte(input), &parsed)
+	if err != nil {
+		return nil, err
+	}
+
+	return parsed.sanitized(signatureAlgorithms)
+}
+
+func containsSignatureAlgorithm(haystack []SignatureAlgorithm, needle SignatureAlgorithm) bool {
+	for _, algorithm := range haystack {
+		if algorithm == needle {
+			return true
+		}
+	}
+	return false
+}
+
+// sanitized produces a cleaned-up JWS object from the raw JSON.
+func (parsed *rawJSONWebSignature) sanitized(signatureAlgorithms []SignatureAlgorithm) (*JSONWebSignature, error) {
+	if len(signatureAlgorithms) == 0 {
+		return nil, errors.New("go-jose/go-jose: no signature algorithms specified")
+	}
+	if parsed.Payload == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: missing payload in JWS message")
+	}
+
+	obj := &JSONWebSignature{
+		payload:    parsed.Payload.bytes(),
+		Signatures: make([]Signature, len(parsed.Signatures)),
+	}
+
+	if len(parsed.Signatures) == 0 {
+		// No signatures array, must be flattened serialization
+		signature := Signature{}
+		if parsed.Protected != nil && len(parsed.Protected.bytes()) > 0 {
+			signature.protected = &rawHeader{}
+			err := json.Unmarshal(parsed.Protected.bytes(), signature.protected)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// Check that there is not a nonce in the unprotected header
+		if parsed.Header != nil && parsed.Header.getNonce() != "" {
+			return nil, ErrUnprotectedNonce
+		}
+
+		signature.header = parsed.Header
+		signature.Signature = parsed.Signature.bytes()
+		// Make a fake "original" rawSignatureInfo to store the unprocessed
+		// Protected header. This is necessary because the Protected header can
+		// contain arbitrary fields not registered as part of the spec. See
+		// https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#section-4
+		// If we unmarshal Protected into a rawHeader with its explicit list of fields,
+		// we cannot marshal losslessly. So we have to keep around the original bytes.
+		// This is used in computeAuthData, which will first attempt to use
+		// the original bytes of a protected header, and fall back on marshaling the
+		// header struct only if those bytes are not available.
+		signature.original = &rawSignatureInfo{
+			Protected: parsed.Protected,
+			Header:    parsed.Header,
+			Signature: parsed.Signature,
+		}
+
+		var err error
+		signature.Header, err = signature.mergedHeaders().sanitized()
+		if err != nil {
+			return nil, err
+		}
+
+		alg := SignatureAlgorithm(signature.Header.Algorithm)
+		if !containsSignatureAlgorithm(signatureAlgorithms, alg) {
+			return nil, fmt.Errorf("go-jose/go-jose: unexpected signature algorithm %q; expected %q",
+				alg, signatureAlgorithms)
+		}
+
+		if signature.header != nil {
+			signature.Unprotected, err = signature.header.sanitized()
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		if signature.protected != nil {
+			signature.Protected, err = signature.protected.sanitized()
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// As per RFC 7515 Section 4.1.3, only public keys are allowed to be embedded.
+		jwk := signature.Header.JSONWebKey
+		if jwk != nil && (!jwk.Valid() || !jwk.IsPublic()) {
+			return nil, errors.New("go-jose/go-jose: invalid embedded jwk, must be public key")
+		}
+
+		obj.Signatures = append(obj.Signatures, signature)
+	}
+
+	for i, sig := range parsed.Signatures {
+		if sig.Protected != nil && len(sig.Protected.bytes()) > 0 {
+			obj.Signatures[i].protected = &rawHeader{}
+			err := json.Unmarshal(sig.Protected.bytes(), obj.Signatures[i].protected)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// Check that there is not a nonce in the unprotected header
+		if sig.Header != nil && sig.Header.getNonce() != "" {
+			return nil, ErrUnprotectedNonce
+		}
+
+		var err error
+		obj.Signatures[i].Header, err = obj.Signatures[i].mergedHeaders().sanitized()
+		if err != nil {
+			return nil, err
+		}
+
+		alg := SignatureAlgorithm(obj.Signatures[i].Header.Algorithm)
+		if !containsSignatureAlgorithm(signatureAlgorithms, alg) {
+			return nil, fmt.Errorf("go-jose/go-jose: unexpected signature algorithm %q; expected %q",
+				alg, signatureAlgorithms)
+		}
+
+		if obj.Signatures[i].header != nil {
+			obj.Signatures[i].Unprotected, err = obj.Signatures[i].header.sanitized()
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		if obj.Signatures[i].protected != nil {
+			obj.Signatures[i].Protected, err = obj.Signatures[i].protected.sanitized()
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		obj.Signatures[i].Signature = sig.Signature.bytes()
+
+		// As per RFC 7515 Section 4.1.3, only public keys are allowed to be embedded.
+		jwk := obj.Signatures[i].Header.JSONWebKey
+		if jwk != nil && (!jwk.Valid() || !jwk.IsPublic()) {
+			return nil, errors.New("go-jose/go-jose: invalid embedded jwk, must be public key")
+		}
+
+		// Copy value of sig
+		original := sig
+
+		obj.Signatures[i].header = sig.Header
+		obj.Signatures[i].original = &original
+	}
+
+	return obj, nil
+}
+
+// parseSignedCompact parses a message in compact format.
+func parseSignedCompact(
+	input string,
+	payload []byte,
+	signatureAlgorithms []SignatureAlgorithm,
+) (*JSONWebSignature, error) {
+	parts := strings.Split(input, ".")
+	if len(parts) != 3 {
+		return nil, fmt.Errorf("go-jose/go-jose: compact JWS format must have three parts")
+	}
+
+	if parts[1] != "" && payload != nil {
+		return nil, fmt.Errorf("go-jose/go-jose: payload is not detached")
+	}
+
+	rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
+	if err != nil {
+		return nil, err
+	}
+
+	if payload == nil {
+		payload, err = base64.RawURLEncoding.DecodeString(parts[1])
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	signature, err := base64.RawURLEncoding.DecodeString(parts[2])
+	if err != nil {
+		return nil, err
+	}
+
+	raw := &rawJSONWebSignature{
+		Payload:   newBuffer(payload),
+		Protected: newBuffer(rawProtected),
+		Signature: newBuffer(signature),
+	}
+	return raw.sanitized(signatureAlgorithms)
+}
+
+func (obj JSONWebSignature) compactSerialize(detached bool) (string, error) {
+	if len(obj.Signatures) != 1 || obj.Signatures[0].header != nil || obj.Signatures[0].protected == nil {
+		return "", ErrNotSupported
+	}
+
+	serializedProtected := mustSerializeJSON(obj.Signatures[0].protected)
+
+	var payload []byte
+	if !detached {
+		payload = obj.payload
+	}
+
+	return base64JoinWithDots(
+		serializedProtected,
+		payload,
+		obj.Signatures[0].Signature,
+	), nil
+}
+
+// CompactSerialize serializes an object using the compact serialization format.
+func (obj JSONWebSignature) CompactSerialize() (string, error) {
+	return obj.compactSerialize(false)
+}
+
+// DetachedCompactSerialize serializes an object using the compact serialization format with detached payload.
+func (obj JSONWebSignature) DetachedCompactSerialize() (string, error) {
+	return obj.compactSerialize(true)
+}
+
+// FullSerialize serializes an object using the full JSON serialization format.
+func (obj JSONWebSignature) FullSerialize() string {
+	raw := rawJSONWebSignature{
+		Payload: newBuffer(obj.payload),
+	}
+
+	if len(obj.Signatures) == 1 {
+		if obj.Signatures[0].protected != nil {
+			serializedProtected := mustSerializeJSON(obj.Signatures[0].protected)
+			raw.Protected = newBuffer(serializedProtected)
+		}
+		raw.Header = obj.Signatures[0].header
+		raw.Signature = newBuffer(obj.Signatures[0].Signature)
+	} else {
+		raw.Signatures = make([]rawSignatureInfo, len(obj.Signatures))
+		for i, signature := range obj.Signatures {
+			raw.Signatures[i] = rawSignatureInfo{
+				Header:    signature.header,
+				Signature: newBuffer(signature.Signature),
+			}
+
+			if signature.protected != nil {
+				raw.Signatures[i].Protected = newBuffer(mustSerializeJSON(signature.protected))
+			}
+		}
+	}
+
+	return string(mustSerializeJSON(raw))
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/opaque.go b/vendor/github.com/go-jose/go-jose/v4/opaque.go
new file mode 100644
index 0000000000..429427232e
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/opaque.go
@@ -0,0 +1,147 @@
+/*-
+ * Copyright 2018 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+// OpaqueSigner is an interface that supports signing payloads with opaque
+// private key(s). Private key operations performed by implementers may, for
+// example, occur in a hardware module. An OpaqueSigner may rotate signing keys
+// transparently to the user of this interface.
+type OpaqueSigner interface {
+	// Public returns the public key of the current signing key.
+	Public() *JSONWebKey
+	// Algs returns a list of supported signing algorithms.
+	Algs() []SignatureAlgorithm
+	// SignPayload signs a payload with the current signing key using the given
+	// algorithm.
+	SignPayload(payload []byte, alg SignatureAlgorithm) ([]byte, error)
+}
+
+type opaqueSigner struct {
+	signer OpaqueSigner
+}
+
+func newOpaqueSigner(alg SignatureAlgorithm, signer OpaqueSigner) (recipientSigInfo, error) {
+	var algSupported bool
+	for _, salg := range signer.Algs() {
+		if alg == salg {
+			algSupported = true
+			break
+		}
+	}
+	if !algSupported {
+		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	return recipientSigInfo{
+		sigAlg:    alg,
+		publicKey: signer.Public,
+		signer: &opaqueSigner{
+			signer: signer,
+		},
+	}, nil
+}
+
+func (o *opaqueSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+	out, err := o.signer.SignPayload(payload, alg)
+	if err != nil {
+		return Signature{}, err
+	}
+
+	return Signature{
+		Signature: out,
+		protected: &rawHeader{},
+	}, nil
+}
+
+// OpaqueVerifier is an interface that supports verifying payloads with opaque
+// public key(s). An OpaqueSigner may rotate signing keys transparently to the
+// user of this interface.
+type OpaqueVerifier interface {
+	VerifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error
+}
+
+type opaqueVerifier struct {
+	verifier OpaqueVerifier
+}
+
+func (o *opaqueVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
+	return o.verifier.VerifyPayload(payload, signature, alg)
+}
+
+// OpaqueKeyEncrypter is an interface that supports encrypting keys with an opaque key.
+//
+// Note: this cannot currently be implemented outside this package because of its
+// unexported method.
+type OpaqueKeyEncrypter interface {
+	// KeyID returns the kid
+	KeyID() string
+	// Algs returns a list of supported key encryption algorithms.
+	Algs() []KeyAlgorithm
+	// encryptKey encrypts the CEK using the given algorithm.
+	encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error)
+}
+
+type opaqueKeyEncrypter struct {
+	encrypter OpaqueKeyEncrypter
+}
+
+func newOpaqueKeyEncrypter(alg KeyAlgorithm, encrypter OpaqueKeyEncrypter) (recipientKeyInfo, error) {
+	var algSupported bool
+	for _, salg := range encrypter.Algs() {
+		if alg == salg {
+			algSupported = true
+			break
+		}
+	}
+	if !algSupported {
+		return recipientKeyInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	return recipientKeyInfo{
+		keyID:  encrypter.KeyID(),
+		keyAlg: alg,
+		keyEncrypter: &opaqueKeyEncrypter{
+			encrypter: encrypter,
+		},
+	}, nil
+}
+
+func (oke *opaqueKeyEncrypter) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) {
+	return oke.encrypter.encryptKey(cek, alg)
+}
+
+// OpaqueKeyDecrypter is an interface that supports decrypting keys with an opaque key.
+type OpaqueKeyDecrypter interface {
+	DecryptKey(encryptedKey []byte, header Header) ([]byte, error)
+}
+
+type opaqueKeyDecrypter struct {
+	decrypter OpaqueKeyDecrypter
+}
+
+func (okd *opaqueKeyDecrypter) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
+	mergedHeaders := rawHeader{}
+	mergedHeaders.merge(&headers)
+	mergedHeaders.merge(recipient.header)
+
+	header, err := mergedHeaders.sanitized()
+	if err != nil {
+		return nil, err
+	}
+
+	return okd.decrypter.DecryptKey(recipient.encryptedKey, header)
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/shared.go b/vendor/github.com/go-jose/go-jose/v4/shared.go
new file mode 100644
index 0000000000..74d86e257b
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/shared.go
@@ -0,0 +1,532 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"crypto/elliptic"
+	"crypto/x509"
+	"encoding/base64"
+	"errors"
+	"fmt"
+
+	"github.com/go-jose/go-jose/v4/json"
+)
+
+// KeyAlgorithm represents a key management algorithm.
+type KeyAlgorithm string
+
+// SignatureAlgorithm represents a signature (or MAC) algorithm.
+type SignatureAlgorithm string
+
+// ContentEncryption represents a content encryption algorithm.
+type ContentEncryption string
+
+// CompressionAlgorithm represents an algorithm used for plaintext compression.
+type CompressionAlgorithm string
+
+// ContentType represents type of the contained data.
+type ContentType string
+
+var (
+	// ErrCryptoFailure represents an error in cryptographic primitive. This
+	// occurs when, for example, a message had an invalid authentication tag or
+	// could not be decrypted.
+	ErrCryptoFailure = errors.New("go-jose/go-jose: error in cryptographic primitive")
+
+	// ErrUnsupportedAlgorithm indicates that a selected algorithm is not
+	// supported. This occurs when trying to instantiate an encrypter for an
+	// algorithm that is not yet implemented.
+	ErrUnsupportedAlgorithm = errors.New("go-jose/go-jose: unknown/unsupported algorithm")
+
+	// ErrUnsupportedKeyType indicates that the given key type/format is not
+	// supported. This occurs when parsing a JWK with an unsupported key type (kty),
+	// or instantiating a signer or encrypter with an unsupported key type in Go
+	// (e.g. *dsa.PrivateKey), or a key type in Go that doesn't match the requested
+	// algorithm.
+	ErrUnsupportedKeyType = errors.New("go-jose/go-jose: unsupported key type/format")
+
+	// ErrInvalidKeySize indicates that the given key is not the correct size
+	// for the selected algorithm. This can occur, for example, when trying to
+	// encrypt with AES-256 but passing only a 128-bit key as input.
+	ErrInvalidKeySize = errors.New("go-jose/go-jose: invalid key size for algorithm")
+
+	// ErrNotSupported serialization of object is not supported. This occurs when
+	// trying to compact-serialize an object which can't be represented in
+	// compact form.
+	ErrNotSupported = errors.New("go-jose/go-jose: compact serialization not supported for object")
+
+	// ErrUnprotectedNonce indicates that while parsing a JWS or JWE object, a
+	// nonce header parameter was included in an unprotected header object.
+	ErrUnprotectedNonce = errors.New("go-jose/go-jose: Nonce parameter included in unprotected header")
+
+	// ErrMissingX5cHeader indicates that the JWT header is missing x5c headers.
+	ErrMissingX5cHeader = errors.New("go-jose/go-jose: no x5c header present in message")
+
+	// ErrUnsupportedEllipticCurve indicates unsupported or unknown elliptic curve has been found.
+	ErrUnsupportedEllipticCurve = errors.New("go-jose/go-jose: unsupported/unknown elliptic curve")
+)
+
+// Key management algorithms
+const (
+	ED25519            = KeyAlgorithm("ED25519")
+	RSA1_5             = KeyAlgorithm("RSA1_5")             // RSA-PKCS1v1.5
+	RSA_OAEP           = KeyAlgorithm("RSA-OAEP")           // RSA-OAEP-SHA1
+	RSA_OAEP_256       = KeyAlgorithm("RSA-OAEP-256")       // RSA-OAEP-SHA256
+	A128KW             = KeyAlgorithm("A128KW")             // AES key wrap (128)
+	A192KW             = KeyAlgorithm("A192KW")             // AES key wrap (192)
+	A256KW             = KeyAlgorithm("A256KW")             // AES key wrap (256)
+	DIRECT             = KeyAlgorithm("dir")                // Direct encryption
+	ECDH_ES            = KeyAlgorithm("ECDH-ES")            // ECDH-ES
+	ECDH_ES_A128KW     = KeyAlgorithm("ECDH-ES+A128KW")     // ECDH-ES + AES key wrap (128)
+	ECDH_ES_A192KW     = KeyAlgorithm("ECDH-ES+A192KW")     // ECDH-ES + AES key wrap (192)
+	ECDH_ES_A256KW     = KeyAlgorithm("ECDH-ES+A256KW")     // ECDH-ES + AES key wrap (256)
+	A128GCMKW          = KeyAlgorithm("A128GCMKW")          // AES-GCM key wrap (128)
+	A192GCMKW          = KeyAlgorithm("A192GCMKW")          // AES-GCM key wrap (192)
+	A256GCMKW          = KeyAlgorithm("A256GCMKW")          // AES-GCM key wrap (256)
+	PBES2_HS256_A128KW = KeyAlgorithm("PBES2-HS256+A128KW") // PBES2 + HMAC-SHA256 + AES key wrap (128)
+	PBES2_HS384_A192KW = KeyAlgorithm("PBES2-HS384+A192KW") // PBES2 + HMAC-SHA384 + AES key wrap (192)
+	PBES2_HS512_A256KW = KeyAlgorithm("PBES2-HS512+A256KW") // PBES2 + HMAC-SHA512 + AES key wrap (256)
+)
+
+// Signature algorithms
+const (
+	EdDSA = SignatureAlgorithm("EdDSA")
+	HS256 = SignatureAlgorithm("HS256") // HMAC using SHA-256
+	HS384 = SignatureAlgorithm("HS384") // HMAC using SHA-384
+	HS512 = SignatureAlgorithm("HS512") // HMAC using SHA-512
+	RS256 = SignatureAlgorithm("RS256") // RSASSA-PKCS-v1.5 using SHA-256
+	RS384 = SignatureAlgorithm("RS384") // RSASSA-PKCS-v1.5 using SHA-384
+	RS512 = SignatureAlgorithm("RS512") // RSASSA-PKCS-v1.5 using SHA-512
+	ES256 = SignatureAlgorithm("ES256") // ECDSA using P-256 and SHA-256
+	ES384 = SignatureAlgorithm("ES384") // ECDSA using P-384 and SHA-384
+	ES512 = SignatureAlgorithm("ES512") // ECDSA using P-521 and SHA-512
+	PS256 = SignatureAlgorithm("PS256") // RSASSA-PSS using SHA256 and MGF1-SHA256
+	PS384 = SignatureAlgorithm("PS384") // RSASSA-PSS using SHA384 and MGF1-SHA384
+	PS512 = SignatureAlgorithm("PS512") // RSASSA-PSS using SHA512 and MGF1-SHA512
+)
+
+// Content encryption algorithms
+const (
+	A128CBC_HS256 = ContentEncryption("A128CBC-HS256") // AES-CBC + HMAC-SHA256 (128)
+	A192CBC_HS384 = ContentEncryption("A192CBC-HS384") // AES-CBC + HMAC-SHA384 (192)
+	A256CBC_HS512 = ContentEncryption("A256CBC-HS512") // AES-CBC + HMAC-SHA512 (256)
+	A128GCM       = ContentEncryption("A128GCM")       // AES-GCM (128)
+	A192GCM       = ContentEncryption("A192GCM")       // AES-GCM (192)
+	A256GCM       = ContentEncryption("A256GCM")       // AES-GCM (256)
+)
+
+// Compression algorithms
+const (
+	NONE    = CompressionAlgorithm("")    // No compression
+	DEFLATE = CompressionAlgorithm("DEF") // DEFLATE (RFC 1951)
+)
+
+// A key in the protected header of a JWS object. Use of the Header...
+// constants is preferred to enhance type safety.
+type HeaderKey string
+
+const (
+	HeaderType        = "typ" // string
+	HeaderContentType = "cty" // string
+
+	// These are set by go-jose and shouldn't need to be set by consumers of the
+	// library.
+	headerAlgorithm   = "alg"  // string
+	headerEncryption  = "enc"  // ContentEncryption
+	headerCompression = "zip"  // CompressionAlgorithm
+	headerCritical    = "crit" // []string
+
+	headerAPU = "apu" // *byteBuffer
+	headerAPV = "apv" // *byteBuffer
+	headerEPK = "epk" // *JSONWebKey
+	headerIV  = "iv"  // *byteBuffer
+	headerTag = "tag" // *byteBuffer
+	headerX5c = "x5c" // []*x509.Certificate
+
+	headerJWK   = "jwk"   // *JSONWebKey
+	headerKeyID = "kid"   // string
+	headerNonce = "nonce" // string
+	headerB64   = "b64"   // bool
+
+	headerP2C = "p2c" // *byteBuffer (int)
+	headerP2S = "p2s" // *byteBuffer ([]byte)
+
+)
+
+// supportedCritical is the set of supported extensions that are understood and processed.
+var supportedCritical = map[string]bool{
+	headerB64: true,
+}
+
+// rawHeader represents the JOSE header for JWE/JWS objects (used for parsing).
+//
+// The decoding of the constituent items is deferred because we want to marshal
+// some members into particular structs rather than generic maps, but at the
+// same time we need to receive any extra fields unhandled by this library to
+// pass through to consuming code in case it wants to examine them.
+type rawHeader map[HeaderKey]*json.RawMessage
+
+// Header represents the read-only JOSE header for JWE/JWS objects.
+type Header struct {
+	KeyID      string
+	JSONWebKey *JSONWebKey
+	Algorithm  string
+	Nonce      string
+
+	// Unverified certificate chain parsed from x5c header.
+	certificates []*x509.Certificate
+
+	// At parse time, each header parameter with a name other than "kid",
+	// "jwk", "alg", "nonce", or "x5c"  will have its value passed to
+	// [json.Unmarshal] to unmarshal it into an interface value.
+	// The resulting value will be stored in this map, with the header
+	// parameter name as the key.
+	//
+	// [json.Unmarshal]: https://pkg.go.dev/encoding/json#Unmarshal
+	ExtraHeaders map[HeaderKey]interface{}
+}
+
+// Certificates verifies & returns the certificate chain present
+// in the x5c header field of a message, if one was present. Returns
+// an error if there was no x5c header present or the chain could
+// not be validated with the given verify options.
+func (h Header) Certificates(opts x509.VerifyOptions) ([][]*x509.Certificate, error) {
+	if len(h.certificates) == 0 {
+		return nil, ErrMissingX5cHeader
+	}
+
+	leaf := h.certificates[0]
+	if opts.Intermediates == nil {
+		opts.Intermediates = x509.NewCertPool()
+		for _, intermediate := range h.certificates[1:] {
+			opts.Intermediates.AddCert(intermediate)
+		}
+	}
+
+	return leaf.Verify(opts)
+}
+
+func (parsed rawHeader) set(k HeaderKey, v interface{}) error {
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
+	}
+
+	parsed[k] = makeRawMessage(b)
+	return nil
+}
+
+// getString gets a string from the raw JSON, defaulting to "".
+func (parsed rawHeader) getString(k HeaderKey) string {
+	v, ok := parsed[k]
+	if !ok || v == nil {
+		return ""
+	}
+	var s string
+	err := json.Unmarshal(*v, &s)
+	if err != nil {
+		return ""
+	}
+	return s
+}
+
+// getByteBuffer gets a byte buffer from the raw JSON. Returns (nil, nil) if
+// not specified.
+func (parsed rawHeader) getByteBuffer(k HeaderKey) (*byteBuffer, error) {
+	v := parsed[k]
+	if v == nil {
+		return nil, nil
+	}
+	var bb *byteBuffer
+	err := json.Unmarshal(*v, &bb)
+	if err != nil {
+		return nil, err
+	}
+	return bb, nil
+}
+
+// getAlgorithm extracts parsed "alg" from the raw JSON as a KeyAlgorithm.
+func (parsed rawHeader) getAlgorithm() KeyAlgorithm {
+	return KeyAlgorithm(parsed.getString(headerAlgorithm))
+}
+
+// getSignatureAlgorithm extracts parsed "alg" from the raw JSON as a SignatureAlgorithm.
+func (parsed rawHeader) getSignatureAlgorithm() SignatureAlgorithm {
+	return SignatureAlgorithm(parsed.getString(headerAlgorithm))
+}
+
+// getEncryption extracts parsed "enc" from the raw JSON.
+func (parsed rawHeader) getEncryption() ContentEncryption {
+	return ContentEncryption(parsed.getString(headerEncryption))
+}
+
+// getCompression extracts parsed "zip" from the raw JSON.
+func (parsed rawHeader) getCompression() CompressionAlgorithm {
+	return CompressionAlgorithm(parsed.getString(headerCompression))
+}
+
+func (parsed rawHeader) getNonce() string {
+	return parsed.getString(headerNonce)
+}
+
+// getEPK extracts parsed "epk" from the raw JSON.
+func (parsed rawHeader) getEPK() (*JSONWebKey, error) {
+	v := parsed[headerEPK]
+	if v == nil {
+		return nil, nil
+	}
+	var epk *JSONWebKey
+	err := json.Unmarshal(*v, &epk)
+	if err != nil {
+		return nil, err
+	}
+	return epk, nil
+}
+
+// getAPU extracts parsed "apu" from the raw JSON.
+func (parsed rawHeader) getAPU() (*byteBuffer, error) {
+	return parsed.getByteBuffer(headerAPU)
+}
+
+// getAPV extracts parsed "apv" from the raw JSON.
+func (parsed rawHeader) getAPV() (*byteBuffer, error) {
+	return parsed.getByteBuffer(headerAPV)
+}
+
+// getIV extracts parsed "iv" from the raw JSON.
+func (parsed rawHeader) getIV() (*byteBuffer, error) {
+	return parsed.getByteBuffer(headerIV)
+}
+
+// getTag extracts parsed "tag" from the raw JSON.
+func (parsed rawHeader) getTag() (*byteBuffer, error) {
+	return parsed.getByteBuffer(headerTag)
+}
+
+// getJWK extracts parsed "jwk" from the raw JSON.
+func (parsed rawHeader) getJWK() (*JSONWebKey, error) {
+	v := parsed[headerJWK]
+	if v == nil {
+		return nil, nil
+	}
+	var jwk *JSONWebKey
+	err := json.Unmarshal(*v, &jwk)
+	if err != nil {
+		return nil, err
+	}
+	return jwk, nil
+}
+
+// getCritical extracts parsed "crit" from the raw JSON. If omitted, it
+// returns an empty slice.
+func (parsed rawHeader) getCritical() ([]string, error) {
+	v := parsed[headerCritical]
+	if v == nil {
+		return nil, nil
+	}
+
+	var q []string
+	err := json.Unmarshal(*v, &q)
+	if err != nil {
+		return nil, err
+	}
+	return q, nil
+}
+
+// getS2C extracts parsed "p2c" from the raw JSON.
+func (parsed rawHeader) getP2C() (int, error) {
+	v := parsed[headerP2C]
+	if v == nil {
+		return 0, nil
+	}
+
+	var p2c int
+	err := json.Unmarshal(*v, &p2c)
+	if err != nil {
+		return 0, err
+	}
+	return p2c, nil
+}
+
+// getS2S extracts parsed "p2s" from the raw JSON.
+func (parsed rawHeader) getP2S() (*byteBuffer, error) {
+	return parsed.getByteBuffer(headerP2S)
+}
+
+// getB64 extracts parsed "b64" from the raw JSON, defaulting to true.
+func (parsed rawHeader) getB64() (bool, error) {
+	v := parsed[headerB64]
+	if v == nil {
+		return true, nil
+	}
+
+	var b64 bool
+	err := json.Unmarshal(*v, &b64)
+	if err != nil {
+		return true, err
+	}
+	return b64, nil
+}
+
+// sanitized produces a cleaned-up header object from the raw JSON.
+func (parsed rawHeader) sanitized() (h Header, err error) {
+	for k, v := range parsed {
+		if v == nil {
+			continue
+		}
+		switch k {
+		case headerJWK:
+			var jwk *JSONWebKey
+			err = json.Unmarshal(*v, &jwk)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal JWK: %v: %#v", err, string(*v))
+				return
+			}
+			h.JSONWebKey = jwk
+		case headerKeyID:
+			var s string
+			err = json.Unmarshal(*v, &s)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal key ID: %v: %#v", err, string(*v))
+				return
+			}
+			h.KeyID = s
+		case headerAlgorithm:
+			var s string
+			err = json.Unmarshal(*v, &s)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal algorithm: %v: %#v", err, string(*v))
+				return
+			}
+			h.Algorithm = s
+		case headerNonce:
+			var s string
+			err = json.Unmarshal(*v, &s)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal nonce: %v: %#v", err, string(*v))
+				return
+			}
+			h.Nonce = s
+		case headerX5c:
+			c := []string{}
+			err = json.Unmarshal(*v, &c)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal x5c header: %v: %#v", err, string(*v))
+				return
+			}
+			h.certificates, err = parseCertificateChain(c)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal x5c header: %v: %#v", err, string(*v))
+				return
+			}
+		default:
+			if h.ExtraHeaders == nil {
+				h.ExtraHeaders = map[HeaderKey]interface{}{}
+			}
+			var v2 interface{}
+			err = json.Unmarshal(*v, &v2)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal value: %v: %#v", err, string(*v))
+				return
+			}
+			h.ExtraHeaders[k] = v2
+		}
+	}
+	return
+}
+
+func parseCertificateChain(chain []string) ([]*x509.Certificate, error) {
+	out := make([]*x509.Certificate, len(chain))
+	for i, cert := range chain {
+		raw, err := base64.StdEncoding.DecodeString(cert)
+		if err != nil {
+			return nil, err
+		}
+		out[i], err = x509.ParseCertificate(raw)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return out, nil
+}
+
+func (parsed rawHeader) isSet(k HeaderKey) bool {
+	dvr := parsed[k]
+	if dvr == nil {
+		return false
+	}
+
+	var dv interface{}
+	err := json.Unmarshal(*dvr, &dv)
+	if err != nil {
+		return true
+	}
+
+	if dvStr, ok := dv.(string); ok {
+		return dvStr != ""
+	}
+
+	return true
+}
+
+// Merge headers from src into dst, giving precedence to headers from l.
+func (parsed rawHeader) merge(src *rawHeader) {
+	if src == nil {
+		return
+	}
+
+	for k, v := range *src {
+		if parsed.isSet(k) {
+			continue
+		}
+
+		parsed[k] = v
+	}
+}
+
+// Get JOSE name of curve
+func curveName(crv elliptic.Curve) (string, error) {
+	switch crv {
+	case elliptic.P256():
+		return "P-256", nil
+	case elliptic.P384():
+		return "P-384", nil
+	case elliptic.P521():
+		return "P-521", nil
+	default:
+		return "", ErrUnsupportedEllipticCurve
+	}
+}
+
+// Get size of curve in bytes
+func curveSize(crv elliptic.Curve) int {
+	bits := crv.Params().BitSize
+
+	div := bits / 8
+	mod := bits % 8
+
+	if mod == 0 {
+		return div
+	}
+
+	return div + 1
+}
+
+func makeRawMessage(b []byte) *json.RawMessage {
+	rm := json.RawMessage(b)
+	return &rm
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/signing.go b/vendor/github.com/go-jose/go-jose/v4/signing.go
new file mode 100644
index 0000000000..3dec0112b6
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/signing.go
@@ -0,0 +1,505 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"bytes"
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/rsa"
+	"encoding/base64"
+	"errors"
+	"fmt"
+
+	"github.com/go-jose/go-jose/v4/json"
+)
+
+// NonceSource represents a source of random nonces to go into JWS objects
+type NonceSource interface {
+	Nonce() (string, error)
+}
+
+// Signer represents a signer which takes a payload and produces a signed JWS object.
+type Signer interface {
+	Sign(payload []byte) (*JSONWebSignature, error)
+	Options() SignerOptions
+}
+
+// SigningKey represents an algorithm/key used to sign a message.
+//
+// Key must have one of these types:
+//   - ed25519.PrivateKey
+//   - *ecdsa.PrivateKey
+//   - *rsa.PrivateKey
+//   - *JSONWebKey
+//   - JSONWebKey
+//   - []byte (an HMAC key)
+//   - Any type that satisfies the OpaqueSigner interface
+//
+// If the key is an HMAC key, it must have at least as many bytes as the relevant hash output:
+//   - HS256: 32 bytes
+//   - HS384: 48 bytes
+//   - HS512: 64 bytes
+type SigningKey struct {
+	Algorithm SignatureAlgorithm
+	Key       interface{}
+}
+
+// SignerOptions represents options that can be set when creating signers.
+type SignerOptions struct {
+	NonceSource NonceSource
+	EmbedJWK    bool
+
+	// Optional map of additional keys to be inserted into the protected header
+	// of a JWS object. Some specifications which make use of JWS like to insert
+	// additional values here.
+	//
+	// Values will be serialized by [json.Marshal] and must be valid inputs to
+	// that function.
+	//
+	// [json.Marshal]: https://pkg.go.dev/encoding/json#Marshal
+	ExtraHeaders map[HeaderKey]interface{}
+}
+
+// WithHeader adds an arbitrary value to the ExtraHeaders map, initializing it
+// if necessary, and returns the updated SignerOptions.
+//
+// The v argument will be serialized by [json.Marshal] and must be a valid
+// input to that function.
+//
+// [json.Marshal]: https://pkg.go.dev/encoding/json#Marshal
+func (so *SignerOptions) WithHeader(k HeaderKey, v interface{}) *SignerOptions {
+	if so.ExtraHeaders == nil {
+		so.ExtraHeaders = map[HeaderKey]interface{}{}
+	}
+	so.ExtraHeaders[k] = v
+	return so
+}
+
+// WithContentType adds a content type ("cty") header and returns the updated
+// SignerOptions.
+func (so *SignerOptions) WithContentType(contentType ContentType) *SignerOptions {
+	return so.WithHeader(HeaderContentType, contentType)
+}
+
+// WithType adds a type ("typ") header and returns the updated SignerOptions.
+func (so *SignerOptions) WithType(typ ContentType) *SignerOptions {
+	return so.WithHeader(HeaderType, typ)
+}
+
+// WithCritical adds the given names to the critical ("crit") header and returns
+// the updated SignerOptions.
+func (so *SignerOptions) WithCritical(names ...string) *SignerOptions {
+	if so.ExtraHeaders[headerCritical] == nil {
+		so.WithHeader(headerCritical, make([]string, 0, len(names)))
+	}
+	crit := so.ExtraHeaders[headerCritical].([]string)
+	so.ExtraHeaders[headerCritical] = append(crit, names...)
+	return so
+}
+
+// WithBase64 adds a base64url-encode payload ("b64") header and returns the updated
+// SignerOptions. When the "b64" value is "false", the payload is not base64 encoded.
+func (so *SignerOptions) WithBase64(b64 bool) *SignerOptions {
+	if !b64 {
+		so.WithHeader(headerB64, b64)
+		so.WithCritical(headerB64)
+	}
+	return so
+}
+
+type payloadSigner interface {
+	signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error)
+}
+
+type payloadVerifier interface {
+	verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error
+}
+
+type genericSigner struct {
+	recipients   []recipientSigInfo
+	nonceSource  NonceSource
+	embedJWK     bool
+	extraHeaders map[HeaderKey]interface{}
+}
+
+type recipientSigInfo struct {
+	sigAlg    SignatureAlgorithm
+	publicKey func() *JSONWebKey
+	signer    payloadSigner
+}
+
+func staticPublicKey(jwk *JSONWebKey) func() *JSONWebKey {
+	return func() *JSONWebKey {
+		return jwk
+	}
+}
+
+// NewSigner creates an appropriate signer based on the key type
+func NewSigner(sig SigningKey, opts *SignerOptions) (Signer, error) {
+	return NewMultiSigner([]SigningKey{sig}, opts)
+}
+
+// NewMultiSigner creates a signer for multiple recipients
+func NewMultiSigner(sigs []SigningKey, opts *SignerOptions) (Signer, error) {
+	signer := &genericSigner{recipients: []recipientSigInfo{}}
+
+	if opts != nil {
+		signer.nonceSource = opts.NonceSource
+		signer.embedJWK = opts.EmbedJWK
+		signer.extraHeaders = opts.ExtraHeaders
+	}
+
+	for _, sig := range sigs {
+		err := signer.addRecipient(sig.Algorithm, sig.Key)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return signer, nil
+}
+
+// newVerifier creates a verifier based on the key type
+func newVerifier(verificationKey interface{}) (payloadVerifier, error) {
+	switch verificationKey := verificationKey.(type) {
+	case ed25519.PublicKey:
+		return &edEncrypterVerifier{
+			publicKey: verificationKey,
+		}, nil
+	case *rsa.PublicKey:
+		return &rsaEncrypterVerifier{
+			publicKey: verificationKey,
+		}, nil
+	case *ecdsa.PublicKey:
+		return &ecEncrypterVerifier{
+			publicKey: verificationKey,
+		}, nil
+	case []byte:
+		return &symmetricMac{
+			key: verificationKey,
+		}, nil
+	case JSONWebKey:
+		return newVerifier(verificationKey.Key)
+	case *JSONWebKey:
+		return newVerifier(verificationKey.Key)
+	case OpaqueVerifier:
+		return &opaqueVerifier{verifier: verificationKey}, nil
+	default:
+		return nil, ErrUnsupportedKeyType
+	}
+}
+
+func (ctx *genericSigner) addRecipient(alg SignatureAlgorithm, signingKey interface{}) error {
+	recipient, err := makeJWSRecipient(alg, signingKey)
+	if err != nil {
+		return err
+	}
+
+	ctx.recipients = append(ctx.recipients, recipient)
+	return nil
+}
+
+func makeJWSRecipient(alg SignatureAlgorithm, signingKey interface{}) (recipientSigInfo, error) {
+	switch signingKey := signingKey.(type) {
+	case ed25519.PrivateKey:
+		return newEd25519Signer(alg, signingKey)
+	case *rsa.PrivateKey:
+		return newRSASigner(alg, signingKey)
+	case *ecdsa.PrivateKey:
+		return newECDSASigner(alg, signingKey)
+	case []byte:
+		return newSymmetricSigner(alg, signingKey)
+	case JSONWebKey:
+		return newJWKSigner(alg, signingKey)
+	case *JSONWebKey:
+		return newJWKSigner(alg, *signingKey)
+	case OpaqueSigner:
+		return newOpaqueSigner(alg, signingKey)
+	default:
+		return recipientSigInfo{}, ErrUnsupportedKeyType
+	}
+}
+
+func newJWKSigner(alg SignatureAlgorithm, signingKey JSONWebKey) (recipientSigInfo, error) {
+	recipient, err := makeJWSRecipient(alg, signingKey.Key)
+	if err != nil {
+		return recipientSigInfo{}, err
+	}
+	if recipient.publicKey != nil && recipient.publicKey() != nil {
+		// recipient.publicKey is a JWK synthesized for embedding when recipientSigInfo
+		// was created for the inner key (such as a RSA or ECDSA public key). It contains
+		// the pub key for embedding, but doesn't have extra params like key id.
+		publicKey := signingKey
+		publicKey.Key = recipient.publicKey().Key
+		recipient.publicKey = staticPublicKey(&publicKey)
+
+		// This should be impossible, but let's check anyway.
+		if !recipient.publicKey().IsPublic() {
+			return recipientSigInfo{}, errors.New("go-jose/go-jose: public key was unexpectedly not public")
+		}
+	}
+	return recipient, nil
+}
+
+func (ctx *genericSigner) Sign(payload []byte) (*JSONWebSignature, error) {
+	obj := &JSONWebSignature{}
+	obj.payload = payload
+	obj.Signatures = make([]Signature, len(ctx.recipients))
+
+	for i, recipient := range ctx.recipients {
+		protected := map[HeaderKey]interface{}{
+			headerAlgorithm: string(recipient.sigAlg),
+		}
+
+		if recipient.publicKey != nil && recipient.publicKey() != nil {
+			// We want to embed the JWK or set the kid header, but not both. Having a protected
+			// header that contains an embedded JWK while also simultaneously containing the kid
+			// header is confusing, and at least in ACME the two are considered to be mutually
+			// exclusive. The fact that both can exist at the same time is a somewhat unfortunate
+			// result of the JOSE spec. We've decided that this library will only include one or
+			// the other to avoid this confusion.
+			//
+			// See https://github.com/go-jose/go-jose/issues/157 for more context.
+			if ctx.embedJWK {
+				protected[headerJWK] = recipient.publicKey()
+			} else {
+				keyID := recipient.publicKey().KeyID
+				if keyID != "" {
+					protected[headerKeyID] = keyID
+				}
+			}
+		}
+
+		if ctx.nonceSource != nil {
+			nonce, err := ctx.nonceSource.Nonce()
+			if err != nil {
+				return nil, fmt.Errorf("go-jose/go-jose: Error generating nonce: %v", err)
+			}
+			protected[headerNonce] = nonce
+		}
+
+		for k, v := range ctx.extraHeaders {
+			protected[k] = v
+		}
+
+		serializedProtected := mustSerializeJSON(protected)
+		needsBase64 := true
+
+		if b64, ok := protected[headerB64]; ok {
+			if needsBase64, ok = b64.(bool); !ok {
+				return nil, errors.New("go-jose/go-jose: Invalid b64 header parameter")
+			}
+		}
+
+		var input bytes.Buffer
+
+		input.WriteString(base64.RawURLEncoding.EncodeToString(serializedProtected))
+		input.WriteByte('.')
+
+		if needsBase64 {
+			input.WriteString(base64.RawURLEncoding.EncodeToString(payload))
+		} else {
+			input.Write(payload)
+		}
+
+		signatureInfo, err := recipient.signer.signPayload(input.Bytes(), recipient.sigAlg)
+		if err != nil {
+			return nil, err
+		}
+
+		signatureInfo.protected = &rawHeader{}
+		for k, v := range protected {
+			b, err := json.Marshal(v)
+			if err != nil {
+				return nil, fmt.Errorf("go-jose/go-jose: Error marshalling item %#v: %v", k, err)
+			}
+			(*signatureInfo.protected)[k] = makeRawMessage(b)
+		}
+		obj.Signatures[i] = signatureInfo
+	}
+
+	return obj, nil
+}
+
+func (ctx *genericSigner) Options() SignerOptions {
+	return SignerOptions{
+		NonceSource:  ctx.nonceSource,
+		EmbedJWK:     ctx.embedJWK,
+		ExtraHeaders: ctx.extraHeaders,
+	}
+}
+
+// Verify validates the signature on the object and returns the payload.
+// This function does not support multi-signature. If you desire multi-signature
+// verification use VerifyMulti instead.
+//
+// Be careful when verifying signatures based on embedded JWKs inside the
+// payload header. You cannot assume that the key received in a payload is
+// trusted.
+//
+// The verificationKey argument must have one of these types:
+//   - ed25519.PublicKey
+//   - *ecdsa.PublicKey
+//   - *rsa.PublicKey
+//   - *JSONWebKey
+//   - JSONWebKey
+//   - *JSONWebKeySet
+//   - JSONWebKeySet
+//   - []byte (an HMAC key)
+//   - Any type that implements the OpaqueVerifier interface.
+//
+// If the key is an HMAC key, it must have at least as many bytes as the relevant hash output:
+//   - HS256: 32 bytes
+//   - HS384: 48 bytes
+//   - HS512: 64 bytes
+func (obj JSONWebSignature) Verify(verificationKey interface{}) ([]byte, error) {
+	err := obj.DetachedVerify(obj.payload, verificationKey)
+	if err != nil {
+		return nil, err
+	}
+	return obj.payload, nil
+}
+
+// UnsafePayloadWithoutVerification returns the payload without
+// verifying it. The content returned from this function cannot be
+// trusted.
+func (obj JSONWebSignature) UnsafePayloadWithoutVerification() []byte {
+	return obj.payload
+}
+
+// DetachedVerify validates a detached signature on the given payload. In
+// most cases, you will probably want to use Verify instead. DetachedVerify
+// is only useful if you have a payload and signature that are separated from
+// each other.
+//
+// The verificationKey argument must have one of the types allowed for the
+// verificationKey argument of JSONWebSignature.Verify().
+func (obj JSONWebSignature) DetachedVerify(payload []byte, verificationKey interface{}) error {
+	key, err := tryJWKS(verificationKey, obj.headers()...)
+	if err != nil {
+		return err
+	}
+	verifier, err := newVerifier(key)
+	if err != nil {
+		return err
+	}
+
+	if len(obj.Signatures) > 1 {
+		return errors.New("go-jose/go-jose: too many signatures in payload; expecting only one")
+	}
+
+	signature := obj.Signatures[0]
+	headers := signature.mergedHeaders()
+	critical, err := headers.getCritical()
+	if err != nil {
+		return err
+	}
+
+	for _, name := range critical {
+		if !supportedCritical[name] {
+			return ErrCryptoFailure
+		}
+	}
+
+	input, err := obj.computeAuthData(payload, &signature)
+	if err != nil {
+		return ErrCryptoFailure
+	}
+
+	alg := headers.getSignatureAlgorithm()
+	err = verifier.verifyPayload(input, signature.Signature, alg)
+	if err == nil {
+		return nil
+	}
+
+	return ErrCryptoFailure
+}
+
+// VerifyMulti validates (one of the multiple) signatures on the object and
+// returns the index of the signature that was verified, along with the signature
+// object and the payload. We return the signature and index to guarantee that
+// callers are getting the verified value.
+//
+// The verificationKey argument must have one of the types allowed for the
+// verificationKey argument of JSONWebSignature.Verify().
+func (obj JSONWebSignature) VerifyMulti(verificationKey interface{}) (int, Signature, []byte, error) {
+	idx, sig, err := obj.DetachedVerifyMulti(obj.payload, verificationKey)
+	if err != nil {
+		return -1, Signature{}, nil, err
+	}
+	return idx, sig, obj.payload, nil
+}
+
+// DetachedVerifyMulti validates a detached signature on the given payload with
+// a signature/object that has potentially multiple signers. This returns the index
+// of the signature that was verified, along with the signature object. We return
+// the signature and index to guarantee that callers are getting the verified value.
+//
+// In most cases, you will probably want to use Verify or VerifyMulti instead.
+// DetachedVerifyMulti is only useful if you have a payload and signature that are
+// separated from each other, and the signature can have multiple signers at the
+// same time.
+//
+// The verificationKey argument must have one of the types allowed for the
+// verificationKey argument of JSONWebSignature.Verify().
+func (obj JSONWebSignature) DetachedVerifyMulti(payload []byte, verificationKey interface{}) (int, Signature, error) {
+	key, err := tryJWKS(verificationKey, obj.headers()...)
+	if err != nil {
+		return -1, Signature{}, err
+	}
+	verifier, err := newVerifier(key)
+	if err != nil {
+		return -1, Signature{}, err
+	}
+
+outer:
+	for i, signature := range obj.Signatures {
+		headers := signature.mergedHeaders()
+		critical, err := headers.getCritical()
+		if err != nil {
+			continue
+		}
+
+		for _, name := range critical {
+			if !supportedCritical[name] {
+				continue outer
+			}
+		}
+
+		input, err := obj.computeAuthData(payload, &signature)
+		if err != nil {
+			continue
+		}
+
+		alg := headers.getSignatureAlgorithm()
+		err = verifier.verifyPayload(input, signature.Signature, alg)
+		if err == nil {
+			return i, signature, nil
+		}
+	}
+
+	return -1, Signature{}, ErrCryptoFailure
+}
+
+func (obj JSONWebSignature) headers() []Header {
+	headers := make([]Header, len(obj.Signatures))
+	for i, sig := range obj.Signatures {
+		headers[i] = sig.Header
+	}
+	return headers
+}
diff --git a/vendor/github.com/go-jose/go-jose/v4/symmetric.go b/vendor/github.com/go-jose/go-jose/v4/symmetric.go
new file mode 100644
index 0000000000..a69103b084
--- /dev/null
+++ b/vendor/github.com/go-jose/go-jose/v4/symmetric.go
@@ -0,0 +1,517 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/rand"
+	"crypto/sha256"
+	"crypto/sha512"
+	"crypto/subtle"
+	"errors"
+	"fmt"
+	"hash"
+	"io"
+
+	"golang.org/x/crypto/pbkdf2"
+
+	josecipher "github.com/go-jose/go-jose/v4/cipher"
+)
+
+// RandReader is a cryptographically secure random number generator (stubbed out in tests).
+var RandReader = rand.Reader
+
+const (
+	// RFC7518 recommends a minimum of 1,000 iterations:
+	// 	- https://tools.ietf.org/html/rfc7518#section-4.8.1.2
+	//
+	// NIST recommends a minimum of 10,000:
+	// 	- https://pages.nist.gov/800-63-3/sp800-63b.html
+	//
+	// 1Password increased in 2023 from 100,000 to 650,000:
+	//  - https://support.1password.com/pbkdf2/
+	//
+	// OWASP recommended 600,000 in Dec 2022:
+	//	- https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
+	defaultP2C = 600000
+	// Default salt size: 128 bits
+	defaultP2SSize = 16
+)
+
+// Dummy key cipher for shared symmetric key mode
+type symmetricKeyCipher struct {
+	key []byte // Pre-shared content-encryption key
+	p2c int    // PBES2 Count
+	p2s []byte // PBES2 Salt Input
+}
+
+// Signer/verifier for MAC modes
+type symmetricMac struct {
+	key []byte
+}
+
+// Input/output from an AEAD operation
+type aeadParts struct {
+	iv, ciphertext, tag []byte
+}
+
+// A content cipher based on an AEAD construction
+type aeadContentCipher struct {
+	keyBytes     int
+	authtagBytes int
+	getAead      func(key []byte) (cipher.AEAD, error)
+}
+
+// Random key generator
+type randomKeyGenerator struct {
+	size int
+}
+
+// Static key generator
+type staticKeyGenerator struct {
+	key []byte
+}
+
+// Create a new content cipher based on AES-GCM
+func newAESGCM(keySize int) contentCipher {
+	return &aeadContentCipher{
+		keyBytes:     keySize,
+		authtagBytes: 16,
+		getAead: func(key []byte) (cipher.AEAD, error) {
+			aes, err := aes.NewCipher(key)
+			if err != nil {
+				return nil, err
+			}
+
+			return cipher.NewGCM(aes)
+		},
+	}
+}
+
+// Create a new content cipher based on AES-CBC+HMAC
+func newAESCBC(keySize int) contentCipher {
+	return &aeadContentCipher{
+		keyBytes:     keySize * 2,
+		authtagBytes: keySize,
+		getAead: func(key []byte) (cipher.AEAD, error) {
+			return josecipher.NewCBCHMAC(key, aes.NewCipher)
+		},
+	}
+}
+
+// Get an AEAD cipher object for the given content encryption algorithm
+func getContentCipher(alg ContentEncryption) contentCipher {
+	switch alg {
+	case A128GCM:
+		return newAESGCM(16)
+	case A192GCM:
+		return newAESGCM(24)
+	case A256GCM:
+		return newAESGCM(32)
+	case A128CBC_HS256:
+		return newAESCBC(16)
+	case A192CBC_HS384:
+		return newAESCBC(24)
+	case A256CBC_HS512:
+		return newAESCBC(32)
+	default:
+		return nil
+	}
+}
+
+// getPbkdf2Params returns the key length and hash function used in
+// pbkdf2.Key.
+func getPbkdf2Params(alg KeyAlgorithm) (int, func() hash.Hash) {
+	switch alg {
+	case PBES2_HS256_A128KW:
+		return 16, sha256.New
+	case PBES2_HS384_A192KW:
+		return 24, sha512.New384
+	case PBES2_HS512_A256KW:
+		return 32, sha512.New
+	default:
+		panic("invalid algorithm")
+	}
+}
+
+// getRandomSalt generates a new salt of the given size.
+func getRandomSalt(size int) ([]byte, error) {
+	salt := make([]byte, size)
+	_, err := io.ReadFull(RandReader, salt)
+	if err != nil {
+		return nil, err
+	}
+
+	return salt, nil
+}
+
+// newSymmetricRecipient creates a JWE encrypter based on AES-GCM key wrap.
+func newSymmetricRecipient(keyAlg KeyAlgorithm, key []byte) (recipientKeyInfo, error) {
+	switch keyAlg {
+	case DIRECT, A128GCMKW, A192GCMKW, A256GCMKW, A128KW, A192KW, A256KW:
+	case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW:
+	default:
+		return recipientKeyInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	return recipientKeyInfo{
+		keyAlg: keyAlg,
+		keyEncrypter: &symmetricKeyCipher{
+			key: key,
+		},
+	}, nil
+}
+
+// newSymmetricSigner creates a recipientSigInfo based on the given key.
+func newSymmetricSigner(sigAlg SignatureAlgorithm, key []byte) (recipientSigInfo, error) {
+	// Verify that key management algorithm is supported by this encrypter
+	switch sigAlg {
+	case HS256, HS384, HS512:
+	default:
+		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	return recipientSigInfo{
+		sigAlg: sigAlg,
+		signer: &symmetricMac{
+			key: key,
+		},
+	}, nil
+}
+
+// Generate a random key for the given content cipher
+func (ctx randomKeyGenerator) genKey() ([]byte, rawHeader, error) {
+	key := make([]byte, ctx.size)
+	_, err := io.ReadFull(RandReader, key)
+	if err != nil {
+		return nil, rawHeader{}, err
+	}
+
+	return key, rawHeader{}, nil
+}
+
+// Key size for random generator
+func (ctx randomKeyGenerator) keySize() int {
+	return ctx.size
+}
+
+// Generate a static key (for direct mode)
+func (ctx staticKeyGenerator) genKey() ([]byte, rawHeader, error) {
+	cek := make([]byte, len(ctx.key))
+	copy(cek, ctx.key)
+	return cek, rawHeader{}, nil
+}
+
+// Key size for static generator
+func (ctx staticKeyGenerator) keySize() int {
+	return len(ctx.key)
+}
+
+// Get key size for this cipher
+func (ctx aeadContentCipher) keySize() int {
+	return ctx.keyBytes
+}
+
+// Encrypt some data
+func (ctx aeadContentCipher) encrypt(key, aad, pt []byte) (*aeadParts, error) {
+	// Get a new AEAD instance
+	aead, err := ctx.getAead(key)
+	if err != nil {
+		return nil, err
+	}
+
+	// Initialize a new nonce
+	iv := make([]byte, aead.NonceSize())
+	_, err = io.ReadFull(RandReader, iv)
+	if err != nil {
+		return nil, err
+	}
+
+	ciphertextAndTag := aead.Seal(nil, iv, pt, aad)
+	offset := len(ciphertextAndTag) - ctx.authtagBytes
+
+	return &aeadParts{
+		iv:         iv,
+		ciphertext: ciphertextAndTag[:offset],
+		tag:        ciphertextAndTag[offset:],
+	}, nil
+}
+
+// Decrypt some data
+func (ctx aeadContentCipher) decrypt(key, aad []byte, parts *aeadParts) ([]byte, error) {
+	aead, err := ctx.getAead(key)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(parts.iv) != aead.NonceSize() || len(parts.tag) < ctx.authtagBytes {
+		return nil, ErrCryptoFailure
+	}
+
+	return aead.Open(nil, parts.iv, append(parts.ciphertext, parts.tag...), aad)
+}
+
+// Encrypt the content encryption key.
+func (ctx *symmetricKeyCipher) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) {
+	switch alg {
+	case DIRECT:
+		return recipientInfo{
+			header: &rawHeader{},
+		}, nil
+	case A128GCMKW, A192GCMKW, A256GCMKW:
+		aead := newAESGCM(len(ctx.key))
+
+		parts, err := aead.encrypt(ctx.key, []byte{}, cek)
+		if err != nil {
+			return recipientInfo{}, err
+		}
+
+		header := &rawHeader{}
+
+		if err = header.set(headerIV, newBuffer(parts.iv)); err != nil {
+			return recipientInfo{}, err
+		}
+
+		if err = header.set(headerTag, newBuffer(parts.tag)); err != nil {
+			return recipientInfo{}, err
+		}
+
+		return recipientInfo{
+			header:       header,
+			encryptedKey: parts.ciphertext,
+		}, nil
+	case A128KW, A192KW, A256KW:
+		block, err := aes.NewCipher(ctx.key)
+		if err != nil {
+			return recipientInfo{}, err
+		}
+
+		jek, err := josecipher.KeyWrap(block, cek)
+		if err != nil {
+			return recipientInfo{}, err
+		}
+
+		return recipientInfo{
+			encryptedKey: jek,
+			header:       &rawHeader{},
+		}, nil
+	case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW:
+		if len(ctx.p2s) == 0 {
+			salt, err := getRandomSalt(defaultP2SSize)
+			if err != nil {
+				return recipientInfo{}, err
+			}
+			ctx.p2s = salt
+		}
+
+		if ctx.p2c <= 0 {
+			ctx.p2c = defaultP2C
+		}
+
+		// salt is UTF8(Alg) || 0x00 || Salt Input
+		salt := bytes.Join([][]byte{[]byte(alg), ctx.p2s}, []byte{0x00})
+
+		// derive key
+		keyLen, h := getPbkdf2Params(alg)
+		key := pbkdf2.Key(ctx.key, salt, ctx.p2c, keyLen, h)
+
+		// use AES cipher with derived key
+		block, err := aes.NewCipher(key)
+		if err != nil {
+			return recipientInfo{}, err
+		}
+
+		jek, err := josecipher.KeyWrap(block, cek)
+		if err != nil {
+			return recipientInfo{}, err
+		}
+
+		header := &rawHeader{}
+
+		if err = header.set(headerP2C, ctx.p2c); err != nil {
+			return recipientInfo{}, err
+		}
+
+		if err = header.set(headerP2S, newBuffer(ctx.p2s)); err != nil {
+			return recipientInfo{}, err
+		}
+
+		return recipientInfo{
+			encryptedKey: jek,
+			header:       header,
+		}, nil
+	}
+
+	return recipientInfo{}, ErrUnsupportedAlgorithm
+}
+
+// Decrypt the content encryption key.
+func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
+	switch headers.getAlgorithm() {
+	case DIRECT:
+		cek := make([]byte, len(ctx.key))
+		copy(cek, ctx.key)
+		return cek, nil
+	case A128GCMKW, A192GCMKW, A256GCMKW:
+		aead := newAESGCM(len(ctx.key))
+
+		iv, err := headers.getIV()
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid IV: %v", err)
+		}
+		tag, err := headers.getTag()
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid tag: %v", err)
+		}
+
+		parts := &aeadParts{
+			iv:         iv.bytes(),
+			ciphertext: recipient.encryptedKey,
+			tag:        tag.bytes(),
+		}
+
+		cek, err := aead.decrypt(ctx.key, []byte{}, parts)
+		if err != nil {
+			return nil, err
+		}
+
+		return cek, nil
+	case A128KW, A192KW, A256KW:
+		block, err := aes.NewCipher(ctx.key)
+		if err != nil {
+			return nil, err
+		}
+
+		cek, err := josecipher.KeyUnwrap(block, recipient.encryptedKey)
+		if err != nil {
+			return nil, err
+		}
+		return cek, nil
+	case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW:
+		p2s, err := headers.getP2S()
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid P2S: %v", err)
+		}
+		if p2s == nil || len(p2s.data) == 0 {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid P2S: must be present")
+		}
+
+		p2c, err := headers.getP2C()
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid P2C: %v", err)
+		}
+		if p2c <= 0 {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid P2C: must be a positive integer")
+		}
+		if p2c > 1000000 {
+			// An unauthenticated attacker can set a high P2C value. Set an upper limit to avoid
+			// DoS attacks.
+			return nil, fmt.Errorf("go-jose/go-jose: invalid P2C: too high")
+		}
+
+		// salt is UTF8(Alg) || 0x00 || Salt Input
+		alg := headers.getAlgorithm()
+		salt := bytes.Join([][]byte{[]byte(alg), p2s.bytes()}, []byte{0x00})
+
+		// derive key
+		keyLen, h := getPbkdf2Params(alg)
+		key := pbkdf2.Key(ctx.key, salt, p2c, keyLen, h)
+
+		// use AES cipher with derived key
+		block, err := aes.NewCipher(key)
+		if err != nil {
+			return nil, err
+		}
+
+		cek, err := josecipher.KeyUnwrap(block, recipient.encryptedKey)
+		if err != nil {
+			return nil, err
+		}
+		return cek, nil
+	}
+
+	return nil, ErrUnsupportedAlgorithm
+}
+
+// Sign the given payload
+func (ctx symmetricMac) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+	mac, err := ctx.hmac(payload, alg)
+	if err != nil {
+		return Signature{}, err
+	}
+
+	return Signature{
+		Signature: mac,
+		protected: &rawHeader{},
+	}, nil
+}
+
+// Verify the given payload
+func (ctx symmetricMac) verifyPayload(payload []byte, mac []byte, alg SignatureAlgorithm) error {
+	expected, err := ctx.hmac(payload, alg)
+	if err != nil {
+		return errors.New("go-jose/go-jose: failed to compute hmac")
+	}
+
+	if len(mac) != len(expected) {
+		return errors.New("go-jose/go-jose: invalid hmac")
+	}
+
+	match := subtle.ConstantTimeCompare(mac, expected)
+	if match != 1 {
+		return errors.New("go-jose/go-jose: invalid hmac")
+	}
+
+	return nil
+}
+
+// Compute the HMAC based on the given alg value
+func (ctx symmetricMac) hmac(payload []byte, alg SignatureAlgorithm) ([]byte, error) {
+	var hash func() hash.Hash
+
+	// https://datatracker.ietf.org/doc/html/rfc7518#section-3.2
+	// A key of the same size as the hash output (for instance, 256 bits for
+	// "HS256") or larger MUST be used
+	switch alg {
+	case HS256:
+		if len(ctx.key)*8 < 256 {
+			return nil, ErrInvalidKeySize
+		}
+		hash = sha256.New
+	case HS384:
+		if len(ctx.key)*8 < 384 {
+			return nil, ErrInvalidKeySize
+		}
+		hash = sha512.New384
+	case HS512:
+		if len(ctx.key)*8 < 512 {
+			return nil, ErrInvalidKeySize
+		}
+		hash = sha512.New
+	default:
+		return nil, ErrUnsupportedAlgorithm
+	}
+
+	hmac := hmac.New(hash, ctx.key)
+
+	// According to documentation, Write() on hash never fails
+	_, _ = hmac.Write(payload)
+	return hmac.Sum(nil), nil
+}
diff --git a/vendor/github.com/golang/protobuf/jsonpb/decode.go b/vendor/github.com/golang/protobuf/jsonpb/decode.go
index 6c16c255ff..c6f66f1039 100644
--- a/vendor/github.com/golang/protobuf/jsonpb/decode.go
+++ b/vendor/github.com/golang/protobuf/jsonpb/decode.go
@@ -56,6 +56,7 @@ type Unmarshaler struct {
 // implement JSONPBMarshaler so that the custom format can be produced.
 //
 // The JSON unmarshaling must follow the JSON to proto specification:
+//
 //	https://developers.google.com/protocol-buffers/docs/proto3#json
 //
 // Deprecated: Custom types should implement protobuf reflection instead.
diff --git a/vendor/github.com/golang/protobuf/jsonpb/encode.go b/vendor/github.com/golang/protobuf/jsonpb/encode.go
index 685c80a62b..e9438a93f3 100644
--- a/vendor/github.com/golang/protobuf/jsonpb/encode.go
+++ b/vendor/github.com/golang/protobuf/jsonpb/encode.go
@@ -55,6 +55,7 @@ type Marshaler struct {
 // implement JSONPBUnmarshaler so that the custom format can be parsed.
 //
 // The JSON marshaling must follow the proto to JSON specification:
+//
 //	https://developers.google.com/protocol-buffers/docs/proto3#json
 //
 // Deprecated: Custom types should implement protobuf reflection instead.
diff --git a/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.pb.go b/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.pb.go
index 63dc057851..a5a138613a 100644
--- a/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.pb.go
+++ b/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.pb.go
@@ -12,6 +12,31 @@ import (
 
 // Symbols defined in public import of google/protobuf/descriptor.proto.
 
+type Edition = descriptorpb.Edition
+
+const Edition_EDITION_UNKNOWN = descriptorpb.Edition_EDITION_UNKNOWN
+const Edition_EDITION_PROTO2 = descriptorpb.Edition_EDITION_PROTO2
+const Edition_EDITION_PROTO3 = descriptorpb.Edition_EDITION_PROTO3
+const Edition_EDITION_2023 = descriptorpb.Edition_EDITION_2023
+const Edition_EDITION_2024 = descriptorpb.Edition_EDITION_2024
+const Edition_EDITION_1_TEST_ONLY = descriptorpb.Edition_EDITION_1_TEST_ONLY
+const Edition_EDITION_2_TEST_ONLY = descriptorpb.Edition_EDITION_2_TEST_ONLY
+const Edition_EDITION_99997_TEST_ONLY = descriptorpb.Edition_EDITION_99997_TEST_ONLY
+const Edition_EDITION_99998_TEST_ONLY = descriptorpb.Edition_EDITION_99998_TEST_ONLY
+const Edition_EDITION_99999_TEST_ONLY = descriptorpb.Edition_EDITION_99999_TEST_ONLY
+const Edition_EDITION_MAX = descriptorpb.Edition_EDITION_MAX
+
+var Edition_name = descriptorpb.Edition_name
+var Edition_value = descriptorpb.Edition_value
+
+type ExtensionRangeOptions_VerificationState = descriptorpb.ExtensionRangeOptions_VerificationState
+
+const ExtensionRangeOptions_DECLARATION = descriptorpb.ExtensionRangeOptions_DECLARATION
+const ExtensionRangeOptions_UNVERIFIED = descriptorpb.ExtensionRangeOptions_UNVERIFIED
+
+var ExtensionRangeOptions_VerificationState_name = descriptorpb.ExtensionRangeOptions_VerificationState_name
+var ExtensionRangeOptions_VerificationState_value = descriptorpb.ExtensionRangeOptions_VerificationState_value
+
 type FieldDescriptorProto_Type = descriptorpb.FieldDescriptorProto_Type
 
 const FieldDescriptorProto_TYPE_DOUBLE = descriptorpb.FieldDescriptorProto_TYPE_DOUBLE
@@ -39,8 +64,8 @@ var FieldDescriptorProto_Type_value = descriptorpb.FieldDescriptorProto_Type_val
 type FieldDescriptorProto_Label = descriptorpb.FieldDescriptorProto_Label
 
 const FieldDescriptorProto_LABEL_OPTIONAL = descriptorpb.FieldDescriptorProto_LABEL_OPTIONAL
-const FieldDescriptorProto_LABEL_REQUIRED = descriptorpb.FieldDescriptorProto_LABEL_REQUIRED
 const FieldDescriptorProto_LABEL_REPEATED = descriptorpb.FieldDescriptorProto_LABEL_REPEATED
+const FieldDescriptorProto_LABEL_REQUIRED = descriptorpb.FieldDescriptorProto_LABEL_REQUIRED
 
 var FieldDescriptorProto_Label_name = descriptorpb.FieldDescriptorProto_Label_name
 var FieldDescriptorProto_Label_value = descriptorpb.FieldDescriptorProto_Label_value
@@ -72,6 +97,31 @@ const FieldOptions_JS_NUMBER = descriptorpb.FieldOptions_JS_NUMBER
 var FieldOptions_JSType_name = descriptorpb.FieldOptions_JSType_name
 var FieldOptions_JSType_value = descriptorpb.FieldOptions_JSType_value
 
+type FieldOptions_OptionRetention = descriptorpb.FieldOptions_OptionRetention
+
+const FieldOptions_RETENTION_UNKNOWN = descriptorpb.FieldOptions_RETENTION_UNKNOWN
+const FieldOptions_RETENTION_RUNTIME = descriptorpb.FieldOptions_RETENTION_RUNTIME
+const FieldOptions_RETENTION_SOURCE = descriptorpb.FieldOptions_RETENTION_SOURCE
+
+var FieldOptions_OptionRetention_name = descriptorpb.FieldOptions_OptionRetention_name
+var FieldOptions_OptionRetention_value = descriptorpb.FieldOptions_OptionRetention_value
+
+type FieldOptions_OptionTargetType = descriptorpb.FieldOptions_OptionTargetType
+
+const FieldOptions_TARGET_TYPE_UNKNOWN = descriptorpb.FieldOptions_TARGET_TYPE_UNKNOWN
+const FieldOptions_TARGET_TYPE_FILE = descriptorpb.FieldOptions_TARGET_TYPE_FILE
+const FieldOptions_TARGET_TYPE_EXTENSION_RANGE = descriptorpb.FieldOptions_TARGET_TYPE_EXTENSION_RANGE
+const FieldOptions_TARGET_TYPE_MESSAGE = descriptorpb.FieldOptions_TARGET_TYPE_MESSAGE
+const FieldOptions_TARGET_TYPE_FIELD = descriptorpb.FieldOptions_TARGET_TYPE_FIELD
+const FieldOptions_TARGET_TYPE_ONEOF = descriptorpb.FieldOptions_TARGET_TYPE_ONEOF
+const FieldOptions_TARGET_TYPE_ENUM = descriptorpb.FieldOptions_TARGET_TYPE_ENUM
+const FieldOptions_TARGET_TYPE_ENUM_ENTRY = descriptorpb.FieldOptions_TARGET_TYPE_ENUM_ENTRY
+const FieldOptions_TARGET_TYPE_SERVICE = descriptorpb.FieldOptions_TARGET_TYPE_SERVICE
+const FieldOptions_TARGET_TYPE_METHOD = descriptorpb.FieldOptions_TARGET_TYPE_METHOD
+
+var FieldOptions_OptionTargetType_name = descriptorpb.FieldOptions_OptionTargetType_name
+var FieldOptions_OptionTargetType_value = descriptorpb.FieldOptions_OptionTargetType_value
+
 type MethodOptions_IdempotencyLevel = descriptorpb.MethodOptions_IdempotencyLevel
 
 const MethodOptions_IDEMPOTENCY_UNKNOWN = descriptorpb.MethodOptions_IDEMPOTENCY_UNKNOWN
@@ -81,10 +131,77 @@ const MethodOptions_IDEMPOTENT = descriptorpb.MethodOptions_IDEMPOTENT
 var MethodOptions_IdempotencyLevel_name = descriptorpb.MethodOptions_IdempotencyLevel_name
 var MethodOptions_IdempotencyLevel_value = descriptorpb.MethodOptions_IdempotencyLevel_value
 
+type FeatureSet_FieldPresence = descriptorpb.FeatureSet_FieldPresence
+
+const FeatureSet_FIELD_PRESENCE_UNKNOWN = descriptorpb.FeatureSet_FIELD_PRESENCE_UNKNOWN
+const FeatureSet_EXPLICIT = descriptorpb.FeatureSet_EXPLICIT
+const FeatureSet_IMPLICIT = descriptorpb.FeatureSet_IMPLICIT
+const FeatureSet_LEGACY_REQUIRED = descriptorpb.FeatureSet_LEGACY_REQUIRED
+
+var FeatureSet_FieldPresence_name = descriptorpb.FeatureSet_FieldPresence_name
+var FeatureSet_FieldPresence_value = descriptorpb.FeatureSet_FieldPresence_value
+
+type FeatureSet_EnumType = descriptorpb.FeatureSet_EnumType
+
+const FeatureSet_ENUM_TYPE_UNKNOWN = descriptorpb.FeatureSet_ENUM_TYPE_UNKNOWN
+const FeatureSet_OPEN = descriptorpb.FeatureSet_OPEN
+const FeatureSet_CLOSED = descriptorpb.FeatureSet_CLOSED
+
+var FeatureSet_EnumType_name = descriptorpb.FeatureSet_EnumType_name
+var FeatureSet_EnumType_value = descriptorpb.FeatureSet_EnumType_value
+
+type FeatureSet_RepeatedFieldEncoding = descriptorpb.FeatureSet_RepeatedFieldEncoding
+
+const FeatureSet_REPEATED_FIELD_ENCODING_UNKNOWN = descriptorpb.FeatureSet_REPEATED_FIELD_ENCODING_UNKNOWN
+const FeatureSet_PACKED = descriptorpb.FeatureSet_PACKED
+const FeatureSet_EXPANDED = descriptorpb.FeatureSet_EXPANDED
+
+var FeatureSet_RepeatedFieldEncoding_name = descriptorpb.FeatureSet_RepeatedFieldEncoding_name
+var FeatureSet_RepeatedFieldEncoding_value = descriptorpb.FeatureSet_RepeatedFieldEncoding_value
+
+type FeatureSet_Utf8Validation = descriptorpb.FeatureSet_Utf8Validation
+
+const FeatureSet_UTF8_VALIDATION_UNKNOWN = descriptorpb.FeatureSet_UTF8_VALIDATION_UNKNOWN
+const FeatureSet_VERIFY = descriptorpb.FeatureSet_VERIFY
+const FeatureSet_NONE = descriptorpb.FeatureSet_NONE
+
+var FeatureSet_Utf8Validation_name = descriptorpb.FeatureSet_Utf8Validation_name
+var FeatureSet_Utf8Validation_value = descriptorpb.FeatureSet_Utf8Validation_value
+
+type FeatureSet_MessageEncoding = descriptorpb.FeatureSet_MessageEncoding
+
+const FeatureSet_MESSAGE_ENCODING_UNKNOWN = descriptorpb.FeatureSet_MESSAGE_ENCODING_UNKNOWN
+const FeatureSet_LENGTH_PREFIXED = descriptorpb.FeatureSet_LENGTH_PREFIXED
+const FeatureSet_DELIMITED = descriptorpb.FeatureSet_DELIMITED
+
+var FeatureSet_MessageEncoding_name = descriptorpb.FeatureSet_MessageEncoding_name
+var FeatureSet_MessageEncoding_value = descriptorpb.FeatureSet_MessageEncoding_value
+
+type FeatureSet_JsonFormat = descriptorpb.FeatureSet_JsonFormat
+
+const FeatureSet_JSON_FORMAT_UNKNOWN = descriptorpb.FeatureSet_JSON_FORMAT_UNKNOWN
+const FeatureSet_ALLOW = descriptorpb.FeatureSet_ALLOW
+const FeatureSet_LEGACY_BEST_EFFORT = descriptorpb.FeatureSet_LEGACY_BEST_EFFORT
+
+var FeatureSet_JsonFormat_name = descriptorpb.FeatureSet_JsonFormat_name
+var FeatureSet_JsonFormat_value = descriptorpb.FeatureSet_JsonFormat_value
+
+type GeneratedCodeInfo_Annotation_Semantic = descriptorpb.GeneratedCodeInfo_Annotation_Semantic
+
+const GeneratedCodeInfo_Annotation_NONE = descriptorpb.GeneratedCodeInfo_Annotation_NONE
+const GeneratedCodeInfo_Annotation_SET = descriptorpb.GeneratedCodeInfo_Annotation_SET
+const GeneratedCodeInfo_Annotation_ALIAS = descriptorpb.GeneratedCodeInfo_Annotation_ALIAS
+
+var GeneratedCodeInfo_Annotation_Semantic_name = descriptorpb.GeneratedCodeInfo_Annotation_Semantic_name
+var GeneratedCodeInfo_Annotation_Semantic_value = descriptorpb.GeneratedCodeInfo_Annotation_Semantic_value
+
 type FileDescriptorSet = descriptorpb.FileDescriptorSet
 type FileDescriptorProto = descriptorpb.FileDescriptorProto
 type DescriptorProto = descriptorpb.DescriptorProto
 type ExtensionRangeOptions = descriptorpb.ExtensionRangeOptions
+
+const Default_ExtensionRangeOptions_Verification = descriptorpb.Default_ExtensionRangeOptions_Verification
+
 type FieldDescriptorProto = descriptorpb.FieldDescriptorProto
 type OneofDescriptorProto = descriptorpb.OneofDescriptorProto
 type EnumDescriptorProto = descriptorpb.EnumDescriptorProto
@@ -103,7 +220,6 @@ const Default_FileOptions_OptimizeFor = descriptorpb.Default_FileOptions_Optimiz
 const Default_FileOptions_CcGenericServices = descriptorpb.Default_FileOptions_CcGenericServices
 const Default_FileOptions_JavaGenericServices = descriptorpb.Default_FileOptions_JavaGenericServices
 const Default_FileOptions_PyGenericServices = descriptorpb.Default_FileOptions_PyGenericServices
-const Default_FileOptions_PhpGenericServices = descriptorpb.Default_FileOptions_PhpGenericServices
 const Default_FileOptions_Deprecated = descriptorpb.Default_FileOptions_Deprecated
 const Default_FileOptions_CcEnableArenas = descriptorpb.Default_FileOptions_CcEnableArenas
 
@@ -118,8 +234,10 @@ type FieldOptions = descriptorpb.FieldOptions
 const Default_FieldOptions_Ctype = descriptorpb.Default_FieldOptions_Ctype
 const Default_FieldOptions_Jstype = descriptorpb.Default_FieldOptions_Jstype
 const Default_FieldOptions_Lazy = descriptorpb.Default_FieldOptions_Lazy
+const Default_FieldOptions_UnverifiedLazy = descriptorpb.Default_FieldOptions_UnverifiedLazy
 const Default_FieldOptions_Deprecated = descriptorpb.Default_FieldOptions_Deprecated
 const Default_FieldOptions_Weak = descriptorpb.Default_FieldOptions_Weak
+const Default_FieldOptions_DebugRedact = descriptorpb.Default_FieldOptions_DebugRedact
 
 type OneofOptions = descriptorpb.OneofOptions
 type EnumOptions = descriptorpb.EnumOptions
@@ -129,6 +247,7 @@ const Default_EnumOptions_Deprecated = descriptorpb.Default_EnumOptions_Deprecat
 type EnumValueOptions = descriptorpb.EnumValueOptions
 
 const Default_EnumValueOptions_Deprecated = descriptorpb.Default_EnumValueOptions_Deprecated
+const Default_EnumValueOptions_DebugRedact = descriptorpb.Default_EnumValueOptions_DebugRedact
 
 type ServiceOptions = descriptorpb.ServiceOptions
 
@@ -140,12 +259,17 @@ const Default_MethodOptions_Deprecated = descriptorpb.Default_MethodOptions_Depr
 const Default_MethodOptions_IdempotencyLevel = descriptorpb.Default_MethodOptions_IdempotencyLevel
 
 type UninterpretedOption = descriptorpb.UninterpretedOption
+type FeatureSet = descriptorpb.FeatureSet
+type FeatureSetDefaults = descriptorpb.FeatureSetDefaults
 type SourceCodeInfo = descriptorpb.SourceCodeInfo
 type GeneratedCodeInfo = descriptorpb.GeneratedCodeInfo
 type DescriptorProto_ExtensionRange = descriptorpb.DescriptorProto_ExtensionRange
 type DescriptorProto_ReservedRange = descriptorpb.DescriptorProto_ReservedRange
+type ExtensionRangeOptions_Declaration = descriptorpb.ExtensionRangeOptions_Declaration
 type EnumDescriptorProto_EnumReservedRange = descriptorpb.EnumDescriptorProto_EnumReservedRange
+type FieldOptions_EditionDefault = descriptorpb.FieldOptions_EditionDefault
 type UninterpretedOption_NamePart = descriptorpb.UninterpretedOption_NamePart
+type FeatureSetDefaults_FeatureSetEditionDefault = descriptorpb.FeatureSetDefaults_FeatureSetEditionDefault
 type SourceCodeInfo_Location = descriptorpb.SourceCodeInfo_Location
 type GeneratedCodeInfo_Annotation = descriptorpb.GeneratedCodeInfo_Annotation
 
diff --git a/vendor/github.com/golang/protobuf/ptypes/any.go b/vendor/github.com/golang/protobuf/ptypes/any.go
index 85f9f57365..fdff3fdb4c 100644
--- a/vendor/github.com/golang/protobuf/ptypes/any.go
+++ b/vendor/github.com/golang/protobuf/ptypes/any.go
@@ -127,9 +127,10 @@ func Is(any *anypb.Any, m proto.Message) bool {
 // The allocated message is stored in the embedded proto.Message.
 //
 // Example:
-//   var x ptypes.DynamicAny
-//   if err := ptypes.UnmarshalAny(a, &x); err != nil { ... }
-//   fmt.Printf("unmarshaled message: %v", x.Message)
+//
+//	var x ptypes.DynamicAny
+//	if err := ptypes.UnmarshalAny(a, &x); err != nil { ... }
+//	fmt.Printf("unmarshaled message: %v", x.Message)
 //
 // Deprecated: Use the any.UnmarshalNew method instead to unmarshal
 // the any message contents into a new instance of the underlying message.
diff --git a/vendor/github.com/google/uuid/CHANGELOG.md b/vendor/github.com/google/uuid/CHANGELOG.md
index c9fb829dc6..7ec5ac7ea9 100644
--- a/vendor/github.com/google/uuid/CHANGELOG.md
+++ b/vendor/github.com/google/uuid/CHANGELOG.md
@@ -1,5 +1,18 @@
 # Changelog
 
+## [1.6.0](https://github.com/google/uuid/compare/v1.5.0...v1.6.0) (2024-01-16)
+
+
+### Features
+
+* add Max UUID constant ([#149](https://github.com/google/uuid/issues/149)) ([c58770e](https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3))
+
+
+### Bug Fixes
+
+* fix typo in version 7 uuid documentation ([#153](https://github.com/google/uuid/issues/153)) ([016b199](https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06))
+* Monotonicity in UUIDv7 ([#150](https://github.com/google/uuid/issues/150)) ([a2b2b32](https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6))
+
 ## [1.5.0](https://github.com/google/uuid/compare/v1.4.0...v1.5.0) (2023-12-12)
 
 
diff --git a/vendor/github.com/google/uuid/hash.go b/vendor/github.com/google/uuid/hash.go
index b404f4bec2..dc60082d3b 100644
--- a/vendor/github.com/google/uuid/hash.go
+++ b/vendor/github.com/google/uuid/hash.go
@@ -17,6 +17,12 @@ var (
 	NameSpaceOID  = Must(Parse("6ba7b812-9dad-11d1-80b4-00c04fd430c8"))
 	NameSpaceX500 = Must(Parse("6ba7b814-9dad-11d1-80b4-00c04fd430c8"))
 	Nil           UUID // empty UUID, all zeros
+
+	// The Max UUID is special form of UUID that is specified to have all 128 bits set to 1.
+	Max = UUID{
+		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	}
 )
 
 // NewHash returns a new UUID derived from the hash of space concatenated with
diff --git a/vendor/github.com/google/uuid/version7.go b/vendor/github.com/google/uuid/version7.go
index ba9dd5eb68..3167b643d4 100644
--- a/vendor/github.com/google/uuid/version7.go
+++ b/vendor/github.com/google/uuid/version7.go
@@ -44,7 +44,7 @@ func NewV7FromReader(r io.Reader) (UUID, error) {
 
 // makeV7 fill 48 bits time (uuid[0] - uuid[5]), set version b0111 (uuid[6])
 // uuid[8] already has the right version number (Variant is 10)
-// see function  NewV7 and NewV7FromReader
+// see function NewV7 and NewV7FromReader
 func makeV7(uuid []byte) {
 	/*
 		 0                   1                   2                   3
@@ -52,7 +52,7 @@ func makeV7(uuid []byte) {
 		+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 		|                           unix_ts_ms                          |
 		+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-		|          unix_ts_ms           |  ver  |       rand_a          |
+		|          unix_ts_ms           |  ver  |  rand_a (12 bit seq)  |
 		+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 		|var|                        rand_b                             |
 		+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -61,7 +61,7 @@ func makeV7(uuid []byte) {
 	*/
 	_ = uuid[15] // bounds check
 
-	t := timeNow().UnixMilli()
+	t, s := getV7Time()
 
 	uuid[0] = byte(t >> 40)
 	uuid[1] = byte(t >> 32)
@@ -70,6 +70,35 @@ func makeV7(uuid []byte) {
 	uuid[4] = byte(t >> 8)
 	uuid[5] = byte(t)
 
-	uuid[6] = 0x70 | (uuid[6] & 0x0F)
-	// uuid[8] has already has right version
+	uuid[6] = 0x70 | (0x0F & byte(s>>8))
+	uuid[7] = byte(s)
+}
+
+// lastV7time is the last time we returned stored as:
+//
+//	52 bits of time in milliseconds since epoch
+//	12 bits of (fractional nanoseconds) >> 8
+var lastV7time int64
+
+const nanoPerMilli = 1000000
+
+// getV7Time returns the time in milliseconds and nanoseconds / 256.
+// The returned (milli << 12 + seq) is guarenteed to be greater than
+// (milli << 12 + seq) returned by any previous call to getV7Time.
+func getV7Time() (milli, seq int64) {
+	timeMu.Lock()
+	defer timeMu.Unlock()
+
+	nano := timeNow().UnixNano()
+	milli = nano / nanoPerMilli
+	// Sequence number is between 0 and 3906 (nanoPerMilli>>8)
+	seq = (nano - milli*nanoPerMilli) >> 8
+	now := milli<<12 + seq
+	if now <= lastV7time {
+		now = lastV7time + 1
+		milli = now >> 12
+		seq = now & 0xfff
+	}
+	lastV7time = now
+	return milli, seq
 }
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/.gitignore b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/.gitignore
new file mode 100644
index 0000000000..826caa3902
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/.gitignore
@@ -0,0 +1,204 @@
+# Created by .ignore support plugin (hsz.mobi)
+### Go template
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
+### Windows template
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+### Kate template
+# Swap Files #
+.*.kate-swp
+.swp.*
+### SublimeText template
+# cache files for sublime text
+*.tmlanguage.cache
+*.tmPreferences.cache
+*.stTheme.cache
+
+# workspace files are user-specific
+*.sublime-workspace
+
+# project files should be checked into the repository, unless a significant
+# proportion of contributors will probably not be using SublimeText
+# *.sublime-project
+
+# sftp configuration file
+sftp-config.json
+### Linux template
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+### JetBrains template
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff:
+.idea
+.idea/tasks.xml
+.idea/dictionaries
+.idea/vcs.xml
+.idea/jsLibraryMappings.xml
+
+# Sensitive or high-churn files:
+.idea/dataSources.ids
+.idea/dataSources.xml
+.idea/dataSources.local.xml
+.idea/sqlDataSources.xml
+.idea/dynamic.xml
+.idea/uiDesigner.xml
+
+# Gradle:
+.idea/gradle.xml
+.idea/libraries
+
+# Mongo Explorer plugin:
+.idea/mongoSettings.xml
+
+## File-based project format:
+*.iws
+
+## Plugin-specific files:
+
+# IntelliJ
+/out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+### Xcode template
+# Xcode
+#
+# gitignore contributors: remember to update Global/Xcode.gitignore, Objective-C.gitignore & Swift.gitignore
+
+## Build generated
+build/
+DerivedData/
+
+## Various settings
+*.pbxuser
+!default.pbxuser
+*.mode1v3
+!default.mode1v3
+*.mode2v3
+!default.mode2v3
+*.perspectivev3
+!default.perspectivev3
+xcuserdata/
+
+## Other
+*.moved-aside
+*.xccheckout
+*.xcscmblueprint
+### Eclipse template
+
+.metadata
+bin/
+tmp/
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.settings/
+.loadpath
+.recommenders
+
+# Eclipse Core
+.project
+
+# External tool builders
+.externalToolBuilders/
+
+# Locally stored "Eclipse launch configurations"
+*.launch
+
+# PyDev specific (Python IDE for Eclipse)
+*.pydevproject
+
+# CDT-specific (C/C++ Development Tooling)
+.cproject
+
+# JDT-specific (Eclipse Java Development Tools)
+.classpath
+
+# Java annotation processor (APT)
+.factorypath
+
+# PDT-specific (PHP Development Tools)
+.buildpath
+
+# sbteclipse plugin
+.target
+
+# Tern plugin
+.tern-project
+
+# TeXlipse plugin
+.texlipse
+
+# STS (Spring Tool Suite)
+.springBeans
+
+# Code Recommenders
+.recommenders/
+
+
+coverage.txt
+
+#vendor
+vendor/
+
+.envrc
\ No newline at end of file
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/CONTRIBUTING.md b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/CONTRIBUTING.md
new file mode 100644
index 0000000000..dd52ab8938
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/CONTRIBUTING.md
@@ -0,0 +1,20 @@
+# Contributing
+
+We would love to have people submit pull requests and help make `grpc-ecosystem/go-grpc-middleware` even better 👍.
+
+Fork, then clone the repo:
+
+```bash
+git clone git@github.com:your-username/go-grpc-middleware.git
+```    
+
+Before checking in please run the following:
+
+```bash
+make all
+```
+
+This will `vet`, `fmt`, regenerate documentation and run all tests.
+
+
+Push to your fork and open a pull request.
\ No newline at end of file
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/README.md b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/README.md
new file mode 100644
index 0000000000..a12b40904b
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/README.md
@@ -0,0 +1,93 @@
+# Go gRPC Middleware
+
+[![Travis Build](https://travis-ci.org/grpc-ecosystem/go-grpc-middleware.svg?branch=master)](https://travis-ci.org/grpc-ecosystem/go-grpc-middleware)
+[![Go Report Card](https://goreportcard.com/badge/github.com/grpc-ecosystem/go-grpc-middleware)](https://goreportcard.com/report/github.com/grpc-ecosystem/go-grpc-middleware)
+[![GoDoc](http://img.shields.io/badge/GoDoc-Reference-blue.svg)](https://godoc.org/github.com/grpc-ecosystem/go-grpc-middleware)
+[![SourceGraph](https://sourcegraph.com/github.com/grpc-ecosystem/go-grpc-middleware/-/badge.svg)](https://sourcegraph.com/github.com/grpc-ecosystem/go-grpc-middleware/?badge)
+[![codecov](https://codecov.io/gh/grpc-ecosystem/go-grpc-middleware/branch/master/graph/badge.svg)](https://codecov.io/gh/grpc-ecosystem/go-grpc-middleware)
+[![Apache 2.0 License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)
+[![quality: production](https://img.shields.io/badge/quality-production-orange.svg)](#status)
+[![Slack](https://img.shields.io/badge/slack-%23grpc--middleware-brightgreen)](https://gophers.slack.com/archives/CNJL30P4P)
+
+[gRPC Go](https://github.com/grpc/grpc-go) Middleware: interceptors, helpers, utilities.
+
+## ⚠️  Status
+
+Version [v2](https://github.com/grpc-ecosystem/go-grpc-middleware/tree/v2) is about to be released, with migration guide, which will replace v1. Try v2 and give us feedback! 
+
+Version v1 is currently in deprecation mode, which means only critical and safety bug fixes will be merged.
+
+
+## Middleware
+
+[gRPC Go](https://github.com/grpc/grpc-go) recently acquired support for
+Interceptors, i.e. [middleware](https://medium.com/@matryer/writing-middleware-in-golang-and-how-go-makes-it-so-much-fun-4375c1246e81#.gv7tdlghs)
+that is executed either on the gRPC Server before the request is passed onto the user's application logic, or on the gRPC client around the user call. It is a perfect way to implement
+common patterns: auth, logging, message, validation, retries, or monitoring.
+
+These are generic building blocks that make it easy to build multiple microservices easily.
+The purpose of this repository is to act as a go-to point for such reusable functionality. It contains
+some of them itself, but also will link to useful external repos.
+
+`grpc_middleware` itself provides support for chaining interceptors, here's an example:
+
+```go
+import "github.com/grpc-ecosystem/go-grpc-middleware"
+
+myServer := grpc.NewServer(
+    grpc.StreamInterceptor(grpc_middleware.ChainStreamServer(
+        grpc_ctxtags.StreamServerInterceptor(),
+        grpc_opentracing.StreamServerInterceptor(),
+        grpc_prometheus.StreamServerInterceptor,
+        grpc_zap.StreamServerInterceptor(zapLogger),
+        grpc_auth.StreamServerInterceptor(myAuthFunction),
+        grpc_recovery.StreamServerInterceptor(),
+    )),
+    grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer(
+        grpc_ctxtags.UnaryServerInterceptor(),
+        grpc_opentracing.UnaryServerInterceptor(),
+        grpc_prometheus.UnaryServerInterceptor,
+        grpc_zap.UnaryServerInterceptor(zapLogger),
+        grpc_auth.UnaryServerInterceptor(myAuthFunction),
+        grpc_recovery.UnaryServerInterceptor(),
+    )),
+)
+```
+
+## Interceptors
+
+_Please send a PR to add new interceptors or middleware to this list_
+
+#### Auth
+
+- [`grpc_auth`](auth) - a customizable (via `AuthFunc`) piece of auth middleware
+
+#### Logging
+
+- [`grpc_ctxtags`](tags/) - a library that adds a `Tag` map to context, with data populated from request body
+- [`grpc_zap`](logging/zap/) - integration of [zap](https://github.com/uber-go/zap) logging library into gRPC handlers.
+- [`grpc_logrus`](logging/logrus/) - integration of [logrus](https://github.com/sirupsen/logrus) logging library into gRPC handlers.
+- [`grpc_kit`](logging/kit/) - integration of [go-kit/log](https://github.com/go-kit/log) logging library into gRPC handlers.
+- [`grpc_grpc_logsettable`](logging/settable/) - a wrapper around `grpclog.LoggerV2` that allows to replace loggers in runtime (thread-safe).
+
+#### Monitoring
+
+- [`grpc_prometheus`⚡](https://github.com/grpc-ecosystem/go-grpc-prometheus) - Prometheus client-side and server-side monitoring middleware
+- [`otgrpc`⚡](https://github.com/grpc-ecosystem/grpc-opentracing/tree/master/go/otgrpc) - [OpenTracing](http://opentracing.io/) client-side and server-side interceptors
+- [`grpc_opentracing`](tracing/opentracing) - [OpenTracing](http://opentracing.io/) client-side and server-side interceptors with support for streaming and handler-returned tags
+- [`otelgrpc`](https://github.com/open-telemetry/opentelemetry-go-contrib/tree/main/instrumentation/google.golang.org/grpc/otelgrpc) - [OpenTelemetry](https://opentelemetry.io/) client-side and server-side interceptors
+
+#### Client
+
+- [`grpc_retry`](retry/) - a generic gRPC response code retry mechanism, client-side middleware
+
+#### Server
+
+- [`grpc_validator`](validator/) - codegen inbound message validation from `.proto` options
+- [`grpc_recovery`](recovery/) - turn panics into gRPC errors
+- [`ratelimit`](ratelimit/) - grpc rate limiting by your own limiter
+
+
+## License
+
+`go-grpc-middleware` is released under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details.
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/auth/auth.go b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/auth/auth.go
new file mode 100644
index 0000000000..a7e2890eed
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/auth/auth.go
@@ -0,0 +1,68 @@
+// Copyright 2016 Michal Witkowski. All Rights Reserved.
+// See LICENSE for licensing terms.
+
+package grpc_auth
+
+import (
+	"context"
+
+	"github.com/grpc-ecosystem/go-grpc-middleware"
+	"google.golang.org/grpc"
+)
+
+// AuthFunc is the pluggable function that performs authentication.
+//
+// The passed in `Context` will contain the gRPC metadata.MD object (for header-based authentication) and
+// the peer.Peer information that can contain transport-based credentials (e.g. `credentials.AuthInfo`).
+//
+// The returned context will be propagated to handlers, allowing user changes to `Context`. However,
+// please make sure that the `Context` returned is a child `Context` of the one passed in.
+//
+// If error is returned, its `grpc.Code()` will be returned to the user as well as the verbatim message.
+// Please make sure you use `codes.Unauthenticated` (lacking auth) and `codes.PermissionDenied`
+// (authed, but lacking perms) appropriately.
+type AuthFunc func(ctx context.Context) (context.Context, error)
+
+// ServiceAuthFuncOverride allows a given gRPC service implementation to override the global `AuthFunc`.
+//
+// If a service implements the AuthFuncOverride method, it takes precedence over the `AuthFunc` method,
+// and will be called instead of AuthFunc for all method invocations within that service.
+type ServiceAuthFuncOverride interface {
+	AuthFuncOverride(ctx context.Context, fullMethodName string) (context.Context, error)
+}
+
+// UnaryServerInterceptor returns a new unary server interceptors that performs per-request auth.
+func UnaryServerInterceptor(authFunc AuthFunc) grpc.UnaryServerInterceptor {
+	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+		var newCtx context.Context
+		var err error
+		if overrideSrv, ok := info.Server.(ServiceAuthFuncOverride); ok {
+			newCtx, err = overrideSrv.AuthFuncOverride(ctx, info.FullMethod)
+		} else {
+			newCtx, err = authFunc(ctx)
+		}
+		if err != nil {
+			return nil, err
+		}
+		return handler(newCtx, req)
+	}
+}
+
+// StreamServerInterceptor returns a new unary server interceptors that performs per-request auth.
+func StreamServerInterceptor(authFunc AuthFunc) grpc.StreamServerInterceptor {
+	return func(srv interface{}, stream grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
+		var newCtx context.Context
+		var err error
+		if overrideSrv, ok := srv.(ServiceAuthFuncOverride); ok {
+			newCtx, err = overrideSrv.AuthFuncOverride(stream.Context(), info.FullMethod)
+		} else {
+			newCtx, err = authFunc(stream.Context())
+		}
+		if err != nil {
+			return err
+		}
+		wrapped := grpc_middleware.WrapServerStream(stream)
+		wrapped.WrappedContext = newCtx
+		return handler(srv, wrapped)
+	}
+}
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/auth/doc.go b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/auth/doc.go
new file mode 100644
index 0000000000..0550f023ef
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/auth/doc.go
@@ -0,0 +1,20 @@
+// Copyright 2016 Michal Witkowski. All Rights Reserved.
+// See LICENSE for licensing terms.
+
+/*
+`grpc_auth` a generic server-side auth middleware for gRPC.
+
+Server Side Auth Middleware
+
+It allows for easy assertion of `:authorization` headers in gRPC calls, be it HTTP Basic auth, or
+OAuth2 Bearer tokens.
+
+The middleware takes a user-customizable `AuthFunc`, which can be customized to verify and extract
+auth information from the request. The extracted information can be put in the `context.Context` of
+handlers downstream for retrieval.
+
+It also allows for per-service implementation overrides of `AuthFunc`. See `ServiceAuthFuncOverride`.
+
+Please see examples for simple examples of use.
+*/
+package grpc_auth
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/auth/metadata.go b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/auth/metadata.go
new file mode 100644
index 0000000000..d386fcaf5c
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/auth/metadata.go
@@ -0,0 +1,37 @@
+// Copyright 2016 Michal Witkowski. All Rights Reserved.
+// See LICENSE for licensing terms.
+
+package grpc_auth
+
+import (
+	"context"
+	"strings"
+
+	"github.com/grpc-ecosystem/go-grpc-middleware/util/metautils"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+var (
+	headerAuthorize = "authorization"
+)
+
+// AuthFromMD is a helper function for extracting the :authorization header from the gRPC metadata of the request.
+//
+// It expects the `:authorization` header to be of a certain scheme (e.g. `basic`, `bearer`), in a
+// case-insensitive format (see rfc2617, sec 1.2). If no such authorization is found, or the token
+// is of wrong scheme, an error with gRPC status `Unauthenticated` is returned.
+func AuthFromMD(ctx context.Context, expectedScheme string) (string, error) {
+	val := metautils.ExtractIncoming(ctx).Get(headerAuthorize)
+	if val == "" {
+		return "", status.Errorf(codes.Unauthenticated, "Request unauthenticated with "+expectedScheme)
+	}
+	splits := strings.SplitN(val, " ", 2)
+	if len(splits) < 2 {
+		return "", status.Errorf(codes.Unauthenticated, "Bad authorization string")
+	}
+	if !strings.EqualFold(splits[0], expectedScheme) {
+		return "", status.Errorf(codes.Unauthenticated, "Request unauthenticated with "+expectedScheme)
+	}
+	return splits[1], nil
+}
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go
new file mode 100644
index 0000000000..407d9332c9
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go
@@ -0,0 +1,166 @@
+// Copyright 2016 Michal Witkowski. All Rights Reserved.
+// See LICENSE for licensing terms.
+
+// gRPC Server Interceptor chaining middleware.
+
+package grpc_middleware
+
+import (
+	"context"
+
+	"google.golang.org/grpc"
+)
+
+// ChainUnaryServer creates a single interceptor out of a chain of many interceptors.
+//
+// Execution is done in left-to-right order, including passing of context.
+// For example ChainUnaryServer(one, two, three) will execute one before two before three, and three
+// will see context changes of one and two.
+//
+// While this can be useful in some scenarios, it is generally advisable to use google.golang.org/grpc.ChainUnaryInterceptor directly.
+func ChainUnaryServer(interceptors ...grpc.UnaryServerInterceptor) grpc.UnaryServerInterceptor {
+	n := len(interceptors)
+
+	// Dummy interceptor maintained for backward compatibility to avoid returning nil.
+	if n == 0 {
+		return func(ctx context.Context, req interface{}, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+			return handler(ctx, req)
+		}
+	}
+
+	// The degenerate case, just return the single wrapped interceptor directly.
+	if n == 1 {
+		return interceptors[0]
+	}
+
+	// Return a function which satisfies the interceptor interface, and which is
+	// a closure over the given list of interceptors to be chained.
+	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+		currHandler := handler
+		// Iterate backwards through all interceptors except the first (outermost).
+		// Wrap each one in a function which satisfies the handler interface, but
+		// is also a closure over the `info` and `handler` parameters. Then pass
+		// each pseudo-handler to the next outer interceptor as the handler to be called.
+		for i := n - 1; i > 0; i-- {
+			// Rebind to loop-local vars so they can be closed over.
+			innerHandler, i := currHandler, i
+			currHandler = func(currentCtx context.Context, currentReq interface{}) (interface{}, error) {
+				return interceptors[i](currentCtx, currentReq, info, innerHandler)
+			}
+		}
+		// Finally return the result of calling the outermost interceptor with the
+		// outermost pseudo-handler created above as its handler.
+		return interceptors[0](ctx, req, info, currHandler)
+	}
+}
+
+// ChainStreamServer creates a single interceptor out of a chain of many interceptors.
+//
+// Execution is done in left-to-right order, including passing of context.
+// For example ChainUnaryServer(one, two, three) will execute one before two before three.
+// If you want to pass context between interceptors, use WrapServerStream.
+//
+// While this can be useful in some scenarios, it is generally advisable to use google.golang.org/grpc.ChainStreamInterceptor directly.
+func ChainStreamServer(interceptors ...grpc.StreamServerInterceptor) grpc.StreamServerInterceptor {
+	n := len(interceptors)
+
+	// Dummy interceptor maintained for backward compatibility to avoid returning nil.
+	if n == 0 {
+		return func(srv interface{}, stream grpc.ServerStream, _ *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
+			return handler(srv, stream)
+		}
+	}
+
+	if n == 1 {
+		return interceptors[0]
+	}
+
+	return func(srv interface{}, stream grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
+		currHandler := handler
+		for i := n - 1; i > 0; i-- {
+			innerHandler, i := currHandler, i
+			currHandler = func(currentSrv interface{}, currentStream grpc.ServerStream) error {
+				return interceptors[i](currentSrv, currentStream, info, innerHandler)
+			}
+		}
+		return interceptors[0](srv, stream, info, currHandler)
+	}
+}
+
+// ChainUnaryClient creates a single interceptor out of a chain of many interceptors.
+//
+// Execution is done in left-to-right order, including passing of context.
+// For example ChainUnaryClient(one, two, three) will execute one before two before three.
+func ChainUnaryClient(interceptors ...grpc.UnaryClientInterceptor) grpc.UnaryClientInterceptor {
+	n := len(interceptors)
+
+	// Dummy interceptor maintained for backward compatibility to avoid returning nil.
+	if n == 0 {
+		return func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
+			return invoker(ctx, method, req, reply, cc, opts...)
+		}
+	}
+
+	if n == 1 {
+		return interceptors[0]
+	}
+
+	return func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
+		currInvoker := invoker
+		for i := n - 1; i > 0; i-- {
+			innerInvoker, i := currInvoker, i
+			currInvoker = func(currentCtx context.Context, currentMethod string, currentReq, currentRepl interface{}, currentConn *grpc.ClientConn, currentOpts ...grpc.CallOption) error {
+				return interceptors[i](currentCtx, currentMethod, currentReq, currentRepl, currentConn, innerInvoker, currentOpts...)
+			}
+		}
+		return interceptors[0](ctx, method, req, reply, cc, currInvoker, opts...)
+	}
+}
+
+// ChainStreamClient creates a single interceptor out of a chain of many interceptors.
+//
+// Execution is done in left-to-right order, including passing of context.
+// For example ChainStreamClient(one, two, three) will execute one before two before three.
+func ChainStreamClient(interceptors ...grpc.StreamClientInterceptor) grpc.StreamClientInterceptor {
+	n := len(interceptors)
+
+	// Dummy interceptor maintained for backward compatibility to avoid returning nil.
+	if n == 0 {
+		return func(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error) {
+			return streamer(ctx, desc, cc, method, opts...)
+		}
+	}
+
+	if n == 1 {
+		return interceptors[0]
+	}
+
+	return func(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error) {
+		currStreamer := streamer
+		for i := n - 1; i > 0; i-- {
+			innerStreamer, i := currStreamer, i
+			currStreamer = func(currentCtx context.Context, currentDesc *grpc.StreamDesc, currentConn *grpc.ClientConn, currentMethod string, currentOpts ...grpc.CallOption) (grpc.ClientStream, error) {
+				return interceptors[i](currentCtx, currentDesc, currentConn, currentMethod, innerStreamer, currentOpts...)
+			}
+		}
+		return interceptors[0](ctx, desc, cc, method, currStreamer, opts...)
+	}
+}
+
+// Chain creates a single interceptor out of a chain of many interceptors.
+//
+// WithUnaryServerChain is a grpc.Server config option that accepts multiple unary interceptors.
+// Basically syntactic sugar.
+//
+// Deprecated: use google.golang.org/grpc.ChainUnaryInterceptor instead.
+func WithUnaryServerChain(interceptors ...grpc.UnaryServerInterceptor) grpc.ServerOption {
+	return grpc.ChainUnaryInterceptor(interceptors...)
+}
+
+// WithStreamServerChain is a grpc.Server config option that accepts multiple stream interceptors.
+// Basically syntactic sugar.
+//
+// Deprecated: use google.golang.org/grpc.ChainStreamInterceptor instead.
+func WithStreamServerChain(interceptors ...grpc.StreamServerInterceptor) grpc.ServerOption {
+	return grpc.ChainStreamInterceptor(interceptors...)
+}
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/doc.go b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/doc.go
new file mode 100644
index 0000000000..718e10046a
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/doc.go
@@ -0,0 +1,69 @@
+// Copyright 2016 Michal Witkowski. All Rights Reserved.
+// See LICENSE for licensing terms.
+
+/*
+`grpc_middleware` is a collection of gRPC middleware packages: interceptors, helpers and tools.
+
+Middleware
+
+gRPC is a fantastic RPC middleware, which sees a lot of adoption in the Golang world. However, the
+upstream gRPC codebase is relatively bare bones.
+
+This package, and most of its child packages provides commonly needed middleware for gRPC:
+client-side interceptors for retires, server-side interceptors for input validation and auth,
+functions for chaining said interceptors, metadata convenience methods and more.
+
+Chaining
+
+By default, gRPC doesn't allow one to have more than one interceptor either on the client nor on
+the server side. `grpc_middleware` provides convenient chaining methods
+
+Simple way of turning a multiple interceptors into a single interceptor. Here's an example for
+server chaining:
+
+	myServer := grpc.NewServer(
+	    grpc.StreamInterceptor(grpc_middleware.ChainStreamServer(loggingStream, monitoringStream, authStream)),
+	    grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer(loggingUnary, monitoringUnary, authUnary)),
+	)
+
+These interceptors will be executed from left to right: logging, monitoring and auth.
+
+Here's an example for client side chaining:
+
+	clientConn, err = grpc.Dial(
+	    address,
+	        grpc.WithUnaryInterceptor(grpc_middleware.ChainUnaryClient(monitoringClientUnary, retryUnary)),
+	        grpc.WithStreamInterceptor(grpc_middleware.ChainStreamClient(monitoringClientStream, retryStream)),
+	)
+	client = pb_testproto.NewTestServiceClient(clientConn)
+	resp, err := client.PingEmpty(s.ctx, &myservice.Request{Msg: "hello"})
+
+These interceptors will be executed from left to right: monitoring and then retry logic.
+
+The retry interceptor will call every interceptor that follows it whenever when a retry happens.
+
+Writing Your Own
+
+Implementing your own interceptor is pretty trivial: there are interfaces for that. But the interesting
+bit exposing common data to handlers (and other middleware), similarly to HTTP Middleware design.
+For example, you may want to pass the identity of the caller from the auth interceptor all the way
+to the handling function.
+
+For example, a client side interceptor example for auth looks like:
+
+	func FakeAuthUnaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+	   newCtx := context.WithValue(ctx, "user_id", "john@example.com")
+	   return handler(newCtx, req)
+	}
+
+Unfortunately, it's not as easy for streaming RPCs. These have the `context.Context` embedded within
+the `grpc.ServerStream` object. To pass values through context, a wrapper (`WrappedServerStream`) is
+needed. For example:
+
+	func FakeAuthStreamingInterceptor(srv interface{}, stream grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
+	   newStream := grpc_middleware.WrapServerStream(stream)
+	   newStream.WrappedContext = context.WithValue(ctx, "user_id", "john@example.com")
+	   return handler(srv, newStream)
+	}
+*/
+package grpc_middleware
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/makefile b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/makefile
new file mode 100644
index 0000000000..b18d2d2bb1
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/makefile
@@ -0,0 +1,17 @@
+SHELL=/bin/bash
+
+GOFILES_NOVENDOR = $(shell go list ./... | grep -v /vendor/)
+
+all: vet fmt test
+
+fmt:
+	go fmt $(GOFILES_NOVENDOR)
+
+vet:
+	# do not check lostcancel, they are intentional.
+	go vet -lostcancel=false $(GOFILES_NOVENDOR)
+
+test: vet
+	./scripts/test_all.sh
+
+.PHONY: all test
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/slack.png b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/slack.png
new file mode 100644
index 0000000000..cc8f9a68a9
Binary files /dev/null and b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/slack.png differ
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-middleware/wrappers.go b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/wrappers.go
new file mode 100644
index 0000000000..05ccfb3f24
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-middleware/wrappers.go
@@ -0,0 +1,30 @@
+// Copyright 2016 Michal Witkowski. All Rights Reserved.
+// See LICENSE for licensing terms.
+
+package grpc_middleware
+
+import (
+	"context"
+
+	"google.golang.org/grpc"
+)
+
+// WrappedServerStream is a thin wrapper around grpc.ServerStream that allows modifying context.
+type WrappedServerStream struct {
+	grpc.ServerStream
+	// WrappedContext is the wrapper's own Context. You can assign it.
+	WrappedContext context.Context
+}
+
+// Context returns the wrapper's WrappedContext, overwriting the nested grpc.ServerStream.Context()
+func (w *WrappedServerStream) Context() context.Context {
+	return w.WrappedContext
+}
+
+// WrapServerStream returns a ServerStream that has the ability to overwrite context.
+func WrapServerStream(stream grpc.ServerStream) *WrappedServerStream {
+	if existing, ok := stream.(*WrappedServerStream); ok {
+		return existing
+	}
+	return &WrappedServerStream{ServerStream: stream, WrappedContext: stream.Context()}
+}
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/.gitignore b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/.gitignore
new file mode 100644
index 0000000000..2233cff9d1
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/.gitignore
@@ -0,0 +1,201 @@
+#vendor
+vendor/
+
+# Created by .ignore support plugin (hsz.mobi)
+coverage.txt
+### Go template
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
+### Windows template
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+### Kate template
+# Swap Files #
+.*.kate-swp
+.swp.*
+### SublimeText template
+# cache files for sublime text
+*.tmlanguage.cache
+*.tmPreferences.cache
+*.stTheme.cache
+
+# workspace files are user-specific
+*.sublime-workspace
+
+# project files should be checked into the repository, unless a significant
+# proportion of contributors will probably not be using SublimeText
+# *.sublime-project
+
+# sftp configuration file
+sftp-config.json
+### Linux template
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+### JetBrains template
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff:
+.idea
+.idea/tasks.xml
+.idea/dictionaries
+.idea/vcs.xml
+.idea/jsLibraryMappings.xml
+
+# Sensitive or high-churn files:
+.idea/dataSources.ids
+.idea/dataSources.xml
+.idea/dataSources.local.xml
+.idea/sqlDataSources.xml
+.idea/dynamic.xml
+.idea/uiDesigner.xml
+
+# Gradle:
+.idea/gradle.xml
+.idea/libraries
+
+# Mongo Explorer plugin:
+.idea/mongoSettings.xml
+
+## File-based project format:
+*.iws
+
+## Plugin-specific files:
+
+# IntelliJ
+/out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+### Xcode template
+# Xcode
+#
+# gitignore contributors: remember to update Global/Xcode.gitignore, Objective-C.gitignore & Swift.gitignore
+
+## Build generated
+build/
+DerivedData/
+
+## Various settings
+*.pbxuser
+!default.pbxuser
+*.mode1v3
+!default.mode1v3
+*.mode2v3
+!default.mode2v3
+*.perspectivev3
+!default.perspectivev3
+xcuserdata/
+
+## Other
+*.moved-aside
+*.xccheckout
+*.xcscmblueprint
+### Eclipse template
+
+.metadata
+bin/
+tmp/
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.settings/
+.loadpath
+.recommenders
+
+# Eclipse Core
+.project
+
+# External tool builders
+.externalToolBuilders/
+
+# Locally stored "Eclipse launch configurations"
+*.launch
+
+# PyDev specific (Python IDE for Eclipse)
+*.pydevproject
+
+# CDT-specific (C/C++ Development Tooling)
+.cproject
+
+# JDT-specific (Eclipse Java Development Tools)
+.classpath
+
+# Java annotation processor (APT)
+.factorypath
+
+# PDT-specific (PHP Development Tools)
+.buildpath
+
+# sbteclipse plugin
+.target
+
+# Tern plugin
+.tern-project
+
+# TeXlipse plugin
+.texlipse
+
+# STS (Spring Tool Suite)
+.springBeans
+
+# Code Recommenders
+.recommenders/
+
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/.travis.yml b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/.travis.yml
new file mode 100644
index 0000000000..2a845b96ae
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/.travis.yml
@@ -0,0 +1,25 @@
+sudo: false
+language: go
+# * github.com/grpc/grpc-go still supports go1.6
+#   - When we drop support for go1.6 we can remove golang.org/x/net/context
+#     below as it is part of the Go std library since go1.7
+# * github.com/prometheus/client_golang already requires at least go1.7 since
+#   September 2017
+go:
+  - 1.6.x
+  - 1.7.x
+  - 1.8.x
+  - 1.9.x
+  - 1.10.x
+  - master
+
+install:
+  - go get github.com/prometheus/client_golang/prometheus
+  - go get google.golang.org/grpc
+  - go get golang.org/x/net/context
+  - go get github.com/stretchr/testify
+script:
+ - make test 
+
+after_success:
+  - bash <(curl -s https://codecov.io/bash)
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/CHANGELOG.md b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/CHANGELOG.md
new file mode 100644
index 0000000000..19a8059e1b
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/CHANGELOG.md
@@ -0,0 +1,24 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [1.2.0](https://github.com/grpc-ecosystem/go-grpc-prometheus/releases/tag/v1.2.0) - 2018-06-04
+
+### Added
+
+* Provide metrics object as `prometheus.Collector`, for conventional metric registration.
+* Support non-default/global Prometheus registry.
+* Allow configuring counters with `prometheus.CounterOpts`.
+
+### Changed
+
+* Remove usage of deprecated `grpc.Code()`.
+* Remove usage of deprecated `grpc.Errorf` and replace with `status.Errorf`.
+
+---
+
+This changelog was started with version `v1.2.0`, for earlier versions refer to the respective [GitHub releases](https://github.com/grpc-ecosystem/go-grpc-prometheus/releases).
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/LICENSE b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/LICENSE
new file mode 100644
index 0000000000..b2b065037f
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/LICENSE
@@ -0,0 +1,201 @@
+                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
\ No newline at end of file
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/README.md b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/README.md
new file mode 100644
index 0000000000..499c583553
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/README.md
@@ -0,0 +1,247 @@
+# Go gRPC Interceptors for Prometheus monitoring 
+
+[![Travis Build](https://travis-ci.org/grpc-ecosystem/go-grpc-prometheus.svg)](https://travis-ci.org/grpc-ecosystem/go-grpc-prometheus)
+[![Go Report Card](https://goreportcard.com/badge/github.com/grpc-ecosystem/go-grpc-prometheus)](http://goreportcard.com/report/grpc-ecosystem/go-grpc-prometheus)
+[![GoDoc](http://img.shields.io/badge/GoDoc-Reference-blue.svg)](https://godoc.org/github.com/grpc-ecosystem/go-grpc-prometheus)
+[![SourceGraph](https://sourcegraph.com/github.com/grpc-ecosystem/go-grpc-prometheus/-/badge.svg)](https://sourcegraph.com/github.com/grpc-ecosystem/go-grpc-prometheus/?badge)
+[![codecov](https://codecov.io/gh/grpc-ecosystem/go-grpc-prometheus/branch/master/graph/badge.svg)](https://codecov.io/gh/grpc-ecosystem/go-grpc-prometheus)
+[![Apache 2.0 License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)
+
+[Prometheus](https://prometheus.io/) monitoring for your [gRPC Go](https://github.com/grpc/grpc-go) servers and clients.
+
+A sister implementation for [gRPC Java](https://github.com/grpc/grpc-java) (same metrics, same semantics) is in [grpc-ecosystem/java-grpc-prometheus](https://github.com/grpc-ecosystem/java-grpc-prometheus).
+
+## Interceptors
+
+[gRPC Go](https://github.com/grpc/grpc-go) recently acquired support for Interceptors, i.e. middleware that is executed
+by a gRPC Server before the request is passed onto the user's application logic. It is a perfect way to implement
+common patterns: auth, logging and... monitoring.
+
+To use Interceptors in chains, please see [`go-grpc-middleware`](https://github.com/mwitkow/go-grpc-middleware).
+
+## Usage
+
+There are two types of interceptors: client-side and server-side. This package provides monitoring Interceptors for both.
+
+### Server-side
+
+```go
+import "github.com/grpc-ecosystem/go-grpc-prometheus"
+...
+    // Initialize your gRPC server's interceptor.
+    myServer := grpc.NewServer(
+        grpc.StreamInterceptor(grpc_prometheus.StreamServerInterceptor),
+        grpc.UnaryInterceptor(grpc_prometheus.UnaryServerInterceptor),
+    )
+    // Register your gRPC service implementations.
+    myservice.RegisterMyServiceServer(s.server, &myServiceImpl{})
+    // After all your registrations, make sure all of the Prometheus metrics are initialized.
+    grpc_prometheus.Register(myServer)
+    // Register Prometheus metrics handler.    
+    http.Handle("/metrics", promhttp.Handler())
+...
+```
+
+### Client-side
+
+```go
+import "github.com/grpc-ecosystem/go-grpc-prometheus"
+...
+   clientConn, err = grpc.Dial(
+       address,
+		   grpc.WithUnaryInterceptor(grpc_prometheus.UnaryClientInterceptor),
+		   grpc.WithStreamInterceptor(grpc_prometheus.StreamClientInterceptor)
+   )
+   client = pb_testproto.NewTestServiceClient(clientConn)
+   resp, err := client.PingEmpty(s.ctx, &myservice.Request{Msg: "hello"})
+...
+```
+
+# Metrics
+
+## Labels
+
+All server-side metrics start with `grpc_server` as Prometheus subsystem name. All client-side metrics start with `grpc_client`. Both of them have mirror-concepts. Similarly all methods
+contain the same rich labels:
+  
+  * `grpc_service` - the [gRPC service](http://www.grpc.io/docs/#defining-a-service) name, which is the combination of protobuf `package` and
+    the `grpc_service` section name. E.g. for `package = mwitkow.testproto` and 
+     `service TestService` the label will be `grpc_service="mwitkow.testproto.TestService"`
+  * `grpc_method` - the name of the method called on the gRPC service. E.g.  
+    `grpc_method="Ping"`
+  * `grpc_type` - the gRPC [type of request](http://www.grpc.io/docs/guides/concepts.html#rpc-life-cycle). 
+    Differentiating between the two is important especially for latency measurements.
+
+     - `unary` is single request, single response RPC
+     - `client_stream` is a multi-request, single response RPC
+     - `server_stream` is a single request, multi-response RPC
+     - `bidi_stream` is a multi-request, multi-response RPC
+    
+
+Additionally for completed RPCs, the following labels are used:
+
+  * `grpc_code` - the human-readable [gRPC status code](https://github.com/grpc/grpc-go/blob/master/codes/codes.go).
+    The list of all statuses is to long, but here are some common ones:
+      
+      - `OK` - means the RPC was successful
+      - `IllegalArgument` - RPC contained bad values
+      - `Internal` - server-side error not disclosed to the clients
+      
+## Counters
+
+The counters and their up to date documentation is in [server_reporter.go](server_reporter.go) and [client_reporter.go](client_reporter.go) 
+the respective Prometheus handler (usually `/metrics`). 
+
+For the purpose of this documentation we will only discuss `grpc_server` metrics. The `grpc_client` ones contain mirror concepts.
+
+For simplicity, let's assume we're tracking a single server-side RPC call of [`mwitkow.testproto.TestService`](examples/testproto/test.proto),
+calling the method `PingList`. The call succeeds and returns 20 messages in the stream.
+
+First, immediately after the server receives the call it will increment the
+`grpc_server_started_total` and start the handling time clock (if histograms are enabled). 
+
+```jsoniq
+grpc_server_started_total{grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream"} 1
+```
+
+Then the user logic gets invoked. It receives one message from the client containing the request 
+(it's a `server_stream`):
+
+```jsoniq
+grpc_server_msg_received_total{grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream"} 1
+```
+
+The user logic may return an error, or send multiple messages back to the client. In this case, on 
+each of the 20 messages sent back, a counter will be incremented:
+
+```jsoniq
+grpc_server_msg_sent_total{grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream"} 20
+```
+
+After the call completes, its status (`OK` or other [gRPC status code](https://github.com/grpc/grpc-go/blob/master/codes/codes.go)) 
+and the relevant call labels increment the `grpc_server_handled_total` counter.
+
+```jsoniq
+grpc_server_handled_total{grpc_code="OK",grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream"} 1
+```
+
+## Histograms
+
+[Prometheus histograms](https://prometheus.io/docs/concepts/metric_types/#histogram) are a great way
+to measure latency distributions of your RPCs. However, since it is bad practice to have metrics
+of [high cardinality](https://prometheus.io/docs/practices/instrumentation/#do-not-overuse-labels)
+the latency monitoring metrics are disabled by default. To enable them please call the following
+in your server initialization code:
+
+```jsoniq
+grpc_prometheus.EnableHandlingTimeHistogram()
+```
+
+After the call completes, its handling time will be recorded in a [Prometheus histogram](https://prometheus.io/docs/concepts/metric_types/#histogram)
+variable `grpc_server_handling_seconds`. The histogram variable contains three sub-metrics:
+
+ * `grpc_server_handling_seconds_count` - the count of all completed RPCs by status and method 
+ * `grpc_server_handling_seconds_sum` - cumulative time of RPCs by status and method, useful for 
+   calculating average handling times
+ * `grpc_server_handling_seconds_bucket` - contains the counts of RPCs by status and method in respective
+   handling-time buckets. These buckets can be used by Prometheus to estimate SLAs (see [here](https://prometheus.io/docs/practices/histograms/))
+
+The counter values will look as follows:
+
+```jsoniq
+grpc_server_handling_seconds_bucket{grpc_code="OK",grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream",le="0.005"} 1
+grpc_server_handling_seconds_bucket{grpc_code="OK",grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream",le="0.01"} 1
+grpc_server_handling_seconds_bucket{grpc_code="OK",grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream",le="0.025"} 1
+grpc_server_handling_seconds_bucket{grpc_code="OK",grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream",le="0.05"} 1
+grpc_server_handling_seconds_bucket{grpc_code="OK",grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream",le="0.1"} 1
+grpc_server_handling_seconds_bucket{grpc_code="OK",grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream",le="0.25"} 1
+grpc_server_handling_seconds_bucket{grpc_code="OK",grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream",le="0.5"} 1
+grpc_server_handling_seconds_bucket{grpc_code="OK",grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream",le="1"} 1
+grpc_server_handling_seconds_bucket{grpc_code="OK",grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream",le="2.5"} 1
+grpc_server_handling_seconds_bucket{grpc_code="OK",grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream",le="5"} 1
+grpc_server_handling_seconds_bucket{grpc_code="OK",grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream",le="10"} 1
+grpc_server_handling_seconds_bucket{grpc_code="OK",grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream",le="+Inf"} 1
+grpc_server_handling_seconds_sum{grpc_code="OK",grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream"} 0.0003866430000000001
+grpc_server_handling_seconds_count{grpc_code="OK",grpc_method="PingList",grpc_service="mwitkow.testproto.TestService",grpc_type="server_stream"} 1
+```
+
+
+## Useful query examples
+
+Prometheus philosophy is to provide raw metrics to the monitoring system, and
+let the aggregations be handled there. The verbosity of above metrics make it possible to have that
+flexibility. Here's a couple of useful monitoring queries:
+
+
+### request inbound rate
+```jsoniq
+sum(rate(grpc_server_started_total{job="foo"}[1m])) by (grpc_service)
+```
+For `job="foo"` (common label to differentiate between Prometheus monitoring targets), calculate the
+rate of requests per second (1 minute window) for each gRPC `grpc_service` that the job has. Please note
+how the `grpc_method` is being omitted here: all methods of a given gRPC service will be summed together.
+
+### unary request error rate
+```jsoniq
+sum(rate(grpc_server_handled_total{job="foo",grpc_type="unary",grpc_code!="OK"}[1m])) by (grpc_service)
+```
+For `job="foo"`, calculate the per-`grpc_service` rate of `unary` (1:1) RPCs that failed, i.e. the 
+ones that didn't finish with `OK` code.
+
+### unary request error percentage
+```jsoniq
+sum(rate(grpc_server_handled_total{job="foo",grpc_type="unary",grpc_code!="OK"}[1m])) by (grpc_service)
+ / 
+sum(rate(grpc_server_started_total{job="foo",grpc_type="unary"}[1m])) by (grpc_service)
+ * 100.0
+```
+For `job="foo"`, calculate the percentage of failed requests by service. It's easy to notice that
+this is a combination of the two above examples. This is an example of a query you would like to
+[alert on](https://prometheus.io/docs/alerting/rules/) in your system for SLA violations, e.g.
+"no more than 1% requests should fail".
+
+### average response stream size
+```jsoniq
+sum(rate(grpc_server_msg_sent_total{job="foo",grpc_type="server_stream"}[10m])) by (grpc_service)
+ /
+sum(rate(grpc_server_started_total{job="foo",grpc_type="server_stream"}[10m])) by (grpc_service)
+```
+For `job="foo"` what is the `grpc_service`-wide `10m` average of messages returned for all `
+server_stream` RPCs. This allows you to track the stream sizes returned by your system, e.g. allows 
+you to track when clients started to send "wide" queries that ret
+Note the divisor is the number of started RPCs, in order to account for in-flight requests.
+
+### 99%-tile latency of unary requests
+```jsoniq
+histogram_quantile(0.99, 
+  sum(rate(grpc_server_handling_seconds_bucket{job="foo",grpc_type="unary"}[5m])) by (grpc_service,le)
+)
+```
+For `job="foo"`, returns an 99%-tile [quantile estimation](https://prometheus.io/docs/practices/histograms/#quantiles)
+of the handling time of RPCs per service. Please note the `5m` rate, this means that the quantile
+estimation will take samples in a rolling `5m` window. When combined with other quantiles
+(e.g. 50%, 90%), this query gives you tremendous insight into the responsiveness of your system 
+(e.g. impact of caching).
+
+### percentage of slow unary queries (>250ms)
+```jsoniq
+100.0 - (
+sum(rate(grpc_server_handling_seconds_bucket{job="foo",grpc_type="unary",le="0.25"}[5m])) by (grpc_service)
+ / 
+sum(rate(grpc_server_handling_seconds_count{job="foo",grpc_type="unary"}[5m])) by (grpc_service)
+) * 100.0
+```
+For `job="foo"` calculate the by-`grpc_service` fraction of slow requests that took longer than `0.25` 
+seconds. This query is relatively complex, since the Prometheus aggregations use `le` (less or equal)
+buckets, meaning that counting "fast" requests fractions is easier. However, simple maths helps.
+This is an example of a query you would like to alert on in your system for SLA violations, 
+e.g. "less than 1% of requests are slower than 250ms".
+
+
+## Status
+
+This code has been used since August 2015 as the basis for monitoring of *production* gRPC micro services  at [Improbable](https://improbable.io).
+
+## License
+
+`go-grpc-prometheus` is released under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details.
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client.go b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client.go
new file mode 100644
index 0000000000..751a4c72d7
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client.go
@@ -0,0 +1,39 @@
+// Copyright 2016 Michal Witkowski. All Rights Reserved.
+// See LICENSE for licensing terms.
+
+// gRPC Prometheus monitoring interceptors for client-side gRPC.
+
+package grpc_prometheus
+
+import (
+	prom "github.com/prometheus/client_golang/prometheus"
+)
+
+var (
+	// DefaultClientMetrics is the default instance of ClientMetrics. It is
+	// intended to be used in conjunction the default Prometheus metrics
+	// registry.
+	DefaultClientMetrics = NewClientMetrics()
+
+	// UnaryClientInterceptor is a gRPC client-side interceptor that provides Prometheus monitoring for Unary RPCs.
+	UnaryClientInterceptor = DefaultClientMetrics.UnaryClientInterceptor()
+
+	// StreamClientInterceptor is a gRPC client-side interceptor that provides Prometheus monitoring for Streaming RPCs.
+	StreamClientInterceptor = DefaultClientMetrics.StreamClientInterceptor()
+)
+
+func init() {
+	prom.MustRegister(DefaultClientMetrics.clientStartedCounter)
+	prom.MustRegister(DefaultClientMetrics.clientHandledCounter)
+	prom.MustRegister(DefaultClientMetrics.clientStreamMsgReceived)
+	prom.MustRegister(DefaultClientMetrics.clientStreamMsgSent)
+}
+
+// EnableClientHandlingTimeHistogram turns on recording of handling time of
+// RPCs. Histogram metrics can be very expensive for Prometheus to retain and
+// query. This function acts on the DefaultClientMetrics variable and the
+// default Prometheus metrics registry.
+func EnableClientHandlingTimeHistogram(opts ...HistogramOption) {
+	DefaultClientMetrics.EnableClientHandlingTimeHistogram(opts...)
+	prom.Register(DefaultClientMetrics.clientHandledHistogram)
+}
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client_metrics.go b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client_metrics.go
new file mode 100644
index 0000000000..9b476f9832
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client_metrics.go
@@ -0,0 +1,170 @@
+package grpc_prometheus
+
+import (
+	"io"
+
+	prom "github.com/prometheus/client_golang/prometheus"
+	"golang.org/x/net/context"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+// ClientMetrics represents a collection of metrics to be registered on a
+// Prometheus metrics registry for a gRPC client.
+type ClientMetrics struct {
+	clientStartedCounter          *prom.CounterVec
+	clientHandledCounter          *prom.CounterVec
+	clientStreamMsgReceived       *prom.CounterVec
+	clientStreamMsgSent           *prom.CounterVec
+	clientHandledHistogramEnabled bool
+	clientHandledHistogramOpts    prom.HistogramOpts
+	clientHandledHistogram        *prom.HistogramVec
+}
+
+// NewClientMetrics returns a ClientMetrics object. Use a new instance of
+// ClientMetrics when not using the default Prometheus metrics registry, for
+// example when wanting to control which metrics are added to a registry as
+// opposed to automatically adding metrics via init functions.
+func NewClientMetrics(counterOpts ...CounterOption) *ClientMetrics {
+	opts := counterOptions(counterOpts)
+	return &ClientMetrics{
+		clientStartedCounter: prom.NewCounterVec(
+			opts.apply(prom.CounterOpts{
+				Name: "grpc_client_started_total",
+				Help: "Total number of RPCs started on the client.",
+			}), []string{"grpc_type", "grpc_service", "grpc_method"}),
+
+		clientHandledCounter: prom.NewCounterVec(
+			opts.apply(prom.CounterOpts{
+				Name: "grpc_client_handled_total",
+				Help: "Total number of RPCs completed by the client, regardless of success or failure.",
+			}), []string{"grpc_type", "grpc_service", "grpc_method", "grpc_code"}),
+
+		clientStreamMsgReceived: prom.NewCounterVec(
+			opts.apply(prom.CounterOpts{
+				Name: "grpc_client_msg_received_total",
+				Help: "Total number of RPC stream messages received by the client.",
+			}), []string{"grpc_type", "grpc_service", "grpc_method"}),
+
+		clientStreamMsgSent: prom.NewCounterVec(
+			opts.apply(prom.CounterOpts{
+				Name: "grpc_client_msg_sent_total",
+				Help: "Total number of gRPC stream messages sent by the client.",
+			}), []string{"grpc_type", "grpc_service", "grpc_method"}),
+
+		clientHandledHistogramEnabled: false,
+		clientHandledHistogramOpts: prom.HistogramOpts{
+			Name:    "grpc_client_handling_seconds",
+			Help:    "Histogram of response latency (seconds) of the gRPC until it is finished by the application.",
+			Buckets: prom.DefBuckets,
+		},
+		clientHandledHistogram: nil,
+	}
+}
+
+// Describe sends the super-set of all possible descriptors of metrics
+// collected by this Collector to the provided channel and returns once
+// the last descriptor has been sent.
+func (m *ClientMetrics) Describe(ch chan<- *prom.Desc) {
+	m.clientStartedCounter.Describe(ch)
+	m.clientHandledCounter.Describe(ch)
+	m.clientStreamMsgReceived.Describe(ch)
+	m.clientStreamMsgSent.Describe(ch)
+	if m.clientHandledHistogramEnabled {
+		m.clientHandledHistogram.Describe(ch)
+	}
+}
+
+// Collect is called by the Prometheus registry when collecting
+// metrics. The implementation sends each collected metric via the
+// provided channel and returns once the last metric has been sent.
+func (m *ClientMetrics) Collect(ch chan<- prom.Metric) {
+	m.clientStartedCounter.Collect(ch)
+	m.clientHandledCounter.Collect(ch)
+	m.clientStreamMsgReceived.Collect(ch)
+	m.clientStreamMsgSent.Collect(ch)
+	if m.clientHandledHistogramEnabled {
+		m.clientHandledHistogram.Collect(ch)
+	}
+}
+
+// EnableClientHandlingTimeHistogram turns on recording of handling time of RPCs.
+// Histogram metrics can be very expensive for Prometheus to retain and query.
+func (m *ClientMetrics) EnableClientHandlingTimeHistogram(opts ...HistogramOption) {
+	for _, o := range opts {
+		o(&m.clientHandledHistogramOpts)
+	}
+	if !m.clientHandledHistogramEnabled {
+		m.clientHandledHistogram = prom.NewHistogramVec(
+			m.clientHandledHistogramOpts,
+			[]string{"grpc_type", "grpc_service", "grpc_method"},
+		)
+	}
+	m.clientHandledHistogramEnabled = true
+}
+
+// UnaryClientInterceptor is a gRPC client-side interceptor that provides Prometheus monitoring for Unary RPCs.
+func (m *ClientMetrics) UnaryClientInterceptor() func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
+	return func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
+		monitor := newClientReporter(m, Unary, method)
+		monitor.SentMessage()
+		err := invoker(ctx, method, req, reply, cc, opts...)
+		if err != nil {
+			monitor.ReceivedMessage()
+		}
+		st, _ := status.FromError(err)
+		monitor.Handled(st.Code())
+		return err
+	}
+}
+
+// StreamClientInterceptor is a gRPC client-side interceptor that provides Prometheus monitoring for Streaming RPCs.
+func (m *ClientMetrics) StreamClientInterceptor() func(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error) {
+	return func(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error) {
+		monitor := newClientReporter(m, clientStreamType(desc), method)
+		clientStream, err := streamer(ctx, desc, cc, method, opts...)
+		if err != nil {
+			st, _ := status.FromError(err)
+			monitor.Handled(st.Code())
+			return nil, err
+		}
+		return &monitoredClientStream{clientStream, monitor}, nil
+	}
+}
+
+func clientStreamType(desc *grpc.StreamDesc) grpcType {
+	if desc.ClientStreams && !desc.ServerStreams {
+		return ClientStream
+	} else if !desc.ClientStreams && desc.ServerStreams {
+		return ServerStream
+	}
+	return BidiStream
+}
+
+// monitoredClientStream wraps grpc.ClientStream allowing each Sent/Recv of message to increment counters.
+type monitoredClientStream struct {
+	grpc.ClientStream
+	monitor *clientReporter
+}
+
+func (s *monitoredClientStream) SendMsg(m interface{}) error {
+	err := s.ClientStream.SendMsg(m)
+	if err == nil {
+		s.monitor.SentMessage()
+	}
+	return err
+}
+
+func (s *monitoredClientStream) RecvMsg(m interface{}) error {
+	err := s.ClientStream.RecvMsg(m)
+	if err == nil {
+		s.monitor.ReceivedMessage()
+	} else if err == io.EOF {
+		s.monitor.Handled(codes.OK)
+	} else {
+		st, _ := status.FromError(err)
+		s.monitor.Handled(st.Code())
+	}
+	return err
+}
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client_reporter.go b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client_reporter.go
new file mode 100644
index 0000000000..cbf1532299
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client_reporter.go
@@ -0,0 +1,46 @@
+// Copyright 2016 Michal Witkowski. All Rights Reserved.
+// See LICENSE for licensing terms.
+
+package grpc_prometheus
+
+import (
+	"time"
+
+	"google.golang.org/grpc/codes"
+)
+
+type clientReporter struct {
+	metrics     *ClientMetrics
+	rpcType     grpcType
+	serviceName string
+	methodName  string
+	startTime   time.Time
+}
+
+func newClientReporter(m *ClientMetrics, rpcType grpcType, fullMethod string) *clientReporter {
+	r := &clientReporter{
+		metrics: m,
+		rpcType: rpcType,
+	}
+	if r.metrics.clientHandledHistogramEnabled {
+		r.startTime = time.Now()
+	}
+	r.serviceName, r.methodName = splitMethodName(fullMethod)
+	r.metrics.clientStartedCounter.WithLabelValues(string(r.rpcType), r.serviceName, r.methodName).Inc()
+	return r
+}
+
+func (r *clientReporter) ReceivedMessage() {
+	r.metrics.clientStreamMsgReceived.WithLabelValues(string(r.rpcType), r.serviceName, r.methodName).Inc()
+}
+
+func (r *clientReporter) SentMessage() {
+	r.metrics.clientStreamMsgSent.WithLabelValues(string(r.rpcType), r.serviceName, r.methodName).Inc()
+}
+
+func (r *clientReporter) Handled(code codes.Code) {
+	r.metrics.clientHandledCounter.WithLabelValues(string(r.rpcType), r.serviceName, r.methodName, code.String()).Inc()
+	if r.metrics.clientHandledHistogramEnabled {
+		r.metrics.clientHandledHistogram.WithLabelValues(string(r.rpcType), r.serviceName, r.methodName).Observe(time.Since(r.startTime).Seconds())
+	}
+}
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/makefile b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/makefile
new file mode 100644
index 0000000000..74c0842230
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/makefile
@@ -0,0 +1,16 @@
+SHELL="/bin/bash"
+
+GOFILES_NOVENDOR = $(shell go list ./... | grep -v /vendor/)
+
+all: vet fmt test
+
+fmt:
+	go fmt $(GOFILES_NOVENDOR)
+
+vet:
+	go vet $(GOFILES_NOVENDOR)
+
+test: vet
+	./scripts/test_all.sh
+
+.PHONY: all vet test
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/metric_options.go b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/metric_options.go
new file mode 100644
index 0000000000..9d51aec981
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/metric_options.go
@@ -0,0 +1,41 @@
+package grpc_prometheus
+
+import (
+	prom "github.com/prometheus/client_golang/prometheus"
+)
+
+// A CounterOption lets you add options to Counter metrics using With* funcs.
+type CounterOption func(*prom.CounterOpts)
+
+type counterOptions []CounterOption
+
+func (co counterOptions) apply(o prom.CounterOpts) prom.CounterOpts {
+	for _, f := range co {
+		f(&o)
+	}
+	return o
+}
+
+// WithConstLabels allows you to add ConstLabels to Counter metrics.
+func WithConstLabels(labels prom.Labels) CounterOption {
+	return func(o *prom.CounterOpts) {
+		o.ConstLabels = labels
+	}
+}
+
+// A HistogramOption lets you add options to Histogram metrics using With*
+// funcs.
+type HistogramOption func(*prom.HistogramOpts)
+
+// WithHistogramBuckets allows you to specify custom bucket ranges for histograms if EnableHandlingTimeHistogram is on.
+func WithHistogramBuckets(buckets []float64) HistogramOption {
+	return func(o *prom.HistogramOpts) { o.Buckets = buckets }
+}
+
+// WithHistogramConstLabels allows you to add custom ConstLabels to
+// histograms metrics.
+func WithHistogramConstLabels(labels prom.Labels) HistogramOption {
+	return func(o *prom.HistogramOpts) {
+		o.ConstLabels = labels
+	}
+}
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server.go b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server.go
new file mode 100644
index 0000000000..322f99046f
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server.go
@@ -0,0 +1,48 @@
+// Copyright 2016 Michal Witkowski. All Rights Reserved.
+// See LICENSE for licensing terms.
+
+// gRPC Prometheus monitoring interceptors for server-side gRPC.
+
+package grpc_prometheus
+
+import (
+	prom "github.com/prometheus/client_golang/prometheus"
+	"google.golang.org/grpc"
+)
+
+var (
+	// DefaultServerMetrics is the default instance of ServerMetrics. It is
+	// intended to be used in conjunction the default Prometheus metrics
+	// registry.
+	DefaultServerMetrics = NewServerMetrics()
+
+	// UnaryServerInterceptor is a gRPC server-side interceptor that provides Prometheus monitoring for Unary RPCs.
+	UnaryServerInterceptor = DefaultServerMetrics.UnaryServerInterceptor()
+
+	// StreamServerInterceptor is a gRPC server-side interceptor that provides Prometheus monitoring for Streaming RPCs.
+	StreamServerInterceptor = DefaultServerMetrics.StreamServerInterceptor()
+)
+
+func init() {
+	prom.MustRegister(DefaultServerMetrics.serverStartedCounter)
+	prom.MustRegister(DefaultServerMetrics.serverHandledCounter)
+	prom.MustRegister(DefaultServerMetrics.serverStreamMsgReceived)
+	prom.MustRegister(DefaultServerMetrics.serverStreamMsgSent)
+}
+
+// Register takes a gRPC server and pre-initializes all counters to 0. This
+// allows for easier monitoring in Prometheus (no missing metrics), and should
+// be called *after* all services have been registered with the server. This
+// function acts on the DefaultServerMetrics variable.
+func Register(server *grpc.Server) {
+	DefaultServerMetrics.InitializeMetrics(server)
+}
+
+// EnableHandlingTimeHistogram turns on recording of handling time
+// of RPCs. Histogram metrics can be very expensive for Prometheus
+// to retain and query. This function acts on the DefaultServerMetrics
+// variable and the default Prometheus metrics registry.
+func EnableHandlingTimeHistogram(opts ...HistogramOption) {
+	DefaultServerMetrics.EnableHandlingTimeHistogram(opts...)
+	prom.Register(DefaultServerMetrics.serverHandledHistogram)
+}
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server_metrics.go b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server_metrics.go
new file mode 100644
index 0000000000..5b1467e7aa
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server_metrics.go
@@ -0,0 +1,185 @@
+package grpc_prometheus
+
+import (
+	prom "github.com/prometheus/client_golang/prometheus"
+	"golang.org/x/net/context"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/status"
+)
+
+// ServerMetrics represents a collection of metrics to be registered on a
+// Prometheus metrics registry for a gRPC server.
+type ServerMetrics struct {
+	serverStartedCounter          *prom.CounterVec
+	serverHandledCounter          *prom.CounterVec
+	serverStreamMsgReceived       *prom.CounterVec
+	serverStreamMsgSent           *prom.CounterVec
+	serverHandledHistogramEnabled bool
+	serverHandledHistogramOpts    prom.HistogramOpts
+	serverHandledHistogram        *prom.HistogramVec
+}
+
+// NewServerMetrics returns a ServerMetrics object. Use a new instance of
+// ServerMetrics when not using the default Prometheus metrics registry, for
+// example when wanting to control which metrics are added to a registry as
+// opposed to automatically adding metrics via init functions.
+func NewServerMetrics(counterOpts ...CounterOption) *ServerMetrics {
+	opts := counterOptions(counterOpts)
+	return &ServerMetrics{
+		serverStartedCounter: prom.NewCounterVec(
+			opts.apply(prom.CounterOpts{
+				Name: "grpc_server_started_total",
+				Help: "Total number of RPCs started on the server.",
+			}), []string{"grpc_type", "grpc_service", "grpc_method"}),
+		serverHandledCounter: prom.NewCounterVec(
+			opts.apply(prom.CounterOpts{
+				Name: "grpc_server_handled_total",
+				Help: "Total number of RPCs completed on the server, regardless of success or failure.",
+			}), []string{"grpc_type", "grpc_service", "grpc_method", "grpc_code"}),
+		serverStreamMsgReceived: prom.NewCounterVec(
+			opts.apply(prom.CounterOpts{
+				Name: "grpc_server_msg_received_total",
+				Help: "Total number of RPC stream messages received on the server.",
+			}), []string{"grpc_type", "grpc_service", "grpc_method"}),
+		serverStreamMsgSent: prom.NewCounterVec(
+			opts.apply(prom.CounterOpts{
+				Name: "grpc_server_msg_sent_total",
+				Help: "Total number of gRPC stream messages sent by the server.",
+			}), []string{"grpc_type", "grpc_service", "grpc_method"}),
+		serverHandledHistogramEnabled: false,
+		serverHandledHistogramOpts: prom.HistogramOpts{
+			Name:    "grpc_server_handling_seconds",
+			Help:    "Histogram of response latency (seconds) of gRPC that had been application-level handled by the server.",
+			Buckets: prom.DefBuckets,
+		},
+		serverHandledHistogram: nil,
+	}
+}
+
+// EnableHandlingTimeHistogram enables histograms being registered when
+// registering the ServerMetrics on a Prometheus registry. Histograms can be
+// expensive on Prometheus servers. It takes options to configure histogram
+// options such as the defined buckets.
+func (m *ServerMetrics) EnableHandlingTimeHistogram(opts ...HistogramOption) {
+	for _, o := range opts {
+		o(&m.serverHandledHistogramOpts)
+	}
+	if !m.serverHandledHistogramEnabled {
+		m.serverHandledHistogram = prom.NewHistogramVec(
+			m.serverHandledHistogramOpts,
+			[]string{"grpc_type", "grpc_service", "grpc_method"},
+		)
+	}
+	m.serverHandledHistogramEnabled = true
+}
+
+// Describe sends the super-set of all possible descriptors of metrics
+// collected by this Collector to the provided channel and returns once
+// the last descriptor has been sent.
+func (m *ServerMetrics) Describe(ch chan<- *prom.Desc) {
+	m.serverStartedCounter.Describe(ch)
+	m.serverHandledCounter.Describe(ch)
+	m.serverStreamMsgReceived.Describe(ch)
+	m.serverStreamMsgSent.Describe(ch)
+	if m.serverHandledHistogramEnabled {
+		m.serverHandledHistogram.Describe(ch)
+	}
+}
+
+// Collect is called by the Prometheus registry when collecting
+// metrics. The implementation sends each collected metric via the
+// provided channel and returns once the last metric has been sent.
+func (m *ServerMetrics) Collect(ch chan<- prom.Metric) {
+	m.serverStartedCounter.Collect(ch)
+	m.serverHandledCounter.Collect(ch)
+	m.serverStreamMsgReceived.Collect(ch)
+	m.serverStreamMsgSent.Collect(ch)
+	if m.serverHandledHistogramEnabled {
+		m.serverHandledHistogram.Collect(ch)
+	}
+}
+
+// UnaryServerInterceptor is a gRPC server-side interceptor that provides Prometheus monitoring for Unary RPCs.
+func (m *ServerMetrics) UnaryServerInterceptor() func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+		monitor := newServerReporter(m, Unary, info.FullMethod)
+		monitor.ReceivedMessage()
+		resp, err := handler(ctx, req)
+		st, _ := status.FromError(err)
+		monitor.Handled(st.Code())
+		if err == nil {
+			monitor.SentMessage()
+		}
+		return resp, err
+	}
+}
+
+// StreamServerInterceptor is a gRPC server-side interceptor that provides Prometheus monitoring for Streaming RPCs.
+func (m *ServerMetrics) StreamServerInterceptor() func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
+	return func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
+		monitor := newServerReporter(m, streamRPCType(info), info.FullMethod)
+		err := handler(srv, &monitoredServerStream{ss, monitor})
+		st, _ := status.FromError(err)
+		monitor.Handled(st.Code())
+		return err
+	}
+}
+
+// InitializeMetrics initializes all metrics, with their appropriate null
+// value, for all gRPC methods registered on a gRPC server. This is useful, to
+// ensure that all metrics exist when collecting and querying.
+func (m *ServerMetrics) InitializeMetrics(server *grpc.Server) {
+	serviceInfo := server.GetServiceInfo()
+	for serviceName, info := range serviceInfo {
+		for _, mInfo := range info.Methods {
+			preRegisterMethod(m, serviceName, &mInfo)
+		}
+	}
+}
+
+func streamRPCType(info *grpc.StreamServerInfo) grpcType {
+	if info.IsClientStream && !info.IsServerStream {
+		return ClientStream
+	} else if !info.IsClientStream && info.IsServerStream {
+		return ServerStream
+	}
+	return BidiStream
+}
+
+// monitoredStream wraps grpc.ServerStream allowing each Sent/Recv of message to increment counters.
+type monitoredServerStream struct {
+	grpc.ServerStream
+	monitor *serverReporter
+}
+
+func (s *monitoredServerStream) SendMsg(m interface{}) error {
+	err := s.ServerStream.SendMsg(m)
+	if err == nil {
+		s.monitor.SentMessage()
+	}
+	return err
+}
+
+func (s *monitoredServerStream) RecvMsg(m interface{}) error {
+	err := s.ServerStream.RecvMsg(m)
+	if err == nil {
+		s.monitor.ReceivedMessage()
+	}
+	return err
+}
+
+// preRegisterMethod is invoked on Register of a Server, allowing all gRPC services labels to be pre-populated.
+func preRegisterMethod(metrics *ServerMetrics, serviceName string, mInfo *grpc.MethodInfo) {
+	methodName := mInfo.Name
+	methodType := string(typeFromMethodInfo(mInfo))
+	// These are just references (no increments), as just referencing will create the labels but not set values.
+	metrics.serverStartedCounter.GetMetricWithLabelValues(methodType, serviceName, methodName)
+	metrics.serverStreamMsgReceived.GetMetricWithLabelValues(methodType, serviceName, methodName)
+	metrics.serverStreamMsgSent.GetMetricWithLabelValues(methodType, serviceName, methodName)
+	if metrics.serverHandledHistogramEnabled {
+		metrics.serverHandledHistogram.GetMetricWithLabelValues(methodType, serviceName, methodName)
+	}
+	for _, code := range allCodes {
+		metrics.serverHandledCounter.GetMetricWithLabelValues(methodType, serviceName, methodName, code.String())
+	}
+}
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server_reporter.go b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server_reporter.go
new file mode 100644
index 0000000000..aa9db5401a
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server_reporter.go
@@ -0,0 +1,46 @@
+// Copyright 2016 Michal Witkowski. All Rights Reserved.
+// See LICENSE for licensing terms.
+
+package grpc_prometheus
+
+import (
+	"time"
+
+	"google.golang.org/grpc/codes"
+)
+
+type serverReporter struct {
+	metrics     *ServerMetrics
+	rpcType     grpcType
+	serviceName string
+	methodName  string
+	startTime   time.Time
+}
+
+func newServerReporter(m *ServerMetrics, rpcType grpcType, fullMethod string) *serverReporter {
+	r := &serverReporter{
+		metrics: m,
+		rpcType: rpcType,
+	}
+	if r.metrics.serverHandledHistogramEnabled {
+		r.startTime = time.Now()
+	}
+	r.serviceName, r.methodName = splitMethodName(fullMethod)
+	r.metrics.serverStartedCounter.WithLabelValues(string(r.rpcType), r.serviceName, r.methodName).Inc()
+	return r
+}
+
+func (r *serverReporter) ReceivedMessage() {
+	r.metrics.serverStreamMsgReceived.WithLabelValues(string(r.rpcType), r.serviceName, r.methodName).Inc()
+}
+
+func (r *serverReporter) SentMessage() {
+	r.metrics.serverStreamMsgSent.WithLabelValues(string(r.rpcType), r.serviceName, r.methodName).Inc()
+}
+
+func (r *serverReporter) Handled(code codes.Code) {
+	r.metrics.serverHandledCounter.WithLabelValues(string(r.rpcType), r.serviceName, r.methodName, code.String()).Inc()
+	if r.metrics.serverHandledHistogramEnabled {
+		r.metrics.serverHandledHistogram.WithLabelValues(string(r.rpcType), r.serviceName, r.methodName).Observe(time.Since(r.startTime).Seconds())
+	}
+}
diff --git a/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/util.go b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/util.go
new file mode 100644
index 0000000000..7987de35f4
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/util.go
@@ -0,0 +1,50 @@
+// Copyright 2016 Michal Witkowski. All Rights Reserved.
+// See LICENSE for licensing terms.
+
+package grpc_prometheus
+
+import (
+	"strings"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+)
+
+type grpcType string
+
+const (
+	Unary        grpcType = "unary"
+	ClientStream grpcType = "client_stream"
+	ServerStream grpcType = "server_stream"
+	BidiStream   grpcType = "bidi_stream"
+)
+
+var (
+	allCodes = []codes.Code{
+		codes.OK, codes.Canceled, codes.Unknown, codes.InvalidArgument, codes.DeadlineExceeded, codes.NotFound,
+		codes.AlreadyExists, codes.PermissionDenied, codes.Unauthenticated, codes.ResourceExhausted,
+		codes.FailedPrecondition, codes.Aborted, codes.OutOfRange, codes.Unimplemented, codes.Internal,
+		codes.Unavailable, codes.DataLoss,
+	}
+)
+
+func splitMethodName(fullMethodName string) (string, string) {
+	fullMethodName = strings.TrimPrefix(fullMethodName, "/") // remove leading slash
+	if i := strings.Index(fullMethodName, "/"); i >= 0 {
+		return fullMethodName[:i], fullMethodName[i+1:]
+	}
+	return "unknown", "unknown"
+}
+
+func typeFromMethodInfo(mInfo *grpc.MethodInfo) grpcType {
+	if !mInfo.IsClientStream && !mInfo.IsServerStream {
+		return Unary
+	}
+	if mInfo.IsClientStream && !mInfo.IsServerStream {
+		return ClientStream
+	}
+	if !mInfo.IsClientStream && mInfo.IsServerStream {
+		return ServerStream
+	}
+	return BidiStream
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/LICENSE b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/LICENSE
new file mode 100644
index 0000000000..364516251b
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2015, Gengo, Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+
+    * Neither the name of Gengo, Inc. nor the names of its
+      contributors may be used to endorse or promote products derived from this
+      software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/BUILD.bazel b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/BUILD.bazel
new file mode 100644
index 0000000000..b8fbb2b77c
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/BUILD.bazel
@@ -0,0 +1,35 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+package(default_visibility = ["//visibility:public"])
+
+go_library(
+    name = "httprule",
+    srcs = [
+        "compile.go",
+        "parse.go",
+        "types.go",
+    ],
+    importpath = "github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule",
+    deps = ["//utilities"],
+)
+
+go_test(
+    name = "httprule_test",
+    size = "small",
+    srcs = [
+        "compile_test.go",
+        "parse_test.go",
+        "types_test.go",
+    ],
+    embed = [":httprule"],
+    deps = [
+        "//utilities",
+        "@org_golang_google_grpc//grpclog",
+    ],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":httprule",
+    visibility = ["//:__subpackages__"],
+)
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/compile.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/compile.go
new file mode 100644
index 0000000000..3cd9372959
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/compile.go
@@ -0,0 +1,121 @@
+package httprule
+
+import (
+	"github.com/grpc-ecosystem/grpc-gateway/v2/utilities"
+)
+
+const (
+	opcodeVersion = 1
+)
+
+// Template is a compiled representation of path templates.
+type Template struct {
+	// Version is the version number of the format.
+	Version int
+	// OpCodes is a sequence of operations.
+	OpCodes []int
+	// Pool is a constant pool
+	Pool []string
+	// Verb is a VERB part in the template.
+	Verb string
+	// Fields is a list of field paths bound in this template.
+	Fields []string
+	// Original template (example: /v1/a_bit_of_everything)
+	Template string
+}
+
+// Compiler compiles utilities representation of path templates into marshallable operations.
+// They can be unmarshalled by runtime.NewPattern.
+type Compiler interface {
+	Compile() Template
+}
+
+type op struct {
+	// code is the opcode of the operation
+	code utilities.OpCode
+
+	// str is a string operand of the code.
+	// num is ignored if str is not empty.
+	str string
+
+	// num is a numeric operand of the code.
+	num int
+}
+
+func (w wildcard) compile() []op {
+	return []op{
+		{code: utilities.OpPush},
+	}
+}
+
+func (w deepWildcard) compile() []op {
+	return []op{
+		{code: utilities.OpPushM},
+	}
+}
+
+func (l literal) compile() []op {
+	return []op{
+		{
+			code: utilities.OpLitPush,
+			str:  string(l),
+		},
+	}
+}
+
+func (v variable) compile() []op {
+	var ops []op
+	for _, s := range v.segments {
+		ops = append(ops, s.compile()...)
+	}
+	ops = append(ops, op{
+		code: utilities.OpConcatN,
+		num:  len(v.segments),
+	}, op{
+		code: utilities.OpCapture,
+		str:  v.path,
+	})
+
+	return ops
+}
+
+func (t template) Compile() Template {
+	var rawOps []op
+	for _, s := range t.segments {
+		rawOps = append(rawOps, s.compile()...)
+	}
+
+	var (
+		ops    []int
+		pool   []string
+		fields []string
+	)
+	consts := make(map[string]int)
+	for _, op := range rawOps {
+		ops = append(ops, int(op.code))
+		if op.str == "" {
+			ops = append(ops, op.num)
+		} else {
+			// eof segment literal represents the "/" path pattern
+			if op.str == eof {
+				op.str = ""
+			}
+			if _, ok := consts[op.str]; !ok {
+				consts[op.str] = len(pool)
+				pool = append(pool, op.str)
+			}
+			ops = append(ops, consts[op.str])
+		}
+		if op.code == utilities.OpCapture {
+			fields = append(fields, op.str)
+		}
+	}
+	return Template{
+		Version:  opcodeVersion,
+		OpCodes:  ops,
+		Pool:     pool,
+		Verb:     t.verb,
+		Fields:   fields,
+		Template: t.template,
+	}
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/fuzz.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/fuzz.go
new file mode 100644
index 0000000000..c056bd3058
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/fuzz.go
@@ -0,0 +1,11 @@
+//go:build gofuzz
+// +build gofuzz
+
+package httprule
+
+func Fuzz(data []byte) int {
+	if _, err := Parse(string(data)); err != nil {
+		return 0
+	}
+	return 0
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/parse.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/parse.go
new file mode 100644
index 0000000000..65ffcf5cf8
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/parse.go
@@ -0,0 +1,368 @@
+package httprule
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+)
+
+// InvalidTemplateError indicates that the path template is not valid.
+type InvalidTemplateError struct {
+	tmpl string
+	msg  string
+}
+
+func (e InvalidTemplateError) Error() string {
+	return fmt.Sprintf("%s: %s", e.msg, e.tmpl)
+}
+
+// Parse parses the string representation of path template
+func Parse(tmpl string) (Compiler, error) {
+	if !strings.HasPrefix(tmpl, "/") {
+		return template{}, InvalidTemplateError{tmpl: tmpl, msg: "no leading /"}
+	}
+	tokens, verb := tokenize(tmpl[1:])
+
+	p := parser{tokens: tokens}
+	segs, err := p.topLevelSegments()
+	if err != nil {
+		return template{}, InvalidTemplateError{tmpl: tmpl, msg: err.Error()}
+	}
+
+	return template{
+		segments: segs,
+		verb:     verb,
+		template: tmpl,
+	}, nil
+}
+
+func tokenize(path string) (tokens []string, verb string) {
+	if path == "" {
+		return []string{eof}, ""
+	}
+
+	const (
+		init = iota
+		field
+		nested
+	)
+	st := init
+	for path != "" {
+		var idx int
+		switch st {
+		case init:
+			idx = strings.IndexAny(path, "/{")
+		case field:
+			idx = strings.IndexAny(path, ".=}")
+		case nested:
+			idx = strings.IndexAny(path, "/}")
+		}
+		if idx < 0 {
+			tokens = append(tokens, path)
+			break
+		}
+		switch r := path[idx]; r {
+		case '/', '.':
+		case '{':
+			st = field
+		case '=':
+			st = nested
+		case '}':
+			st = init
+		}
+		if idx == 0 {
+			tokens = append(tokens, path[idx:idx+1])
+		} else {
+			tokens = append(tokens, path[:idx], path[idx:idx+1])
+		}
+		path = path[idx+1:]
+	}
+
+	l := len(tokens)
+	// See
+	// https://github.com/grpc-ecosystem/grpc-gateway/pull/1947#issuecomment-774523693 ;
+	// although normal and backwards-compat logic here is to use the last index
+	// of a colon, if the final segment is a variable followed by a colon, the
+	// part following the colon must be a verb. Hence if the previous token is
+	// an end var marker, we switch the index we're looking for to Index instead
+	// of LastIndex, so that we correctly grab the remaining part of the path as
+	// the verb.
+	var penultimateTokenIsEndVar bool
+	switch l {
+	case 0, 1:
+		// Not enough to be variable so skip this logic and don't result in an
+		// invalid index
+	default:
+		penultimateTokenIsEndVar = tokens[l-2] == "}"
+	}
+	t := tokens[l-1]
+	var idx int
+	if penultimateTokenIsEndVar {
+		idx = strings.Index(t, ":")
+	} else {
+		idx = strings.LastIndex(t, ":")
+	}
+	if idx == 0 {
+		tokens, verb = tokens[:l-1], t[1:]
+	} else if idx > 0 {
+		tokens[l-1], verb = t[:idx], t[idx+1:]
+	}
+	tokens = append(tokens, eof)
+	return tokens, verb
+}
+
+// parser is a parser of the template syntax defined in github.com/googleapis/googleapis/google/api/http.proto.
+type parser struct {
+	tokens   []string
+	accepted []string
+}
+
+// topLevelSegments is the target of this parser.
+func (p *parser) topLevelSegments() ([]segment, error) {
+	if _, err := p.accept(typeEOF); err == nil {
+		p.tokens = p.tokens[:0]
+		return []segment{literal(eof)}, nil
+	}
+	segs, err := p.segments()
+	if err != nil {
+		return nil, err
+	}
+	if _, err := p.accept(typeEOF); err != nil {
+		return nil, fmt.Errorf("unexpected token %q after segments %q", p.tokens[0], strings.Join(p.accepted, ""))
+	}
+	return segs, nil
+}
+
+func (p *parser) segments() ([]segment, error) {
+	s, err := p.segment()
+	if err != nil {
+		return nil, err
+	}
+
+	segs := []segment{s}
+	for {
+		if _, err := p.accept("/"); err != nil {
+			return segs, nil
+		}
+		s, err := p.segment()
+		if err != nil {
+			return segs, err
+		}
+		segs = append(segs, s)
+	}
+}
+
+func (p *parser) segment() (segment, error) {
+	if _, err := p.accept("*"); err == nil {
+		return wildcard{}, nil
+	}
+	if _, err := p.accept("**"); err == nil {
+		return deepWildcard{}, nil
+	}
+	if l, err := p.literal(); err == nil {
+		return l, nil
+	}
+
+	v, err := p.variable()
+	if err != nil {
+		return nil, fmt.Errorf("segment neither wildcards, literal or variable: %w", err)
+	}
+	return v, nil
+}
+
+func (p *parser) literal() (segment, error) {
+	lit, err := p.accept(typeLiteral)
+	if err != nil {
+		return nil, err
+	}
+	return literal(lit), nil
+}
+
+func (p *parser) variable() (segment, error) {
+	if _, err := p.accept("{"); err != nil {
+		return nil, err
+	}
+
+	path, err := p.fieldPath()
+	if err != nil {
+		return nil, err
+	}
+
+	var segs []segment
+	if _, err := p.accept("="); err == nil {
+		segs, err = p.segments()
+		if err != nil {
+			return nil, fmt.Errorf("invalid segment in variable %q: %w", path, err)
+		}
+	} else {
+		segs = []segment{wildcard{}}
+	}
+
+	if _, err := p.accept("}"); err != nil {
+		return nil, fmt.Errorf("unterminated variable segment: %s", path)
+	}
+	return variable{
+		path:     path,
+		segments: segs,
+	}, nil
+}
+
+func (p *parser) fieldPath() (string, error) {
+	c, err := p.accept(typeIdent)
+	if err != nil {
+		return "", err
+	}
+	components := []string{c}
+	for {
+		if _, err := p.accept("."); err != nil {
+			return strings.Join(components, "."), nil
+		}
+		c, err := p.accept(typeIdent)
+		if err != nil {
+			return "", fmt.Errorf("invalid field path component: %w", err)
+		}
+		components = append(components, c)
+	}
+}
+
+// A termType is a type of terminal symbols.
+type termType string
+
+// These constants define some of valid values of termType.
+// They improve readability of parse functions.
+//
+// You can also use "/", "*", "**", "." or "=" as valid values.
+const (
+	typeIdent   = termType("ident")
+	typeLiteral = termType("literal")
+	typeEOF     = termType("$")
+)
+
+// eof is the terminal symbol which always appears at the end of token sequence.
+const eof = "\u0000"
+
+// accept tries to accept a token in "p".
+// This function consumes a token and returns it if it matches to the specified "term".
+// If it doesn't match, the function does not consume any tokens and return an error.
+func (p *parser) accept(term termType) (string, error) {
+	t := p.tokens[0]
+	switch term {
+	case "/", "*", "**", ".", "=", "{", "}":
+		if t != string(term) && t != "/" {
+			return "", fmt.Errorf("expected %q but got %q", term, t)
+		}
+	case typeEOF:
+		if t != eof {
+			return "", fmt.Errorf("expected EOF but got %q", t)
+		}
+	case typeIdent:
+		if err := expectIdent(t); err != nil {
+			return "", err
+		}
+	case typeLiteral:
+		if err := expectPChars(t); err != nil {
+			return "", err
+		}
+	default:
+		return "", fmt.Errorf("unknown termType %q", term)
+	}
+	p.tokens = p.tokens[1:]
+	p.accepted = append(p.accepted, t)
+	return t, nil
+}
+
+// expectPChars determines if "t" consists of only pchars defined in RFC3986.
+//
+// https://www.ietf.org/rfc/rfc3986.txt, P.49
+//
+//	pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"
+//	unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
+//	sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
+//	              / "*" / "+" / "," / ";" / "="
+//	pct-encoded   = "%" HEXDIG HEXDIG
+func expectPChars(t string) error {
+	const (
+		init = iota
+		pct1
+		pct2
+	)
+	st := init
+	for _, r := range t {
+		if st != init {
+			if !isHexDigit(r) {
+				return fmt.Errorf("invalid hexdigit: %c(%U)", r, r)
+			}
+			switch st {
+			case pct1:
+				st = pct2
+			case pct2:
+				st = init
+			}
+			continue
+		}
+
+		// unreserved
+		switch {
+		case 'A' <= r && r <= 'Z':
+			continue
+		case 'a' <= r && r <= 'z':
+			continue
+		case '0' <= r && r <= '9':
+			continue
+		}
+		switch r {
+		case '-', '.', '_', '~':
+			// unreserved
+		case '!', '$', '&', '\'', '(', ')', '*', '+', ',', ';', '=':
+			// sub-delims
+		case ':', '@':
+			// rest of pchar
+		case '%':
+			// pct-encoded
+			st = pct1
+		default:
+			return fmt.Errorf("invalid character in path segment: %q(%U)", r, r)
+		}
+	}
+	if st != init {
+		return fmt.Errorf("invalid percent-encoding in %q", t)
+	}
+	return nil
+}
+
+// expectIdent determines if "ident" is a valid identifier in .proto schema ([[:alpha:]_][[:alphanum:]_]*).
+func expectIdent(ident string) error {
+	if ident == "" {
+		return errors.New("empty identifier")
+	}
+	for pos, r := range ident {
+		switch {
+		case '0' <= r && r <= '9':
+			if pos == 0 {
+				return fmt.Errorf("identifier starting with digit: %s", ident)
+			}
+			continue
+		case 'A' <= r && r <= 'Z':
+			continue
+		case 'a' <= r && r <= 'z':
+			continue
+		case r == '_':
+			continue
+		default:
+			return fmt.Errorf("invalid character %q(%U) in identifier: %s", r, r, ident)
+		}
+	}
+	return nil
+}
+
+func isHexDigit(r rune) bool {
+	switch {
+	case '0' <= r && r <= '9':
+		return true
+	case 'A' <= r && r <= 'F':
+		return true
+	case 'a' <= r && r <= 'f':
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/types.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/types.go
new file mode 100644
index 0000000000..5a814a0004
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/types.go
@@ -0,0 +1,60 @@
+package httprule
+
+import (
+	"fmt"
+	"strings"
+)
+
+type template struct {
+	segments []segment
+	verb     string
+	template string
+}
+
+type segment interface {
+	fmt.Stringer
+	compile() (ops []op)
+}
+
+type wildcard struct{}
+
+type deepWildcard struct{}
+
+type literal string
+
+type variable struct {
+	path     string
+	segments []segment
+}
+
+func (wildcard) String() string {
+	return "*"
+}
+
+func (deepWildcard) String() string {
+	return "**"
+}
+
+func (l literal) String() string {
+	return string(l)
+}
+
+func (v variable) String() string {
+	var segs []string
+	for _, s := range v.segments {
+		segs = append(segs, s.String())
+	}
+	return fmt.Sprintf("{%s=%s}", v.path, strings.Join(segs, "/"))
+}
+
+func (t template) String() string {
+	var segs []string
+	for _, s := range t.segments {
+		segs = append(segs, s.String())
+	}
+	str := strings.Join(segs, "/")
+	if t.verb != "" {
+		str = fmt.Sprintf("%s:%s", str, t.verb)
+	}
+	return "/" + str
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel
new file mode 100644
index 0000000000..78d7c9f5c8
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel
@@ -0,0 +1,97 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+package(default_visibility = ["//visibility:public"])
+
+go_library(
+    name = "runtime",
+    srcs = [
+        "context.go",
+        "convert.go",
+        "doc.go",
+        "errors.go",
+        "fieldmask.go",
+        "handler.go",
+        "marshal_httpbodyproto.go",
+        "marshal_json.go",
+        "marshal_jsonpb.go",
+        "marshal_proto.go",
+        "marshaler.go",
+        "marshaler_registry.go",
+        "mux.go",
+        "pattern.go",
+        "proto2_convert.go",
+        "query.go",
+    ],
+    importpath = "github.com/grpc-ecosystem/grpc-gateway/v2/runtime",
+    deps = [
+        "//internal/httprule",
+        "//utilities",
+        "@org_golang_google_genproto_googleapis_api//httpbody",
+        "@org_golang_google_grpc//codes",
+        "@org_golang_google_grpc//grpclog",
+        "@org_golang_google_grpc//health/grpc_health_v1",
+        "@org_golang_google_grpc//metadata",
+        "@org_golang_google_grpc//status",
+        "@org_golang_google_protobuf//encoding/protojson",
+        "@org_golang_google_protobuf//proto",
+        "@org_golang_google_protobuf//reflect/protoreflect",
+        "@org_golang_google_protobuf//reflect/protoregistry",
+        "@org_golang_google_protobuf//types/known/durationpb",
+        "@org_golang_google_protobuf//types/known/fieldmaskpb",
+        "@org_golang_google_protobuf//types/known/structpb",
+        "@org_golang_google_protobuf//types/known/timestamppb",
+        "@org_golang_google_protobuf//types/known/wrapperspb",
+    ],
+)
+
+go_test(
+    name = "runtime_test",
+    size = "small",
+    srcs = [
+        "context_test.go",
+        "convert_test.go",
+        "errors_test.go",
+        "fieldmask_test.go",
+        "handler_test.go",
+        "marshal_httpbodyproto_test.go",
+        "marshal_json_test.go",
+        "marshal_jsonpb_test.go",
+        "marshal_proto_test.go",
+        "marshaler_registry_test.go",
+        "mux_internal_test.go",
+        "mux_test.go",
+        "pattern_test.go",
+        "query_fuzz_test.go",
+        "query_test.go",
+    ],
+    embed = [":runtime"],
+    deps = [
+        "//runtime/internal/examplepb",
+        "//utilities",
+        "@com_github_google_go_cmp//cmp",
+        "@com_github_google_go_cmp//cmp/cmpopts",
+        "@org_golang_google_genproto_googleapis_api//httpbody",
+        "@org_golang_google_genproto_googleapis_rpc//errdetails",
+        "@org_golang_google_genproto_googleapis_rpc//status",
+        "@org_golang_google_grpc//:go_default_library",
+        "@org_golang_google_grpc//codes",
+        "@org_golang_google_grpc//health/grpc_health_v1",
+        "@org_golang_google_grpc//metadata",
+        "@org_golang_google_grpc//status",
+        "@org_golang_google_protobuf//encoding/protojson",
+        "@org_golang_google_protobuf//proto",
+        "@org_golang_google_protobuf//testing/protocmp",
+        "@org_golang_google_protobuf//types/known/durationpb",
+        "@org_golang_google_protobuf//types/known/emptypb",
+        "@org_golang_google_protobuf//types/known/fieldmaskpb",
+        "@org_golang_google_protobuf//types/known/structpb",
+        "@org_golang_google_protobuf//types/known/timestamppb",
+        "@org_golang_google_protobuf//types/known/wrapperspb",
+    ],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":runtime",
+    visibility = ["//visibility:public"],
+)
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go
new file mode 100644
index 0000000000..5dd4e44786
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go
@@ -0,0 +1,406 @@
+package runtime
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"net"
+	"net/http"
+	"net/textproto"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/status"
+)
+
+// MetadataHeaderPrefix is the http prefix that represents custom metadata
+// parameters to or from a gRPC call.
+const MetadataHeaderPrefix = "Grpc-Metadata-"
+
+// MetadataPrefix is prepended to permanent HTTP header keys (as specified
+// by the IANA) when added to the gRPC context.
+const MetadataPrefix = "grpcgateway-"
+
+// MetadataTrailerPrefix is prepended to gRPC metadata as it is converted to
+// HTTP headers in a response handled by grpc-gateway
+const MetadataTrailerPrefix = "Grpc-Trailer-"
+
+const metadataGrpcTimeout = "Grpc-Timeout"
+const metadataHeaderBinarySuffix = "-Bin"
+
+const xForwardedFor = "X-Forwarded-For"
+const xForwardedHost = "X-Forwarded-Host"
+
+// DefaultContextTimeout is used for gRPC call context.WithTimeout whenever a Grpc-Timeout inbound
+// header isn't present. If the value is 0 the sent `context` will not have a timeout.
+var DefaultContextTimeout = 0 * time.Second
+
+// malformedHTTPHeaders lists the headers that the gRPC server may reject outright as malformed.
+// See https://github.com/grpc/grpc-go/pull/4803#issuecomment-986093310 for more context.
+var malformedHTTPHeaders = map[string]struct{}{
+	"connection": {},
+}
+
+type (
+	rpcMethodKey       struct{}
+	httpPathPatternKey struct{}
+
+	AnnotateContextOption func(ctx context.Context) context.Context
+)
+
+func WithHTTPPathPattern(pattern string) AnnotateContextOption {
+	return func(ctx context.Context) context.Context {
+		return withHTTPPathPattern(ctx, pattern)
+	}
+}
+
+func decodeBinHeader(v string) ([]byte, error) {
+	if len(v)%4 == 0 {
+		// Input was padded, or padding was not necessary.
+		return base64.StdEncoding.DecodeString(v)
+	}
+	return base64.RawStdEncoding.DecodeString(v)
+}
+
+/*
+AnnotateContext adds context information such as metadata from the request.
+
+At a minimum, the RemoteAddr is included in the fashion of "X-Forwarded-For",
+except that the forwarded destination is not another HTTP service but rather
+a gRPC service.
+*/
+func AnnotateContext(ctx context.Context, mux *ServeMux, req *http.Request, rpcMethodName string, options ...AnnotateContextOption) (context.Context, error) {
+	ctx, md, err := annotateContext(ctx, mux, req, rpcMethodName, options...)
+	if err != nil {
+		return nil, err
+	}
+	if md == nil {
+		return ctx, nil
+	}
+
+	return metadata.NewOutgoingContext(ctx, md), nil
+}
+
+// AnnotateIncomingContext adds context information such as metadata from the request.
+// Attach metadata as incoming context.
+func AnnotateIncomingContext(ctx context.Context, mux *ServeMux, req *http.Request, rpcMethodName string, options ...AnnotateContextOption) (context.Context, error) {
+	ctx, md, err := annotateContext(ctx, mux, req, rpcMethodName, options...)
+	if err != nil {
+		return nil, err
+	}
+	if md == nil {
+		return ctx, nil
+	}
+
+	return metadata.NewIncomingContext(ctx, md), nil
+}
+
+func isValidGRPCMetadataKey(key string) bool {
+	// Must be a valid gRPC "Header-Name" as defined here:
+	//   https://github.com/grpc/grpc/blob/4b05dc88b724214d0c725c8e7442cbc7a61b1374/doc/PROTOCOL-HTTP2.md
+	// This means 0-9 a-z _ - .
+	// Only lowercase letters are valid in the wire protocol, but the client library will normalize
+	// uppercase ASCII to lowercase, so uppercase ASCII is also acceptable.
+	bytes := []byte(key) // gRPC validates strings on the byte level, not Unicode.
+	for _, ch := range bytes {
+		validLowercaseLetter := ch >= 'a' && ch <= 'z'
+		validUppercaseLetter := ch >= 'A' && ch <= 'Z'
+		validDigit := ch >= '0' && ch <= '9'
+		validOther := ch == '.' || ch == '-' || ch == '_'
+		if !validLowercaseLetter && !validUppercaseLetter && !validDigit && !validOther {
+			return false
+		}
+	}
+	return true
+}
+
+func isValidGRPCMetadataTextValue(textValue string) bool {
+	// Must be a valid gRPC "ASCII-Value" as defined here:
+	//   https://github.com/grpc/grpc/blob/4b05dc88b724214d0c725c8e7442cbc7a61b1374/doc/PROTOCOL-HTTP2.md
+	// This means printable ASCII (including/plus spaces); 0x20 to 0x7E inclusive.
+	bytes := []byte(textValue) // gRPC validates strings on the byte level, not Unicode.
+	for _, ch := range bytes {
+		if ch < 0x20 || ch > 0x7E {
+			return false
+		}
+	}
+	return true
+}
+
+func annotateContext(ctx context.Context, mux *ServeMux, req *http.Request, rpcMethodName string, options ...AnnotateContextOption) (context.Context, metadata.MD, error) {
+	ctx = withRPCMethod(ctx, rpcMethodName)
+	for _, o := range options {
+		ctx = o(ctx)
+	}
+	timeout := DefaultContextTimeout
+	if tm := req.Header.Get(metadataGrpcTimeout); tm != "" {
+		var err error
+		timeout, err = timeoutDecode(tm)
+		if err != nil {
+			return nil, nil, status.Errorf(codes.InvalidArgument, "invalid grpc-timeout: %s", tm)
+		}
+	}
+	var pairs []string
+	for key, vals := range req.Header {
+		key = textproto.CanonicalMIMEHeaderKey(key)
+		switch key {
+		case xForwardedFor, xForwardedHost:
+			// Handled separately below
+			continue
+		}
+
+		for _, val := range vals {
+			// For backwards-compatibility, pass through 'authorization' header with no prefix.
+			if key == "Authorization" {
+				pairs = append(pairs, "authorization", val)
+			}
+			if h, ok := mux.incomingHeaderMatcher(key); ok {
+				if !isValidGRPCMetadataKey(h) {
+					grpclog.Errorf("HTTP header name %q is not valid as gRPC metadata key; skipping", h)
+					continue
+				}
+				// Handles "-bin" metadata in grpc, since grpc will do another base64
+				// encode before sending to server, we need to decode it first.
+				if strings.HasSuffix(key, metadataHeaderBinarySuffix) {
+					b, err := decodeBinHeader(val)
+					if err != nil {
+						return nil, nil, status.Errorf(codes.InvalidArgument, "invalid binary header %s: %s", key, err)
+					}
+
+					val = string(b)
+				} else if !isValidGRPCMetadataTextValue(val) {
+					grpclog.Errorf("Value of HTTP header %q contains non-ASCII value (not valid as gRPC metadata): skipping", h)
+					continue
+				}
+				pairs = append(pairs, h, val)
+			}
+		}
+	}
+	if host := req.Header.Get(xForwardedHost); host != "" {
+		pairs = append(pairs, strings.ToLower(xForwardedHost), host)
+	} else if req.Host != "" {
+		pairs = append(pairs, strings.ToLower(xForwardedHost), req.Host)
+	}
+
+	xff := req.Header.Values(xForwardedFor)
+	if addr := req.RemoteAddr; addr != "" {
+		if remoteIP, _, err := net.SplitHostPort(addr); err == nil {
+			xff = append(xff, remoteIP)
+		}
+	}
+	if len(xff) > 0 {
+		pairs = append(pairs, strings.ToLower(xForwardedFor), strings.Join(xff, ", "))
+	}
+
+	if timeout != 0 {
+		ctx, _ = context.WithTimeout(ctx, timeout)
+	}
+	if len(pairs) == 0 {
+		return ctx, nil, nil
+	}
+	md := metadata.Pairs(pairs...)
+	for _, mda := range mux.metadataAnnotators {
+		md = metadata.Join(md, mda(ctx, req))
+	}
+	return ctx, md, nil
+}
+
+// ServerMetadata consists of metadata sent from gRPC server.
+type ServerMetadata struct {
+	HeaderMD  metadata.MD
+	TrailerMD metadata.MD
+}
+
+type serverMetadataKey struct{}
+
+// NewServerMetadataContext creates a new context with ServerMetadata
+func NewServerMetadataContext(ctx context.Context, md ServerMetadata) context.Context {
+	if ctx == nil {
+		ctx = context.Background()
+	}
+	return context.WithValue(ctx, serverMetadataKey{}, md)
+}
+
+// ServerMetadataFromContext returns the ServerMetadata in ctx
+func ServerMetadataFromContext(ctx context.Context) (md ServerMetadata, ok bool) {
+	if ctx == nil {
+		return md, false
+	}
+	md, ok = ctx.Value(serverMetadataKey{}).(ServerMetadata)
+	return
+}
+
+// ServerTransportStream implements grpc.ServerTransportStream.
+// It should only be used by the generated files to support grpc.SendHeader
+// outside of gRPC server use.
+type ServerTransportStream struct {
+	mu      sync.Mutex
+	header  metadata.MD
+	trailer metadata.MD
+}
+
+// Method returns the method for the stream.
+func (s *ServerTransportStream) Method() string {
+	return ""
+}
+
+// Header returns the header metadata of the stream.
+func (s *ServerTransportStream) Header() metadata.MD {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	return s.header.Copy()
+}
+
+// SetHeader sets the header metadata.
+func (s *ServerTransportStream) SetHeader(md metadata.MD) error {
+	if md.Len() == 0 {
+		return nil
+	}
+
+	s.mu.Lock()
+	s.header = metadata.Join(s.header, md)
+	s.mu.Unlock()
+	return nil
+}
+
+// SendHeader sets the header metadata.
+func (s *ServerTransportStream) SendHeader(md metadata.MD) error {
+	return s.SetHeader(md)
+}
+
+// Trailer returns the cached trailer metadata.
+func (s *ServerTransportStream) Trailer() metadata.MD {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	return s.trailer.Copy()
+}
+
+// SetTrailer sets the trailer metadata.
+func (s *ServerTransportStream) SetTrailer(md metadata.MD) error {
+	if md.Len() == 0 {
+		return nil
+	}
+
+	s.mu.Lock()
+	s.trailer = metadata.Join(s.trailer, md)
+	s.mu.Unlock()
+	return nil
+}
+
+func timeoutDecode(s string) (time.Duration, error) {
+	size := len(s)
+	if size < 2 {
+		return 0, fmt.Errorf("timeout string is too short: %q", s)
+	}
+	d, ok := timeoutUnitToDuration(s[size-1])
+	if !ok {
+		return 0, fmt.Errorf("timeout unit is not recognized: %q", s)
+	}
+	t, err := strconv.ParseInt(s[:size-1], 10, 64)
+	if err != nil {
+		return 0, err
+	}
+	return d * time.Duration(t), nil
+}
+
+func timeoutUnitToDuration(u uint8) (d time.Duration, ok bool) {
+	switch u {
+	case 'H':
+		return time.Hour, true
+	case 'M':
+		return time.Minute, true
+	case 'S':
+		return time.Second, true
+	case 'm':
+		return time.Millisecond, true
+	case 'u':
+		return time.Microsecond, true
+	case 'n':
+		return time.Nanosecond, true
+	default:
+		return
+	}
+}
+
+// isPermanentHTTPHeader checks whether hdr belongs to the list of
+// permanent request headers maintained by IANA.
+// http://www.iana.org/assignments/message-headers/message-headers.xml
+func isPermanentHTTPHeader(hdr string) bool {
+	switch hdr {
+	case
+		"Accept",
+		"Accept-Charset",
+		"Accept-Language",
+		"Accept-Ranges",
+		"Authorization",
+		"Cache-Control",
+		"Content-Type",
+		"Cookie",
+		"Date",
+		"Expect",
+		"From",
+		"Host",
+		"If-Match",
+		"If-Modified-Since",
+		"If-None-Match",
+		"If-Schedule-Tag-Match",
+		"If-Unmodified-Since",
+		"Max-Forwards",
+		"Origin",
+		"Pragma",
+		"Referer",
+		"User-Agent",
+		"Via",
+		"Warning":
+		return true
+	}
+	return false
+}
+
+// isMalformedHTTPHeader checks whether header belongs to the list of
+// "malformed headers" and would be rejected by the gRPC server.
+func isMalformedHTTPHeader(header string) bool {
+	_, isMalformed := malformedHTTPHeaders[strings.ToLower(header)]
+	return isMalformed
+}
+
+// RPCMethod returns the method string for the server context. The returned
+// string is in the format of "/package.service/method".
+func RPCMethod(ctx context.Context) (string, bool) {
+	m := ctx.Value(rpcMethodKey{})
+	if m == nil {
+		return "", false
+	}
+	ms, ok := m.(string)
+	if !ok {
+		return "", false
+	}
+	return ms, true
+}
+
+func withRPCMethod(ctx context.Context, rpcMethodName string) context.Context {
+	return context.WithValue(ctx, rpcMethodKey{}, rpcMethodName)
+}
+
+// HTTPPathPattern returns the HTTP path pattern string relating to the HTTP handler, if one exists.
+// The format of the returned string is defined by the google.api.http path template type.
+func HTTPPathPattern(ctx context.Context) (string, bool) {
+	m := ctx.Value(httpPathPatternKey{})
+	if m == nil {
+		return "", false
+	}
+	ms, ok := m.(string)
+	if !ok {
+		return "", false
+	}
+	return ms, true
+}
+
+func withHTTPPathPattern(ctx context.Context, httpPathPattern string) context.Context {
+	return context.WithValue(ctx, httpPathPatternKey{}, httpPathPattern)
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/convert.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/convert.go
new file mode 100644
index 0000000000..d7b15fcfb3
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/convert.go
@@ -0,0 +1,318 @@
+package runtime
+
+import (
+	"encoding/base64"
+	"fmt"
+	"strconv"
+	"strings"
+
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/timestamppb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
+)
+
+// String just returns the given string.
+// It is just for compatibility to other types.
+func String(val string) (string, error) {
+	return val, nil
+}
+
+// StringSlice converts 'val' where individual strings are separated by
+// 'sep' into a string slice.
+func StringSlice(val, sep string) ([]string, error) {
+	return strings.Split(val, sep), nil
+}
+
+// Bool converts the given string representation of a boolean value into bool.
+func Bool(val string) (bool, error) {
+	return strconv.ParseBool(val)
+}
+
+// BoolSlice converts 'val' where individual booleans are separated by
+// 'sep' into a bool slice.
+func BoolSlice(val, sep string) ([]bool, error) {
+	s := strings.Split(val, sep)
+	values := make([]bool, len(s))
+	for i, v := range s {
+		value, err := Bool(v)
+		if err != nil {
+			return nil, err
+		}
+		values[i] = value
+	}
+	return values, nil
+}
+
+// Float64 converts the given string representation into representation of a floating point number into float64.
+func Float64(val string) (float64, error) {
+	return strconv.ParseFloat(val, 64)
+}
+
+// Float64Slice converts 'val' where individual floating point numbers are separated by
+// 'sep' into a float64 slice.
+func Float64Slice(val, sep string) ([]float64, error) {
+	s := strings.Split(val, sep)
+	values := make([]float64, len(s))
+	for i, v := range s {
+		value, err := Float64(v)
+		if err != nil {
+			return nil, err
+		}
+		values[i] = value
+	}
+	return values, nil
+}
+
+// Float32 converts the given string representation of a floating point number into float32.
+func Float32(val string) (float32, error) {
+	f, err := strconv.ParseFloat(val, 32)
+	if err != nil {
+		return 0, err
+	}
+	return float32(f), nil
+}
+
+// Float32Slice converts 'val' where individual floating point numbers are separated by
+// 'sep' into a float32 slice.
+func Float32Slice(val, sep string) ([]float32, error) {
+	s := strings.Split(val, sep)
+	values := make([]float32, len(s))
+	for i, v := range s {
+		value, err := Float32(v)
+		if err != nil {
+			return nil, err
+		}
+		values[i] = value
+	}
+	return values, nil
+}
+
+// Int64 converts the given string representation of an integer into int64.
+func Int64(val string) (int64, error) {
+	return strconv.ParseInt(val, 0, 64)
+}
+
+// Int64Slice converts 'val' where individual integers are separated by
+// 'sep' into a int64 slice.
+func Int64Slice(val, sep string) ([]int64, error) {
+	s := strings.Split(val, sep)
+	values := make([]int64, len(s))
+	for i, v := range s {
+		value, err := Int64(v)
+		if err != nil {
+			return nil, err
+		}
+		values[i] = value
+	}
+	return values, nil
+}
+
+// Int32 converts the given string representation of an integer into int32.
+func Int32(val string) (int32, error) {
+	i, err := strconv.ParseInt(val, 0, 32)
+	if err != nil {
+		return 0, err
+	}
+	return int32(i), nil
+}
+
+// Int32Slice converts 'val' where individual integers are separated by
+// 'sep' into a int32 slice.
+func Int32Slice(val, sep string) ([]int32, error) {
+	s := strings.Split(val, sep)
+	values := make([]int32, len(s))
+	for i, v := range s {
+		value, err := Int32(v)
+		if err != nil {
+			return nil, err
+		}
+		values[i] = value
+	}
+	return values, nil
+}
+
+// Uint64 converts the given string representation of an integer into uint64.
+func Uint64(val string) (uint64, error) {
+	return strconv.ParseUint(val, 0, 64)
+}
+
+// Uint64Slice converts 'val' where individual integers are separated by
+// 'sep' into a uint64 slice.
+func Uint64Slice(val, sep string) ([]uint64, error) {
+	s := strings.Split(val, sep)
+	values := make([]uint64, len(s))
+	for i, v := range s {
+		value, err := Uint64(v)
+		if err != nil {
+			return nil, err
+		}
+		values[i] = value
+	}
+	return values, nil
+}
+
+// Uint32 converts the given string representation of an integer into uint32.
+func Uint32(val string) (uint32, error) {
+	i, err := strconv.ParseUint(val, 0, 32)
+	if err != nil {
+		return 0, err
+	}
+	return uint32(i), nil
+}
+
+// Uint32Slice converts 'val' where individual integers are separated by
+// 'sep' into a uint32 slice.
+func Uint32Slice(val, sep string) ([]uint32, error) {
+	s := strings.Split(val, sep)
+	values := make([]uint32, len(s))
+	for i, v := range s {
+		value, err := Uint32(v)
+		if err != nil {
+			return nil, err
+		}
+		values[i] = value
+	}
+	return values, nil
+}
+
+// Bytes converts the given string representation of a byte sequence into a slice of bytes
+// A bytes sequence is encoded in URL-safe base64 without padding
+func Bytes(val string) ([]byte, error) {
+	b, err := base64.StdEncoding.DecodeString(val)
+	if err != nil {
+		b, err = base64.URLEncoding.DecodeString(val)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return b, nil
+}
+
+// BytesSlice converts 'val' where individual bytes sequences, encoded in URL-safe
+// base64 without padding, are separated by 'sep' into a slice of bytes slices slice.
+func BytesSlice(val, sep string) ([][]byte, error) {
+	s := strings.Split(val, sep)
+	values := make([][]byte, len(s))
+	for i, v := range s {
+		value, err := Bytes(v)
+		if err != nil {
+			return nil, err
+		}
+		values[i] = value
+	}
+	return values, nil
+}
+
+// Timestamp converts the given RFC3339 formatted string into a timestamp.Timestamp.
+func Timestamp(val string) (*timestamppb.Timestamp, error) {
+	var r timestamppb.Timestamp
+	val = strconv.Quote(strings.Trim(val, `"`))
+	unmarshaler := &protojson.UnmarshalOptions{}
+	if err := unmarshaler.Unmarshal([]byte(val), &r); err != nil {
+		return nil, err
+	}
+	return &r, nil
+}
+
+// Duration converts the given string into a timestamp.Duration.
+func Duration(val string) (*durationpb.Duration, error) {
+	var r durationpb.Duration
+	val = strconv.Quote(strings.Trim(val, `"`))
+	unmarshaler := &protojson.UnmarshalOptions{}
+	if err := unmarshaler.Unmarshal([]byte(val), &r); err != nil {
+		return nil, err
+	}
+	return &r, nil
+}
+
+// Enum converts the given string into an int32 that should be type casted into the
+// correct enum proto type.
+func Enum(val string, enumValMap map[string]int32) (int32, error) {
+	e, ok := enumValMap[val]
+	if ok {
+		return e, nil
+	}
+
+	i, err := Int32(val)
+	if err != nil {
+		return 0, fmt.Errorf("%s is not valid", val)
+	}
+	for _, v := range enumValMap {
+		if v == i {
+			return i, nil
+		}
+	}
+	return 0, fmt.Errorf("%s is not valid", val)
+}
+
+// EnumSlice converts 'val' where individual enums are separated by 'sep'
+// into a int32 slice. Each individual int32 should be type casted into the
+// correct enum proto type.
+func EnumSlice(val, sep string, enumValMap map[string]int32) ([]int32, error) {
+	s := strings.Split(val, sep)
+	values := make([]int32, len(s))
+	for i, v := range s {
+		value, err := Enum(v, enumValMap)
+		if err != nil {
+			return nil, err
+		}
+		values[i] = value
+	}
+	return values, nil
+}
+
+// Support for google.protobuf.wrappers on top of primitive types
+
+// StringValue well-known type support as wrapper around string type
+func StringValue(val string) (*wrapperspb.StringValue, error) {
+	return wrapperspb.String(val), nil
+}
+
+// FloatValue well-known type support as wrapper around float32 type
+func FloatValue(val string) (*wrapperspb.FloatValue, error) {
+	parsedVal, err := Float32(val)
+	return wrapperspb.Float(parsedVal), err
+}
+
+// DoubleValue well-known type support as wrapper around float64 type
+func DoubleValue(val string) (*wrapperspb.DoubleValue, error) {
+	parsedVal, err := Float64(val)
+	return wrapperspb.Double(parsedVal), err
+}
+
+// BoolValue well-known type support as wrapper around bool type
+func BoolValue(val string) (*wrapperspb.BoolValue, error) {
+	parsedVal, err := Bool(val)
+	return wrapperspb.Bool(parsedVal), err
+}
+
+// Int32Value well-known type support as wrapper around int32 type
+func Int32Value(val string) (*wrapperspb.Int32Value, error) {
+	parsedVal, err := Int32(val)
+	return wrapperspb.Int32(parsedVal), err
+}
+
+// UInt32Value well-known type support as wrapper around uint32 type
+func UInt32Value(val string) (*wrapperspb.UInt32Value, error) {
+	parsedVal, err := Uint32(val)
+	return wrapperspb.UInt32(parsedVal), err
+}
+
+// Int64Value well-known type support as wrapper around int64 type
+func Int64Value(val string) (*wrapperspb.Int64Value, error) {
+	parsedVal, err := Int64(val)
+	return wrapperspb.Int64(parsedVal), err
+}
+
+// UInt64Value well-known type support as wrapper around uint64 type
+func UInt64Value(val string) (*wrapperspb.UInt64Value, error) {
+	parsedVal, err := Uint64(val)
+	return wrapperspb.UInt64(parsedVal), err
+}
+
+// BytesValue well-known type support as wrapper around bytes[] type
+func BytesValue(val string) (*wrapperspb.BytesValue, error) {
+	parsedVal, err := Bytes(val)
+	return wrapperspb.Bytes(parsedVal), err
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/doc.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/doc.go
new file mode 100644
index 0000000000..b6e5ddf7a9
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/doc.go
@@ -0,0 +1,5 @@
+/*
+Package runtime contains runtime helper functions used by
+servers which protoc-gen-grpc-gateway generates.
+*/
+package runtime
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/errors.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/errors.go
new file mode 100644
index 0000000000..5682998699
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/errors.go
@@ -0,0 +1,181 @@
+package runtime
+
+import (
+	"context"
+	"errors"
+	"io"
+	"net/http"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/status"
+)
+
+// ErrorHandlerFunc is the signature used to configure error handling.
+type ErrorHandlerFunc func(context.Context, *ServeMux, Marshaler, http.ResponseWriter, *http.Request, error)
+
+// StreamErrorHandlerFunc is the signature used to configure stream error handling.
+type StreamErrorHandlerFunc func(context.Context, error) *status.Status
+
+// RoutingErrorHandlerFunc is the signature used to configure error handling for routing errors.
+type RoutingErrorHandlerFunc func(context.Context, *ServeMux, Marshaler, http.ResponseWriter, *http.Request, int)
+
+// HTTPStatusError is the error to use when needing to provide a different HTTP status code for an error
+// passed to the DefaultRoutingErrorHandler.
+type HTTPStatusError struct {
+	HTTPStatus int
+	Err        error
+}
+
+func (e *HTTPStatusError) Error() string {
+	return e.Err.Error()
+}
+
+// HTTPStatusFromCode converts a gRPC error code into the corresponding HTTP response status.
+// See: https://github.com/googleapis/googleapis/blob/master/google/rpc/code.proto
+func HTTPStatusFromCode(code codes.Code) int {
+	switch code {
+	case codes.OK:
+		return http.StatusOK
+	case codes.Canceled:
+		return 499
+	case codes.Unknown:
+		return http.StatusInternalServerError
+	case codes.InvalidArgument:
+		return http.StatusBadRequest
+	case codes.DeadlineExceeded:
+		return http.StatusGatewayTimeout
+	case codes.NotFound:
+		return http.StatusNotFound
+	case codes.AlreadyExists:
+		return http.StatusConflict
+	case codes.PermissionDenied:
+		return http.StatusForbidden
+	case codes.Unauthenticated:
+		return http.StatusUnauthorized
+	case codes.ResourceExhausted:
+		return http.StatusTooManyRequests
+	case codes.FailedPrecondition:
+		// Note, this deliberately doesn't translate to the similarly named '412 Precondition Failed' HTTP response status.
+		return http.StatusBadRequest
+	case codes.Aborted:
+		return http.StatusConflict
+	case codes.OutOfRange:
+		return http.StatusBadRequest
+	case codes.Unimplemented:
+		return http.StatusNotImplemented
+	case codes.Internal:
+		return http.StatusInternalServerError
+	case codes.Unavailable:
+		return http.StatusServiceUnavailable
+	case codes.DataLoss:
+		return http.StatusInternalServerError
+	default:
+		grpclog.Warningf("Unknown gRPC error code: %v", code)
+		return http.StatusInternalServerError
+	}
+}
+
+// HTTPError uses the mux-configured error handler.
+func HTTPError(ctx context.Context, mux *ServeMux, marshaler Marshaler, w http.ResponseWriter, r *http.Request, err error) {
+	mux.errorHandler(ctx, mux, marshaler, w, r, err)
+}
+
+// DefaultHTTPErrorHandler is the default error handler.
+// If "err" is a gRPC Status, the function replies with the status code mapped by HTTPStatusFromCode.
+// If "err" is a HTTPStatusError, the function replies with the status code provide by that struct. This is
+// intended to allow passing through of specific statuses via the function set via WithRoutingErrorHandler
+// for the ServeMux constructor to handle edge cases which the standard mappings in HTTPStatusFromCode
+// are insufficient for.
+// If otherwise, it replies with http.StatusInternalServerError.
+//
+// The response body written by this function is a Status message marshaled by the Marshaler.
+func DefaultHTTPErrorHandler(ctx context.Context, mux *ServeMux, marshaler Marshaler, w http.ResponseWriter, r *http.Request, err error) {
+	// return Internal when Marshal failed
+	const fallback = `{"code": 13, "message": "failed to marshal error message"}`
+
+	var customStatus *HTTPStatusError
+	if errors.As(err, &customStatus) {
+		err = customStatus.Err
+	}
+
+	s := status.Convert(err)
+	pb := s.Proto()
+
+	w.Header().Del("Trailer")
+	w.Header().Del("Transfer-Encoding")
+
+	contentType := marshaler.ContentType(pb)
+	w.Header().Set("Content-Type", contentType)
+
+	if s.Code() == codes.Unauthenticated {
+		w.Header().Set("WWW-Authenticate", s.Message())
+	}
+
+	buf, merr := marshaler.Marshal(pb)
+	if merr != nil {
+		grpclog.Errorf("Failed to marshal error message %q: %v", s, merr)
+		w.WriteHeader(http.StatusInternalServerError)
+		if _, err := io.WriteString(w, fallback); err != nil {
+			grpclog.Errorf("Failed to write response: %v", err)
+		}
+		return
+	}
+
+	md, ok := ServerMetadataFromContext(ctx)
+	if !ok {
+		grpclog.Error("Failed to extract ServerMetadata from context")
+	}
+
+	handleForwardResponseServerMetadata(w, mux, md)
+
+	// RFC 7230 https://tools.ietf.org/html/rfc7230#section-4.1.2
+	// Unless the request includes a TE header field indicating "trailers"
+	// is acceptable, as described in Section 4.3, a server SHOULD NOT
+	// generate trailer fields that it believes are necessary for the user
+	// agent to receive.
+	doForwardTrailers := requestAcceptsTrailers(r)
+
+	if doForwardTrailers {
+		handleForwardResponseTrailerHeader(w, mux, md)
+		w.Header().Set("Transfer-Encoding", "chunked")
+	}
+
+	st := HTTPStatusFromCode(s.Code())
+	if customStatus != nil {
+		st = customStatus.HTTPStatus
+	}
+
+	w.WriteHeader(st)
+	if _, err := w.Write(buf); err != nil {
+		grpclog.Errorf("Failed to write response: %v", err)
+	}
+
+	if doForwardTrailers {
+		handleForwardResponseTrailer(w, mux, md)
+	}
+}
+
+func DefaultStreamErrorHandler(_ context.Context, err error) *status.Status {
+	return status.Convert(err)
+}
+
+// DefaultRoutingErrorHandler is our default handler for routing errors.
+// By default http error codes mapped on the following error codes:
+//
+//	NotFound -> grpc.NotFound
+//	StatusBadRequest -> grpc.InvalidArgument
+//	MethodNotAllowed -> grpc.Unimplemented
+//	Other -> grpc.Internal, method is not expecting to be called for anything else
+func DefaultRoutingErrorHandler(ctx context.Context, mux *ServeMux, marshaler Marshaler, w http.ResponseWriter, r *http.Request, httpStatus int) {
+	sterr := status.Error(codes.Internal, "Unexpected routing error")
+	switch httpStatus {
+	case http.StatusBadRequest:
+		sterr = status.Error(codes.InvalidArgument, http.StatusText(httpStatus))
+	case http.StatusMethodNotAllowed:
+		sterr = status.Error(codes.Unimplemented, http.StatusText(httpStatus))
+	case http.StatusNotFound:
+		sterr = status.Error(codes.NotFound, http.StatusText(httpStatus))
+	}
+	mux.errorHandler(ctx, mux, marshaler, w, r, sterr)
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/fieldmask.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/fieldmask.go
new file mode 100644
index 0000000000..9005d6a0bf
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/fieldmask.go
@@ -0,0 +1,168 @@
+package runtime
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"sort"
+
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	field_mask "google.golang.org/protobuf/types/known/fieldmaskpb"
+)
+
+func getFieldByName(fields protoreflect.FieldDescriptors, name string) protoreflect.FieldDescriptor {
+	fd := fields.ByName(protoreflect.Name(name))
+	if fd != nil {
+		return fd
+	}
+
+	return fields.ByJSONName(name)
+}
+
+// FieldMaskFromRequestBody creates a FieldMask printing all complete paths from the JSON body.
+func FieldMaskFromRequestBody(r io.Reader, msg proto.Message) (*field_mask.FieldMask, error) {
+	fm := &field_mask.FieldMask{}
+	var root interface{}
+
+	if err := json.NewDecoder(r).Decode(&root); err != nil {
+		if errors.Is(err, io.EOF) {
+			return fm, nil
+		}
+		return nil, err
+	}
+
+	queue := []fieldMaskPathItem{{node: root, msg: msg.ProtoReflect()}}
+	for len(queue) > 0 {
+		// dequeue an item
+		item := queue[0]
+		queue = queue[1:]
+
+		m, ok := item.node.(map[string]interface{})
+		switch {
+		case ok && len(m) > 0:
+			// if the item is an object, then enqueue all of its children
+			for k, v := range m {
+				if item.msg == nil {
+					return nil, errors.New("JSON structure did not match request type")
+				}
+
+				fd := getFieldByName(item.msg.Descriptor().Fields(), k)
+				if fd == nil {
+					return nil, fmt.Errorf("could not find field %q in %q", k, item.msg.Descriptor().FullName())
+				}
+
+				if isDynamicProtoMessage(fd.Message()) {
+					for _, p := range buildPathsBlindly(string(fd.FullName().Name()), v) {
+						newPath := p
+						if item.path != "" {
+							newPath = item.path + "." + newPath
+						}
+						queue = append(queue, fieldMaskPathItem{path: newPath})
+					}
+					continue
+				}
+
+				if isProtobufAnyMessage(fd.Message()) && !fd.IsList() {
+					_, hasTypeField := v.(map[string]interface{})["@type"]
+					if hasTypeField {
+						queue = append(queue, fieldMaskPathItem{path: k})
+						continue
+					} else {
+						return nil, fmt.Errorf("could not find field @type in %q in message %q", k, item.msg.Descriptor().FullName())
+					}
+
+				}
+
+				child := fieldMaskPathItem{
+					node: v,
+				}
+				if item.path == "" {
+					child.path = string(fd.FullName().Name())
+				} else {
+					child.path = item.path + "." + string(fd.FullName().Name())
+				}
+
+				switch {
+				case fd.IsList(), fd.IsMap():
+					// As per: https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/field_mask.proto#L85-L86
+					// Do not recurse into repeated fields. The repeated field goes on the end of the path and we stop.
+					fm.Paths = append(fm.Paths, child.path)
+				case fd.Message() != nil:
+					child.msg = item.msg.Get(fd).Message()
+					fallthrough
+				default:
+					queue = append(queue, child)
+				}
+			}
+		case ok && len(m) == 0:
+			fallthrough
+		case len(item.path) > 0:
+			// otherwise, it's a leaf node so print its path
+			fm.Paths = append(fm.Paths, item.path)
+		}
+	}
+
+	// Sort for deterministic output in the presence
+	// of repeated fields.
+	sort.Strings(fm.Paths)
+
+	return fm, nil
+}
+
+func isProtobufAnyMessage(md protoreflect.MessageDescriptor) bool {
+	return md != nil && (md.FullName() == "google.protobuf.Any")
+}
+
+func isDynamicProtoMessage(md protoreflect.MessageDescriptor) bool {
+	return md != nil && (md.FullName() == "google.protobuf.Struct" || md.FullName() == "google.protobuf.Value")
+}
+
+// buildPathsBlindly does not attempt to match proto field names to the
+// json value keys.  Instead it relies completely on the structure of
+// the unmarshalled json contained within in.
+// Returns a slice containing all subpaths with the root at the
+// passed in name and json value.
+func buildPathsBlindly(name string, in interface{}) []string {
+	m, ok := in.(map[string]interface{})
+	if !ok {
+		return []string{name}
+	}
+
+	var paths []string
+	queue := []fieldMaskPathItem{{path: name, node: m}}
+	for len(queue) > 0 {
+		cur := queue[0]
+		queue = queue[1:]
+
+		m, ok := cur.node.(map[string]interface{})
+		if !ok {
+			// This should never happen since we should always check that we only add
+			// nodes of type map[string]interface{} to the queue.
+			continue
+		}
+		for k, v := range m {
+			if mi, ok := v.(map[string]interface{}); ok {
+				queue = append(queue, fieldMaskPathItem{path: cur.path + "." + k, node: mi})
+			} else {
+				// This is not a struct, so there are no more levels to descend.
+				curPath := cur.path + "." + k
+				paths = append(paths, curPath)
+			}
+		}
+	}
+	return paths
+}
+
+// fieldMaskPathItem stores a in-progress deconstruction of a path for a fieldmask
+type fieldMaskPathItem struct {
+	// the list of prior fields leading up to node connected by dots
+	path string
+
+	// a generic decoded json object the current item to inspect for further path extraction
+	node interface{}
+
+	// parent message
+	msg protoreflect.Message
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go
new file mode 100644
index 0000000000..de1eef1f4f
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go
@@ -0,0 +1,235 @@
+package runtime
+
+import (
+	"context"
+	"errors"
+	"io"
+	"net/http"
+	"net/textproto"
+	"strconv"
+	"strings"
+
+	"google.golang.org/genproto/googleapis/api/httpbody"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
+)
+
+// ForwardResponseStream forwards the stream from gRPC server to REST client.
+func ForwardResponseStream(ctx context.Context, mux *ServeMux, marshaler Marshaler, w http.ResponseWriter, req *http.Request, recv func() (proto.Message, error), opts ...func(context.Context, http.ResponseWriter, proto.Message) error) {
+	rc := http.NewResponseController(w)
+	md, ok := ServerMetadataFromContext(ctx)
+	if !ok {
+		grpclog.Error("Failed to extract ServerMetadata from context")
+		http.Error(w, "unexpected error", http.StatusInternalServerError)
+		return
+	}
+	handleForwardResponseServerMetadata(w, mux, md)
+
+	w.Header().Set("Transfer-Encoding", "chunked")
+	if err := handleForwardResponseOptions(ctx, w, nil, opts); err != nil {
+		HTTPError(ctx, mux, marshaler, w, req, err)
+		return
+	}
+
+	var delimiter []byte
+	if d, ok := marshaler.(Delimited); ok {
+		delimiter = d.Delimiter()
+	} else {
+		delimiter = []byte("\n")
+	}
+
+	var wroteHeader bool
+	for {
+		resp, err := recv()
+		if errors.Is(err, io.EOF) {
+			return
+		}
+		if err != nil {
+			handleForwardResponseStreamError(ctx, wroteHeader, marshaler, w, req, mux, err, delimiter)
+			return
+		}
+		if err := handleForwardResponseOptions(ctx, w, resp, opts); err != nil {
+			handleForwardResponseStreamError(ctx, wroteHeader, marshaler, w, req, mux, err, delimiter)
+			return
+		}
+
+		if !wroteHeader {
+			w.Header().Set("Content-Type", marshaler.ContentType(resp))
+		}
+
+		var buf []byte
+		httpBody, isHTTPBody := resp.(*httpbody.HttpBody)
+		switch {
+		case resp == nil:
+			buf, err = marshaler.Marshal(errorChunk(status.New(codes.Internal, "empty response")))
+		case isHTTPBody:
+			buf = httpBody.GetData()
+		default:
+			result := map[string]interface{}{"result": resp}
+			if rb, ok := resp.(responseBody); ok {
+				result["result"] = rb.XXX_ResponseBody()
+			}
+
+			buf, err = marshaler.Marshal(result)
+		}
+
+		if err != nil {
+			grpclog.Errorf("Failed to marshal response chunk: %v", err)
+			handleForwardResponseStreamError(ctx, wroteHeader, marshaler, w, req, mux, err, delimiter)
+			return
+		}
+		if _, err := w.Write(buf); err != nil {
+			grpclog.Errorf("Failed to send response chunk: %v", err)
+			return
+		}
+		wroteHeader = true
+		if _, err := w.Write(delimiter); err != nil {
+			grpclog.Errorf("Failed to send delimiter chunk: %v", err)
+			return
+		}
+		err = rc.Flush()
+		if err != nil {
+			if errors.Is(err, http.ErrNotSupported) {
+				grpclog.Errorf("Flush not supported in %T", w)
+				http.Error(w, "unexpected type of web server", http.StatusInternalServerError)
+				return
+			}
+			grpclog.Errorf("Failed to flush response to client: %v", err)
+			return
+		}
+	}
+}
+
+func handleForwardResponseServerMetadata(w http.ResponseWriter, mux *ServeMux, md ServerMetadata) {
+	for k, vs := range md.HeaderMD {
+		if h, ok := mux.outgoingHeaderMatcher(k); ok {
+			for _, v := range vs {
+				w.Header().Add(h, v)
+			}
+		}
+	}
+}
+
+func handleForwardResponseTrailerHeader(w http.ResponseWriter, mux *ServeMux, md ServerMetadata) {
+	for k := range md.TrailerMD {
+		if h, ok := mux.outgoingTrailerMatcher(k); ok {
+			w.Header().Add("Trailer", textproto.CanonicalMIMEHeaderKey(h))
+		}
+	}
+}
+
+func handleForwardResponseTrailer(w http.ResponseWriter, mux *ServeMux, md ServerMetadata) {
+	for k, vs := range md.TrailerMD {
+		if h, ok := mux.outgoingTrailerMatcher(k); ok {
+			for _, v := range vs {
+				w.Header().Add(h, v)
+			}
+		}
+	}
+}
+
+// responseBody interface contains method for getting field for marshaling to the response body
+// this method is generated for response struct from the value of `response_body` in the `google.api.HttpRule`
+type responseBody interface {
+	XXX_ResponseBody() interface{}
+}
+
+// ForwardResponseMessage forwards the message "resp" from gRPC server to REST client.
+func ForwardResponseMessage(ctx context.Context, mux *ServeMux, marshaler Marshaler, w http.ResponseWriter, req *http.Request, resp proto.Message, opts ...func(context.Context, http.ResponseWriter, proto.Message) error) {
+	md, ok := ServerMetadataFromContext(ctx)
+	if !ok {
+		grpclog.Error("Failed to extract ServerMetadata from context")
+	}
+
+	handleForwardResponseServerMetadata(w, mux, md)
+
+	// RFC 7230 https://tools.ietf.org/html/rfc7230#section-4.1.2
+	// Unless the request includes a TE header field indicating "trailers"
+	// is acceptable, as described in Section 4.3, a server SHOULD NOT
+	// generate trailer fields that it believes are necessary for the user
+	// agent to receive.
+	doForwardTrailers := requestAcceptsTrailers(req)
+
+	if doForwardTrailers {
+		handleForwardResponseTrailerHeader(w, mux, md)
+		w.Header().Set("Transfer-Encoding", "chunked")
+	}
+
+	contentType := marshaler.ContentType(resp)
+	w.Header().Set("Content-Type", contentType)
+
+	if err := handleForwardResponseOptions(ctx, w, resp, opts); err != nil {
+		HTTPError(ctx, mux, marshaler, w, req, err)
+		return
+	}
+	var buf []byte
+	var err error
+	if rb, ok := resp.(responseBody); ok {
+		buf, err = marshaler.Marshal(rb.XXX_ResponseBody())
+	} else {
+		buf, err = marshaler.Marshal(resp)
+	}
+	if err != nil {
+		grpclog.Errorf("Marshal error: %v", err)
+		HTTPError(ctx, mux, marshaler, w, req, err)
+		return
+	}
+
+	if !doForwardTrailers {
+		w.Header().Set("Content-Length", strconv.Itoa(len(buf)))
+	}
+
+	if _, err = w.Write(buf); err != nil {
+		grpclog.Errorf("Failed to write response: %v", err)
+	}
+
+	if doForwardTrailers {
+		handleForwardResponseTrailer(w, mux, md)
+	}
+}
+
+func requestAcceptsTrailers(req *http.Request) bool {
+	te := req.Header.Get("TE")
+	return strings.Contains(strings.ToLower(te), "trailers")
+}
+
+func handleForwardResponseOptions(ctx context.Context, w http.ResponseWriter, resp proto.Message, opts []func(context.Context, http.ResponseWriter, proto.Message) error) error {
+	if len(opts) == 0 {
+		return nil
+	}
+	for _, opt := range opts {
+		if err := opt(ctx, w, resp); err != nil {
+			grpclog.Errorf("Error handling ForwardResponseOptions: %v", err)
+			return err
+		}
+	}
+	return nil
+}
+
+func handleForwardResponseStreamError(ctx context.Context, wroteHeader bool, marshaler Marshaler, w http.ResponseWriter, req *http.Request, mux *ServeMux, err error, delimiter []byte) {
+	st := mux.streamErrorHandler(ctx, err)
+	msg := errorChunk(st)
+	if !wroteHeader {
+		w.Header().Set("Content-Type", marshaler.ContentType(msg))
+		w.WriteHeader(HTTPStatusFromCode(st.Code()))
+	}
+	buf, err := marshaler.Marshal(msg)
+	if err != nil {
+		grpclog.Errorf("Failed to marshal an error: %v", err)
+		return
+	}
+	if _, err := w.Write(buf); err != nil {
+		grpclog.Errorf("Failed to notify error to client: %v", err)
+		return
+	}
+	if _, err := w.Write(delimiter); err != nil {
+		grpclog.Errorf("Failed to send delimiter chunk: %v", err)
+		return
+	}
+}
+
+func errorChunk(st *status.Status) map[string]proto.Message {
+	return map[string]proto.Message{"error": st.Proto()}
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_httpbodyproto.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_httpbodyproto.go
new file mode 100644
index 0000000000..6de2e220c7
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_httpbodyproto.go
@@ -0,0 +1,32 @@
+package runtime
+
+import (
+	"google.golang.org/genproto/googleapis/api/httpbody"
+)
+
+// HTTPBodyMarshaler is a Marshaler which supports marshaling of a
+// google.api.HttpBody message as the full response body if it is
+// the actual message used as the response. If not, then this will
+// simply fallback to the Marshaler specified as its default Marshaler.
+type HTTPBodyMarshaler struct {
+	Marshaler
+}
+
+// ContentType returns its specified content type in case v is a
+// google.api.HttpBody message, otherwise it will fall back to the default Marshalers
+// content type.
+func (h *HTTPBodyMarshaler) ContentType(v interface{}) string {
+	if httpBody, ok := v.(*httpbody.HttpBody); ok {
+		return httpBody.GetContentType()
+	}
+	return h.Marshaler.ContentType(v)
+}
+
+// Marshal marshals "v" by returning the body bytes if v is a
+// google.api.HttpBody message, otherwise it falls back to the default Marshaler.
+func (h *HTTPBodyMarshaler) Marshal(v interface{}) ([]byte, error) {
+	if httpBody, ok := v.(*httpbody.HttpBody); ok {
+		return httpBody.GetData(), nil
+	}
+	return h.Marshaler.Marshal(v)
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_json.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_json.go
new file mode 100644
index 0000000000..fe52081ab9
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_json.go
@@ -0,0 +1,50 @@
+package runtime
+
+import (
+	"encoding/json"
+	"io"
+)
+
+// JSONBuiltin is a Marshaler which marshals/unmarshals into/from JSON
+// with the standard "encoding/json" package of Golang.
+// Although it is generally faster for simple proto messages than JSONPb,
+// it does not support advanced features of protobuf, e.g. map, oneof, ....
+//
+// The NewEncoder and NewDecoder types return *json.Encoder and
+// *json.Decoder respectively.
+type JSONBuiltin struct{}
+
+// ContentType always Returns "application/json".
+func (*JSONBuiltin) ContentType(_ interface{}) string {
+	return "application/json"
+}
+
+// Marshal marshals "v" into JSON
+func (j *JSONBuiltin) Marshal(v interface{}) ([]byte, error) {
+	return json.Marshal(v)
+}
+
+// MarshalIndent is like Marshal but applies Indent to format the output
+func (j *JSONBuiltin) MarshalIndent(v interface{}, prefix, indent string) ([]byte, error) {
+	return json.MarshalIndent(v, prefix, indent)
+}
+
+// Unmarshal unmarshals JSON data into "v".
+func (j *JSONBuiltin) Unmarshal(data []byte, v interface{}) error {
+	return json.Unmarshal(data, v)
+}
+
+// NewDecoder returns a Decoder which reads JSON stream from "r".
+func (j *JSONBuiltin) NewDecoder(r io.Reader) Decoder {
+	return json.NewDecoder(r)
+}
+
+// NewEncoder returns an Encoder which writes JSON stream into "w".
+func (j *JSONBuiltin) NewEncoder(w io.Writer) Encoder {
+	return json.NewEncoder(w)
+}
+
+// Delimiter for newline encoded JSON streams.
+func (j *JSONBuiltin) Delimiter() []byte {
+	return []byte("\n")
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go
new file mode 100644
index 0000000000..8376d1e0ef
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go
@@ -0,0 +1,349 @@
+package runtime
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"reflect"
+	"strconv"
+
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+)
+
+// JSONPb is a Marshaler which marshals/unmarshals into/from JSON
+// with the "google.golang.org/protobuf/encoding/protojson" marshaler.
+// It supports the full functionality of protobuf unlike JSONBuiltin.
+//
+// The NewDecoder method returns a DecoderWrapper, so the underlying
+// *json.Decoder methods can be used.
+type JSONPb struct {
+	protojson.MarshalOptions
+	protojson.UnmarshalOptions
+}
+
+// ContentType always returns "application/json".
+func (*JSONPb) ContentType(_ interface{}) string {
+	return "application/json"
+}
+
+// Marshal marshals "v" into JSON.
+func (j *JSONPb) Marshal(v interface{}) ([]byte, error) {
+	var buf bytes.Buffer
+	if err := j.marshalTo(&buf, v); err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+func (j *JSONPb) marshalTo(w io.Writer, v interface{}) error {
+	p, ok := v.(proto.Message)
+	if !ok {
+		buf, err := j.marshalNonProtoField(v)
+		if err != nil {
+			return err
+		}
+		if j.Indent != "" {
+			b := &bytes.Buffer{}
+			if err := json.Indent(b, buf, "", j.Indent); err != nil {
+				return err
+			}
+			buf = b.Bytes()
+		}
+		_, err = w.Write(buf)
+		return err
+	}
+
+	b, err := j.MarshalOptions.Marshal(p)
+	if err != nil {
+		return err
+	}
+
+	_, err = w.Write(b)
+	return err
+}
+
+var (
+	// protoMessageType is stored to prevent constant lookup of the same type at runtime.
+	protoMessageType = reflect.TypeOf((*proto.Message)(nil)).Elem()
+)
+
+// marshalNonProto marshals a non-message field of a protobuf message.
+// This function does not correctly marshal arbitrary data structures into JSON,
+// it is only capable of marshaling non-message field values of protobuf,
+// i.e. primitive types, enums; pointers to primitives or enums; maps from
+// integer/string types to primitives/enums/pointers to messages.
+func (j *JSONPb) marshalNonProtoField(v interface{}) ([]byte, error) {
+	if v == nil {
+		return []byte("null"), nil
+	}
+	rv := reflect.ValueOf(v)
+	for rv.Kind() == reflect.Ptr {
+		if rv.IsNil() {
+			return []byte("null"), nil
+		}
+		rv = rv.Elem()
+	}
+
+	if rv.Kind() == reflect.Slice {
+		if rv.IsNil() {
+			if j.EmitUnpopulated {
+				return []byte("[]"), nil
+			}
+			return []byte("null"), nil
+		}
+
+		if rv.Type().Elem().Implements(protoMessageType) {
+			var buf bytes.Buffer
+			if err := buf.WriteByte('['); err != nil {
+				return nil, err
+			}
+			for i := 0; i < rv.Len(); i++ {
+				if i != 0 {
+					if err := buf.WriteByte(','); err != nil {
+						return nil, err
+					}
+				}
+				if err := j.marshalTo(&buf, rv.Index(i).Interface().(proto.Message)); err != nil {
+					return nil, err
+				}
+			}
+			if err := buf.WriteByte(']'); err != nil {
+				return nil, err
+			}
+
+			return buf.Bytes(), nil
+		}
+
+		if rv.Type().Elem().Implements(typeProtoEnum) {
+			var buf bytes.Buffer
+			if err := buf.WriteByte('['); err != nil {
+				return nil, err
+			}
+			for i := 0; i < rv.Len(); i++ {
+				if i != 0 {
+					if err := buf.WriteByte(','); err != nil {
+						return nil, err
+					}
+				}
+				var err error
+				if j.UseEnumNumbers {
+					_, err = buf.WriteString(strconv.FormatInt(rv.Index(i).Int(), 10))
+				} else {
+					_, err = buf.WriteString("\"" + rv.Index(i).Interface().(protoEnum).String() + "\"")
+				}
+				if err != nil {
+					return nil, err
+				}
+			}
+			if err := buf.WriteByte(']'); err != nil {
+				return nil, err
+			}
+
+			return buf.Bytes(), nil
+		}
+	}
+
+	if rv.Kind() == reflect.Map {
+		m := make(map[string]*json.RawMessage)
+		for _, k := range rv.MapKeys() {
+			buf, err := j.Marshal(rv.MapIndex(k).Interface())
+			if err != nil {
+				return nil, err
+			}
+			m[fmt.Sprintf("%v", k.Interface())] = (*json.RawMessage)(&buf)
+		}
+		return json.Marshal(m)
+	}
+	if enum, ok := rv.Interface().(protoEnum); ok && !j.UseEnumNumbers {
+		return json.Marshal(enum.String())
+	}
+	return json.Marshal(rv.Interface())
+}
+
+// Unmarshal unmarshals JSON "data" into "v"
+func (j *JSONPb) Unmarshal(data []byte, v interface{}) error {
+	return unmarshalJSONPb(data, j.UnmarshalOptions, v)
+}
+
+// NewDecoder returns a Decoder which reads JSON stream from "r".
+func (j *JSONPb) NewDecoder(r io.Reader) Decoder {
+	d := json.NewDecoder(r)
+	return DecoderWrapper{
+		Decoder:          d,
+		UnmarshalOptions: j.UnmarshalOptions,
+	}
+}
+
+// DecoderWrapper is a wrapper around a *json.Decoder that adds
+// support for protos to the Decode method.
+type DecoderWrapper struct {
+	*json.Decoder
+	protojson.UnmarshalOptions
+}
+
+// Decode wraps the embedded decoder's Decode method to support
+// protos using a jsonpb.Unmarshaler.
+func (d DecoderWrapper) Decode(v interface{}) error {
+	return decodeJSONPb(d.Decoder, d.UnmarshalOptions, v)
+}
+
+// NewEncoder returns an Encoder which writes JSON stream into "w".
+func (j *JSONPb) NewEncoder(w io.Writer) Encoder {
+	return EncoderFunc(func(v interface{}) error {
+		if err := j.marshalTo(w, v); err != nil {
+			return err
+		}
+		// mimic json.Encoder by adding a newline (makes output
+		// easier to read when it contains multiple encoded items)
+		_, err := w.Write(j.Delimiter())
+		return err
+	})
+}
+
+func unmarshalJSONPb(data []byte, unmarshaler protojson.UnmarshalOptions, v interface{}) error {
+	d := json.NewDecoder(bytes.NewReader(data))
+	return decodeJSONPb(d, unmarshaler, v)
+}
+
+func decodeJSONPb(d *json.Decoder, unmarshaler protojson.UnmarshalOptions, v interface{}) error {
+	p, ok := v.(proto.Message)
+	if !ok {
+		return decodeNonProtoField(d, unmarshaler, v)
+	}
+
+	// Decode into bytes for marshalling
+	var b json.RawMessage
+	if err := d.Decode(&b); err != nil {
+		return err
+	}
+
+	return unmarshaler.Unmarshal([]byte(b), p)
+}
+
+func decodeNonProtoField(d *json.Decoder, unmarshaler protojson.UnmarshalOptions, v interface{}) error {
+	rv := reflect.ValueOf(v)
+	if rv.Kind() != reflect.Ptr {
+		return fmt.Errorf("%T is not a pointer", v)
+	}
+	for rv.Kind() == reflect.Ptr {
+		if rv.IsNil() {
+			rv.Set(reflect.New(rv.Type().Elem()))
+		}
+		if rv.Type().ConvertibleTo(typeProtoMessage) {
+			// Decode into bytes for marshalling
+			var b json.RawMessage
+			if err := d.Decode(&b); err != nil {
+				return err
+			}
+
+			return unmarshaler.Unmarshal([]byte(b), rv.Interface().(proto.Message))
+		}
+		rv = rv.Elem()
+	}
+	if rv.Kind() == reflect.Map {
+		if rv.IsNil() {
+			rv.Set(reflect.MakeMap(rv.Type()))
+		}
+		conv, ok := convFromType[rv.Type().Key().Kind()]
+		if !ok {
+			return fmt.Errorf("unsupported type of map field key: %v", rv.Type().Key())
+		}
+
+		m := make(map[string]*json.RawMessage)
+		if err := d.Decode(&m); err != nil {
+			return err
+		}
+		for k, v := range m {
+			result := conv.Call([]reflect.Value{reflect.ValueOf(k)})
+			if err := result[1].Interface(); err != nil {
+				return err.(error)
+			}
+			bk := result[0]
+			bv := reflect.New(rv.Type().Elem())
+			if v == nil {
+				null := json.RawMessage("null")
+				v = &null
+			}
+			if err := unmarshalJSONPb([]byte(*v), unmarshaler, bv.Interface()); err != nil {
+				return err
+			}
+			rv.SetMapIndex(bk, bv.Elem())
+		}
+		return nil
+	}
+	if rv.Kind() == reflect.Slice {
+		if rv.Type().Elem().Kind() == reflect.Uint8 {
+			var sl []byte
+			if err := d.Decode(&sl); err != nil {
+				return err
+			}
+			if sl != nil {
+				rv.SetBytes(sl)
+			}
+			return nil
+		}
+
+		var sl []json.RawMessage
+		if err := d.Decode(&sl); err != nil {
+			return err
+		}
+		if sl != nil {
+			rv.Set(reflect.MakeSlice(rv.Type(), 0, 0))
+		}
+		for _, item := range sl {
+			bv := reflect.New(rv.Type().Elem())
+			if err := unmarshalJSONPb([]byte(item), unmarshaler, bv.Interface()); err != nil {
+				return err
+			}
+			rv.Set(reflect.Append(rv, bv.Elem()))
+		}
+		return nil
+	}
+	if _, ok := rv.Interface().(protoEnum); ok {
+		var repr interface{}
+		if err := d.Decode(&repr); err != nil {
+			return err
+		}
+		switch v := repr.(type) {
+		case string:
+			// TODO(yugui) Should use proto.StructProperties?
+			return fmt.Errorf("unmarshaling of symbolic enum %q not supported: %T", repr, rv.Interface())
+		case float64:
+			rv.Set(reflect.ValueOf(int32(v)).Convert(rv.Type()))
+			return nil
+		default:
+			return fmt.Errorf("cannot assign %#v into Go type %T", repr, rv.Interface())
+		}
+	}
+	return d.Decode(v)
+}
+
+type protoEnum interface {
+	fmt.Stringer
+	EnumDescriptor() ([]byte, []int)
+}
+
+var typeProtoEnum = reflect.TypeOf((*protoEnum)(nil)).Elem()
+
+var typeProtoMessage = reflect.TypeOf((*proto.Message)(nil)).Elem()
+
+// Delimiter for newline encoded JSON streams.
+func (j *JSONPb) Delimiter() []byte {
+	return []byte("\n")
+}
+
+var (
+	convFromType = map[reflect.Kind]reflect.Value{
+		reflect.String:  reflect.ValueOf(String),
+		reflect.Bool:    reflect.ValueOf(Bool),
+		reflect.Float64: reflect.ValueOf(Float64),
+		reflect.Float32: reflect.ValueOf(Float32),
+		reflect.Int64:   reflect.ValueOf(Int64),
+		reflect.Int32:   reflect.ValueOf(Int32),
+		reflect.Uint64:  reflect.ValueOf(Uint64),
+		reflect.Uint32:  reflect.ValueOf(Uint32),
+		reflect.Slice:   reflect.ValueOf(Bytes),
+	}
+)
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_proto.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_proto.go
new file mode 100644
index 0000000000..398c780dc2
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_proto.go
@@ -0,0 +1,60 @@
+package runtime
+
+import (
+	"errors"
+	"io"
+
+	"google.golang.org/protobuf/proto"
+)
+
+// ProtoMarshaller is a Marshaller which marshals/unmarshals into/from serialize proto bytes
+type ProtoMarshaller struct{}
+
+// ContentType always returns "application/octet-stream".
+func (*ProtoMarshaller) ContentType(_ interface{}) string {
+	return "application/octet-stream"
+}
+
+// Marshal marshals "value" into Proto
+func (*ProtoMarshaller) Marshal(value interface{}) ([]byte, error) {
+	message, ok := value.(proto.Message)
+	if !ok {
+		return nil, errors.New("unable to marshal non proto field")
+	}
+	return proto.Marshal(message)
+}
+
+// Unmarshal unmarshals proto "data" into "value"
+func (*ProtoMarshaller) Unmarshal(data []byte, value interface{}) error {
+	message, ok := value.(proto.Message)
+	if !ok {
+		return errors.New("unable to unmarshal non proto field")
+	}
+	return proto.Unmarshal(data, message)
+}
+
+// NewDecoder returns a Decoder which reads proto stream from "reader".
+func (marshaller *ProtoMarshaller) NewDecoder(reader io.Reader) Decoder {
+	return DecoderFunc(func(value interface{}) error {
+		buffer, err := io.ReadAll(reader)
+		if err != nil {
+			return err
+		}
+		return marshaller.Unmarshal(buffer, value)
+	})
+}
+
+// NewEncoder returns an Encoder which writes proto stream into "writer".
+func (marshaller *ProtoMarshaller) NewEncoder(writer io.Writer) Encoder {
+	return EncoderFunc(func(value interface{}) error {
+		buffer, err := marshaller.Marshal(value)
+		if err != nil {
+			return err
+		}
+		if _, err := writer.Write(buffer); err != nil {
+			return err
+		}
+
+		return nil
+	})
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshaler.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshaler.go
new file mode 100644
index 0000000000..2c0d25ff49
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshaler.go
@@ -0,0 +1,50 @@
+package runtime
+
+import (
+	"io"
+)
+
+// Marshaler defines a conversion between byte sequence and gRPC payloads / fields.
+type Marshaler interface {
+	// Marshal marshals "v" into byte sequence.
+	Marshal(v interface{}) ([]byte, error)
+	// Unmarshal unmarshals "data" into "v".
+	// "v" must be a pointer value.
+	Unmarshal(data []byte, v interface{}) error
+	// NewDecoder returns a Decoder which reads byte sequence from "r".
+	NewDecoder(r io.Reader) Decoder
+	// NewEncoder returns an Encoder which writes bytes sequence into "w".
+	NewEncoder(w io.Writer) Encoder
+	// ContentType returns the Content-Type which this marshaler is responsible for.
+	// The parameter describes the type which is being marshalled, which can sometimes
+	// affect the content type returned.
+	ContentType(v interface{}) string
+}
+
+// Decoder decodes a byte sequence
+type Decoder interface {
+	Decode(v interface{}) error
+}
+
+// Encoder encodes gRPC payloads / fields into byte sequence.
+type Encoder interface {
+	Encode(v interface{}) error
+}
+
+// DecoderFunc adapts an decoder function into Decoder.
+type DecoderFunc func(v interface{}) error
+
+// Decode delegates invocations to the underlying function itself.
+func (f DecoderFunc) Decode(v interface{}) error { return f(v) }
+
+// EncoderFunc adapts an encoder function into Encoder
+type EncoderFunc func(v interface{}) error
+
+// Encode delegates invocations to the underlying function itself.
+func (f EncoderFunc) Encode(v interface{}) error { return f(v) }
+
+// Delimited defines the streaming delimiter.
+type Delimited interface {
+	// Delimiter returns the record separator for the stream.
+	Delimiter() []byte
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshaler_registry.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshaler_registry.go
new file mode 100644
index 0000000000..0b051e6e89
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshaler_registry.go
@@ -0,0 +1,109 @@
+package runtime
+
+import (
+	"errors"
+	"mime"
+	"net/http"
+
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/protobuf/encoding/protojson"
+)
+
+// MIMEWildcard is the fallback MIME type used for requests which do not match
+// a registered MIME type.
+const MIMEWildcard = "*"
+
+var (
+	acceptHeader      = http.CanonicalHeaderKey("Accept")
+	contentTypeHeader = http.CanonicalHeaderKey("Content-Type")
+
+	defaultMarshaler = &HTTPBodyMarshaler{
+		Marshaler: &JSONPb{
+			MarshalOptions: protojson.MarshalOptions{
+				EmitUnpopulated: true,
+			},
+			UnmarshalOptions: protojson.UnmarshalOptions{
+				DiscardUnknown: true,
+			},
+		},
+	}
+)
+
+// MarshalerForRequest returns the inbound/outbound marshalers for this request.
+// It checks the registry on the ServeMux for the MIME type set by the Content-Type header.
+// If it isn't set (or the request Content-Type is empty), checks for "*".
+// If there are multiple Content-Type headers set, choose the first one that it can
+// exactly match in the registry.
+// Otherwise, it follows the above logic for "*"/InboundMarshaler/OutboundMarshaler.
+func MarshalerForRequest(mux *ServeMux, r *http.Request) (inbound Marshaler, outbound Marshaler) {
+	for _, acceptVal := range r.Header[acceptHeader] {
+		if m, ok := mux.marshalers.mimeMap[acceptVal]; ok {
+			outbound = m
+			break
+		}
+	}
+
+	for _, contentTypeVal := range r.Header[contentTypeHeader] {
+		contentType, _, err := mime.ParseMediaType(contentTypeVal)
+		if err != nil {
+			grpclog.Errorf("Failed to parse Content-Type %s: %v", contentTypeVal, err)
+			continue
+		}
+		if m, ok := mux.marshalers.mimeMap[contentType]; ok {
+			inbound = m
+			break
+		}
+	}
+
+	if inbound == nil {
+		inbound = mux.marshalers.mimeMap[MIMEWildcard]
+	}
+	if outbound == nil {
+		outbound = inbound
+	}
+
+	return inbound, outbound
+}
+
+// marshalerRegistry is a mapping from MIME types to Marshalers.
+type marshalerRegistry struct {
+	mimeMap map[string]Marshaler
+}
+
+// add adds a marshaler for a case-sensitive MIME type string ("*" to match any
+// MIME type).
+func (m marshalerRegistry) add(mime string, marshaler Marshaler) error {
+	if len(mime) == 0 {
+		return errors.New("empty MIME type")
+	}
+
+	m.mimeMap[mime] = marshaler
+
+	return nil
+}
+
+// makeMarshalerMIMERegistry returns a new registry of marshalers.
+// It allows for a mapping of case-sensitive Content-Type MIME type string to runtime.Marshaler interfaces.
+//
+// For example, you could allow the client to specify the use of the runtime.JSONPb marshaler
+// with a "application/jsonpb" Content-Type and the use of the runtime.JSONBuiltin marshaler
+// with a "application/json" Content-Type.
+// "*" can be used to match any Content-Type.
+// This can be attached to a ServerMux with the marshaler option.
+func makeMarshalerMIMERegistry() marshalerRegistry {
+	return marshalerRegistry{
+		mimeMap: map[string]Marshaler{
+			MIMEWildcard: defaultMarshaler,
+		},
+	}
+}
+
+// WithMarshalerOption returns a ServeMuxOption which associates inbound and outbound
+// Marshalers to a MIME type in mux.
+func WithMarshalerOption(mime string, marshaler Marshaler) ServeMuxOption {
+	return func(mux *ServeMux) {
+		if err := mux.marshalers.add(mime, marshaler); err != nil {
+			panic(err)
+		}
+	}
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go
new file mode 100644
index 0000000000..ed9a7e4387
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go
@@ -0,0 +1,486 @@
+package runtime
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/textproto"
+	"regexp"
+	"strings"
+
+	"github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/health/grpc_health_v1"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
+)
+
+// UnescapingMode defines the behavior of ServeMux when unescaping path parameters.
+type UnescapingMode int
+
+const (
+	// UnescapingModeLegacy is the default V2 behavior, which escapes the entire
+	// path string before doing any routing.
+	UnescapingModeLegacy UnescapingMode = iota
+
+	// UnescapingModeAllExceptReserved unescapes all path parameters except RFC 6570
+	// reserved characters.
+	UnescapingModeAllExceptReserved
+
+	// UnescapingModeAllExceptSlash unescapes URL path parameters except path
+	// separators, which will be left as "%2F".
+	UnescapingModeAllExceptSlash
+
+	// UnescapingModeAllCharacters unescapes all URL path parameters.
+	UnescapingModeAllCharacters
+
+	// UnescapingModeDefault is the default escaping type.
+	// TODO(v3): default this to UnescapingModeAllExceptReserved per grpc-httpjson-transcoding's
+	// reference implementation
+	UnescapingModeDefault = UnescapingModeLegacy
+)
+
+var encodedPathSplitter = regexp.MustCompile("(/|%2F)")
+
+// A HandlerFunc handles a specific pair of path pattern and HTTP method.
+type HandlerFunc func(w http.ResponseWriter, r *http.Request, pathParams map[string]string)
+
+// ServeMux is a request multiplexer for grpc-gateway.
+// It matches http requests to patterns and invokes the corresponding handler.
+type ServeMux struct {
+	// handlers maps HTTP method to a list of handlers.
+	handlers                  map[string][]handler
+	forwardResponseOptions    []func(context.Context, http.ResponseWriter, proto.Message) error
+	marshalers                marshalerRegistry
+	incomingHeaderMatcher     HeaderMatcherFunc
+	outgoingHeaderMatcher     HeaderMatcherFunc
+	outgoingTrailerMatcher    HeaderMatcherFunc
+	metadataAnnotators        []func(context.Context, *http.Request) metadata.MD
+	errorHandler              ErrorHandlerFunc
+	streamErrorHandler        StreamErrorHandlerFunc
+	routingErrorHandler       RoutingErrorHandlerFunc
+	disablePathLengthFallback bool
+	unescapingMode            UnescapingMode
+}
+
+// ServeMuxOption is an option that can be given to a ServeMux on construction.
+type ServeMuxOption func(*ServeMux)
+
+// WithForwardResponseOption returns a ServeMuxOption representing the forwardResponseOption.
+//
+// forwardResponseOption is an option that will be called on the relevant context.Context,
+// http.ResponseWriter, and proto.Message before every forwarded response.
+//
+// The message may be nil in the case where just a header is being sent.
+func WithForwardResponseOption(forwardResponseOption func(context.Context, http.ResponseWriter, proto.Message) error) ServeMuxOption {
+	return func(serveMux *ServeMux) {
+		serveMux.forwardResponseOptions = append(serveMux.forwardResponseOptions, forwardResponseOption)
+	}
+}
+
+// WithUnescapingMode sets the escaping type. See the definitions of UnescapingMode
+// for more information.
+func WithUnescapingMode(mode UnescapingMode) ServeMuxOption {
+	return func(serveMux *ServeMux) {
+		serveMux.unescapingMode = mode
+	}
+}
+
+// SetQueryParameterParser sets the query parameter parser, used to populate message from query parameters.
+// Configuring this will mean the generated OpenAPI output is no longer correct, and it should be
+// done with careful consideration.
+func SetQueryParameterParser(queryParameterParser QueryParameterParser) ServeMuxOption {
+	return func(serveMux *ServeMux) {
+		currentQueryParser = queryParameterParser
+	}
+}
+
+// HeaderMatcherFunc checks whether a header key should be forwarded to/from gRPC context.
+type HeaderMatcherFunc func(string) (string, bool)
+
+// DefaultHeaderMatcher is used to pass http request headers to/from gRPC context. This adds permanent HTTP header
+// keys (as specified by the IANA, e.g: Accept, Cookie, Host) to the gRPC metadata with the grpcgateway- prefix. If you want to know which headers are considered permanent, you can view the isPermanentHTTPHeader function.
+// HTTP headers that start with 'Grpc-Metadata-' are mapped to gRPC metadata after removing the prefix 'Grpc-Metadata-'.
+// Other headers are not added to the gRPC metadata.
+func DefaultHeaderMatcher(key string) (string, bool) {
+	switch key = textproto.CanonicalMIMEHeaderKey(key); {
+	case isPermanentHTTPHeader(key):
+		return MetadataPrefix + key, true
+	case strings.HasPrefix(key, MetadataHeaderPrefix):
+		return key[len(MetadataHeaderPrefix):], true
+	}
+	return "", false
+}
+
+func defaultOutgoingHeaderMatcher(key string) (string, bool) {
+	return fmt.Sprintf("%s%s", MetadataHeaderPrefix, key), true
+}
+
+func defaultOutgoingTrailerMatcher(key string) (string, bool) {
+	return fmt.Sprintf("%s%s", MetadataTrailerPrefix, key), true
+}
+
+// WithIncomingHeaderMatcher returns a ServeMuxOption representing a headerMatcher for incoming request to gateway.
+//
+// This matcher will be called with each header in http.Request. If matcher returns true, that header will be
+// passed to gRPC context. To transform the header before passing to gRPC context, matcher should return the modified header.
+func WithIncomingHeaderMatcher(fn HeaderMatcherFunc) ServeMuxOption {
+	for _, header := range fn.matchedMalformedHeaders() {
+		grpclog.Warningf("The configured forwarding filter would allow %q to be sent to the gRPC server, which will likely cause errors. See https://github.com/grpc/grpc-go/pull/4803#issuecomment-986093310 for more information.", header)
+	}
+
+	return func(mux *ServeMux) {
+		mux.incomingHeaderMatcher = fn
+	}
+}
+
+// matchedMalformedHeaders returns the malformed headers that would be forwarded to gRPC server.
+func (fn HeaderMatcherFunc) matchedMalformedHeaders() []string {
+	if fn == nil {
+		return nil
+	}
+	headers := make([]string, 0)
+	for header := range malformedHTTPHeaders {
+		out, accept := fn(header)
+		if accept && isMalformedHTTPHeader(out) {
+			headers = append(headers, out)
+		}
+	}
+	return headers
+}
+
+// WithOutgoingHeaderMatcher returns a ServeMuxOption representing a headerMatcher for outgoing response from gateway.
+//
+// This matcher will be called with each header in response header metadata. If matcher returns true, that header will be
+// passed to http response returned from gateway. To transform the header before passing to response,
+// matcher should return the modified header.
+func WithOutgoingHeaderMatcher(fn HeaderMatcherFunc) ServeMuxOption {
+	return func(mux *ServeMux) {
+		mux.outgoingHeaderMatcher = fn
+	}
+}
+
+// WithOutgoingTrailerMatcher returns a ServeMuxOption representing a headerMatcher for outgoing response from gateway.
+//
+// This matcher will be called with each header in response trailer metadata. If matcher returns true, that header will be
+// passed to http response returned from gateway. To transform the header before passing to response,
+// matcher should return the modified header.
+func WithOutgoingTrailerMatcher(fn HeaderMatcherFunc) ServeMuxOption {
+	return func(mux *ServeMux) {
+		mux.outgoingTrailerMatcher = fn
+	}
+}
+
+// WithMetadata returns a ServeMuxOption for passing metadata to a gRPC context.
+//
+// This can be used by services that need to read from http.Request and modify gRPC context. A common use case
+// is reading token from cookie and adding it in gRPC context.
+func WithMetadata(annotator func(context.Context, *http.Request) metadata.MD) ServeMuxOption {
+	return func(serveMux *ServeMux) {
+		serveMux.metadataAnnotators = append(serveMux.metadataAnnotators, annotator)
+	}
+}
+
+// WithErrorHandler returns a ServeMuxOption for configuring a custom error handler.
+//
+// This can be used to configure a custom error response.
+func WithErrorHandler(fn ErrorHandlerFunc) ServeMuxOption {
+	return func(serveMux *ServeMux) {
+		serveMux.errorHandler = fn
+	}
+}
+
+// WithStreamErrorHandler returns a ServeMuxOption that will use the given custom stream
+// error handler, which allows for customizing the error trailer for server-streaming
+// calls.
+//
+// For stream errors that occur before any response has been written, the mux's
+// ErrorHandler will be invoked. However, once data has been written, the errors must
+// be handled differently: they must be included in the response body. The response body's
+// final message will include the error details returned by the stream error handler.
+func WithStreamErrorHandler(fn StreamErrorHandlerFunc) ServeMuxOption {
+	return func(serveMux *ServeMux) {
+		serveMux.streamErrorHandler = fn
+	}
+}
+
+// WithRoutingErrorHandler returns a ServeMuxOption for configuring a custom error handler to  handle http routing errors.
+//
+// Method called for errors which can happen before gRPC route selected or executed.
+// The following error codes: StatusMethodNotAllowed StatusNotFound StatusBadRequest
+func WithRoutingErrorHandler(fn RoutingErrorHandlerFunc) ServeMuxOption {
+	return func(serveMux *ServeMux) {
+		serveMux.routingErrorHandler = fn
+	}
+}
+
+// WithDisablePathLengthFallback returns a ServeMuxOption for disable path length fallback.
+func WithDisablePathLengthFallback() ServeMuxOption {
+	return func(serveMux *ServeMux) {
+		serveMux.disablePathLengthFallback = true
+	}
+}
+
+// WithHealthEndpointAt returns a ServeMuxOption that will add an endpoint to the created ServeMux at the path specified by endpointPath.
+// When called the handler will forward the request to the upstream grpc service health check (defined in the
+// gRPC Health Checking Protocol).
+//
+// See here https://grpc-ecosystem.github.io/grpc-gateway/docs/operations/health_check/ for more information on how
+// to setup the protocol in the grpc server.
+//
+// If you define a service as query parameter, this will also be forwarded as service in the HealthCheckRequest.
+func WithHealthEndpointAt(healthCheckClient grpc_health_v1.HealthClient, endpointPath string) ServeMuxOption {
+	return func(s *ServeMux) {
+		// error can be ignored since pattern is definitely valid
+		_ = s.HandlePath(
+			http.MethodGet, endpointPath, func(w http.ResponseWriter, r *http.Request, _ map[string]string,
+			) {
+				_, outboundMarshaler := MarshalerForRequest(s, r)
+
+				resp, err := healthCheckClient.Check(r.Context(), &grpc_health_v1.HealthCheckRequest{
+					Service: r.URL.Query().Get("service"),
+				})
+				if err != nil {
+					s.errorHandler(r.Context(), s, outboundMarshaler, w, r, err)
+					return
+				}
+
+				w.Header().Set("Content-Type", "application/json")
+
+				if resp.GetStatus() != grpc_health_v1.HealthCheckResponse_SERVING {
+					switch resp.GetStatus() {
+					case grpc_health_v1.HealthCheckResponse_NOT_SERVING, grpc_health_v1.HealthCheckResponse_UNKNOWN:
+						err = status.Error(codes.Unavailable, resp.String())
+					case grpc_health_v1.HealthCheckResponse_SERVICE_UNKNOWN:
+						err = status.Error(codes.NotFound, resp.String())
+					}
+
+					s.errorHandler(r.Context(), s, outboundMarshaler, w, r, err)
+					return
+				}
+
+				_ = outboundMarshaler.NewEncoder(w).Encode(resp)
+			})
+	}
+}
+
+// WithHealthzEndpoint returns a ServeMuxOption that will add a /healthz endpoint to the created ServeMux.
+//
+// See WithHealthEndpointAt for the general implementation.
+func WithHealthzEndpoint(healthCheckClient grpc_health_v1.HealthClient) ServeMuxOption {
+	return WithHealthEndpointAt(healthCheckClient, "/healthz")
+}
+
+// NewServeMux returns a new ServeMux whose internal mapping is empty.
+func NewServeMux(opts ...ServeMuxOption) *ServeMux {
+	serveMux := &ServeMux{
+		handlers:               make(map[string][]handler),
+		forwardResponseOptions: make([]func(context.Context, http.ResponseWriter, proto.Message) error, 0),
+		marshalers:             makeMarshalerMIMERegistry(),
+		errorHandler:           DefaultHTTPErrorHandler,
+		streamErrorHandler:     DefaultStreamErrorHandler,
+		routingErrorHandler:    DefaultRoutingErrorHandler,
+		unescapingMode:         UnescapingModeDefault,
+	}
+
+	for _, opt := range opts {
+		opt(serveMux)
+	}
+
+	if serveMux.incomingHeaderMatcher == nil {
+		serveMux.incomingHeaderMatcher = DefaultHeaderMatcher
+	}
+	if serveMux.outgoingHeaderMatcher == nil {
+		serveMux.outgoingHeaderMatcher = defaultOutgoingHeaderMatcher
+	}
+	if serveMux.outgoingTrailerMatcher == nil {
+		serveMux.outgoingTrailerMatcher = defaultOutgoingTrailerMatcher
+	}
+
+	return serveMux
+}
+
+// Handle associates "h" to the pair of HTTP method and path pattern.
+func (s *ServeMux) Handle(meth string, pat Pattern, h HandlerFunc) {
+	s.handlers[meth] = append([]handler{{pat: pat, h: h}}, s.handlers[meth]...)
+}
+
+// HandlePath allows users to configure custom path handlers.
+// refer: https://grpc-ecosystem.github.io/grpc-gateway/docs/operations/inject_router/
+func (s *ServeMux) HandlePath(meth string, pathPattern string, h HandlerFunc) error {
+	compiler, err := httprule.Parse(pathPattern)
+	if err != nil {
+		return fmt.Errorf("parsing path pattern: %w", err)
+	}
+	tp := compiler.Compile()
+	pattern, err := NewPattern(tp.Version, tp.OpCodes, tp.Pool, tp.Verb)
+	if err != nil {
+		return fmt.Errorf("creating new pattern: %w", err)
+	}
+	s.Handle(meth, pattern, h)
+	return nil
+}
+
+// ServeHTTP dispatches the request to the first handler whose pattern matches to r.Method and r.URL.Path.
+func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	path := r.URL.Path
+	if !strings.HasPrefix(path, "/") {
+		_, outboundMarshaler := MarshalerForRequest(s, r)
+		s.routingErrorHandler(ctx, s, outboundMarshaler, w, r, http.StatusBadRequest)
+		return
+	}
+
+	// TODO(v3): remove UnescapingModeLegacy
+	if s.unescapingMode != UnescapingModeLegacy && r.URL.RawPath != "" {
+		path = r.URL.RawPath
+	}
+
+	if override := r.Header.Get("X-HTTP-Method-Override"); override != "" && s.isPathLengthFallback(r) {
+		if err := r.ParseForm(); err != nil {
+			_, outboundMarshaler := MarshalerForRequest(s, r)
+			sterr := status.Error(codes.InvalidArgument, err.Error())
+			s.errorHandler(ctx, s, outboundMarshaler, w, r, sterr)
+			return
+		}
+		r.Method = strings.ToUpper(override)
+	}
+
+	var pathComponents []string
+	// since in UnescapeModeLegacy, the URL will already have been fully unescaped, if we also split on "%2F"
+	// in this escaping mode we would be double unescaping but in UnescapingModeAllCharacters, we still do as the
+	// path is the RawPath (i.e. unescaped). That does mean that the behavior of this function will change its default
+	// behavior when the UnescapingModeDefault gets changed from UnescapingModeLegacy to UnescapingModeAllExceptReserved
+	if s.unescapingMode == UnescapingModeAllCharacters {
+		pathComponents = encodedPathSplitter.Split(path[1:], -1)
+	} else {
+		pathComponents = strings.Split(path[1:], "/")
+	}
+
+	lastPathComponent := pathComponents[len(pathComponents)-1]
+
+	for _, h := range s.handlers[r.Method] {
+		// If the pattern has a verb, explicitly look for a suffix in the last
+		// component that matches a colon plus the verb. This allows us to
+		// handle some cases that otherwise can't be correctly handled by the
+		// former LastIndex case, such as when the verb literal itself contains
+		// a colon. This should work for all cases that have run through the
+		// parser because we know what verb we're looking for, however, there
+		// are still some cases that the parser itself cannot disambiguate. See
+		// the comment there if interested.
+
+		var verb string
+		patVerb := h.pat.Verb()
+
+		idx := -1
+		if patVerb != "" && strings.HasSuffix(lastPathComponent, ":"+patVerb) {
+			idx = len(lastPathComponent) - len(patVerb) - 1
+		}
+		if idx == 0 {
+			_, outboundMarshaler := MarshalerForRequest(s, r)
+			s.routingErrorHandler(ctx, s, outboundMarshaler, w, r, http.StatusNotFound)
+			return
+		}
+
+		comps := make([]string, len(pathComponents))
+		copy(comps, pathComponents)
+
+		if idx > 0 {
+			comps[len(comps)-1], verb = lastPathComponent[:idx], lastPathComponent[idx+1:]
+		}
+
+		pathParams, err := h.pat.MatchAndEscape(comps, verb, s.unescapingMode)
+		if err != nil {
+			var mse MalformedSequenceError
+			if ok := errors.As(err, &mse); ok {
+				_, outboundMarshaler := MarshalerForRequest(s, r)
+				s.errorHandler(ctx, s, outboundMarshaler, w, r, &HTTPStatusError{
+					HTTPStatus: http.StatusBadRequest,
+					Err:        mse,
+				})
+			}
+			continue
+		}
+		h.h(w, r, pathParams)
+		return
+	}
+
+	// if no handler has found for the request, lookup for other methods
+	// to handle POST -> GET fallback if the request is subject to path
+	// length fallback.
+	// Note we are not eagerly checking the request here as we want to return the
+	// right HTTP status code, and we need to process the fallback candidates in
+	// order to do that.
+	for m, handlers := range s.handlers {
+		if m == r.Method {
+			continue
+		}
+		for _, h := range handlers {
+			var verb string
+			patVerb := h.pat.Verb()
+
+			idx := -1
+			if patVerb != "" && strings.HasSuffix(lastPathComponent, ":"+patVerb) {
+				idx = len(lastPathComponent) - len(patVerb) - 1
+			}
+
+			comps := make([]string, len(pathComponents))
+			copy(comps, pathComponents)
+
+			if idx > 0 {
+				comps[len(comps)-1], verb = lastPathComponent[:idx], lastPathComponent[idx+1:]
+			}
+
+			pathParams, err := h.pat.MatchAndEscape(comps, verb, s.unescapingMode)
+			if err != nil {
+				var mse MalformedSequenceError
+				if ok := errors.As(err, &mse); ok {
+					_, outboundMarshaler := MarshalerForRequest(s, r)
+					s.errorHandler(ctx, s, outboundMarshaler, w, r, &HTTPStatusError{
+						HTTPStatus: http.StatusBadRequest,
+						Err:        mse,
+					})
+				}
+				continue
+			}
+
+			// X-HTTP-Method-Override is optional. Always allow fallback to POST.
+			// Also, only consider POST -> GET fallbacks, and avoid falling back to
+			// potentially dangerous operations like DELETE.
+			if s.isPathLengthFallback(r) && m == http.MethodGet {
+				if err := r.ParseForm(); err != nil {
+					_, outboundMarshaler := MarshalerForRequest(s, r)
+					sterr := status.Error(codes.InvalidArgument, err.Error())
+					s.errorHandler(ctx, s, outboundMarshaler, w, r, sterr)
+					return
+				}
+				h.h(w, r, pathParams)
+				return
+			}
+			_, outboundMarshaler := MarshalerForRequest(s, r)
+			s.routingErrorHandler(ctx, s, outboundMarshaler, w, r, http.StatusMethodNotAllowed)
+			return
+		}
+	}
+
+	_, outboundMarshaler := MarshalerForRequest(s, r)
+	s.routingErrorHandler(ctx, s, outboundMarshaler, w, r, http.StatusNotFound)
+}
+
+// GetForwardResponseOptions returns the ForwardResponseOptions associated with this ServeMux.
+func (s *ServeMux) GetForwardResponseOptions() []func(context.Context, http.ResponseWriter, proto.Message) error {
+	return s.forwardResponseOptions
+}
+
+func (s *ServeMux) isPathLengthFallback(r *http.Request) bool {
+	return !s.disablePathLengthFallback && r.Method == "POST" && r.Header.Get("Content-Type") == "application/x-www-form-urlencoded"
+}
+
+type handler struct {
+	pat Pattern
+	h   HandlerFunc
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/pattern.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/pattern.go
new file mode 100644
index 0000000000..e54507145b
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/pattern.go
@@ -0,0 +1,381 @@
+package runtime
+
+import (
+	"errors"
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/grpc-ecosystem/grpc-gateway/v2/utilities"
+	"google.golang.org/grpc/grpclog"
+)
+
+var (
+	// ErrNotMatch indicates that the given HTTP request path does not match to the pattern.
+	ErrNotMatch = errors.New("not match to the path pattern")
+	// ErrInvalidPattern indicates that the given definition of Pattern is not valid.
+	ErrInvalidPattern = errors.New("invalid pattern")
+)
+
+type MalformedSequenceError string
+
+func (e MalformedSequenceError) Error() string {
+	return "malformed path escape " + strconv.Quote(string(e))
+}
+
+type op struct {
+	code    utilities.OpCode
+	operand int
+}
+
+// Pattern is a template pattern of http request paths defined in
+// https://github.com/googleapis/googleapis/blob/master/google/api/http.proto
+type Pattern struct {
+	// ops is a list of operations
+	ops []op
+	// pool is a constant pool indexed by the operands or vars.
+	pool []string
+	// vars is a list of variables names to be bound by this pattern
+	vars []string
+	// stacksize is the max depth of the stack
+	stacksize int
+	// tailLen is the length of the fixed-size segments after a deep wildcard
+	tailLen int
+	// verb is the VERB part of the path pattern. It is empty if the pattern does not have VERB part.
+	verb string
+}
+
+// NewPattern returns a new Pattern from the given definition values.
+// "ops" is a sequence of op codes. "pool" is a constant pool.
+// "verb" is the verb part of the pattern. It is empty if the pattern does not have the part.
+// "version" must be 1 for now.
+// It returns an error if the given definition is invalid.
+func NewPattern(version int, ops []int, pool []string, verb string) (Pattern, error) {
+	if version != 1 {
+		grpclog.Errorf("unsupported version: %d", version)
+		return Pattern{}, ErrInvalidPattern
+	}
+
+	l := len(ops)
+	if l%2 != 0 {
+		grpclog.Errorf("odd number of ops codes: %d", l)
+		return Pattern{}, ErrInvalidPattern
+	}
+
+	var (
+		typedOps        []op
+		stack, maxstack int
+		tailLen         int
+		pushMSeen       bool
+		vars            []string
+	)
+	for i := 0; i < l; i += 2 {
+		op := op{code: utilities.OpCode(ops[i]), operand: ops[i+1]}
+		switch op.code {
+		case utilities.OpNop:
+			continue
+		case utilities.OpPush:
+			if pushMSeen {
+				tailLen++
+			}
+			stack++
+		case utilities.OpPushM:
+			if pushMSeen {
+				grpclog.Error("pushM appears twice")
+				return Pattern{}, ErrInvalidPattern
+			}
+			pushMSeen = true
+			stack++
+		case utilities.OpLitPush:
+			if op.operand < 0 || len(pool) <= op.operand {
+				grpclog.Errorf("negative literal index: %d", op.operand)
+				return Pattern{}, ErrInvalidPattern
+			}
+			if pushMSeen {
+				tailLen++
+			}
+			stack++
+		case utilities.OpConcatN:
+			if op.operand <= 0 {
+				grpclog.Errorf("negative concat size: %d", op.operand)
+				return Pattern{}, ErrInvalidPattern
+			}
+			stack -= op.operand
+			if stack < 0 {
+				grpclog.Error("stack underflow")
+				return Pattern{}, ErrInvalidPattern
+			}
+			stack++
+		case utilities.OpCapture:
+			if op.operand < 0 || len(pool) <= op.operand {
+				grpclog.Errorf("variable name index out of bound: %d", op.operand)
+				return Pattern{}, ErrInvalidPattern
+			}
+			v := pool[op.operand]
+			op.operand = len(vars)
+			vars = append(vars, v)
+			stack--
+			if stack < 0 {
+				grpclog.Error("stack underflow")
+				return Pattern{}, ErrInvalidPattern
+			}
+		default:
+			grpclog.Errorf("invalid opcode: %d", op.code)
+			return Pattern{}, ErrInvalidPattern
+		}
+
+		if maxstack < stack {
+			maxstack = stack
+		}
+		typedOps = append(typedOps, op)
+	}
+	return Pattern{
+		ops:       typedOps,
+		pool:      pool,
+		vars:      vars,
+		stacksize: maxstack,
+		tailLen:   tailLen,
+		verb:      verb,
+	}, nil
+}
+
+// MustPattern is a helper function which makes it easier to call NewPattern in variable initialization.
+func MustPattern(p Pattern, err error) Pattern {
+	if err != nil {
+		grpclog.Fatalf("Pattern initialization failed: %v", err)
+	}
+	return p
+}
+
+// MatchAndEscape examines components to determine if they match to a Pattern.
+// MatchAndEscape will return an error if no Patterns matched or if a pattern
+// matched but contained malformed escape sequences. If successful, the function
+// returns a mapping from field paths to their captured values.
+func (p Pattern) MatchAndEscape(components []string, verb string, unescapingMode UnescapingMode) (map[string]string, error) {
+	if p.verb != verb {
+		if p.verb != "" {
+			return nil, ErrNotMatch
+		}
+		if len(components) == 0 {
+			components = []string{":" + verb}
+		} else {
+			components = append([]string{}, components...)
+			components[len(components)-1] += ":" + verb
+		}
+	}
+
+	var pos int
+	stack := make([]string, 0, p.stacksize)
+	captured := make([]string, len(p.vars))
+	l := len(components)
+	for _, op := range p.ops {
+		var err error
+
+		switch op.code {
+		case utilities.OpNop:
+			continue
+		case utilities.OpPush, utilities.OpLitPush:
+			if pos >= l {
+				return nil, ErrNotMatch
+			}
+			c := components[pos]
+			if op.code == utilities.OpLitPush {
+				if lit := p.pool[op.operand]; c != lit {
+					return nil, ErrNotMatch
+				}
+			} else if op.code == utilities.OpPush {
+				if c, err = unescape(c, unescapingMode, false); err != nil {
+					return nil, err
+				}
+			}
+			stack = append(stack, c)
+			pos++
+		case utilities.OpPushM:
+			end := len(components)
+			if end < pos+p.tailLen {
+				return nil, ErrNotMatch
+			}
+			end -= p.tailLen
+			c := strings.Join(components[pos:end], "/")
+			if c, err = unescape(c, unescapingMode, true); err != nil {
+				return nil, err
+			}
+			stack = append(stack, c)
+			pos = end
+		case utilities.OpConcatN:
+			n := op.operand
+			l := len(stack) - n
+			stack = append(stack[:l], strings.Join(stack[l:], "/"))
+		case utilities.OpCapture:
+			n := len(stack) - 1
+			captured[op.operand] = stack[n]
+			stack = stack[:n]
+		}
+	}
+	if pos < l {
+		return nil, ErrNotMatch
+	}
+	bindings := make(map[string]string)
+	for i, val := range captured {
+		bindings[p.vars[i]] = val
+	}
+	return bindings, nil
+}
+
+// MatchAndEscape examines components to determine if they match to a Pattern.
+// It will never perform per-component unescaping (see: UnescapingModeLegacy).
+// MatchAndEscape will return an error if no Patterns matched. If successful,
+// the function returns a mapping from field paths to their captured values.
+//
+// Deprecated: Use MatchAndEscape.
+func (p Pattern) Match(components []string, verb string) (map[string]string, error) {
+	return p.MatchAndEscape(components, verb, UnescapingModeDefault)
+}
+
+// Verb returns the verb part of the Pattern.
+func (p Pattern) Verb() string { return p.verb }
+
+func (p Pattern) String() string {
+	var stack []string
+	for _, op := range p.ops {
+		switch op.code {
+		case utilities.OpNop:
+			continue
+		case utilities.OpPush:
+			stack = append(stack, "*")
+		case utilities.OpLitPush:
+			stack = append(stack, p.pool[op.operand])
+		case utilities.OpPushM:
+			stack = append(stack, "**")
+		case utilities.OpConcatN:
+			n := op.operand
+			l := len(stack) - n
+			stack = append(stack[:l], strings.Join(stack[l:], "/"))
+		case utilities.OpCapture:
+			n := len(stack) - 1
+			stack[n] = fmt.Sprintf("{%s=%s}", p.vars[op.operand], stack[n])
+		}
+	}
+	segs := strings.Join(stack, "/")
+	if p.verb != "" {
+		return fmt.Sprintf("/%s:%s", segs, p.verb)
+	}
+	return "/" + segs
+}
+
+/*
+ * The following code is adopted and modified from Go's standard library
+ * and carries the attached license.
+ *
+ *     Copyright 2009 The Go Authors. All rights reserved.
+ *     Use of this source code is governed by a BSD-style
+ *     license that can be found in the LICENSE file.
+ */
+
+// ishex returns whether or not the given byte is a valid hex character
+func ishex(c byte) bool {
+	switch {
+	case '0' <= c && c <= '9':
+		return true
+	case 'a' <= c && c <= 'f':
+		return true
+	case 'A' <= c && c <= 'F':
+		return true
+	}
+	return false
+}
+
+func isRFC6570Reserved(c byte) bool {
+	switch c {
+	case '!', '#', '$', '&', '\'', '(', ')', '*',
+		'+', ',', '/', ':', ';', '=', '?', '@', '[', ']':
+		return true
+	default:
+		return false
+	}
+}
+
+// unhex converts a hex point to the bit representation
+func unhex(c byte) byte {
+	switch {
+	case '0' <= c && c <= '9':
+		return c - '0'
+	case 'a' <= c && c <= 'f':
+		return c - 'a' + 10
+	case 'A' <= c && c <= 'F':
+		return c - 'A' + 10
+	}
+	return 0
+}
+
+// shouldUnescapeWithMode returns true if the character is escapable with the
+// given mode
+func shouldUnescapeWithMode(c byte, mode UnescapingMode) bool {
+	switch mode {
+	case UnescapingModeAllExceptReserved:
+		if isRFC6570Reserved(c) {
+			return false
+		}
+	case UnescapingModeAllExceptSlash:
+		if c == '/' {
+			return false
+		}
+	case UnescapingModeAllCharacters:
+		return true
+	}
+	return true
+}
+
+// unescape unescapes a path string using the provided mode
+func unescape(s string, mode UnescapingMode, multisegment bool) (string, error) {
+	// TODO(v3): remove UnescapingModeLegacy
+	if mode == UnescapingModeLegacy {
+		return s, nil
+	}
+
+	if !multisegment {
+		mode = UnescapingModeAllCharacters
+	}
+
+	// Count %, check that they're well-formed.
+	n := 0
+	for i := 0; i < len(s); {
+		if s[i] == '%' {
+			n++
+			if i+2 >= len(s) || !ishex(s[i+1]) || !ishex(s[i+2]) {
+				s = s[i:]
+				if len(s) > 3 {
+					s = s[:3]
+				}
+
+				return "", MalformedSequenceError(s)
+			}
+			i += 3
+		} else {
+			i++
+		}
+	}
+
+	if n == 0 {
+		return s, nil
+	}
+
+	var t strings.Builder
+	t.Grow(len(s))
+	for i := 0; i < len(s); i++ {
+		switch s[i] {
+		case '%':
+			c := unhex(s[i+1])<<4 | unhex(s[i+2])
+			if shouldUnescapeWithMode(c, mode) {
+				t.WriteByte(c)
+				i += 2
+				continue
+			}
+			fallthrough
+		default:
+			t.WriteByte(s[i])
+		}
+	}
+
+	return t.String(), nil
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/proto2_convert.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/proto2_convert.go
new file mode 100644
index 0000000000..d549407f20
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/proto2_convert.go
@@ -0,0 +1,80 @@
+package runtime
+
+import (
+	"google.golang.org/protobuf/proto"
+)
+
+// StringP returns a pointer to a string whose pointee is same as the given string value.
+func StringP(val string) (*string, error) {
+	return proto.String(val), nil
+}
+
+// BoolP parses the given string representation of a boolean value,
+// and returns a pointer to a bool whose value is same as the parsed value.
+func BoolP(val string) (*bool, error) {
+	b, err := Bool(val)
+	if err != nil {
+		return nil, err
+	}
+	return proto.Bool(b), nil
+}
+
+// Float64P parses the given string representation of a floating point number,
+// and returns a pointer to a float64 whose value is same as the parsed number.
+func Float64P(val string) (*float64, error) {
+	f, err := Float64(val)
+	if err != nil {
+		return nil, err
+	}
+	return proto.Float64(f), nil
+}
+
+// Float32P parses the given string representation of a floating point number,
+// and returns a pointer to a float32 whose value is same as the parsed number.
+func Float32P(val string) (*float32, error) {
+	f, err := Float32(val)
+	if err != nil {
+		return nil, err
+	}
+	return proto.Float32(f), nil
+}
+
+// Int64P parses the given string representation of an integer
+// and returns a pointer to a int64 whose value is same as the parsed integer.
+func Int64P(val string) (*int64, error) {
+	i, err := Int64(val)
+	if err != nil {
+		return nil, err
+	}
+	return proto.Int64(i), nil
+}
+
+// Int32P parses the given string representation of an integer
+// and returns a pointer to a int32 whose value is same as the parsed integer.
+func Int32P(val string) (*int32, error) {
+	i, err := Int32(val)
+	if err != nil {
+		return nil, err
+	}
+	return proto.Int32(i), err
+}
+
+// Uint64P parses the given string representation of an integer
+// and returns a pointer to a uint64 whose value is same as the parsed integer.
+func Uint64P(val string) (*uint64, error) {
+	i, err := Uint64(val)
+	if err != nil {
+		return nil, err
+	}
+	return proto.Uint64(i), err
+}
+
+// Uint32P parses the given string representation of an integer
+// and returns a pointer to a uint32 whose value is same as the parsed integer.
+func Uint32P(val string) (*uint32, error) {
+	i, err := Uint32(val)
+	if err != nil {
+		return nil, err
+	}
+	return proto.Uint32(i), err
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go
new file mode 100644
index 0000000000..fe634174b8
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go
@@ -0,0 +1,372 @@
+package runtime
+
+import (
+	"errors"
+	"fmt"
+	"net/url"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/grpc-ecosystem/grpc-gateway/v2/utilities"
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/reflect/protoregistry"
+	"google.golang.org/protobuf/types/known/durationpb"
+	field_mask "google.golang.org/protobuf/types/known/fieldmaskpb"
+	"google.golang.org/protobuf/types/known/structpb"
+	"google.golang.org/protobuf/types/known/timestamppb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
+)
+
+var valuesKeyRegexp = regexp.MustCompile(`^(.*)\[(.*)\]$`)
+
+var currentQueryParser QueryParameterParser = &DefaultQueryParser{}
+
+// QueryParameterParser defines interface for all query parameter parsers
+type QueryParameterParser interface {
+	Parse(msg proto.Message, values url.Values, filter *utilities.DoubleArray) error
+}
+
+// PopulateQueryParameters parses query parameters
+// into "msg" using current query parser
+func PopulateQueryParameters(msg proto.Message, values url.Values, filter *utilities.DoubleArray) error {
+	return currentQueryParser.Parse(msg, values, filter)
+}
+
+// DefaultQueryParser is a QueryParameterParser which implements the default
+// query parameters parsing behavior.
+//
+// See https://github.com/grpc-ecosystem/grpc-gateway/issues/2632 for more context.
+type DefaultQueryParser struct{}
+
+// Parse populates "values" into "msg".
+// A value is ignored if its key starts with one of the elements in "filter".
+func (*DefaultQueryParser) Parse(msg proto.Message, values url.Values, filter *utilities.DoubleArray) error {
+	for key, values := range values {
+		if match := valuesKeyRegexp.FindStringSubmatch(key); len(match) == 3 {
+			key = match[1]
+			values = append([]string{match[2]}, values...)
+		}
+
+		msgValue := msg.ProtoReflect()
+		fieldPath := normalizeFieldPath(msgValue, strings.Split(key, "."))
+		if filter.HasCommonPrefix(fieldPath) {
+			continue
+		}
+		if err := populateFieldValueFromPath(msgValue, fieldPath, values); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// PopulateFieldFromPath sets a value in a nested Protobuf structure.
+func PopulateFieldFromPath(msg proto.Message, fieldPathString string, value string) error {
+	fieldPath := strings.Split(fieldPathString, ".")
+	return populateFieldValueFromPath(msg.ProtoReflect(), fieldPath, []string{value})
+}
+
+func normalizeFieldPath(msgValue protoreflect.Message, fieldPath []string) []string {
+	newFieldPath := make([]string, 0, len(fieldPath))
+	for i, fieldName := range fieldPath {
+		fields := msgValue.Descriptor().Fields()
+		fieldDesc := fields.ByTextName(fieldName)
+		if fieldDesc == nil {
+			fieldDesc = fields.ByJSONName(fieldName)
+		}
+		if fieldDesc == nil {
+			// return initial field path values if no matching  message field was found
+			return fieldPath
+		}
+
+		newFieldPath = append(newFieldPath, string(fieldDesc.Name()))
+
+		// If this is the last element, we're done
+		if i == len(fieldPath)-1 {
+			break
+		}
+
+		// Only singular message fields are allowed
+		if fieldDesc.Message() == nil || fieldDesc.Cardinality() == protoreflect.Repeated {
+			return fieldPath
+		}
+
+		// Get the nested message
+		msgValue = msgValue.Get(fieldDesc).Message()
+	}
+
+	return newFieldPath
+}
+
+func populateFieldValueFromPath(msgValue protoreflect.Message, fieldPath []string, values []string) error {
+	if len(fieldPath) < 1 {
+		return errors.New("no field path")
+	}
+	if len(values) < 1 {
+		return errors.New("no value provided")
+	}
+
+	var fieldDescriptor protoreflect.FieldDescriptor
+	for i, fieldName := range fieldPath {
+		fields := msgValue.Descriptor().Fields()
+
+		// Get field by name
+		fieldDescriptor = fields.ByName(protoreflect.Name(fieldName))
+		if fieldDescriptor == nil {
+			fieldDescriptor = fields.ByJSONName(fieldName)
+			if fieldDescriptor == nil {
+				// We're not returning an error here because this could just be
+				// an extra query parameter that isn't part of the request.
+				grpclog.Infof("field not found in %q: %q", msgValue.Descriptor().FullName(), strings.Join(fieldPath, "."))
+				return nil
+			}
+		}
+
+		// If this is the last element, we're done
+		if i == len(fieldPath)-1 {
+			break
+		}
+
+		// Only singular message fields are allowed
+		if fieldDescriptor.Message() == nil || fieldDescriptor.Cardinality() == protoreflect.Repeated {
+			return fmt.Errorf("invalid path: %q is not a message", fieldName)
+		}
+
+		// Get the nested message
+		msgValue = msgValue.Mutable(fieldDescriptor).Message()
+	}
+
+	// Check if oneof already set
+	if of := fieldDescriptor.ContainingOneof(); of != nil {
+		if f := msgValue.WhichOneof(of); f != nil {
+			return fmt.Errorf("field already set for oneof %q", of.FullName().Name())
+		}
+	}
+
+	switch {
+	case fieldDescriptor.IsList():
+		return populateRepeatedField(fieldDescriptor, msgValue.Mutable(fieldDescriptor).List(), values)
+	case fieldDescriptor.IsMap():
+		return populateMapField(fieldDescriptor, msgValue.Mutable(fieldDescriptor).Map(), values)
+	}
+
+	if len(values) > 1 {
+		return fmt.Errorf("too many values for field %q: %s", fieldDescriptor.FullName().Name(), strings.Join(values, ", "))
+	}
+
+	return populateField(fieldDescriptor, msgValue, values[0])
+}
+
+func populateField(fieldDescriptor protoreflect.FieldDescriptor, msgValue protoreflect.Message, value string) error {
+	v, err := parseField(fieldDescriptor, value)
+	if err != nil {
+		return fmt.Errorf("parsing field %q: %w", fieldDescriptor.FullName().Name(), err)
+	}
+
+	msgValue.Set(fieldDescriptor, v)
+	return nil
+}
+
+func populateRepeatedField(fieldDescriptor protoreflect.FieldDescriptor, list protoreflect.List, values []string) error {
+	for _, value := range values {
+		v, err := parseField(fieldDescriptor, value)
+		if err != nil {
+			return fmt.Errorf("parsing list %q: %w", fieldDescriptor.FullName().Name(), err)
+		}
+		list.Append(v)
+	}
+
+	return nil
+}
+
+func populateMapField(fieldDescriptor protoreflect.FieldDescriptor, mp protoreflect.Map, values []string) error {
+	if len(values) != 2 {
+		return fmt.Errorf("more than one value provided for key %q in map %q", values[0], fieldDescriptor.FullName())
+	}
+
+	key, err := parseField(fieldDescriptor.MapKey(), values[0])
+	if err != nil {
+		return fmt.Errorf("parsing map key %q: %w", fieldDescriptor.FullName().Name(), err)
+	}
+
+	value, err := parseField(fieldDescriptor.MapValue(), values[1])
+	if err != nil {
+		return fmt.Errorf("parsing map value %q: %w", fieldDescriptor.FullName().Name(), err)
+	}
+
+	mp.Set(key.MapKey(), value)
+
+	return nil
+}
+
+func parseField(fieldDescriptor protoreflect.FieldDescriptor, value string) (protoreflect.Value, error) {
+	switch fieldDescriptor.Kind() {
+	case protoreflect.BoolKind:
+		v, err := strconv.ParseBool(value)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		return protoreflect.ValueOfBool(v), nil
+	case protoreflect.EnumKind:
+		enum, err := protoregistry.GlobalTypes.FindEnumByName(fieldDescriptor.Enum().FullName())
+		if err != nil {
+			if errors.Is(err, protoregistry.NotFound) {
+				return protoreflect.Value{}, fmt.Errorf("enum %q is not registered", fieldDescriptor.Enum().FullName())
+			}
+			return protoreflect.Value{}, fmt.Errorf("failed to look up enum: %w", err)
+		}
+		// Look for enum by name
+		v := enum.Descriptor().Values().ByName(protoreflect.Name(value))
+		if v == nil {
+			i, err := strconv.Atoi(value)
+			if err != nil {
+				return protoreflect.Value{}, fmt.Errorf("%q is not a valid value", value)
+			}
+			// Look for enum by number
+			if v = enum.Descriptor().Values().ByNumber(protoreflect.EnumNumber(i)); v == nil {
+				return protoreflect.Value{}, fmt.Errorf("%q is not a valid value", value)
+			}
+		}
+		return protoreflect.ValueOfEnum(v.Number()), nil
+	case protoreflect.Int32Kind, protoreflect.Sint32Kind, protoreflect.Sfixed32Kind:
+		v, err := strconv.ParseInt(value, 10, 32)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		return protoreflect.ValueOfInt32(int32(v)), nil
+	case protoreflect.Int64Kind, protoreflect.Sint64Kind, protoreflect.Sfixed64Kind:
+		v, err := strconv.ParseInt(value, 10, 64)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		return protoreflect.ValueOfInt64(v), nil
+	case protoreflect.Uint32Kind, protoreflect.Fixed32Kind:
+		v, err := strconv.ParseUint(value, 10, 32)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		return protoreflect.ValueOfUint32(uint32(v)), nil
+	case protoreflect.Uint64Kind, protoreflect.Fixed64Kind:
+		v, err := strconv.ParseUint(value, 10, 64)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		return protoreflect.ValueOfUint64(v), nil
+	case protoreflect.FloatKind:
+		v, err := strconv.ParseFloat(value, 32)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		return protoreflect.ValueOfFloat32(float32(v)), nil
+	case protoreflect.DoubleKind:
+		v, err := strconv.ParseFloat(value, 64)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		return protoreflect.ValueOfFloat64(v), nil
+	case protoreflect.StringKind:
+		return protoreflect.ValueOfString(value), nil
+	case protoreflect.BytesKind:
+		v, err := Bytes(value)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		return protoreflect.ValueOfBytes(v), nil
+	case protoreflect.MessageKind, protoreflect.GroupKind:
+		return parseMessage(fieldDescriptor.Message(), value)
+	default:
+		panic(fmt.Sprintf("unknown field kind: %v", fieldDescriptor.Kind()))
+	}
+}
+
+func parseMessage(msgDescriptor protoreflect.MessageDescriptor, value string) (protoreflect.Value, error) {
+	var msg proto.Message
+	switch msgDescriptor.FullName() {
+	case "google.protobuf.Timestamp":
+		t, err := time.Parse(time.RFC3339Nano, value)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		msg = timestamppb.New(t)
+	case "google.protobuf.Duration":
+		d, err := time.ParseDuration(value)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		msg = durationpb.New(d)
+	case "google.protobuf.DoubleValue":
+		v, err := strconv.ParseFloat(value, 64)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		msg = wrapperspb.Double(v)
+	case "google.protobuf.FloatValue":
+		v, err := strconv.ParseFloat(value, 32)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		msg = wrapperspb.Float(float32(v))
+	case "google.protobuf.Int64Value":
+		v, err := strconv.ParseInt(value, 10, 64)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		msg = wrapperspb.Int64(v)
+	case "google.protobuf.Int32Value":
+		v, err := strconv.ParseInt(value, 10, 32)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		msg = wrapperspb.Int32(int32(v))
+	case "google.protobuf.UInt64Value":
+		v, err := strconv.ParseUint(value, 10, 64)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		msg = wrapperspb.UInt64(v)
+	case "google.protobuf.UInt32Value":
+		v, err := strconv.ParseUint(value, 10, 32)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		msg = wrapperspb.UInt32(uint32(v))
+	case "google.protobuf.BoolValue":
+		v, err := strconv.ParseBool(value)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		msg = wrapperspb.Bool(v)
+	case "google.protobuf.StringValue":
+		msg = wrapperspb.String(value)
+	case "google.protobuf.BytesValue":
+		v, err := Bytes(value)
+		if err != nil {
+			return protoreflect.Value{}, err
+		}
+		msg = wrapperspb.Bytes(v)
+	case "google.protobuf.FieldMask":
+		fm := &field_mask.FieldMask{}
+		fm.Paths = append(fm.Paths, strings.Split(value, ",")...)
+		msg = fm
+	case "google.protobuf.Value":
+		var v structpb.Value
+		if err := protojson.Unmarshal([]byte(value), &v); err != nil {
+			return protoreflect.Value{}, err
+		}
+		msg = &v
+	case "google.protobuf.Struct":
+		var v structpb.Struct
+		if err := protojson.Unmarshal([]byte(value), &v); err != nil {
+			return protoreflect.Value{}, err
+		}
+		msg = &v
+	default:
+		return protoreflect.Value{}, fmt.Errorf("unsupported message type: %q", string(msgDescriptor.FullName()))
+	}
+
+	return protoreflect.ValueOfMessage(msg.ProtoReflect()), nil
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel
new file mode 100644
index 0000000000..b894094657
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel
@@ -0,0 +1,31 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+package(default_visibility = ["//visibility:public"])
+
+go_library(
+    name = "utilities",
+    srcs = [
+        "doc.go",
+        "pattern.go",
+        "readerfactory.go",
+        "string_array_flag.go",
+        "trie.go",
+    ],
+    importpath = "github.com/grpc-ecosystem/grpc-gateway/v2/utilities",
+)
+
+go_test(
+    name = "utilities_test",
+    size = "small",
+    srcs = [
+        "string_array_flag_test.go",
+        "trie_test.go",
+    ],
+    deps = [":utilities"],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":utilities",
+    visibility = ["//visibility:public"],
+)
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/doc.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/doc.go
new file mode 100644
index 0000000000..cf79a4d588
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/doc.go
@@ -0,0 +1,2 @@
+// Package utilities provides members for internal use in grpc-gateway.
+package utilities
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/pattern.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/pattern.go
new file mode 100644
index 0000000000..dfe7de4864
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/pattern.go
@@ -0,0 +1,22 @@
+package utilities
+
+// An OpCode is a opcode of compiled path patterns.
+type OpCode int
+
+// These constants are the valid values of OpCode.
+const (
+	// OpNop does nothing
+	OpNop = OpCode(iota)
+	// OpPush pushes a component to stack
+	OpPush
+	// OpLitPush pushes a component to stack if it matches to the literal
+	OpLitPush
+	// OpPushM concatenates the remaining components and pushes it to stack
+	OpPushM
+	// OpConcatN pops N items from stack, concatenates them and pushes it back to stack
+	OpConcatN
+	// OpCapture pops an item and binds it to the variable
+	OpCapture
+	// OpEnd is the least positive invalid opcode.
+	OpEnd
+)
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/readerfactory.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/readerfactory.go
new file mode 100644
index 0000000000..01d26edae3
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/readerfactory.go
@@ -0,0 +1,19 @@
+package utilities
+
+import (
+	"bytes"
+	"io"
+)
+
+// IOReaderFactory takes in an io.Reader and returns a function that will allow you to create a new reader that begins
+// at the start of the stream
+func IOReaderFactory(r io.Reader) (func() io.Reader, error) {
+	b, err := io.ReadAll(r)
+	if err != nil {
+		return nil, err
+	}
+
+	return func() io.Reader {
+		return bytes.NewReader(b)
+	}, nil
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/string_array_flag.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/string_array_flag.go
new file mode 100644
index 0000000000..d224ab776c
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/string_array_flag.go
@@ -0,0 +1,33 @@
+package utilities
+
+import (
+	"flag"
+	"strings"
+)
+
+// flagInterface is an cut down interface to `flag`
+type flagInterface interface {
+	Var(value flag.Value, name string, usage string)
+}
+
+// StringArrayFlag defines a flag with the specified name and usage string.
+// The return value is the address of a `StringArrayFlags` variable that stores the repeated values of the flag.
+func StringArrayFlag(f flagInterface, name string, usage string) *StringArrayFlags {
+	value := &StringArrayFlags{}
+	f.Var(value, name, usage)
+	return value
+}
+
+// StringArrayFlags is a wrapper of `[]string` to provider an interface for `flag.Var`
+type StringArrayFlags []string
+
+// String returns a string representation of `StringArrayFlags`
+func (i *StringArrayFlags) String() string {
+	return strings.Join(*i, ",")
+}
+
+// Set appends a value to `StringArrayFlags`
+func (i *StringArrayFlags) Set(value string) error {
+	*i = append(*i, value)
+	return nil
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/trie.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/trie.go
new file mode 100644
index 0000000000..dd99b0ed25
--- /dev/null
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/trie.go
@@ -0,0 +1,174 @@
+package utilities
+
+import (
+	"sort"
+)
+
+// DoubleArray is a Double Array implementation of trie on sequences of strings.
+type DoubleArray struct {
+	// Encoding keeps an encoding from string to int
+	Encoding map[string]int
+	// Base is the base array of Double Array
+	Base []int
+	// Check is the check array of Double Array
+	Check []int
+}
+
+// NewDoubleArray builds a DoubleArray from a set of sequences of strings.
+func NewDoubleArray(seqs [][]string) *DoubleArray {
+	da := &DoubleArray{Encoding: make(map[string]int)}
+	if len(seqs) == 0 {
+		return da
+	}
+
+	encoded := registerTokens(da, seqs)
+	sort.Sort(byLex(encoded))
+
+	root := node{row: -1, col: -1, left: 0, right: len(encoded)}
+	addSeqs(da, encoded, 0, root)
+
+	for i := len(da.Base); i > 0; i-- {
+		if da.Check[i-1] != 0 {
+			da.Base = da.Base[:i]
+			da.Check = da.Check[:i]
+			break
+		}
+	}
+	return da
+}
+
+func registerTokens(da *DoubleArray, seqs [][]string) [][]int {
+	var result [][]int
+	for _, seq := range seqs {
+		encoded := make([]int, 0, len(seq))
+		for _, token := range seq {
+			if _, ok := da.Encoding[token]; !ok {
+				da.Encoding[token] = len(da.Encoding)
+			}
+			encoded = append(encoded, da.Encoding[token])
+		}
+		result = append(result, encoded)
+	}
+	for i := range result {
+		result[i] = append(result[i], len(da.Encoding))
+	}
+	return result
+}
+
+type node struct {
+	row, col    int
+	left, right int
+}
+
+func (n node) value(seqs [][]int) int {
+	return seqs[n.row][n.col]
+}
+
+func (n node) children(seqs [][]int) []*node {
+	var result []*node
+	lastVal := int(-1)
+	last := new(node)
+	for i := n.left; i < n.right; i++ {
+		if lastVal == seqs[i][n.col+1] {
+			continue
+		}
+		last.right = i
+		last = &node{
+			row:  i,
+			col:  n.col + 1,
+			left: i,
+		}
+		result = append(result, last)
+	}
+	last.right = n.right
+	return result
+}
+
+func addSeqs(da *DoubleArray, seqs [][]int, pos int, n node) {
+	ensureSize(da, pos)
+
+	children := n.children(seqs)
+	var i int
+	for i = 1; ; i++ {
+		ok := func() bool {
+			for _, child := range children {
+				code := child.value(seqs)
+				j := i + code
+				ensureSize(da, j)
+				if da.Check[j] != 0 {
+					return false
+				}
+			}
+			return true
+		}()
+		if ok {
+			break
+		}
+	}
+	da.Base[pos] = i
+	for _, child := range children {
+		code := child.value(seqs)
+		j := i + code
+		da.Check[j] = pos + 1
+	}
+	terminator := len(da.Encoding)
+	for _, child := range children {
+		code := child.value(seqs)
+		if code == terminator {
+			continue
+		}
+		j := i + code
+		addSeqs(da, seqs, j, *child)
+	}
+}
+
+func ensureSize(da *DoubleArray, i int) {
+	for i >= len(da.Base) {
+		da.Base = append(da.Base, make([]int, len(da.Base)+1)...)
+		da.Check = append(da.Check, make([]int, len(da.Check)+1)...)
+	}
+}
+
+type byLex [][]int
+
+func (l byLex) Len() int      { return len(l) }
+func (l byLex) Swap(i, j int) { l[i], l[j] = l[j], l[i] }
+func (l byLex) Less(i, j int) bool {
+	si := l[i]
+	sj := l[j]
+	var k int
+	for k = 0; k < len(si) && k < len(sj); k++ {
+		if si[k] < sj[k] {
+			return true
+		}
+		if si[k] > sj[k] {
+			return false
+		}
+	}
+	return k < len(sj)
+}
+
+// HasCommonPrefix determines if any sequence in the DoubleArray is a prefix of the given sequence.
+func (da *DoubleArray) HasCommonPrefix(seq []string) bool {
+	if len(da.Base) == 0 {
+		return false
+	}
+
+	var i int
+	for _, t := range seq {
+		code, ok := da.Encoding[t]
+		if !ok {
+			break
+		}
+		j := da.Base[i] + code
+		if len(da.Check) <= j || da.Check[j] != i+1 {
+			break
+		}
+		i = j
+	}
+	j := da.Base[i] + len(da.Encoding)
+	if len(da.Check) <= j || da.Check[j] != i+1 {
+		return false
+	}
+	return true
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/LICENSE b/vendor/github.com/libopenstorage/grpc-framework/LICENSE
new file mode 100644
index 0000000000..d2fa1326d4
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/LICENSE
@@ -0,0 +1,191 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2020 Openstorage.org.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/Makefile b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/Makefile
new file mode 100644
index 0000000000..3c141a3b5b
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/Makefile
@@ -0,0 +1,12 @@
+SUBDIRS = role ownership
+PROTODIRS = $(SUBDIRS:%=proto-%)
+
+all: $(SUBDIRS)
+
+proto: $(PROTODIRS)
+
+$(SUBDIRS):
+	$(MAKE) -C $@
+
+$(PROTODIRS):
+	$(MAKE) -C $(@:proto-%=%) proto
\ No newline at end of file
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/auth.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/auth.go
new file mode 100644
index 0000000000..6e630ac19e
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/auth.go
@@ -0,0 +1,57 @@
+/*
+Package auth can be used for authentication and authorization
+Copyright 2018 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package auth
+
+import (
+	"context"
+
+	"github.com/libopenstorage/grpc-framework/pkg/correlation"
+)
+
+func init() {
+	correlation.RegisterComponent(correlation.ComponentGrpcAuth)
+}
+
+const (
+	systemGuestRoleName = "system.guest"
+)
+
+var (
+	systemTokenInst TokenGenerator = &noauth{}
+
+	// Inst returns the instance of system token manager.
+	// This function can be overridden for testing purposes
+	InitSystemTokenManager = func(tg TokenGenerator) {
+		systemTokenInst = tg
+	}
+
+	// SystemTokenManagerInst returns the systemTokenManager instance
+	SystemTokenManagerInst = func() TokenGenerator {
+		return systemTokenInst
+	}
+)
+
+// Authenticator interface validates and extracts the claims from a raw token
+type Authenticator interface {
+	// AuthenticateToken validates the token and returns the claims
+	AuthenticateToken(context.Context, string) (*Claims, error)
+}
+
+// Enabled returns whether auth is enabled.
+func Enabled() bool {
+	return len(systemTokenInst.Issuer()) != 0
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/claims.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/claims.go
new file mode 100644
index 0000000000..52bce04772
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/claims.go
@@ -0,0 +1,107 @@
+package auth
+
+import "fmt"
+
+// UsernameClaimType holds the claims type to be used as the unique id for the user
+type UsernameClaimType string
+
+const (
+	// default type is sub
+	UsernameClaimTypeDefault UsernameClaimType = ""
+	// UsernameClaimTypeSubject requests to use "sub" as the claims for the
+	// ID of the user
+	UsernameClaimTypeSubject UsernameClaimType = "sub"
+	// UsernameClaimTypeEmail requests to use "name" as the claims for the
+	// ID of the user
+	UsernameClaimTypeEmail UsernameClaimType = "email"
+	// UsernameClaimTypeName requests to use "name" as the claims for the
+	// ID of the user
+	UsernameClaimTypeName UsernameClaimType = "name"
+)
+
+var (
+	// Required claim keys
+	requiredClaims = []string{"iss", "sub", "exp", "iat", "name", "email"}
+	// Custom claims for OpenStorage
+	customClaims = []string{"roles", "groups"}
+)
+
+// Claims provides information about the claims in the token
+// See https://openid.net/specs/openid-connect-core-1_0.html#IDToken
+// for more information.
+type Claims struct {
+	// Issuer is the token issuer. For selfsigned token do not prefix
+	// with `https://`.
+	Issuer string `json:"iss"`
+	// Subject identifier. Unique ID of this account
+	Subject string `json:"sub" yaml:"sub"`
+	// Account name
+	Name string `json:"name" yaml:"name"`
+	// Account email
+	Email string `json:"email" yaml:"email"`
+	// Audience is the intended audience for this claim. Can be a string or []string or []interface{}.
+	// Use GetAudience() to interpret the value correctly.
+	Audience interface{} `json:"aud,omitempty" yaml:"aud,omitempty"`
+	// Roles of this account
+	Roles []string `json:"roles,omitempty" yaml:"roles,omitempty"`
+	// (optional) Groups in which this account is part of
+	Groups []string `json:"groups,omitempty" yaml:"groups,omitempty"`
+	// UsernameClaim indicates which claim has the user name. It should be set by the authenticator when
+	// authenticating the raw token.
+	UsernameClaim UsernameClaimType `json:"usernameClaim,omitempty" yaml:"usernameClaim,omitempty"`
+}
+
+// GetAudience returns the audience from the claims
+func (c *Claims) GetAudience() ([]string, error) {
+	var ret []string
+	if c.Audience == nil {
+		return ret, nil
+	} else if aud, ok := c.Audience.(string); ok {
+		ret = append(ret, aud)
+	} else if aud, ok := c.Audience.([]string); ok {
+		ret = append(ret, aud...)
+	} else if aud, ok := c.Audience.([]interface{}); ok {
+		for _, a := range aud {
+			vs, ok := a.(string)
+			if !ok {
+				return nil, fmt.Errorf("unknown type %T for audience entry %v in audience %v", a, a, c.Audience)
+			}
+			ret = append(ret, vs)
+		}
+	} else {
+		return nil, fmt.Errorf("unknown type %T for audience %v", c.Audience, c.Audience)
+	}
+	return ret, nil
+}
+
+// GetUsername returns the username from the claims
+func (c *Claims) GetUsername() (string, error) {
+	username := ""
+	claimType := c.UsernameClaim
+	if claimType == "" {
+		claimType = UsernameClaimTypeSubject
+	}
+	switch claimType {
+	case UsernameClaimTypeEmail:
+		username = c.Email
+	case UsernameClaimTypeName:
+		username = c.Name
+	case UsernameClaimTypeSubject:
+		username = c.Subject
+	default:
+		return "", fmt.Errorf("system set to use unknown claim %s as username. Must be one of %s, %s or %s (default)",
+			claimType, UsernameClaimTypeEmail, UsernameClaimTypeName, UsernameClaimTypeSubject)
+	}
+	if username == "" {
+		return "", fmt.Errorf("system set to use the value of %s as the username,"+
+			" therefore the value of %s in the token cannot be empty", claimType, claimType)
+
+	}
+	return username, nil
+}
+
+// ValidateUsername validates that the claim that is suppposed to contain the username is present
+func (c *Claims) ValidateUsername() error {
+	_, err := c.GetUsername()
+	return err
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/duration.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/duration.go
new file mode 100644
index 0000000000..84f635e61f
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/duration.go
@@ -0,0 +1,97 @@
+/*
+Copyright 2018 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package auth
+
+import (
+	"fmt"
+	"regexp"
+	"strconv"
+	"time"
+)
+
+const (
+	// SecondDef is the abbrevation for seconds
+	SecondDef = "s"
+	// MinuteDef is the abbrevation for minutes
+	MinuteDef = "m"
+	// HourDef is the abbrevation for hours
+	HourDef = "h"
+	// DayDef is the abbrevation for days
+	DayDef = "d"
+	// YearDef is the abbrevation for years
+	YearDef = "y"
+
+	// Day is the duration of hours in a day
+	Day = time.Hour * 24
+	// Year is the duration of days in a year
+	Year = Day * 365
+)
+
+var (
+	// SecondRegex is a regular expression for finding seconds as a duration
+	SecondRegex = regexp.MustCompile("^([0-9]+)" + SecondDef + "$")
+	// MinuteRegex is a regular expression for finding minutes as a duration
+	MinuteRegex = regexp.MustCompile("^([0-9]+)" + MinuteDef + "$")
+	// HourRegex is a regular expression for finding hours as a duration
+	HourRegex = regexp.MustCompile("^([0-9]+)" + HourDef + "$")
+	// DayRegex is a regular expression for finding days as a duration
+	DayRegex = regexp.MustCompile("^([0-9]+)" + DayDef + "$")
+	// YearRegex is a regular expression for finding years as a duration
+	YearRegex = regexp.MustCompile("^([0-9]+)" + YearDef + "$")
+)
+
+// ParseToDuration takes in a "human" type duration and changes it to
+// time.Duration. The format for a human type is <number><type>. For
+// example: Five days: 5d; one year: 1y.
+func ParseToDuration(s string) (time.Duration, error) {
+
+	regexs := []struct {
+		regex    *regexp.Regexp
+		duration time.Duration
+	}{
+		{
+			regex:    SecondRegex,
+			duration: time.Second,
+		},
+		{
+			regex:    MinuteRegex,
+			duration: time.Minute,
+		},
+		{
+			regex:    HourRegex,
+			duration: time.Hour,
+		},
+		{
+			regex:    DayRegex,
+			duration: Day,
+		},
+		{
+			regex:    YearRegex,
+			duration: Year,
+		},
+	}
+	for _, r := range regexs {
+		if val := r.regex.FindString(s); len(val) != 0 {
+			parsed, err := strconv.Atoi(val[:len(val)-1])
+			if err != nil {
+				return 0, err
+			}
+			return time.Duration(parsed) * r.duration, nil
+		}
+	}
+
+	return 0, fmt.Errorf("Unable to parse")
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/jwks.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/jwks.go
new file mode 100644
index 0000000000..8e1fd1c2a9
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/jwks.go
@@ -0,0 +1,129 @@
+/*
+Copyright 2022 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package auth
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+
+	oidc "github.com/coreos/go-oidc/v3/oidc"
+	"github.com/sirupsen/logrus"
+)
+
+// From the oidc package:
+// NewRemoteKeySet returns a KeySet that can validate JSON web tokens by using HTTP
+// GETs to fetch JSON web token sets hosted at a remote URL. This is automatically
+// used by NewProvider using the URLs returned by OpenID Connect discovery, but is
+// exposed for providers that don't support discovery or to prevent round trips to the
+// discovery URL.
+//
+// The returned KeySet is a long lived verifier that caches keys based on any
+// keys change. Reuse a common remote key set instead of creating new ones as needed.
+
+// JWKSAuthConfig configures an JWKS connection
+type JWKSAuthConfig struct {
+	// Issuer of the tokens.
+	// This value must equal the `iss` value in the token.
+	Issuer string
+	// JWKSUrl is the actual URL to the public key in jwks format
+	// e.g. https://www.googleapis.com/oauth2/v3/certs
+	JWKSUrl string
+	// UsernameClaim has the location of the unique id for the user.
+	// If empty, "sub" will be used for the user name unique id.
+	UsernameClaim UsernameClaimType
+	// Namespace sets the namespace for all custom claims. For example
+	// if the claims had the key: "https://mynamespace/roles", then
+	// the namespace would be "https://mynamespace/".
+	Namespace string
+}
+
+// JWKSAuthenticator is used to validate tokens with an JWKS
+type JWKSAuthenticator struct {
+	OIDCAuthenticator
+
+	jwksUrl string
+	keyset  *oidc.RemoteKeySet
+}
+
+// NewJWKSAuthenticator returns a new JWKS authenticator where the issuer
+// must be the same host as the JWKSUrl
+//
+//	c := &JWKSAuthConfig{
+//	    Issuer:  "https://some.token.authority",
+//	    JWKSUrl: "https://some.token.authority:3030/.well-known/jwks.json",
+//	}
+//	a, err := NewJWKSAuthenticator(c)
+func NewJWKSAuthenticator(config *JWKSAuthConfig) (*JWKSAuthenticator, error) {
+	if config.JWKSUrl == "" {
+		return nil, fmt.Errorf("JWKS url missing")
+	}
+	if config.Issuer == "" {
+		return nil, fmt.Errorf("issuer missing")
+	}
+
+	jwkUrl, err := url.Parse(config.JWKSUrl)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing JWKSurl: %v", err)
+	}
+	issuerUrl, err := url.Parse(config.Issuer)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing issuer: %v", err)
+	}
+
+	if jwkUrl.Host != issuerUrl.Host {
+		return nil, fmt.Errorf(
+			"issuer[%s] host is not the same as JWKSUrl[%s]",
+			config.Issuer,
+			config.JWKSUrl)
+	}
+	return NewJWKSWithIssuerAuthenticator(config)
+}
+
+// NewJWKSWithIssuerAuthenticator returns a new JWKS authenticator where
+// the issuer can be a different host from the JWKSUrl.
+//
+// Note, that this may cause a security issue if the config provider is
+// malicious. You should know what you are doing if you use this model.
+//
+//	c := &JWKSAuthConfig{
+//	    Issuer:  "https://anther.host"
+//	    JWKSUrl: "https://some.token.authority/.well-known/jwks.json",
+//	}
+//	a, err := NewJWKSAuthenticator(c)
+func NewJWKSWithIssuerAuthenticator(config *JWKSAuthConfig) (*JWKSAuthenticator, error) {
+	keyset := oidc.NewRemoteKeySet(context.Background(), config.JWKSUrl)
+	oidcConfig := &oidc.Config{
+		SkipClientIDCheck: true,
+	}
+	verifier := oidc.NewVerifier(config.Issuer, keyset, oidcConfig)
+
+	logrus.WithFields(logrus.Fields{
+		"issuer":  config.Issuer,
+		"jwksUrl": config.JWKSUrl,
+	}).Infof("Authenticator JWKS")
+
+	return &JWKSAuthenticator{
+		OIDCAuthenticator: OIDCAuthenticator{
+			url:           config.Issuer,
+			verifier:      verifier,
+			usernameClaim: config.UsernameClaim,
+			namespace:     config.Namespace,
+		},
+		jwksUrl: config.JWKSUrl,
+		keyset:  keyset,
+	}, nil
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/mock_auth.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/mock_auth.go
new file mode 100644
index 0000000000..86ead1f45a
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/mock_auth.go
@@ -0,0 +1,50 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: pkg/auth/auth.go
+
+// Package auth is a generated GoMock package.
+package auth
+
+import (
+	context "context"
+	reflect "reflect"
+
+	gomock "github.com/golang/mock/gomock"
+)
+
+// MockAuthenticator is a mock of Authenticator interface.
+type MockAuthenticator struct {
+	ctrl     *gomock.Controller
+	recorder *MockAuthenticatorMockRecorder
+}
+
+// MockAuthenticatorMockRecorder is the mock recorder for MockAuthenticator.
+type MockAuthenticatorMockRecorder struct {
+	mock *MockAuthenticator
+}
+
+// NewMockAuthenticator creates a new mock instance.
+func NewMockAuthenticator(ctrl *gomock.Controller) *MockAuthenticator {
+	mock := &MockAuthenticator{ctrl: ctrl}
+	mock.recorder = &MockAuthenticatorMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use.
+func (m *MockAuthenticator) EXPECT() *MockAuthenticatorMockRecorder {
+	return m.recorder
+}
+
+// AuthenticateToken mocks base method.
+func (m *MockAuthenticator) AuthenticateToken(arg0 context.Context, arg1 string) (*Claims, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "AuthenticateToken", arg0, arg1)
+	ret0, _ := ret[0].(*Claims)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// AuthenticateToken indicates an expected call of AuthenticateToken.
+func (mr *MockAuthenticatorMockRecorder) AuthenticateToken(arg0, arg1 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AuthenticateToken", reflect.TypeOf((*MockAuthenticator)(nil).AuthenticateToken), arg0, arg1)
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/multiauthenticator.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/multiauthenticator.go
new file mode 100644
index 0000000000..a6c973b258
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/multiauthenticator.go
@@ -0,0 +1,127 @@
+package auth
+
+import (
+	"context"
+	"fmt"
+)
+
+// This file provides 2 implementations of Authenticator interface. Each implementation has multiple
+// authenticators with the same issuer. These implementations are needed when
+// multiple microservices use the same OIDC server (i.e. the same issuer) with different
+// client IDs. ID token contains the client ID in the audience field. The standard says the following about
+// the audience field in the ID token:
+//		https://openid.net/specs/openid-connect-core-1_0.html
+//		This specifies how the audience field is used for the id_token.
+//		aud
+//		REQUIRED. Audience(s) that this ID Token is intended for. It MUST contain the OAuth 2.0 client_id of
+//		the Relying Party as an audience value. It MAY also contain identifiers for other audiences. In the general case,
+//		the aud value is an array of case sensitive strings. In the common special case when there is one audience,
+//		the aud value MAY be a single case sensitive string.
+//
+// Note that the audience value can be an array of strings in a general case. There are 2 authenticator implementations
+// provided:
+//
+// 1> multiAuthenticatorByClientID assumes that the audience is a single string containing client_id which is used
+// to extract the matching authenticator from the map and only that authenticator is used to authenticate the token.
+// Use this implementation when the audience is expected to contain only the client_id.
+//
+// 2> iteratingMultiAuthenticator allows the audience value to be an array of strings. It delegates the interpretation
+// of audience to the specified athenticators by iterating over them. All authenticators use the same issuer and
+// at most one of the authenticators shall successfully authenticate the token. Others will reject the token
+// because the client_id will not match.
+
+type multiAuthenticatorByClientID struct {
+	issuer         string
+	authenticators map[string]Authenticator
+}
+
+// NewMultiAuthenticatorByClientID returns Authenticator implementation that assumes that the audience
+// field in the token contains just the client ID, which is also the key in the authenticators map
+// passed to this function. All authenticators must use the same issuer.
+func NewMultiAuthenticatorByClientID(
+	issuer string,
+	authenticatorsByClientID map[string]Authenticator,
+) (Authenticator, error) {
+	if len(authenticatorsByClientID) == 0 {
+		return nil, fmt.Errorf("empty authenticators for issuer %s", issuer)
+	}
+	return &multiAuthenticatorByClientID{
+		issuer:         issuer,
+		authenticators: authenticatorsByClientID,
+	}, nil
+}
+
+func (m *multiAuthenticatorByClientID) AuthenticateToken(ctx context.Context, idToken string) (*Claims, error) {
+	tokenClaims, err := TokenClaims(idToken)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get claims from token: %w", err)
+	}
+	if tokenClaims.Issuer != m.issuer {
+		return nil, fmt.Errorf("token was issued by %s which does not match issuer %s of this multi authenticator",
+			tokenClaims.Issuer, m.issuer)
+	}
+	var clientID string
+	aud, err := tokenClaims.GetAudience()
+	if err != nil {
+		return nil, fmt.Errorf("failed to find audience in the claims: %w", err)
+	}
+	// This implementation assumes that the audience is a single string containing the client ID.
+	// If that is not true, the "iterating" multi authenticator should be used instead.
+	if len(aud) != 1 {
+		return nil, fmt.Errorf("unable to determine client ID;"+
+			" expected a single value in the audience field of the token but found %d: %v", len(aud), aud)
+	}
+	clientID = aud[0]
+	if clientID == "" {
+		return nil, fmt.Errorf("empty client ID in the audience claim")
+	}
+	authenticator, ok := m.authenticators[clientID]
+	if !ok {
+		return nil, fmt.Errorf("failed to find authenticator for issuer %s and client ID %s",
+			tokenClaims.Issuer, clientID)
+	}
+	claims, err := authenticator.AuthenticateToken(ctx, idToken)
+	if err != nil {
+		return nil, fmt.Errorf("failed to authenticate token for issuer %s and client ID %s: %w",
+			tokenClaims.Issuer, clientID, err)
+	}
+	return claims, nil
+}
+
+type iteratingMultiAuthenticator struct {
+	issuer         string
+	authenticators []Authenticator
+}
+
+// NewIteratingMultiAuthenticator returns Authenticator implementation that iterates over all
+// the supplied authenticators to authenticate a token. All authenticators must use the same issuer.
+func NewIteratingMultiAuthenticator(
+	issuer string,
+	authenticators []Authenticator,
+) (Authenticator, error) {
+	if len(authenticators) == 0 {
+		return nil, fmt.Errorf("empty authenticators for issuer %s", issuer)
+	}
+	return &iteratingMultiAuthenticator{
+		issuer:         issuer,
+		authenticators: authenticators,
+	}, nil
+}
+
+func (m *iteratingMultiAuthenticator) AuthenticateToken(ctx context.Context, idToken string) (*Claims, error) {
+	tokenClaims, err := TokenClaims(idToken)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get claims from token: %w", err)
+	}
+	if tokenClaims.Issuer != m.issuer {
+		return nil, fmt.Errorf("token was issued by %s which does not match issuer %s of this multi authenticator",
+			tokenClaims.Issuer, m.issuer)
+	}
+	for _, authenticator := range m.authenticators {
+		claims, err := authenticator.AuthenticateToken(ctx, idToken)
+		if err == nil {
+			return claims, nil
+		}
+	}
+	return nil, fmt.Errorf("failed to authenticate token for issuer %s", tokenClaims.Issuer)
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/oidc.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/oidc.go
new file mode 100644
index 0000000000..b7dc71057d
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/oidc.go
@@ -0,0 +1,136 @@
+/*
+Copyright 2019 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package auth
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	oidc "github.com/coreos/go-oidc/v3/oidc"
+)
+
+// OIDCAuthConfig configures an OIDC connection
+type OIDCAuthConfig struct {
+	// Issuer of the OIDC tokens
+	// e.g. https://accounts.google.com
+	Issuer string
+	// ClientID is the client id provided by the OIDC
+	ClientID string
+	// SkipClientIDCheck skips a verification on tokens which are returned
+	// from the OIDC without the client ID set
+	SkipClientIDCheck bool
+	// SkipIssuerCheck skips verification of the issuer URL.
+	SkipIssuerCheck bool
+	// UsernameClaim has the location of the unique id for the user.
+	// If empty, "sub" will be used for the user name unique id.
+	UsernameClaim UsernameClaimType
+	// Namespace sets the namespace for all custom claims. For example
+	// if the claims had the key: "https://mynamespace/roles", then
+	// the namespace would be "https://mynamespace/".
+	Namespace string
+}
+
+// OIDCAuthenticator is used to validate tokens with an OIDC
+type OIDCAuthenticator struct {
+	url           string
+	provider      *oidc.Provider
+	verifier      *oidc.IDTokenVerifier
+	usernameClaim UsernameClaimType
+	namespace     string
+}
+
+// NewOIDC returns a new OIDC authenticator
+func NewOIDCAuthenticator(config *OIDCAuthConfig) (*OIDCAuthenticator, error) {
+	// Reverting the defaultTimeout base context as some of the coreos oidc api
+	// takes this context for subsequent call and end up using expired context.
+	ctx := context.Background()
+
+	p, err := oidc.NewProvider(ctx, config.Issuer)
+	if err != nil {
+		return nil, fmt.Errorf("unable to communicate with OIDC provider %s: %v",
+			config.Issuer,
+			err)
+	}
+
+	v := p.Verifier(&oidc.Config{
+		ClientID:          config.ClientID,
+		SkipClientIDCheck: config.SkipClientIDCheck,
+		SkipIssuerCheck:   config.SkipIssuerCheck,
+	})
+	return &OIDCAuthenticator{
+		url:           config.Issuer,
+		usernameClaim: config.UsernameClaim,
+		namespace:     config.Namespace,
+		provider:      p,
+		verifier:      v,
+	}, nil
+}
+
+// AuthenticateToken will verify the validity of the provided token with the OIDC
+func (o *OIDCAuthenticator) AuthenticateToken(ctx context.Context, rawtoken string) (*Claims, error) {
+	idToken, err := o.verifier.Verify(ctx, rawtoken)
+	if err != nil {
+		return nil, fmt.Errorf("token failed validation: %v", err)
+	}
+
+	// Check for required claims
+	var claims map[string]interface{}
+	if err := idToken.Claims(&claims); err != nil {
+		return nil, fmt.Errorf("unable to get claim map from token: %v", err)
+	}
+	for _, requiredClaim := range requiredClaims {
+		if _, ok := claims[requiredClaim]; !ok {
+			// Claim missing
+			return nil, fmt.Errorf("required claim %v missing from token", requiredClaim)
+		}
+	}
+
+	return o.parseClaims(claims)
+}
+
+// This will let us unit test this function without having a real OIDC
+func (o *OIDCAuthenticator) parseClaims(claims map[string]interface{}) (*Claims, error) {
+
+	// If we have namespace set, then use it to get custom claims:
+	if len(o.namespace) > 0 {
+		for _, cc := range customClaims {
+			// Check if there claims needed are under a namespace
+			if v, ok := claims[o.namespace+cc]; ok {
+				// Move it to the top of the json tree overwriting anything
+				// there with the same name.
+				claims[cc] = v
+			}
+		}
+	}
+
+	// Marshal into byte stream so that we can unmarshal into SDK Claims
+	cbytes, err := json.Marshal(claims)
+	if err != nil {
+		return nil, fmt.Errorf("internal error, unable to re-encode OIDC token claims: %v", err)
+	}
+
+	// Return claims
+	var sdkClaims Claims
+	if err := json.Unmarshal(cbytes, &sdkClaims); err != nil {
+		return nil, fmt.Errorf("unable to get claims from token: %v", err)
+	}
+	sdkClaims.UsernameClaim = o.usernameClaim
+	if err := sdkClaims.ValidateUsername(); err != nil {
+		return nil, err
+	}
+	return &sdkClaims, nil
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/Makefile b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/Makefile
new file mode 100644
index 0000000000..907e434ae4
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/Makefile
@@ -0,0 +1,23 @@
+PROTO_FILE = role.proto
+
+all: proto
+
+proto:
+	docker run \
+		--privileged --rm \
+		-v $(shell pwd):/go/src/code \
+		-e "GOPATH=/go" \
+		-e "DOCKER_PROTO=yes" \
+		-e "PROTO_USER=$(shell id -u)" \
+		-e "PROTO_GROUP=$(shell id -g)" \
+		-e "PATH=/bin:/usr/bin:/usr/local/bin:/go/bin:/usr/local/go/bin" \
+		quay.io/openstorage/grpc-framework:latest \
+			make docker-proto
+
+docker-proto:
+ifndef DOCKER_PROTO
+	$(error Do not run directly. Run 'make proto' instead.)
+endif
+	grpcfw $(PROTO_FILE)
+	grpcfw-doc $(PROTO_FILE)
+	rm -f role.swagger.json
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/default_roles.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/default_roles.go
new file mode 100644
index 0000000000..206673b5f8
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/default_roles.go
@@ -0,0 +1,56 @@
+/*
+Generic role manager
+Copyright 2022 Pure Storage
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package role
+
+const (
+	SystemAdminRoleName = "system.admin"
+	SystemGuestRoleName = "system.guest"
+)
+
+var (
+	// Roles are the default roles to load on system startup
+	// Should be prefixed by `system.` to avoid collisions
+	DefaultRoles = map[string]*Role{
+		// system:admin role can run any command
+		SystemAdminRoleName: &Role{
+			Rules: []*Rule{
+				&Rule{
+					Services: []string{"*"},
+					Apis:     []string{"*"},
+				},
+			},
+		},
+
+		// system:guest role is used for any unauthenticated user.
+		// They can only use standard volume lifecycle commands.
+		SystemGuestRoleName: &Role{
+			Rules: []*Rule{
+				&Rule{
+					Services: []string{"!*"},
+					Apis:     []string{"!*"},
+				},
+			},
+		},
+	}
+)
+
+// NewDefaultGenericRoleManager returns an RBAC API role manager
+// that supports only the roles as defined by DefaultRoles
+func NewDefaultGenericRoleManager() *GenericRoleManager {
+	return NewGenericRoleManager("", DefaultRoles)
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/generic_role_manager.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/generic_role_manager.go
new file mode 100644
index 0000000000..611822df46
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/generic_role_manager.go
@@ -0,0 +1,106 @@
+/*
+Generirc
+Copyright 2022 Pure Storage
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// For a full Role Manager example see github.com/libopenstorage/openstorage/pkg/role/sdkserviceapi.go
+
+package role
+
+import (
+	"context"
+	"fmt"
+
+	grpcutil "github.com/libopenstorage/grpc-framework/pkg/grpc/util"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+// GenericRoleManager contains roles to verify for RBAC
+type GenericRoleManager struct {
+	tag   string
+	roles map[string]*Role
+}
+
+// NewGenericRoleManager returns an RBAC API role manager
+// that supports only the roles as defined by roles.
+// `tag` is the tag in the service name. For example:
+// If the gRPC info.FullMethod is /openstorage.api.OpenStorage<service>/<method>
+// .   then the tag is "openstorage.api.OpenStorage".
+// This will make it possible to only use the "<service>" name in the Rule.Service for convenience.
+// If `tag` is "", then the info.FullMethod path must be provided in the Rule.Service
+func NewGenericRoleManager(tag string, roles map[string]*Role) *GenericRoleManager {
+	return &GenericRoleManager{
+		tag:   tag,
+		roles: roles,
+	}
+}
+
+// Verify determines if the role has access to `fullmethod`
+func (r *GenericRoleManager) Verify(ctx context.Context, roles []string, fullmethod string) error {
+
+	// Check all roles
+	for _, role := range roles {
+		if rbac, ok := r.roles[role]; ok {
+			if err := r.VerifyRules(rbac.Rules,
+				r.tag,
+				fullmethod); err == nil {
+				return nil
+			}
+		}
+	}
+
+	return status.Errorf(codes.PermissionDenied, "Access denied to roles: %+s", roles)
+}
+
+// VerifyRules checks if the rules authorize use of the API called `fullmethod`
+func (r *GenericRoleManager) VerifyRules(rules []*Rule, rootPath, fullmethod string) error {
+
+	reqService, reqApi := grpcutil.GetMethodInformation(rootPath, fullmethod)
+
+	// Look for denials first
+	for _, rule := range rules {
+		for _, service := range rule.Services {
+			// if the service is denied, then return here
+			if DenyRule(service, reqService) {
+				return fmt.Errorf("access denied to service by role")
+			}
+
+			// If there is a match to the service now check the apis
+			if MatchRule(service, reqService) {
+				for _, api := range rule.Apis {
+					if DenyRule(api, reqApi) {
+						return fmt.Errorf("access denied to api by role")
+					}
+				}
+			}
+		}
+	}
+
+	// Look for permissions
+	for _, rule := range rules {
+		for _, service := range rule.Services {
+			if MatchRule(service, reqService) {
+				for _, api := range rule.Apis {
+					if MatchRule(api, reqApi) {
+						return nil
+					}
+				}
+			}
+		}
+	}
+
+	return fmt.Errorf("no accessible rule to authorize access found")
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/match.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/match.go
new file mode 100644
index 0000000000..d90e763aad
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/match.go
@@ -0,0 +1,76 @@
+/*
+Package role manages roles in Kvdb and provides validation
+Copyright 2022 Pure Storage
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package role
+
+import "strings"
+
+const (
+	invalidChars = "/ "
+	negMatchChar = "!"
+)
+
+// Determines if the rules deny string s
+func DenyRule(rule, s string) bool {
+	if strings.HasPrefix(rule, negMatchChar) {
+		return MatchRule(strings.TrimSpace(strings.Join(strings.Split(rule, negMatchChar), "")), s)
+	}
+
+	return false
+}
+
+// Determines if the rules apply to string s
+// rule can be:
+// '*' - match all
+// '*xxx' - ends with xxx
+// 'xxx*' - starts with xxx
+// '*xxx*' - contains xxx
+func MatchRule(rule, s string) bool {
+	rule = strings.ToLower(rule)
+	s = strings.ToLower(s)
+	// no rule
+	rl := len(rule)
+	if rl == 0 {
+		return false
+	}
+
+	// '*xxx' || 'xxx*'
+	if rule[0:1] == "*" || rule[rl-1:rl] == "*" {
+		// get the matching string from the rule
+		match := strings.TrimSpace(strings.Join(strings.Split(rule, "*"), ""))
+
+		// '*' or '*******'
+		if len(match) == 0 {
+			return true
+		}
+
+		// '*xxx*'
+		if rule[0:1] == "*" && rule[rl-1:rl] == "*" {
+			return strings.Contains(s, match)
+		}
+
+		// '*xxx'
+		if rule[0:1] == "*" {
+			return strings.HasSuffix(s, match)
+		}
+
+		// 'xxx*'
+		return strings.HasPrefix(s, match)
+	}
+
+	// no wildcard stars given in rule
+	return rule == s
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/role.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/role.go
new file mode 100644
index 0000000000..5fb13feb1d
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/role.go
@@ -0,0 +1,29 @@
+/*
+Package role manages roles in Kvdb and provides validation
+Copyright 2018 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package role
+
+import (
+	"context"
+)
+
+// RoleManager provides an implementation of the SDK Role handler
+// and the necessary verification methods
+type RoleManager interface {
+	// Verify returns no error if the role exists and is allowed
+	// to run the requested method
+	Verify(ctx context.Context, roles []string, method string) error
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/role.pb.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/role.pb.go
new file mode 100644
index 0000000000..ca5f9294e5
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/role.pb.go
@@ -0,0 +1,292 @@
+/// Please use the following editor setup for this file:
+// Tab size=2; Tabs as spaces; Clean up trailing whitepsace
+//
+// In vim add: au FileType proto setl sw=2 ts=2 expandtab list
+//
+// In vscode install vscode-proto3 extension and add this to your settings.json:
+//    "[proto3]": {
+//        "editor.tabSize": 2,
+//        "editor.insertSpaces": true,
+//        "editor.rulers": [80],
+//        "editor.detectIndentation": true,
+//        "files.trimTrailingWhitespace": true
+//    }
+//
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.20.1
+// source: role.proto
+
+package role
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Rule is the message used to construct custom RBAC roles
+//
+// #### Format
+// The following shows the supported format for Rule:
+//
+// * Services: Is the gRPC service name in `[tag]<service name>` in lowercase
+// * Apis: Is the API name in the service in lowercase
+//
+// Values can also be set to `*`, or start or end with `*` to allow multiple matches in services or apis.
+//
+// Services and APIs can also be denied by prefixing the value with a `!`. Note that on rule conflicts,
+// denial will always be chosen.
+//
+// #### Examples
+//
+// * Allow any call:
+//
+// ```yaml
+// Rule:
+//   - Services: ["*"]
+//     Apis: ["*"]
+//
+// ```
+//
+// * Allow only cluster operations:
+//
+// ```yaml
+// Rule:
+//   - services: ["cluster"]
+//     apis: ["*"]
+//
+// ```
+//
+// * Allow inspection of any object and listings of only volumes
+//
+// ```yaml
+// Rule:
+//   - Services: ["volumes"]
+//     Apis: ["*enumerate*"]
+//   - Services: ["*"]
+//     Apis: ["inspect*"]
+//
+// ```
+//
+// * Allow all volume call except create
+//
+// ```yaml
+// Rule:
+//   - Services: ["volumes"]
+//     Apis: ["*", "!create"]
+//
+// ```
+type Rule struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The gRPC service name in `[tag]<service name>` in lowercase
+	Services []string `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"`
+	// The API name in the service in lowercase
+	Apis []string `protobuf:"bytes,2,rep,name=apis,proto3" json:"apis,omitempty"`
+}
+
+func (x *Rule) Reset() {
+	*x = Rule{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_role_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Rule) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Rule) ProtoMessage() {}
+
+func (x *Rule) ProtoReflect() protoreflect.Message {
+	mi := &file_role_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Rule.ProtoReflect.Descriptor instead.
+func (*Rule) Descriptor() ([]byte, []int) {
+	return file_role_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Rule) GetServices() []string {
+	if x != nil {
+		return x.Services
+	}
+	return nil
+}
+
+func (x *Rule) GetApis() []string {
+	if x != nil {
+		return x.Apis
+	}
+	return nil
+}
+
+type Role struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name  string  `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Rules []*Rule `protobuf:"bytes,2,rep,name=rules,proto3" json:"rules,omitempty"`
+}
+
+func (x *Role) Reset() {
+	*x = Role{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_role_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Role) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Role) ProtoMessage() {}
+
+func (x *Role) ProtoReflect() protoreflect.Message {
+	mi := &file_role_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Role.ProtoReflect.Descriptor instead.
+func (*Role) Descriptor() ([]byte, []int) {
+	return file_role_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *Role) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Role) GetRules() []*Rule {
+	if x != nil {
+		return x.Rules
+	}
+	return nil
+}
+
+var File_role_proto protoreflect.FileDescriptor
+
+var file_role_proto_rawDesc = []byte{
+	0x0a, 0x0a, 0x72, 0x6f, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x72, 0x6f,
+	0x6c, 0x65, 0x22, 0x36, 0x0a, 0x04, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65,
+	0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65,
+	0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x70, 0x69, 0x73, 0x18, 0x02,
+	0x20, 0x03, 0x28, 0x09, 0x52, 0x04, 0x61, 0x70, 0x69, 0x73, 0x22, 0x3c, 0x0a, 0x04, 0x52, 0x6f,
+	0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18,
+	0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x72, 0x6f, 0x6c, 0x65, 0x2e, 0x52, 0x75, 0x6c,
+	0x65, 0x52, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x42, 0x0d, 0x5a, 0x0b, 0x2e, 0x2f, 0x72, 0x6f,
+	0x6c, 0x65, 0x3b, 0x72, 0x6f, 0x6c, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_role_proto_rawDescOnce sync.Once
+	file_role_proto_rawDescData = file_role_proto_rawDesc
+)
+
+func file_role_proto_rawDescGZIP() []byte {
+	file_role_proto_rawDescOnce.Do(func() {
+		file_role_proto_rawDescData = protoimpl.X.CompressGZIP(file_role_proto_rawDescData)
+	})
+	return file_role_proto_rawDescData
+}
+
+var file_role_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_role_proto_goTypes = []interface{}{
+	(*Rule)(nil), // 0: role.Rule
+	(*Role)(nil), // 1: role.Role
+}
+var file_role_proto_depIdxs = []int32{
+	0, // 0: role.Role.rules:type_name -> role.Rule
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_role_proto_init() }
+func file_role_proto_init() {
+	if File_role_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_role_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Rule); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_role_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Role); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_role_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_role_proto_goTypes,
+		DependencyIndexes: file_role_proto_depIdxs,
+		MessageInfos:      file_role_proto_msgTypes,
+	}.Build()
+	File_role_proto = out.File
+	file_role_proto_rawDesc = nil
+	file_role_proto_goTypes = nil
+	file_role_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/role.pb.md b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/role.pb.md
new file mode 100644
index 0000000000..e72a29e86c
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/role.pb.md
@@ -0,0 +1,117 @@
+# gRPC API Reference
+
+## Contents
+
+
+
+- Messages
+    - [Role](#role)
+    - [Rule](#rule)
+  
+
+
+
+- [Scalar Value Types](#scalar-value-types)
+
+
+
+ <!-- end services -->
+
+## Messages
+
+
+### Role {#role}
+
+
+
+| Field | Type | Description |
+| ----- | ---- | ----------- |
+| name | [ string](#string) | none |
+| rules | [repeated Rule](#rule) | none |
+ <!-- end Fields -->
+ <!-- end HasFields -->
+
+
+### Rule {#rule}
+Rule is the message used to construct custom RBAC roles
+
+#### Format
+The following shows the supported format for Rule:
+
+* Services: Is the gRPC service name in `[tag]<service name>` in lowercase
+* Apis: Is the API name in the service in lowercase
+
+Values can also be set to `*`, or start or end with `*` to allow multiple matches in services or apis.
+
+Services and APIs can also be denied by prefixing the value with a `!`. Note that on rule conflicts,
+denial will always be chosen.
+
+#### Examples
+
+* Allow any call:
+
+```yaml
+Rule:
+  - Services: ["*"]
+    Apis: ["*"]
+```
+
+* Allow only cluster operations:
+
+```yaml
+Rule:
+  - services: ["cluster"]
+    apis: ["*"]
+```
+
+* Allow inspection of any object and listings of only volumes
+
+```yaml
+Rule:
+  - Services: ["volumes"]
+    Apis: ["*enumerate*"]
+  - Services: ["*"]
+    Apis: ["inspect*"]
+```
+
+* Allow all volume call except create
+
+```yaml
+Rule:
+  - Services: ["volumes"]
+    Apis: ["*", "!create"]
+```
+
+
+| Field | Type | Description |
+| ----- | ---- | ----------- |
+| services | [repeated string](#string) | The gRPC service name in `[tag]<service name>` in lowercase |
+| apis | [repeated string](#string) | The API name in the service in lowercase |
+ <!-- end Fields -->
+ <!-- end HasFields -->
+ <!-- end messages -->
+
+## Enums
+ <!-- end Enums -->
+ <!-- end Files -->
+
+## Scalar Value Types
+
+| .proto Type | Notes | C++ Type | Java Type | Python Type |
+| ----------- | ----- | -------- | --------- | ----------- |
+| <div><h4 id="double" /></div><a name="double" /> double |  | double | double | float |
+| <div><h4 id="float" /></div><a name="float" /> float |  | float | float | float |
+| <div><h4 id="int32" /></div><a name="int32" /> int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
+| <div><h4 id="int64" /></div><a name="int64" /> int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
+| <div><h4 id="uint32" /></div><a name="uint32" /> uint32 | Uses variable-length encoding. | uint32 | int | int/long |
+| <div><h4 id="uint64" /></div><a name="uint64" /> uint64 | Uses variable-length encoding. | uint64 | long | int/long |
+| <div><h4 id="sint32" /></div><a name="sint32" /> sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
+| <div><h4 id="sint64" /></div><a name="sint64" /> sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
+| <div><h4 id="fixed32" /></div><a name="fixed32" /> fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
+| <div><h4 id="fixed64" /></div><a name="fixed64" /> fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
+| <div><h4 id="sfixed32" /></div><a name="sfixed32" /> sfixed32 | Always four bytes. | int32 | int | int |
+| <div><h4 id="sfixed64" /></div><a name="sfixed64" /> sfixed64 | Always eight bytes. | int64 | long | int/long |
+| <div><h4 id="bool" /></div><a name="bool" /> bool |  | bool | boolean | boolean |
+| <div><h4 id="string" /></div><a name="string" /> string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
+| <div><h4 id="bytes" /></div><a name="bytes" /> bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |
+
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/role.proto b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/role.proto
new file mode 100644
index 0000000000..180d640614
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/role/role.proto
@@ -0,0 +1,81 @@
+/// Please use the following editor setup for this file:
+// Tab size=2; Tabs as spaces; Clean up trailing whitepsace
+//
+// In vim add: au FileType proto setl sw=2 ts=2 expandtab list
+//
+// In vscode install vscode-proto3 extension and add this to your settings.json:
+//    "[proto3]": {
+//        "editor.tabSize": 2,
+//        "editor.insertSpaces": true,
+//        "editor.rulers": [80],
+//        "editor.detectIndentation": true,
+//        "files.trimTrailingWhitespace": true
+//    }
+//
+syntax = "proto3";
+
+package role;
+
+option go_package = "./role;role";
+
+//
+// Rule is the message used to construct custom RBAC roles
+//
+// #### Format
+// The following shows the supported format for Rule:
+//
+// * Services: Is the gRPC service name in `[tag]<service name>` in lowercase
+// * Apis: Is the API name in the service in lowercase
+//
+// Values can also be set to `*`, or start or end with `*` to allow multiple matches in services or apis.
+//
+// Services and APIs can also be denied by prefixing the value with a `!`. Note that on rule conflicts,
+// denial will always be chosen.
+//
+// #### Examples
+//
+// * Allow any call:
+//
+// ```yaml
+// Rule:
+//   - Services: ["*"]
+//     Apis: ["*"]
+// ```
+//
+// * Allow only cluster operations:
+//
+// ```yaml
+// Rule:
+//   - services: ["cluster"]
+//     apis: ["*"]
+// ```
+//
+// * Allow inspection of any object and listings of only volumes
+//
+// ```yaml
+// Rule:
+//   - Services: ["volumes"]
+//     Apis: ["*enumerate*"]
+//   - Services: ["*"]
+//     Apis: ["inspect*"]
+// ```
+//
+// * Allow all volume call except create
+//
+// ```yaml
+// Rule:
+//   - Services: ["volumes"]
+//     Apis: ["*", "!create"]
+// ```
+//
+message Rule {
+  // The gRPC service name in `[tag]<service name>` in lowercase
+  repeated string services = 1;
+  // The API name in the service in lowercase
+  repeated string apis = 2;
+}
+
+message Role {
+  string name = 1;
+  repeated Rule rules = 2;
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/selfsigned.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/selfsigned.go
new file mode 100644
index 0000000000..24aaba7d12
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/selfsigned.go
@@ -0,0 +1,149 @@
+/*
+Copyright 2019 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package auth
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	jwt "github.com/golang-jwt/jwt/v4"
+)
+
+// JwtAuthConfig provides JwtAuthenticator the keys to validate the token
+type JwtAuthConfig struct {
+	// SharedSecret in byte array form
+	SharedSecret []byte
+	// RsaPublicPem is the contents of the RSA public key file
+	RsaPublicPem []byte
+	// ECDSPublicPem is the contents of the ECDS public key file
+	ECDSPublicPem []byte
+	// UsernameClaim has the location of the unique id for the user.
+	// If empty, "sub" will be used for the user name unique id.
+	UsernameClaim UsernameClaimType
+}
+
+// JwtAuthenticator definition. It contains the raw bytes of the keys and their
+// objects as returned by the Jwt package
+type JwtAuthenticator struct {
+	config          JwtAuthConfig
+	rsaKey          interface{}
+	ecdsKey         interface{}
+	sharedSecretKey interface{}
+	usernameClaim   UsernameClaimType
+}
+
+// New returns a JwtAuthenticator
+func NewJwtAuthenticator(config *JwtAuthConfig) (*JwtAuthenticator, error) {
+
+	if config == nil {
+		return nil, fmt.Errorf("must provide configuration")
+	}
+
+	// Check at least one is set
+	if len(config.SharedSecret) == 0 &&
+		len(config.RsaPublicPem) == 0 &&
+		len(config.ECDSPublicPem) == 0 {
+		return nil, fmt.Errorf("server was passed empty authentication information with no shared secret or pem files set")
+	}
+
+	authenticator := &JwtAuthenticator{
+		config:        *config,
+		usernameClaim: config.UsernameClaim,
+	}
+
+	var err error
+	if len(config.SharedSecret) != 0 {
+		authenticator.sharedSecretKey = config.SharedSecret
+	}
+	if len(config.RsaPublicPem) != 0 {
+		authenticator.rsaKey, err = jwt.ParseRSAPublicKeyFromPEM(config.RsaPublicPem)
+		if err != nil {
+			return nil, fmt.Errorf("unable to parse rsa public key: %w", err)
+		}
+	}
+	if len(config.ECDSPublicPem) != 0 {
+		authenticator.ecdsKey, err = jwt.ParseECPublicKeyFromPEM(config.ECDSPublicPem)
+		if err != nil {
+			return nil, fmt.Errorf("unable to parse ecds public key: %w", err)
+		}
+	}
+
+	return authenticator, nil
+}
+
+// AuthenticateToken determines if a token is valid and if it is, returns
+// the information in the claims.
+func (j *JwtAuthenticator) AuthenticateToken(ctx context.Context, rawtoken string) (*Claims, error) {
+
+	// Parse token
+	token, err := jwt.Parse(rawtoken, func(token *jwt.Token) (interface{}, error) {
+
+		// Verify Method
+		if strings.HasPrefix(token.Method.Alg(), "RS") {
+			// RS256, RS384, or RS512
+			return j.rsaKey, nil
+		} else if strings.HasPrefix(token.Method.Alg(), "ES") {
+			// ES256, ES384, or ES512
+			return j.ecdsKey, nil
+		} else if strings.HasPrefix(token.Method.Alg(), "HS") {
+			// HS256, HS384, or HS512
+			return j.sharedSecretKey, nil
+		}
+		return nil, fmt.Errorf("unknown token algorithm: %s", token.Method.Alg())
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	if !token.Valid {
+		return nil, fmt.Errorf("token failed validation")
+	}
+
+	// Get claims
+	claims, ok := token.Claims.(jwt.MapClaims)
+	if claims == nil || !ok {
+		return nil, fmt.Errorf("no claims found in token")
+	}
+
+	// Check for required claims
+	for _, requiredClaim := range requiredClaims {
+		if _, ok := claims[requiredClaim]; !ok {
+			// Claim missing
+			return nil, fmt.Errorf("required claim %v missing from token", requiredClaim)
+		}
+	}
+
+	// Token now has been verified.
+	// Claims holds all the authorization information.
+	// Here we need to first decode it then unmarshal it from JSON
+	parts := strings.Split(token.Raw, ".")
+	claimBytes, err := jwt.DecodeSegment(parts[1])
+	if err != nil {
+		return nil, fmt.Errorf("failed to decode claims: %w", err)
+	}
+	var sdkClaims Claims
+	err = json.Unmarshal(claimBytes, &sdkClaims)
+	if err != nil {
+		return nil, fmt.Errorf("unable to get claims: %w", err)
+	}
+	sdkClaims.UsernameClaim = j.usernameClaim
+	if err := sdkClaims.ValidateUsername(); err != nil {
+		return nil, err
+	}
+	return &sdkClaims, nil
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/signature.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/signature.go
new file mode 100644
index 0000000000..445b103aac
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/signature.go
@@ -0,0 +1,75 @@
+/*
+Copyright 2018 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package auth
+
+import (
+	"fmt"
+	"io/ioutil"
+
+	jwt "github.com/golang-jwt/jwt/v4"
+)
+
+// Signature describes the signature type using definitions from
+// the jwt package
+type Signature struct {
+	Type jwt.SigningMethod
+	Key  interface{}
+}
+
+func NewSignatureSharedSecret(secret string) (*Signature, error) {
+	return &Signature{
+		Key:  []byte(secret),
+		Type: jwt.SigningMethodHS256,
+	}, nil
+}
+
+func NewSignatureRSAFromFile(filename string) (*Signature, error) {
+	pem, err := ioutil.ReadFile(filename)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to read RSA file: %v", err)
+	}
+	return NewSignatureRSA(pem)
+}
+
+func NewSignatureRSA(pem []byte) (*Signature, error) {
+	var err error
+	signature := &Signature{}
+	signature.Key, err = jwt.ParseRSAPrivateKeyFromPEM(pem)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to parse RSA file: %v", err)
+	}
+	signature.Type = jwt.SigningMethodRS256
+	return signature, nil
+}
+
+func NewSignatureECDSAFromFile(filename string) (*Signature, error) {
+	pem, err := ioutil.ReadFile(filename)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to read ECDSA file: %v", err)
+	}
+	return NewSignatureECDSA(pem)
+}
+
+func NewSignatureECDSA(pem []byte) (*Signature, error) {
+	var err error
+	signature := &Signature{}
+	signature.Key, err = jwt.ParseECPrivateKeyFromPEM(pem)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to parse ECDSA file: %v", err)
+	}
+	signature.Type = jwt.SigningMethodES256
+	return signature, nil
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/token.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/token.go
new file mode 100644
index 0000000000..60517e57ac
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/token.go
@@ -0,0 +1,122 @@
+/*
+Copyright 2018 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package auth
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"time"
+
+	jwt "github.com/golang-jwt/jwt/v4"
+	"github.com/grpc-ecosystem/go-grpc-middleware/util/metautils"
+)
+
+const (
+	authorizationHeader = "authorization"
+)
+
+// Options provide any options to apply to the token
+type Options struct {
+	// Expiration time in Unix format as per JWT standard
+	Expiration int64
+
+	// IATSubtract is the time duration you would like to remove from
+	// the token IAT (Issue At Time). This is useful as a guard against
+	// NTP drift within a cluster. Without this option, your token may
+	// be denied due to the IAT being greater than the current time.
+	IATSubtract time.Duration
+}
+
+// TokenClaims returns the claims for the raw JWT token.
+func TokenClaims(rawtoken string) (*Claims, error) {
+	parts := strings.Split(rawtoken, ".")
+
+	// There are supposed to be three parts for the token
+	if len(parts) < 3 {
+		return nil, fmt.Errorf("Token is invalid: %v", rawtoken)
+	}
+
+	// Access claims in the token
+	claimBytes, err := jwt.DecodeSegment(parts[1])
+	if err != nil {
+		return nil, fmt.Errorf("Failed to decode claims: %v", err)
+	}
+	var claims *Claims
+
+	// Unmarshal claims
+	err = json.Unmarshal(claimBytes, &claims)
+	if err != nil {
+		return nil, fmt.Errorf("Unable to get information from the claims in the token: %v", err)
+	}
+
+	return claims, nil
+}
+
+// TokenIssuer returns the issuer for the raw JWT token.
+func TokenIssuer(rawtoken string) (string, error) {
+	claims, err := TokenClaims(rawtoken)
+	if err != nil {
+		return "", err
+	}
+
+	// Return issuer
+	if len(claims.Issuer) != 0 {
+		return claims.Issuer, nil
+	} else {
+		return "", fmt.Errorf("Issuer was not specified in the token")
+	}
+}
+
+// IsJwtToken returns true if the provided string is a valid jwt token
+func IsJwtToken(authstring string) bool {
+	_, _, err := new(jwt.Parser).ParseUnverified(authstring, jwt.MapClaims{})
+	return err == nil
+}
+
+// Token returns a signed JWT containing the claims provided
+func Token(
+	claims *Claims,
+	signature *Signature,
+	options *Options,
+) (string, error) {
+
+	mapclaims := jwt.MapClaims{
+		"sub":   claims.Subject,
+		"iss":   claims.Issuer,
+		"email": claims.Email,
+		"name":  claims.Name,
+		"roles": claims.Roles,
+		"iat":   time.Now().Add(-options.IATSubtract).Unix(),
+		"exp":   options.Expiration,
+		"aud":   claims.Audience,
+	}
+	if claims.Groups != nil {
+		mapclaims["groups"] = claims.Groups
+	}
+	token := jwt.NewWithClaims(signature.Type, mapclaims)
+	signedtoken, err := token.SignedString(signature.Key)
+	if err != nil {
+		return "", err
+	}
+
+	return signedtoken, nil
+}
+
+func IsGuest(ctx context.Context) bool {
+	return metautils.ExtractIncoming(ctx).Get(authorizationHeader) == ""
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/tokengenerator.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/tokengenerator.go
new file mode 100644
index 0000000000..3e272fa67e
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/tokengenerator.go
@@ -0,0 +1,59 @@
+/*
+Copyright 2019 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package auth
+
+import (
+	"fmt"
+)
+
+// TokenGenerator allows for the creation of tokens
+type TokenGenerator interface {
+	// GetToken returns a token which can be used for
+	// authentication and communication from node to node.
+	GetToken(opts *Options) (string, error)
+
+	// Issuer returns the token issuer for this generator necessary
+	// for registering the authenticator in the SDK.
+	Issuer() string
+
+	// GetAuthenticator returns an authenticator for this issuer used by the SDK
+	GetAuthenticator() (Authenticator, error)
+}
+
+var errAuthDisabled = fmt.Errorf("No authentication set")
+
+// Default no auth
+type noauth struct{}
+
+// NoAuth returns the default no auth implementation
+func NoAuth() *noauth {
+	return &noauth{}
+}
+
+// Check for interface implementation
+var _ TokenGenerator = &noauth{}
+
+func (na *noauth) Issuer() string {
+	return ""
+}
+
+func (na *noauth) GetAuthenticator() (Authenticator, error) {
+	return nil, errAuthDisabled
+}
+
+func (na *noauth) GetToken(opts *Options) (string, error) {
+	return "", nil
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/userinfo.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/userinfo.go
new file mode 100644
index 0000000000..2a3274e589
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/auth/userinfo.go
@@ -0,0 +1,69 @@
+/*
+Package auth can be used for authentication and authorization
+Copyright 2019 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package auth
+
+import (
+	"context"
+)
+
+// Keys to store data in gRPC context. Use these keys to retrieve
+// the data from the gRPC context
+type InterceptorContextkey string
+
+const (
+	// Key to store in the token claims in gRPC context
+	InterceptorContextTokenKey InterceptorContextkey = "tokenclaims"
+)
+
+// UserInfo contains information about the user taken from the token
+type UserInfo struct {
+	// Username is the unique id of the user. According to the configuration of
+	// the storage system, this could be the 'sub', 'name', or 'email' from
+	// the claims in the token.
+	Username string
+	// Claims holds the claims required by the storage system
+	Claims Claims
+	// Guest marks whether the user is unauthenticated
+	Guest bool
+}
+
+// ContextSaveUserInfo saves user information in the context for other functions to consume
+func ContextSaveUserInfo(ctx context.Context, u *UserInfo) context.Context {
+	return context.WithValue(ctx, InterceptorContextTokenKey, u)
+}
+
+// NewUserInfoFromContext returns user information in the context if available.
+// If not available means that the system is running without auth.
+func NewUserInfoFromContext(ctx context.Context) (*UserInfo, bool) {
+	u, ok := ctx.Value(InterceptorContextTokenKey).(*UserInfo)
+	return u, ok
+}
+
+// NewGuestUser creates UserInfo for the system guest user
+func NewGuestUser() *UserInfo {
+	return &UserInfo{
+		Claims: Claims{
+			Roles: []string{systemGuestRoleName},
+		},
+		Guest: true,
+	}
+}
+
+// IsGuest returns whether or not the UserInfo is for a guest user
+func (ui *UserInfo) IsGuest() bool {
+	return ui.Guest
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/correlation/README.md b/vendor/github.com/libopenstorage/grpc-framework/pkg/correlation/README.md
new file mode 100644
index 0000000000..678d0642e8
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/correlation/README.md
@@ -0,0 +1,122 @@
+## Correlation logging instructions
+
+There are three ways for using this package. All methods will result in a correlation ID being 
+added to the log lines. Each method may make sense in different scenarios. We've provided
+all three methods as they can be used interchangeably depending on the developers preference. 
+
+Currently, a correlation context is created as part of a gRPC interceptor for the following openstorage packages:
+- The CSI Driver (/csi)
+- The SDK Server (/api/server/sdk)
+
+### Method 1: Per-package correlation logger
+This method is nice if a package maintainer wants to register a global 
+logging hook at a per-package level. This is nice as you only need to
+create the logger once per package. However, each log line can be quite
+verbose as you must provide WithContext(ctx)
+
+File 1:
+
+```go
+package example
+
+var (
+    clogger := correlation.NewPackageLogger("test")
+)
+	
+func testFunc(ctx context.Context ) {
+    ctx := correlation.WithCorrelationContext(ctx, "source-component")
+
+    clogger.WithContext(ctx).Info("test info log 1")
+    testFuncTwo(ctx)
+}
+```
+
+File 2:
+
+```go
+package example
+
+func testFuncTwo(ctx context.Context) {
+    clogger.WithContext(ctx).Info("test info log 2")
+}
+```
+
+### Method 2: Per-function correlation logger
+This method is great for reducing the amount of count needed per-line, 
+as you do not need to pass in the context at every log line. However,
+you must remember to instantiate the logger at every function.
+
+```go
+package example
+
+func init() {
+    // RegisterComponent registers the package where this function was called from
+    // as a given component name.
+    correlation.RegisterComponent("example-package")
+}
+
+func testFunc() {
+    ctx := correlation.WithCorrelationContext(context.Background(), "test_origin")
+    clogger := correlation.NewFunctionLogger(ctx)
+
+    clogger.Info("test info log 1")
+    testFuncTwo(ctx)
+}
+
+func testFuncTwo(ctx context.Context) {
+    clogger := correlation.NewFunctionLogger(ctx)
+
+    clogger.Info("test info log")
+}
+```
+
+### Method 3: Global correlation logging hook
+This is a nice catch-all for covering packages where a
+package-level or function-level logger is not created. To mark certain packages as 
+a component, call `RegisterComponent` from a given package. Each 
+log line in this package will have the registered component added. If a package 
+is not registered as a component, we'll find the component based on the package.
+
+In main.go, first we should register the global hook:
+
+```go
+package main
+
+init() {
+    // RegisterGlobalHook will register the correlation logging
+    // hook at a global/multi-package level. Note that this is not
+    // component-aware and it is better to use NewFunctionLogger
+    // or NewPackageLogger for logging.
+    correlation.RegisterGlobalHook()
+
+    // RegisterComponent registers the package where this function was called from
+    // as a given component name.
+    correlation.RegisterComponent("main")
+}
+
+func main() {
+    ...
+}
+```
+
+In every other package, we can register components as we see fit.
+
+This will help add extra context in our log lines for those who are unfamiliar with our codebase. 
+For example, if a support engineer sees many log line failures with "csi-driver" component,
+they'll know who to contact regarding that failure.
+
+The following example shows how a helper package can be registered as a component:
+
+```go
+package example
+
+func init() {
+    // RegisterComponent registers the package where this function was called from
+    // as a given component name.
+    correlation.RegisterComponent("example-package")
+}
+
+func TestFuncTwo(ctx context.Context) {
+    logrus.WithContext(ctx).Info("test info log 2")
+}
+```
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/correlation/context.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/correlation/context.go
new file mode 100644
index 0000000000..7de929ac2c
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/correlation/context.go
@@ -0,0 +1,117 @@
+/*
+Copyright 2022 Pure Storage
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package correlation
+
+import (
+	"context"
+
+	"github.com/pborman/uuid"
+	"google.golang.org/grpc/metadata"
+)
+
+// Component represents a control plane component for
+// correlating requests
+type Component string
+
+// contextKeyType represents a key for interacting with the
+// corrleation context request object
+type contextKeyType string
+
+const (
+	// ContextKey represents the key for storing and retrieving
+	// the correlation context in a context.Context object.
+	ContextKey = contextKeyType("correlation-context")
+
+	// ContextIDKey represents the key for the correlation ID
+	ContextIDKey = "correlation-context-id"
+
+	// ContextOriginKey represents the key for the correlation origin
+	ContextOriginKey = "correlation-context-origin"
+
+	ComponentUnknown  = Component("unknown")
+	ComponentGrpcFw   = Component("grpc-framework/server")
+	ComponentGrpcAuth = Component("grpc-framdwork/pkg/auth")
+)
+
+// RequestContext represents the context for a given a request.
+// A request represents a single action received from an SDK
+// user, container orchestrator, or any other request.
+type RequestContext struct {
+	// ID is a randomly generated UUID per requst
+	ID string
+
+	// Origin is the starting point for this request.
+	// Examples may include any of the following:
+	// pxctl, pxc, kubernetes, CSI, SDK, etc
+	Origin Component
+}
+
+// WithCorrelationContext returns a new correlation context object
+func WithCorrelationContext(ctx context.Context, origin Component) context.Context {
+	if v := ctx.Value(ContextKey); v == nil {
+		requestContext := &RequestContext{
+			ID:     uuid.New(),
+			Origin: origin,
+		}
+		ctx = context.WithValue(ctx, ContextKey, requestContext)
+	}
+
+	return ctx
+}
+
+// TODO is an alias for context.TODO(), specifically
+// for keeping track of areas where we might want to add
+// the correlation context.
+func TODO() context.Context {
+	return context.TODO()
+}
+
+// RequestContextFromContextValue returns the request context from a context value
+func RequestContextFromContextValue(ctx context.Context) *RequestContext {
+	contextKeyValue := ctx.Value(ContextKey)
+	rc, ok := contextKeyValue.(*RequestContext)
+	if !ok {
+		return &RequestContext{}
+	}
+
+	return rc
+}
+
+// RequestContextFromContextMetadata returns a new request context from a metadata object
+func RequestContextFromContextMetadata(md metadata.MD) *RequestContext {
+	rc := &RequestContext{}
+	if len(md[ContextIDKey]) > 0 {
+		rc.ID = md[ContextIDKey][0]
+	}
+	if len(md[ContextOriginKey]) > 0 {
+		rc.Origin = Component(md[ContextOriginKey][0])
+	}
+
+	return rc
+}
+
+// AsMap returns the request context as a map
+func (rc *RequestContext) AsMap() map[string]string {
+	m := make(map[string]string)
+	if rc.ID != "" {
+		m[ContextIDKey] = rc.ID
+	}
+	if rc.Origin != "" {
+		m[ContextOriginKey] = string(rc.Origin)
+	}
+
+	return m
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/correlation/hook.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/correlation/hook.go
new file mode 100644
index 0000000000..04513aee6f
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/correlation/hook.go
@@ -0,0 +1,187 @@
+/*
+Copyright 2021 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package correlation
+
+import (
+	"context"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"sync"
+
+	"github.com/sirupsen/logrus"
+)
+
+type LogHook struct {
+	Component       Component
+	FunctionContext context.Context
+}
+
+var _ logrus.Hook = &LogHook{}
+
+// components a map of package directories to Component name
+// this mapping is used to populate the component log field.
+// Each package can register itself as a component.
+var (
+	components = make(map[string]Component)
+	mu         sync.Mutex
+)
+
+const (
+	// LogFieldID represents a logging field for IDs
+	LogFieldID = "correlation-id"
+	// LogFieldID represents a logging field for the request origin
+	LogFieldOrigin = "origin"
+	// LogFieldComponent represents a logging field for control plane component.
+	// This is typically set per-package and allows you see which component
+	// the log originated from.
+	LogFieldComponent = "component"
+)
+
+// Levels describes which levels this logrus hook
+// should run with.
+func (lh *LogHook) Levels() []logrus.Level {
+	return logrus.AllLevels
+}
+
+// Fire is used to add correlation context info in each log line
+func (lh *LogHook) Fire(entry *logrus.Entry) error {
+	// Default to tne entry context. This is populated
+	// by logrus.WithContext.Infof(...)
+	ctx := entry.Context
+	if ctx == nil && lh.FunctionContext != nil {
+		// If WithContext is not provided, and a function context
+		// is provided, use that context.
+		ctx = lh.FunctionContext
+	}
+
+	// If a context has been found, we will populate the correlation info
+	if ctx != nil {
+		ctxKeyValue := ctx.Value(ContextKey)
+		if ctxKeyValue == nil {
+			// Return without error as we not always add the correlation context
+			return nil
+		}
+
+		correlationContext, ok := ctxKeyValue.(*RequestContext)
+		if !ok {
+			return nil
+		}
+
+		entry.Data[LogFieldID] = correlationContext.ID
+		entry.Data[LogFieldOrigin] = correlationContext.Origin
+	}
+
+	// Add component when provided as a hook
+	if len(lh.Component) > 0 {
+		entry.Data[LogFieldComponent] = lh.Component
+	} else if entry.HasCaller() {
+		// Discover the component based on which package directories have
+		// been registered as hooks
+		dir := filepath.Dir(entry.Caller.File)
+		if comp, ok := components[dir]; ok {
+			entry.Data[LogFieldComponent] = comp
+		} else {
+			// If component is not registered or provided, we
+			// can add more context by looking at the caller dir
+			entry.Data[LogFieldComponent] = getLocalPackage(dir)
+		}
+
+	}
+
+	if entry.HasCaller() {
+		// always clear caller metadata. We don't want to log the entire file/function
+		entry.Caller.File = filepath.Base(entry.Caller.File)
+		entry.Caller.Function = ""
+	}
+
+	return nil
+}
+
+// NewPackageLogger creates a package-level logger for a given component
+func NewPackageLogger(component Component) *logrus.Logger {
+	clogger := logrus.New()
+	clogger.AddHook(&LogHook{
+		Component: component,
+	})
+
+	return clogger
+}
+
+// NewFunctionLogger creates a logger for usage at a per-function level
+// For example, this logger can be instantiated inside of a function with a given
+// context object. As logs are printed, they will automatically include the correlation
+// context info.
+func NewFunctionLogger(ctx context.Context) *logrus.Logger {
+	clogger := logrus.New()
+	clogger.AddHook(&LogHook{
+		FunctionContext: ctx,
+	})
+
+	return clogger
+}
+
+// RegisterGlobalHook will register the correlation logging
+// hook at a global/multi-package level per-program.
+func RegisterGlobalHook() {
+	logrus.AddHook(&LogHook{})
+
+	// Setting report caller allows for us to detect the component based on
+	// the package where logrus was called from.
+	logrus.SetReportCaller(true)
+}
+
+// RegisterComponent registers the package where this function was called from
+// as a given component name. This should be done once per package where you want
+// explicitly name the component for this package. Otherwise, we will detect
+// the component based on package directory.
+func RegisterComponent(component Component) {
+	_, file, _, ok := runtime.Caller(1)
+	if !ok {
+		logrus.Errorf("failed to register component")
+	}
+	registerFileAsComponent(file, component)
+}
+
+func registerFileAsComponent(file string, component Component) {
+	mu.Lock()
+	defer mu.Unlock()
+	components[filepath.Dir(file)] = component
+}
+
+// takes a directory in a go path and returns the local package.
+// i.e. /go/src/github.com/libopenstorage/openstorage/pkg/correlation
+// will return openstorage/pkg/correlation
+func getLocalPackage(dir string) string {
+	parts := strings.Split(dir, "/")
+	var githubIndex int
+	for i, d := range parts {
+		// This will work for both imported versions of this
+		// as well as in openstorage itself, since we'll always
+		// keep track of the last index for "github" in the path
+		if d == "github.com" {
+			githubIndex = i
+		}
+	}
+
+	// From /go/src/github.com/libopenstorage/openstorage/pkg/correlation
+	// Need this                             /openstorage/pkg/correlation
+	// From /go/src/github.com/a/b/vendor/github.com/libopenstorage/openstorage/pkg/correlation
+	// Need this                             					   /openstorage/pkg/correlation
+	localIndex := githubIndex + 2
+
+	return strings.Join(parts[localIndex:], "/")
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/correlation/interceptor.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/correlation/interceptor.go
new file mode 100644
index 0000000000..331abc7606
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/correlation/interceptor.go
@@ -0,0 +1,81 @@
+/*
+Copyright 2021 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package correlation
+
+import (
+	"context"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/metadata"
+
+	"github.com/libopenstorage/grpc-framework/pkg/grpc/client"
+)
+
+// ContextInterceptor represents a correlation interceptor
+type ContextInterceptor struct {
+	Origin Component
+}
+
+// ContextUnaryServerInterceptor creates a gRPC interceptor for adding
+// correlation ID to each request
+func (ci *ContextInterceptor) ContextUnaryServerInterceptor(
+	ctx context.Context,
+	req interface{},
+	info *grpc.UnaryServerInfo,
+	handler grpc.UnaryHandler,
+) (interface{}, error) {
+	md, ok := metadata.FromIncomingContext(ctx)
+	if ok {
+		// Get request context from gRPC metadata
+		rc := RequestContextFromContextMetadata(md)
+
+		// Only add to context if an ID exists
+		if len(rc.ID) > 0 {
+			ctx = context.WithValue(ctx, ContextKey, rc)
+		}
+	}
+	ctx = WithCorrelationContext(ctx, ci.Origin)
+
+	return handler(ctx, req)
+}
+
+// ContextUnaryClientInterceptor creates a gRPC interceptor for adding
+// correlation ID to each request
+func ContextUnaryClientInterceptor(
+	ctx context.Context,
+	method string,
+	req, reply interface{},
+	cc *grpc.ClientConn,
+	invoker grpc.UnaryInvoker,
+	opts ...grpc.CallOption,
+) error {
+	// Create new metadata from request context in context
+	newContextMap := RequestContextFromContextValue(ctx).AsMap()
+	newContextMD := metadata.New(newContextMap)
+
+	// Get existing metadata if exists and join with new one
+	existingMD, ok := metadata.FromOutgoingContext(ctx)
+	if ok {
+		newContextMD = metadata.Join(newContextMD, existingMD)
+	}
+	ctx = metadata.NewOutgoingContext(ctx, newContextMD)
+
+	return invoker(ctx, method, req, reply, cc, opts...)
+}
+
+func DialOptionsAddCorrelation(dialOptions []grpc.DialOption) []grpc.DialOption {
+	return client.DialOptionsAdd(dialOptions, grpc.WithUnaryInterceptor(ContextUnaryClientInterceptor))
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/grpc/client/client.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/grpc/client/client.go
new file mode 100644
index 0000000000..2d092b6e8b
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/grpc/client/client.go
@@ -0,0 +1,66 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package client
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"net/url"
+	"time"
+
+	"google.golang.org/grpc"
+)
+
+var (
+	DefaultConnectionTimeout = 1 * time.Minute
+)
+
+// Connect to address by grpc
+func Connect(address string, dialOptions []grpc.DialOption) (*grpc.ClientConn, error) {
+	return ConnectWithTimeout(address, dialOptions, DefaultConnectionTimeout)
+}
+
+// ConnectWithTimeout to address by grpc with timeout
+func ConnectWithTimeout(address string, dialOptions []grpc.DialOption, timeout time.Duration) (*grpc.ClientConn, error) {
+	u, err := url.Parse(address)
+	if err == nil {
+		// Check if host just has an IP
+		if u.Scheme == "unix" ||
+			(!u.IsAbs() && net.ParseIP(address) == nil) {
+			dialOptions = append(dialOptions,
+				grpc.WithDialer(
+					func(addr string, timeout time.Duration) (net.Conn, error) {
+						return net.DialTimeout("unix", u.Path, timeout)
+					}))
+		}
+	}
+
+	dialOptions = append(dialOptions,
+		grpc.WithBackoffMaxDelay(time.Second),
+		grpc.WithBlock(),
+	)
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	conn, err := grpc.DialContext(ctx, address, dialOptions...)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to connect gRPC server %s: %v", address, err)
+	}
+
+	return conn, nil
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/grpc/client/dialoptions.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/grpc/client/dialoptions.go
new file mode 100644
index 0000000000..3049af1ec6
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/grpc/client/dialoptions.go
@@ -0,0 +1,52 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package client
+
+import (
+	"crypto/x509"
+	"fmt"
+
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+)
+
+// GetTlsDialOptions returns the appropriate gRPC dial options to connect to a gRPC server over TLS.
+// If caCertData is nil then it will use the CA from the host.
+func GetTlsDialOptions(caCertData []byte) ([]grpc.DialOption, error) {
+	// Read the provided CA cert from the user
+	capool, err := x509.SystemCertPool()
+	if err != nil || capool == nil {
+		logrus.Warnf("cannot load system root certificates: %v", err)
+		capool = x509.NewCertPool()
+	}
+
+	// If user provided CA cert, then append it to systemCertPool.
+	if len(caCertData) != 0 {
+		if !capool.AppendCertsFromPEM(caCertData) {
+			return nil, fmt.Errorf("cannot parse CA certificate")
+		}
+	}
+
+	dialOptions := []grpc.DialOption{
+		grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(capool, "")),
+	}
+	return dialOptions, nil
+}
+
+func DialOptionsAdd(dialOptions []grpc.DialOption, o ...grpc.DialOption) []grpc.DialOption {
+	return append(dialOptions, o...)
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/grpc/server/grpcserver.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/grpc/server/grpcserver.go
new file mode 100644
index 0000000000..fdb5dfec93
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/grpc/server/grpcserver.go
@@ -0,0 +1,173 @@
+/*
+Package grpcserver is a generic gRPC server manager
+Copyright 2018 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package server
+
+import (
+	"fmt"
+	"net"
+	"sync"
+
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/reflection"
+)
+
+// GrpcServerConfig provides the configuration to the
+// the gRPC server created by NewGrpcServer()
+type GrpcServerConfig struct {
+	Name    string
+	Net     string
+	Address string
+	Opts    []grpc.ServerOption
+}
+
+// GrpcServer is a server manager for gRPC implementations
+type GrpcServer struct {
+	name     string
+	listener net.Listener
+	server   *grpc.Server
+	wg       sync.WaitGroup
+	running  bool
+	lock     sync.Mutex
+	opts     []grpc.ServerOption
+}
+
+// New creates a gRPC server on the specified port and transport.
+func New(config *GrpcServerConfig) (*GrpcServer, error) {
+	if nil == config {
+		return nil, fmt.Errorf("Configuration must be provided")
+	}
+	if len(config.Name) == 0 {
+		return nil, fmt.Errorf("Name of server must be provided")
+	}
+	if len(config.Address) == 0 {
+		return nil, fmt.Errorf("Address must be provided")
+	}
+	if len(config.Net) == 0 {
+		return nil, fmt.Errorf("Net must be provided")
+	}
+
+	l, err := net.Listen(config.Net, config.Address)
+	if err != nil {
+		return nil, fmt.Errorf("Unable to setup server: %s", err.Error())
+	}
+
+	return &GrpcServer{
+		name:     config.Name,
+		listener: l,
+		opts:     config.Opts,
+	}, nil
+}
+
+// Start is used to start the server.
+// It will return an error if the server is already runnig.
+func (s *GrpcServer) Start(register func(grpcServer *grpc.Server)) error {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	if s.running {
+		return fmt.Errorf("Server already running")
+	}
+
+	s.server = grpc.NewServer(s.opts...)
+	register(s.server)
+
+	// Start listening for requests
+	s.startGrpcService()
+	return nil
+}
+
+// StartWithServer is used to start the server.
+// It will return an error if the server is already runnig.
+func (s *GrpcServer) StartWithServer(server func() *grpc.Server) error {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	if server == nil {
+		return fmt.Errorf("Server function has not been defined")
+	}
+
+	if s.running {
+		return fmt.Errorf("Server already running")
+	}
+
+	s.server = server()
+
+	// Start listening for requests
+	s.startGrpcService()
+	return nil
+}
+
+// Lock must have been taken
+func (s *GrpcServer) startGrpcService() {
+	// Start listening for requests
+	reflection.Register(s.server)
+	logrus.Infof("%s gRPC Server ready on %s", s.name, s.Address())
+	waitForServer := make(chan bool)
+	s.goServe(waitForServer)
+	<-waitForServer
+	s.running = true
+}
+
+// Stop is used to stop the gRPC server.
+// It can be called multiple times. It does nothing if the server
+// has already been stopped.
+func (s *GrpcServer) Stop() {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	if !s.running {
+		return
+	}
+
+	s.server.Stop()
+	s.wg.Wait()
+	s.running = false
+}
+
+// Address returns the address of the server which can be
+// used by clients to connect.
+func (s *GrpcServer) Address() string {
+	return s.listener.Addr().String()
+}
+
+// IsRunning returns true if the server is currently running
+func (s *GrpcServer) IsRunning() bool {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	return s.running
+}
+
+// Listener returns the listener used for this gRPC server
+func (s *GrpcServer) Listener() net.Listener {
+	return s.listener
+}
+
+func (s *GrpcServer) goServe(started chan<- bool) {
+	s.wg.Add(1)
+	go func() {
+		defer s.wg.Done()
+		started <- true
+		err := s.server.Serve(s.listener)
+		if err != nil {
+			logrus.Fatalf("ERROR: Unable to start %s gRPC server: %s\n",
+				s.name,
+				err.Error())
+		}
+	}()
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/grpc/server/server.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/grpc/server/server.go
new file mode 100644
index 0000000000..2d189b4385
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/grpc/server/server.go
@@ -0,0 +1,33 @@
+/*
+Package grpcserver is a generic gRPC server manager
+Copyright 2018 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package server
+
+// Server is an interface to a gRPC server which provides an implementation
+// of an exported gRPC interface
+type Server interface {
+	// Start the server. If called on a running server it will return an error.
+	Start() error
+
+	// Stop the server. If called on a stopped server it will have no effect
+	Stop()
+
+	// IsRunning tell the caller if the server is currently running
+	IsRunning() bool
+
+	// Address returns the address used by clients to connect to the server
+	Address() string
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/grpc/util/info.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/grpc/util/info.go
new file mode 100644
index 0000000000..4bd176f45e
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/grpc/util/info.go
@@ -0,0 +1,42 @@
+/*
+Copyright 2022 Pure Storage
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import "strings"
+
+// GetMethodInformation returns the service and API of a gRPC fullmethod string.
+// For example, if the full method is:
+//
+//	/openstorage.api.OpenStorage<service>/<method>
+//
+// Then, to extract the service and api we would call it as follows:
+//
+//	s, a := GetMethodInformation("openstorage.api.OpenStorage", info.FullMethod)
+//	   where info.FullMethod comes from the gRPC interceptor
+func GetMethodInformation(constPath, fullmethod string) (service, api string) {
+	parts := strings.Split(fullmethod, "/")
+
+	if len(parts) > 1 {
+		service = strings.TrimPrefix(strings.ToLower(parts[1]), strings.ToLower(constPath))
+	}
+
+	if len(parts) > 2 {
+		api = strings.ToLower(parts[2])
+	}
+
+	return service, api
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/util/errors.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/util/errors.go
new file mode 100644
index 0000000000..17320d6ce8
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/util/errors.go
@@ -0,0 +1,40 @@
+/*
+Copyright 2019 Portworx
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package util
+
+import (
+	"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+// IsErrorNotFound returns if the given error is due to not found
+func IsErrorNotFound(err error) bool {
+	return FromError(err).Code() == codes.NotFound
+}
+
+func FromError(err error) *status.Status {
+	// From github.com/grpc-ecosystem/grpc-gateway/runtime/errors.go
+	s, ok := status.FromError(err)
+	if !ok {
+		s = status.New(codes.Unknown, err.Error())
+	}
+
+	return s
+}
+
+func HTTPStatusFromSdkError(err error) int {
+	return runtime.HTTPStatusFromCode(FromError(err).Code())
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/util/log.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/util/log.go
new file mode 100644
index 0000000000..fb113377c9
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/util/log.go
@@ -0,0 +1,30 @@
+/*
+Copyright 2022 Pure Storage
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"fmt"
+	"os"
+)
+
+func OpenLog(logfile string) (*os.File, error) {
+	file, err := os.OpenFile(logfile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
+	if err != nil {
+		return nil, fmt.Errorf("Unable to open logfile %s: %v", logfile, err)
+	}
+	return file, nil
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/pkg/util/sigint.go b/vendor/github.com/libopenstorage/grpc-framework/pkg/util/sigint.go
new file mode 100644
index 0000000000..38ad9d0288
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/pkg/util/sigint.go
@@ -0,0 +1,87 @@
+/*
+Copyright © 2022 Pure Storage
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"fmt"
+	"os"
+	"os/signal"
+	"sync"
+	"syscall"
+
+	"github.com/sirupsen/logrus"
+)
+
+type SigIntManager struct {
+	handler func()
+	done    chan bool
+	wg      sync.WaitGroup
+	lock    sync.Mutex
+	running bool
+}
+
+func NewSigIntManager(handler func()) *SigIntManager {
+	return &SigIntManager{
+		handler: handler,
+		done:    make(chan bool, 1),
+	}
+}
+
+func (s *SigIntManager) Start() error {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	if s.running {
+		return fmt.Errorf("already running a signal handler")
+	}
+
+	var startwg sync.WaitGroup
+	signalch := make(chan os.Signal, 1)
+	signal.Notify(signalch, os.Interrupt, os.Kill, syscall.SIGINT, syscall.SIGTERM)
+	startwg.Add(1)
+	s.wg.Add(1)
+	go func() {
+		startwg.Done()
+		select {
+		case <-signalch:
+			logrus.Info("Ctrl-C captured...")
+			s.handler()
+		case <-s.done:
+			logrus.Debug("Closing Ctrl-C capturing function")
+		}
+		s.wg.Done()
+	}()
+	startwg.Wait()
+
+	s.running = true
+	return nil
+}
+
+func (s *SigIntManager) Stop() error {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	if !s.running {
+		return nil
+	}
+
+	s.done <- true
+	s.wg.Wait()
+	s.running = false
+
+	return nil
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/server/external_authorizer.go b/vendor/github.com/libopenstorage/grpc-framework/server/external_authorizer.go
new file mode 100644
index 0000000000..c668e85ef4
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/server/external_authorizer.go
@@ -0,0 +1,165 @@
+package server
+
+import (
+	"context"
+	"reflect"
+
+	"github.com/libopenstorage/grpc-framework/pkg/auth"
+	"github.com/libopenstorage/grpc-framework/pkg/correlation"
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+// ExternalAuthZChecker is a caller-supplied function that is invoked by this framework to perform an authZ check.
+// Returns true if the request is allowed. Otherwise, returns false.
+type ExternalAuthZChecker func(ctx context.Context, authZReq ExternalAuthZRequest) (bool, error)
+
+// ExternalAuthZRequest contains data required to perform authorization via an external authorizer e.g. OPA.
+// The concrete type of this request is specific to the external authorizer. gRPC API handlers return this value
+// to indicate which objects/operations authZ check is to be performed against. The value is then passed
+// to the specified AuthZChecker function which understands the concrete type of this value.
+type ExternalAuthZRequest interface{}
+
+// InsecureNoAuthNAuthZ is returned by the API handlers that wish to skip authN and authZ checks.
+const InsecureNoAuthNAuthZ = "insecureNoAuthNAuthZ"
+
+// InsecureNoAuthZ is returned by the API handlers that want to skip authZ but require that
+// the user be an authenticated user. No guests.
+const InsecureNoAuthZ = "insecureNoAuthZ"
+
+// Type of the key that stores handler data in gRPC context.
+type externalAuthorizerContextKey string
+
+// HandlerData is optionally returned by the API handlers that wish to stash data in the context for later retrieval.
+// This is useful to avoid duplicating (in the handler) the work previously done when performing an authZ check.
+type HandlerData interface{}
+
+const (
+	// Key to store api handler's data in gRPC context
+	handlerData externalAuthorizerContextKey = "handlerdata"
+)
+
+// contextSaveHandlerData saves handler-specific data in the context. This allows handler to stash result of
+// work done during GetAuthZRequest() and retrieve it later when the handler is invoked after authZ check passes.
+// This avoids duplicate work.
+func contextSaveHandlerData(ctx context.Context, data interface{}) context.Context {
+	return context.WithValue(ctx, handlerData, data)
+}
+
+// ContextGetHandlerData returns handler data that was stashed in the context by
+// authZ interceptor. Returns nil if no data was found.
+func ContextGetHandlerData(ctx context.Context) interface{} {
+	return ctx.Value(handlerData)
+}
+
+// ExternalAuthZRequestGetter must be implemented by all gRPC services that use the external authorizer.
+type ExternalAuthZRequestGetter interface {
+	// GetAuthZRequest is invoked by the authZ interceptor before performing an authZ check.
+	// Returns an auth request that will be passed to ExternalAuthZChecker function to authorize
+	// the specified input API request. Optionally, returns handler-data to be stashed in the context
+	// for the later retrieval by the handler. The first return param can have following special values:
+	// - Return InsecureNoAuthNAuthZ to skip both authN and authZ completely.
+	// - Return InsecureNoAuthZ to perform just an authN check for a specific request and skip authZ check.
+	// Such insecure requests must also be whilelisted in insecureNoAuthNAuthZReqs or insecureNoAuthZReqs params.
+	// ExternalAuthZChecker function is not invoked for the insecure requests.
+	GetAuthZRequest(ctx context.Context, fullPath string, request interface{}) (ExternalAuthZRequest, HandlerData, error)
+}
+
+// externalAuthorizerUnaryInterceptor returns authZ interceptor for unary gRPCs. It calls the specified authZChecker
+// for the services that need authZ checks to be performed. Services must implement ExternalAuthZRequestGetter interface.
+func (s *GrpcFrameworkServer) externalAuthorizerUnaryInterceptor(
+	authZChecker ExternalAuthZChecker,
+	insecureNoAuthNAuthZReqs []interface{},
+	insecureNoAuthZReqs []interface{},
+) grpc.UnaryServerInterceptor {
+	return func(
+		ctx context.Context, apiRequest interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler,
+	) (interface{}, error) {
+		// Audit log
+		log := correlation.NewFunctionLogger(ctx)
+		log.Out = s.auditLogOutput
+		auditLogErrorf := func(c codes.Code, format string, a ...interface{}) error {
+			log.WithContext(ctx).WithFields(logrus.Fields{
+				"method": "externalAuthorizerUnaryInterceptor",
+				"code":   c.String(),
+			}).Warningf(format, a...)
+			return status.Errorf(c, "external authorization failed")
+		}
+		// do we have an authenticated user?
+		userAuthenticated := false
+		if userInfo, found := auth.NewUserInfoFromContext(ctx); found && !userInfo.Guest {
+			userAuthenticated = true
+		}
+		authZReqGetter, ok := info.Server.(ExternalAuthZRequestGetter)
+		if !ok {
+			return nil, auditLogErrorf(codes.Internal, "%T does not implement authZ request getter", info.Server)
+		}
+		authZReq, handlerData, err := authZReqGetter.GetAuthZRequest(ctx, info.FullMethod, apiRequest)
+		if err != nil {
+			st, ok := status.FromError(err)
+			if ok {
+				log.WithContext(ctx).WithFields(logrus.Fields{
+					"method": "externalAuthorizerUnaryInterceptor",
+					"code":   st.Code().String(),
+				}).Warningf("failed to get authZ request, status: %v", err.Error())
+				return nil, err
+			}
+			return nil, auditLogErrorf(codes.Internal, "failed to get authZ request: %v", err)
+		}
+		switch authZReq {
+		case InsecureNoAuthNAuthZ:
+			// skip authN and authZ as long as the request type exists in our list
+			if !s.listContainsReqType(insecureNoAuthNAuthZReqs, apiRequest) {
+				return nil, auditLogErrorf(codes.Internal, "req %T absent in skip authN and authZ list", apiRequest)
+			}
+		case InsecureNoAuthZ:
+			if !s.listContainsReqType(insecureNoAuthZReqs, apiRequest) {
+				return nil, auditLogErrorf(codes.Internal, "req %T absent in skip authZ list", apiRequest)
+			}
+			// any authenticated user is allowed
+			if !userAuthenticated {
+				return nil, auditLogErrorf(codes.Unauthenticated, "authentication creds not found")
+			}
+		default:
+			if !userAuthenticated {
+				return nil, auditLogErrorf(codes.Unauthenticated, "authentication creds not found")
+			}
+			// perform authZ check
+			allow, err := authZChecker(ctx, authZReq)
+			if err != nil {
+				return nil, auditLogErrorf(codes.Internal, "failed to check authZ: %v", err)
+			}
+			if !allow {
+				return nil, auditLogErrorf(codes.PermissionDenied, "access denied")
+			}
+		}
+		newCtx := contextSaveHandlerData(ctx, handlerData)
+		return handler(newCtx, apiRequest)
+	}
+}
+
+func (s *GrpcFrameworkServer) externalAuthorizerStreamInterceptor(
+	authZChecker ExternalAuthZChecker,
+	insecureNoAuthNAuthZReqs []interface{},
+	insecureNoAuthZReqs []interface{},
+) grpc.StreamServerInterceptor {
+	return func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
+		// TODO: perform auth Z check; then call the handler commented out below
+		return status.Errorf(
+			codes.PermissionDenied,
+			"External authorizer not implemented for stream APIs")
+
+		// return handler(srv, ss)
+	}
+}
+
+func (s *GrpcFrameworkServer) listContainsReqType(list []interface{}, req interface{}) bool {
+	for _, r := range list {
+		if reflect.TypeOf(r) == reflect.TypeOf(req) {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/server/grpc_framework_server.go b/vendor/github.com/libopenstorage/grpc-framework/server/grpc_framework_server.go
new file mode 100644
index 0000000000..9a412baa64
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/server/grpc_framework_server.go
@@ -0,0 +1,275 @@
+/*
+Copyright 2022 Pure Storage
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package server
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"sync"
+
+	"github.com/libopenstorage/grpc-framework/pkg/auth/role"
+	"github.com/libopenstorage/grpc-framework/pkg/correlation"
+	grpcserver "github.com/libopenstorage/grpc-framework/pkg/grpc/server"
+
+	"github.com/sirupsen/logrus"
+
+	grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
+	grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth"
+	grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/status"
+	"google.golang.org/grpc/tap"
+)
+
+type GrpcFrameworkServer struct {
+	*grpcserver.GrpcServer
+
+	lock   sync.RWMutex
+	name   string
+	config ServerConfig
+
+	// Loggers
+	log             *logrus.Entry
+	auditLogOutput  io.Writer
+	accessLogOutput io.Writer
+
+	roleServer role.RoleManager
+}
+
+// New creates a new gRPC server for the gRPC framework
+func NewGrpcFrameworkServer(config *ServerConfig) (*GrpcFrameworkServer, error) {
+	if nil == config {
+		return nil, fmt.Errorf("configuration must be provided")
+	}
+
+	// Default to tcp
+	if len(config.Net) == 0 {
+		config.Net = "tcp"
+	}
+
+	// Create a log object for this server
+	name := "grpc-framework-" + config.Net
+	log := logrus.WithFields(logrus.Fields{
+		"name": name,
+	})
+
+	// Setup authentication
+
+	// Check the necessary security config options are set. Authentication is enabled. Therefore,
+	// either RoleManager must be provided (this implies use of the default authZ)
+	// or explicit authZ interceptors must be provided
+	// or external authZ checker must be provided (this implies use of external_authorizer.go)
+	if config.Security.Authenticators != nil && config.Security.Role == nil &&
+		(config.AuthZUnaryInterceptor == nil || config.AuthZStreamInterceptor == nil) &&
+		config.ExternalAuthZChecker == nil {
+		return nil, fmt.Errorf("must supply role manager when authentication is enabled and default authZ is used")
+	}
+	for issuer := range config.Security.Authenticators {
+		log.Infof("Authentication enabled for issuer: %s", issuer)
+	}
+
+	// Create gRPC server
+	gServer, err := grpcserver.New(&grpcserver.GrpcServerConfig{
+		Name:    name,
+		Net:     config.Net,
+		Address: config.Address,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("unable to setup %s server: %v", name, err)
+	}
+
+	s := &GrpcFrameworkServer{
+		GrpcServer:      gServer,
+		accessLogOutput: config.AccessOutput,
+		auditLogOutput:  config.AuditOutput,
+		roleServer:      config.Security.Role,
+		config:          *config,
+		name:            name,
+		log:             log,
+	}
+	return s, nil
+}
+
+// Start is used to start the server.
+// It will return an error if the server is already running.
+func (s *GrpcFrameworkServer) Start() error {
+
+	// Setup https if certs have been provided
+	opts := s.config.ServerOptions
+	if s.config.Net != "unix" && s.config.Security.Tls != nil {
+		creds, err := credentials.NewServerTLSFromFile(
+			s.config.Security.Tls.CertFile,
+			s.config.Security.Tls.KeyFile)
+		if err != nil {
+			return fmt.Errorf("failed to create credentials from cert files: %v", err)
+		}
+		opts = append(opts, grpc.Creds(creds))
+		s.log.Info("TLS enabled")
+	} else {
+		s.log.Info("TLS disabled")
+	}
+
+	// Add correlation interceptor
+	correlationInterceptor := correlation.ContextInterceptor{
+		Origin: correlation.ComponentGrpcFw,
+	}
+
+	// Set up unary interceptors
+	unaryInterceptors := []grpc.UnaryServerInterceptor{
+		s.rwlockUnaryIntercepter,
+		correlationInterceptor.ContextUnaryServerInterceptor,
+	}
+
+	// use caller's authN interceptor if provided
+	if s.config.AuthNUnaryInterceptor != nil {
+		unaryInterceptors = append(unaryInterceptors, s.config.AuthNUnaryInterceptor)
+	} else if s.config.Security.Authenticators != nil {
+		// use the default authN interceptor
+		unaryInterceptors = append(unaryInterceptors, grpc_auth.UnaryServerInterceptor(s.auth))
+	}
+
+	// use caller's authZ interceptor if provided
+	if s.config.AuthZUnaryInterceptor != nil {
+		// use caller's authZ interceptor as-is
+		unaryInterceptors = append(unaryInterceptors, s.config.AuthZUnaryInterceptor)
+	} else if s.config.ExternalAuthZChecker != nil {
+		// plug the caller-supplied authChecker into our external authorizer framework
+		unaryInterceptors = append(unaryInterceptors, s.externalAuthorizerUnaryInterceptor(
+			s.config.ExternalAuthZChecker, s.config.InsecureNoAuthNAuthZReqs, s.config.InsecureNoAuthZReqs))
+	} else if s.config.Security.Authenticators != nil {
+		// use our default authZ interceptor
+		unaryInterceptors = append(unaryInterceptors, s.authorizationServerUnaryInterceptor)
+	}
+
+	// append remaining default unary interceptors
+	unaryInterceptors = append(unaryInterceptors, []grpc.UnaryServerInterceptor{
+		s.loggerServerUnaryInterceptor,
+		grpc_prometheus.UnaryServerInterceptor,
+	}...)
+
+	// Set up stream interceptors
+	streamInterceptors := []grpc.StreamServerInterceptor{
+		s.rwlockStreamIntercepter,
+	}
+
+	// use caller's authN interceptor if provided
+	if s.config.AuthNStreamInterceptor != nil {
+		streamInterceptors = append(streamInterceptors, s.config.AuthNStreamInterceptor)
+	} else if s.config.Security.Authenticators != nil {
+		// use the default authN interceptor
+		streamInterceptors = append(streamInterceptors, grpc_auth.StreamServerInterceptor(s.auth))
+	}
+
+	// use caller's authZ interceptor if provided
+	if s.config.AuthZStreamInterceptor != nil {
+		// use caller's authZ interceptor as-is
+		streamInterceptors = append(streamInterceptors, s.config.AuthZStreamInterceptor)
+	} else if s.config.ExternalAuthZChecker != nil {
+		// plug the caller-supplied authChecker into our external authorizer interceptor
+		streamInterceptors = append(streamInterceptors, s.externalAuthorizerStreamInterceptor(
+			s.config.ExternalAuthZChecker, s.config.InsecureNoAuthNAuthZReqs, s.config.InsecureNoAuthZReqs))
+	} else if s.config.Security.Authenticators != nil {
+		// use our default authZ interceptor
+		streamInterceptors = append(streamInterceptors, s.authorizationServerStreamInterceptor)
+	}
+
+	// append remaining default stream interceptors
+	streamInterceptors = append(streamInterceptors, []grpc.StreamServerInterceptor{
+		s.loggerServerStreamInterceptor,
+		grpc_prometheus.StreamServerInterceptor,
+	}...)
+
+	// Append other custom interceptors to the end of the chain
+	unaryInterceptors = append(unaryInterceptors, s.config.UnaryServerInterceptors...)
+	streamInterceptors = append(streamInterceptors, s.config.StreamServerInterceptors...)
+
+	opts = append(opts, grpc.UnaryInterceptor(
+		grpc_middleware.ChainUnaryServer(unaryInterceptors...),
+	))
+	opts = append(opts, grpc.StreamInterceptor(
+		grpc_middleware.ChainStreamServer(streamInterceptors...),
+	))
+
+	// Determine if we should add rate limiters
+	if s.config.RateLimiters.RateLimiter != nil || s.config.RateLimiters.RateLimiterPerUser != nil {
+		opts = append(opts, grpc.InTapHandle(s.rateLimiter))
+	}
+
+	// Start the gRPC Server
+	err := s.GrpcServer.StartWithServer(func() *grpc.Server {
+		grpcServer := grpc.NewServer(opts...)
+
+		// Register gRPC Handlers
+		for _, ext := range s.config.GrpcServerExtensions {
+			ext(grpcServer)
+		}
+
+		// Register stats for all the services
+		s.registerPrometheusMetrics(grpcServer)
+
+		return grpcServer
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (s *GrpcFrameworkServer) registerPrometheusMetrics(grpcServer *grpc.Server) {
+	// Register the gRPCs and enable latency historgram
+	grpc_prometheus.Register(grpcServer)
+	grpc_prometheus.EnableHandlingTimeHistogram()
+
+	// Initialize the metrics
+	grpcMetrics := grpc_prometheus.NewServerMetrics()
+	grpcMetrics.InitializeMetrics(grpcServer)
+}
+
+func (s *GrpcFrameworkServer) transactionStart() {
+	s.lock.Lock()
+}
+
+func (s *GrpcFrameworkServer) transactionEnd() {
+	s.lock.Unlock()
+}
+
+func (s *GrpcFrameworkServer) globalLimiterAllow() bool {
+	// Check if there is no limiter. If none, allow all
+	if s.config.RateLimiters.RateLimiter == nil {
+		return true
+	}
+	return s.config.RateLimiters.RateLimiter.Allow()
+}
+
+func (s *GrpcFrameworkServer) rateLimiter(
+	ctx context.Context,
+	info *tap.Info,
+) (context.Context, error) {
+
+	// Check global limiter
+	if !s.globalLimiterAllow() {
+		return nil, status.Error(codes.ResourceExhausted, "resources for clients exhausted")
+	}
+
+	// Check per user limiter
+	// XXX TODO
+
+	return ctx, nil
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/server/ratelimiter.go b/vendor/github.com/libopenstorage/grpc-framework/server/ratelimiter.go
new file mode 100644
index 0000000000..399fc7c6f1
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/server/ratelimiter.go
@@ -0,0 +1,22 @@
+/*
+Copyright 2022 Pure Storage
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package server
+
+// RateLimiter provides an interace which can be executed using
+// golang.org/x/time/rate.Limter or a customer Limiter
+type RateLimiter interface {
+	Allow() bool
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/server/rest_gateway.go b/vendor/github.com/libopenstorage/grpc-framework/server/rest_gateway.go
new file mode 100644
index 0000000000..5dad2e47c8
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/server/rest_gateway.go
@@ -0,0 +1,165 @@
+/*
+Copyright 2022 Pure Storage
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package server
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
+	"github.com/rs/cors"
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc"
+
+	"github.com/libopenstorage/grpc-framework/pkg/correlation"
+	grpcclient "github.com/libopenstorage/grpc-framework/pkg/grpc/client"
+)
+
+type RestGateway struct {
+	config     ServerConfig
+	grpcServer *GrpcFrameworkServer
+	server     *http.Server
+}
+
+func NewRestGateway(config *ServerConfig, grpcServer *GrpcFrameworkServer) (*RestGateway, error) {
+	return &RestGateway{
+		config:     *config,
+		grpcServer: grpcServer,
+	}, nil
+}
+
+func (s *RestGateway) Start() error {
+	mux, err := s.restServerSetupHandlers()
+	if err != nil {
+		return err
+	}
+
+	// Create object here so that we can access its Close receiver.
+	address := ":" + s.config.RestConfig.Port
+	s.server = &http.Server{
+		Addr:    address,
+		Handler: mux,
+	}
+
+	ready := make(chan bool)
+	go func() {
+		ready <- true
+		var err error
+		if s.config.Security.Tls != nil {
+			err = s.server.ListenAndServeTLS(s.config.Security.Tls.CertFile, s.config.Security.Tls.KeyFile)
+		} else {
+			err = s.server.ListenAndServe()
+		}
+
+		if err == http.ErrServerClosed || err == nil {
+			return
+		} else {
+			logrus.Fatalf("Unable to start REST gRPC Gateway: %s\n",
+				err.Error())
+		}
+	}()
+	<-ready
+	logrus.Infof("gRPC REST Gateway started on port :%s", s.config.RestConfig.Port)
+
+	return nil
+}
+
+func (s *RestGateway) Stop() {
+	if err := s.server.Close(); err != nil {
+		logrus.Fatalf("REST GW STOP error: %v", err)
+	}
+}
+
+// restServerSetupHandlers sets up the handlers to the swagger ui and
+// to the gRPC REST Gateway.
+func (s *RestGateway) restServerSetupHandlers() (http.Handler, error) {
+
+	// Create an HTTP server router
+	mux := http.NewServeMux()
+
+	// Swagger files using packr
+	/* Packr on swagger
+
+	swaggerUIBox := packr.NewBox("./swagger-ui")
+	swaggerJSONBox := packr.NewBox("./api")
+	mime.AddExtensionType(".svg", "image/svg+xml")
+
+	// Handler to return swagger.json
+	mux.HandleFunc("/swagger.json", func(w http.ResponseWriter, r *http.Request) {
+		w.Write(swaggerJSONBox.Bytes("api.swagger.json"))
+	})
+
+	// Handler to access the swagger ui. The UI pulls the swagger
+	// json file from /swagger.json
+	// The link below MUST have th last '/'. It is really important.
+	// This link is deprecated
+	prefix := "/swagger-ui/"
+	mux.Handle(prefix,
+		http.StripPrefix(prefix, http.FileServer(swaggerUIBox)))
+	// This is the new location
+	prefix = "/sdk/"
+	mux.Handle(prefix,
+		http.StripPrefix(prefix, http.FileServer(swaggerUIBox)))
+	*/
+
+	if s.config.RestConfig.PrometheusConfig.Enabled {
+		if s.config.RestConfig.PrometheusConfig.Path == "" {
+			logrus.Warn("REST Prometheus path missing; skipping")
+		} else {
+			mux.Handle(s.config.RestConfig.PrometheusConfig.Path, promhttp.Handler())
+		}
+	}
+
+	// Create a router just for HTTP REST gRPC Server Gateway
+	gmux := runtime.NewServeMux()
+
+	// Connect to gRPC unix domain socket
+	conn, err := grpcclient.Connect(
+		s.grpcServer.Address(),
+		[]grpc.DialOption{
+			grpc.WithInsecure(),
+			grpc.WithUnaryInterceptor(correlation.ContextUnaryClientInterceptor),
+		})
+	if err != nil {
+		return nil, fmt.Errorf("Failed to connect to gRPC handler: %v", err)
+	}
+
+	// Register the REST Gateway handlers
+	for _, handler := range s.config.RestServerExtensions {
+		err := handler(context.Background(), gmux, conn)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// Pass all other unhandled paths to the gRPC gateway
+	mux.Handle("/", gmux)
+
+	// Enable cors
+	if s.config.RestConfig.CorsOptions.Enabled {
+		if s.config.RestConfig.CorsOptions.CustomOptions == nil {
+			logrus.Warn("REST Cors configuration missing; skipping")
+		} else {
+			c := cors.New(*s.config.RestConfig.CorsOptions.CustomOptions)
+			cmux := c.Handler(mux)
+			return cmux, nil
+		}
+	}
+
+	return mux, nil
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/server/server.go b/vendor/github.com/libopenstorage/grpc-framework/server/server.go
new file mode 100644
index 0000000000..162bd7eed9
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/server/server.go
@@ -0,0 +1,207 @@
+/*
+Copyright 2018 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package server
+
+import (
+	"fmt"
+	"net"
+	"os"
+
+	grpcserver "github.com/libopenstorage/grpc-framework/pkg/grpc/server"
+	"github.com/libopenstorage/grpc-framework/pkg/util"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	// Default audig log location
+	defaultAuditLog = "grpc-framework-audit.log"
+	// Default access log location
+	defaultAccessLog = "grpc-framework-access.log"
+)
+
+// Server is an implementation of the gRPC SDK interface
+type Server struct {
+	config      ServerConfig
+	netServer   *GrpcFrameworkServer
+	udsServer   *GrpcFrameworkServer
+	restGateway *RestGateway
+	grpcPort    string
+
+	accessLog *os.File
+	auditLog  *os.File
+}
+
+type logger struct {
+	log *logrus.Entry
+}
+
+// Interface check
+var _ grpcserver.Server = &GrpcFrameworkServer{}
+
+// New creates a new SDK server
+func New(config *ServerConfig) (*Server, error) {
+
+	if config == nil {
+		return nil, fmt.Errorf("must provide configuration")
+	}
+
+	// If no security set, initialize the object as empty
+	if config.Security == nil {
+		config.Security = &SecurityConfig{}
+	}
+
+	// Check if the socket is provided to enable the REST gateway to communicate
+	// to the unix domain socket
+	if len(config.RestConfig.Port) != 0 && len(config.Socket) == 0 {
+		return nil, fmt.Errorf("must provide unix domain socket for REST server to communicate with gRPC server")
+	}
+
+	// Set default log locations
+	var (
+		accessLog, auditLog *os.File
+		err                 error
+	)
+	if config.AuditOutput == nil {
+		auditLog, err = util.OpenLog(defaultAuditLog)
+		if err != nil {
+			return nil, err
+		}
+		config.AuditOutput = auditLog
+	}
+	if config.AccessOutput == nil {
+		accessLog, err := util.OpenLog(defaultAccessLog)
+		if err != nil {
+			return nil, err
+		}
+		config.AccessOutput = accessLog
+	}
+
+	_, port, err := net.SplitHostPort(config.Address)
+	if err != nil {
+		logrus.Warnf("grpc-framework Address NOT in host:port format, failed to get port %v", err.Error())
+	}
+
+	// Create a gRPC server on the network
+	netServer, err := NewGrpcFrameworkServer(config)
+	if err != nil {
+		return nil, err
+	}
+
+	// Create a gRPC server on a unix domain socket
+	var udsServer *GrpcFrameworkServer
+	if config.Net != "unix" && config.Socket != "" {
+		udsConfig := *config
+		udsConfig.Net = "unix"
+		udsConfig.Address = config.Socket
+		udsServer, err = NewGrpcFrameworkServer(&udsConfig)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// Create REST Gateway and connect it to the unix domain socket server
+	var restGateway *RestGateway
+	if config.RestConfig.Enabled {
+		restGateway, err = NewRestGateway(config, udsServer)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return &Server{
+		config:      *config,
+		netServer:   netServer,
+		udsServer:   udsServer,
+		restGateway: restGateway,
+		auditLog:    auditLog,
+		accessLog:   accessLog,
+		grpcPort:    port,
+	}, nil
+}
+
+// Start all servers
+func (s *Server) Start() error {
+	if s.netServer != nil {
+		if err := s.netServer.Start(); err != nil {
+			return err
+		}
+	}
+	if s.udsServer != nil {
+		if err := s.udsServer.Start(); err != nil {
+			s.Stop()
+			return err
+		}
+
+	}
+	if s.restGateway != nil {
+		if err := s.restGateway.Start(); err != nil {
+			s.Stop()
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (s *Server) Stop() {
+	if s.netServer != nil {
+		s.netServer.Stop()
+	}
+	if s.udsServer != nil {
+		s.udsServer.Stop()
+	}
+	if s.restGateway != nil {
+		s.restGateway.Stop()
+	}
+	if s.accessLog != nil {
+		s.accessLog.Close()
+	}
+	if s.auditLog != nil {
+		s.auditLog.Close()
+	}
+}
+
+func (s *Server) Address() string {
+	return s.netServer.Address()
+}
+
+func (s *Server) UdsAddress() string {
+	return s.udsServer.Address()
+}
+
+func (s *Server) GrpcPort() string {
+	return s.grpcPort
+}
+
+func (s *Server) RestPort() string {
+	return s.config.RestConfig.Port
+}
+
+func (s *Server) Transaction(f func() error) error {
+	if f == nil {
+		return fmt.Errorf("no stransaction provided")
+	}
+	if s.netServer != nil {
+		s.netServer.transactionStart()
+		defer s.netServer.transactionEnd()
+	}
+	if s.udsServer != nil {
+		s.udsServer.transactionStart()
+		defer s.udsServer.transactionEnd()
+	}
+
+	return f()
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/server/server_config.go b/vendor/github.com/libopenstorage/grpc-framework/server/server_config.go
new file mode 100644
index 0000000000..c34250e44b
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/server/server_config.go
@@ -0,0 +1,315 @@
+/*
+Package server is the gRPC implementation of the SDK gRPC server
+Copyright 2018 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package server
+
+import (
+	"context"
+	"io"
+
+	"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
+	"github.com/libopenstorage/grpc-framework/pkg/auth"
+	"github.com/libopenstorage/grpc-framework/pkg/auth/role"
+	"github.com/rs/cors"
+	"golang.org/x/time/rate"
+	"google.golang.org/grpc"
+)
+
+// TLSConfig points to the cert files needed for HTTPS
+type TLSConfig struct {
+	// CertFile is the path to the cert file
+	CertFile string
+	// KeyFile is the path to the key file
+	KeyFile string
+}
+
+// SecurityConfig provides configuration for SDK auth
+type SecurityConfig struct {
+	// Role implementation
+	Role role.RoleManager
+	// Tls configuration
+	Tls *TLSConfig
+	// Authenticators is a map of Authenticators by issuer which is key in the map.
+	// If there are multiple authenticators with the same issuer (e.g. using different
+	// client IDs), use NewIteratingMultiAuthenticator or NewMultiAuthenticatorByClientID and
+	// then, add the returned multi-authenticator to this map.
+	Authenticators map[string]auth.Authenticator
+}
+
+type RestServerPrometheusConfig struct {
+	Enabled bool
+
+	// Defaults to `/metrics` if not provided
+	Path string
+}
+
+type RestServerCorsConfig struct {
+	Enabled bool
+
+	// If not set, the framework will set up the cors
+	CustomOptions *cors.Options
+}
+
+type RestServerConfig struct {
+	Enabled          bool
+	Port             string
+	CorsOptions      RestServerCorsConfig
+	PrometheusConfig RestServerPrometheusConfig
+}
+
+type RateLimiterConfig struct {
+	RateLimiter        RateLimiter
+	RateLimiterPerUser RateLimiter
+}
+
+// ServerConfig provides the configuration to the SDK server
+type ServerConfig struct {
+	// Name of the server
+	Name string
+	// Net is the transport for gRPC: unix, tcp, etc.
+	// Defaults to `tcp` if the value is not provided.
+	Net string
+	// Address is the port number or the unix domain socket path.
+	// For the gRPC Server. This value goes together with `Net`.
+	Address string
+	// REST server configuration
+	RestConfig RestServerConfig
+	// Unix domain socket for local communication. This socket
+	// will be used by the REST Gateway to communicate with the gRPC server.
+	// Only set for testing. Having a '%s' can be supported to use the
+	// name of the driver as the driver name.
+	Socket string
+	// (optional) Location for audit log.
+	// If not provided, it will go to /var/log/openstorage-audit.log
+	AuditOutput io.Writer
+	// (optional) Location of access log.
+	// This is useful when authorization is not running.
+	// If not provided, it will go to /var/log/grpc-framework-access.log
+	AccessOutput io.Writer
+	// Security configuration
+	Security *SecurityConfig
+	// RateLimiters provide caller with the ability to setup rate limits for
+	// the gRPC server
+	RateLimiters RateLimiterConfig
+	// ServerExtensions allows you to extend the SDK gRPC server
+	// with callback functions that are sequentially executed
+	// at the end of Server.Start()
+	//
+	// To add your own service to the SDK gRPC server,
+	// just append a function callback that registers it:
+	//
+	// s.config.ServerExtensions = append(s.config.ServerExtensions,
+	// 		func(gs *grpc.Server) {
+	//			api.RegisterCustomService(gs, customHandler)
+	//		})
+	GrpcServerExtensions []func(grpcServer *grpc.Server)
+
+	// RestServerExtensions allows for extensions to be added
+	// to the SDK Rest Gateway server.
+	//
+	// To add your own service to the SDK REST Server, simply add your handlers
+	// to the RestSererExtensions slice. These handlers will be registered on the
+	// REST Gateway http server.
+	RestServerExtensions []func(context.Context, *runtime.ServeMux, *grpc.ClientConn) error
+
+	// UnaryServerInterceptors will be interceptors added to the end of the default chain
+	UnaryServerInterceptors []grpc.UnaryServerInterceptor
+
+	// StreamServerInterceptors will be interceptors added to the end of the default chain
+	StreamServerInterceptors []grpc.StreamServerInterceptor
+
+	// ServerOptions hold any special gRPC server options
+	ServerOptions []grpc.ServerOption
+
+	// AuthNUnaryInterceptor installs a custom authN unary interceptor and overrides the default one
+	AuthNUnaryInterceptor grpc.UnaryServerInterceptor
+
+	// AuthNStreamInterceptor installs a custom authN stream interceptor and overrides the default one
+	AuthNStreamInterceptor grpc.StreamServerInterceptor
+
+	// AuthZUnaryInterceptor installs a custom authZ unary interceptor and overrides the default one
+	AuthZUnaryInterceptor grpc.UnaryServerInterceptor
+
+	// AuthZStreamInterceptor installs a custom authZ stream interceptor and overrides the default one
+	AuthZStreamInterceptor grpc.StreamServerInterceptor
+
+	// ExternalAuthZChecker plugs into the external authorizer framework's authZ interceptor
+	ExternalAuthZChecker ExternalAuthZChecker
+
+	// InsecureNoAuthNAuthZReqs is a list of API request types for which AuthN
+	// or AuthZ checks are skipped.  When
+	// ExternalAuthZRequestGetter.GetAuthZRequest() returns
+	// InsecureNoAuthNAuthZ, the framework ensures that the request type is also
+	// present in InsecureNoAuthNAuthZReqs  list. This adds a second level of
+	// confirmation that it is ok to skip the auth checks for this request.
+	// Refer to the documentation of ExternalAuthZRequestGetter interface for
+	// more details.
+	InsecureNoAuthNAuthZReqs []interface{}
+
+	// InsecureNoAuthZReqs is data passed by the caller for the caller's
+	// interceptor containing information on what APIs to not check for
+	// authorization
+	InsecureNoAuthZReqs []interface{}
+}
+
+var (
+	DefaultRestServerCors = cors.Options{
+		AllowedOrigins:   []string{"*"},
+		AllowedMethods:   []string{"GET", "POST", "DELETE", "HEAD", "PUT", "OPTIONS"},
+		AllowCredentials: true,
+	}
+	DefaultRateLimiter        = rate.NewLimiter(100, 50)
+	DefaultRateLimiterPerUser = rate.NewLimiter(10, 25)
+)
+
+func (c *ServerConfig) RegisterGrpcServers(handlers func(grpcServer *grpc.Server)) *ServerConfig {
+	if c == nil {
+		return c
+	}
+	c.GrpcServerExtensions = append(c.GrpcServerExtensions, handlers)
+	return c
+}
+
+func (c *ServerConfig) RegisterRestHandlers(
+	handlers ...func(context.Context, *runtime.ServeMux, *grpc.ClientConn) error,
+) *ServerConfig {
+	if c == nil {
+		return c
+	}
+	c.RestServerExtensions = append(c.RestServerExtensions, handlers...)
+	return c
+}
+
+func (c *ServerConfig) WithRestCors(co cors.Options) *ServerConfig {
+	if c == nil {
+		return c
+	}
+	c.RestConfig.CorsOptions.Enabled = true
+	c.RestConfig.CorsOptions.CustomOptions = &co
+	return c
+}
+
+func (c *ServerConfig) WithRestPrometheus(path string) *ServerConfig {
+	if c == nil {
+		return c
+	}
+	c.RestConfig.PrometheusConfig.Enabled = true
+	c.RestConfig.PrometheusConfig.Path = path
+	return c
+}
+
+func (c *ServerConfig) WithDefaultRestServer(port string) *ServerConfig {
+	if c == nil {
+		return c
+	}
+
+	c.RestConfig.Port = port
+	c.RestConfig.Enabled = true
+	return c.WithRestCors(DefaultRestServerCors).WithRestPrometheus("/metrics")
+}
+
+func (c *ServerConfig) WithAuthNInterceptors(unary grpc.UnaryServerInterceptor, stream grpc.StreamServerInterceptor,
+) *ServerConfig {
+	if c == nil {
+		return c
+	}
+	c.AuthNUnaryInterceptor = unary
+	c.AuthNStreamInterceptor = stream
+	return c
+}
+
+func (c *ServerConfig) WithAuthZInterceptors(unary grpc.UnaryServerInterceptor, stream grpc.StreamServerInterceptor,
+) *ServerConfig {
+	if c == nil {
+		return c
+	}
+	c.AuthZUnaryInterceptor = unary
+	c.AuthZStreamInterceptor = stream
+	return c
+}
+
+func (c *ServerConfig) WithExternalAuthZChecker(
+	authZChecker ExternalAuthZChecker, insecureNoAuthNAuthZReqs, insecureNoAuthZReqs []interface{},
+) *ServerConfig {
+	if c == nil {
+		return c
+	}
+	c.ExternalAuthZChecker = authZChecker
+	c.InsecureNoAuthNAuthZReqs = insecureNoAuthNAuthZReqs
+	c.InsecureNoAuthZReqs = insecureNoAuthZReqs
+	return c
+}
+
+func (c *ServerConfig) WithServerUnaryInterceptors(i ...grpc.UnaryServerInterceptor) *ServerConfig {
+	if c == nil {
+		return c
+	}
+
+	c.UnaryServerInterceptors = append(c.UnaryServerInterceptors, i...)
+	return c
+}
+
+func (c *ServerConfig) WithServerStreamInterceptors(i ...grpc.StreamServerInterceptor) *ServerConfig {
+	if c == nil {
+		return c
+	}
+
+	c.StreamServerInterceptors = append(c.StreamServerInterceptors, i...)
+	return c
+}
+
+func (c *ServerConfig) WithServerOptions(opt ...grpc.ServerOption) *ServerConfig {
+	if c == nil {
+		return c
+	}
+
+	c.ServerOptions = append(c.ServerOptions, opt...)
+	return c
+}
+
+func (c *ServerConfig) WithRateLimiter(r RateLimiter) *ServerConfig {
+	if c == nil {
+		return c
+	}
+
+	c.RateLimiters.RateLimiter = r
+	return c
+}
+
+func (c *ServerConfig) WithRateLimiterPerUser(r RateLimiter) *ServerConfig {
+	if c == nil {
+		return c
+	}
+
+	c.RateLimiters.RateLimiterPerUser = r
+	return c
+}
+
+func (c *ServerConfig) WithDefaultRateLimiters() *ServerConfig {
+	return c.
+		WithRateLimiter(DefaultRateLimiter).
+		WithRateLimiterPerUser(DefaultRateLimiterPerUser)
+}
+
+func (c *ServerConfig) WithDefaultGenericRoleManager() *ServerConfig {
+	if c.Security == nil {
+		c.Security = &SecurityConfig{}
+	}
+
+	c.Security.Role = role.NewDefaultGenericRoleManager()
+
+	return c
+}
diff --git a/vendor/github.com/libopenstorage/grpc-framework/server/server_interceptors.go b/vendor/github.com/libopenstorage/grpc-framework/server/server_interceptors.go
new file mode 100644
index 0000000000..85fab390b6
--- /dev/null
+++ b/vendor/github.com/libopenstorage/grpc-framework/server/server_interceptors.go
@@ -0,0 +1,267 @@
+/*
+Copyright 2018 Portworx
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package server
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth"
+	"github.com/libopenstorage/grpc-framework/pkg/auth"
+	"github.com/libopenstorage/grpc-framework/pkg/correlation"
+	grpcutil "github.com/libopenstorage/grpc-framework/pkg/grpc/util"
+	"github.com/pborman/uuid"
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+const (
+	// Metedata context key where the token is found.
+	// This key must be used by the caller as the key for the token in
+	// the metedata of the context. The generated Rest Gateway also uses this
+	// key as the location of the raw token coming from the standard REST
+	// header: Authorization: bearer <adaf0sdfsd...token>
+	ContextMetadataTokenKey = "bearer"
+)
+
+// This interceptor provides a way to lock out any unary calls while we adjust the server
+func (s *GrpcFrameworkServer) rwlockUnaryIntercepter(
+	ctx context.Context,
+	req interface{},
+	info *grpc.UnaryServerInfo,
+	handler grpc.UnaryHandler,
+) (interface{}, error) {
+	s.lock.RLock()
+	defer s.lock.RUnlock()
+
+	return handler(ctx, req)
+}
+
+// This interceptor provides a way to lock out any stream calls while we adjust the server
+func (s *GrpcFrameworkServer) rwlockStreamIntercepter(
+	srv interface{},
+	stream grpc.ServerStream,
+	info *grpc.StreamServerInfo,
+	handler grpc.StreamHandler,
+) error {
+	s.lock.RLock()
+	defer s.lock.RUnlock()
+
+	return handler(srv, stream)
+}
+
+// Authenticate user and add authorization information back in the context
+func (s *GrpcFrameworkServer) auth(ctx context.Context) (context.Context, error) {
+	// Audit log
+	log := correlation.NewFunctionLogger(ctx)
+	log.Out = s.auditLogOutput
+	auditLogWarningf := func(c codes.Code, err error, format string, a ...interface{}) error {
+		log.WithContext(ctx).WithFields(logrus.Fields{
+			"method": "Authentication",
+			"code":   c.String(),
+			"error":  err.Error(),
+		}).Warningf(format, a...)
+		return status.Errorf(c, format, a...)
+	}
+
+	// guest call attempted, add system.guest user
+	if auth.IsGuest(ctx) {
+		return auth.ContextSaveUserInfo(ctx, auth.NewGuestUser()), nil
+	}
+
+	// Obtain token from metadata in the context
+	token, err := grpc_auth.AuthFromMD(ctx, ContextMetadataTokenKey)
+	if err != nil {
+		return nil, auditLogWarningf(codes.Unauthenticated, err, "Invalid or missing authentication token")
+	}
+
+	// Determine issuer
+	issuer, err := auth.TokenIssuer(token)
+	if err != nil {
+		return nil, auditLogWarningf(codes.Unauthenticated, err, "Unable to obtain token issuer from authorization token")
+	}
+
+	// Authenticate user
+	authenticator, ok := s.config.Security.Authenticators[issuer]
+	if !ok {
+		return nil, auditLogWarningf(codes.Unauthenticated, nil, "%s is not a trusted issuer", issuer)
+	}
+	claims, err := authenticator.AuthenticateToken(ctx, token)
+	if err != nil {
+		return nil, auditLogWarningf(codes.Unauthenticated, err, "Unable to authenticate token")
+	}
+	username, err := claims.GetUsername()
+	if err != nil {
+		return nil, auditLogWarningf(codes.Unauthenticated, err, "Unable to get username from token")
+	}
+	// Add authorization information back into the context so that other
+	// functions can get access to this information.
+	// If this is in the context is how functions will know that security is enabled.
+	return auth.ContextSaveUserInfo(ctx, &auth.UserInfo{
+		Username: username,
+		Claims:   *claims,
+	}), nil
+}
+
+func (s *GrpcFrameworkServer) loggerInterceptor(ctx context.Context, handler func() error, fullMethod string) error {
+	reqid := uuid.New()
+	log := correlation.NewFunctionLogger(ctx)
+	log.Out = s.accessLogOutput
+	logger := log.WithContext(ctx).WithFields(logrus.Fields{
+		"method": fullMethod,
+		"reqid":  reqid,
+	})
+
+	logger.Info("Start")
+	ts := time.Now()
+	err := handler()
+	duration := time.Since(ts)
+	if err != nil {
+		logger.WithFields(logrus.Fields{"duration": duration}).Infof("Failed: %v", err)
+	} else {
+		logger.WithFields(logrus.Fields{"duration": duration}).Info("Successful")
+	}
+
+	return err
+}
+
+func (s *GrpcFrameworkServer) loggerServerUnaryInterceptor(
+	ctx context.Context,
+	req interface{},
+	info *grpc.UnaryServerInfo,
+	handler grpc.UnaryHandler,
+) (interface{}, error) {
+	var i interface{}
+	var err error
+
+	err = s.loggerInterceptor(ctx, func() error {
+		i, err = handler(ctx, req)
+		return err
+	}, info.FullMethod)
+
+	return i, err
+}
+
+func (s *GrpcFrameworkServer) loggerServerStreamInterceptor(
+	srv interface{},
+	stream grpc.ServerStream,
+	info *grpc.StreamServerInfo,
+	handler grpc.StreamHandler,
+) error {
+	var err error
+
+	return s.loggerInterceptor(stream.Context(), func() error {
+		err = handler(srv, stream)
+		if err != nil {
+			return err
+		}
+		return nil
+	}, info.FullMethod)
+}
+
+func (s *GrpcFrameworkServer) authorizationInterceptor(
+	ctx context.Context,
+	handler func() error,
+	fullMethod string,
+) error {
+	userinfo, ok := auth.NewUserInfoFromContext(ctx)
+	if !ok {
+		return status.Error(
+			codes.Internal,
+			"Unable to authorize user because token is missing from context")
+	}
+	claims := &userinfo.Claims
+
+	// Get method and API
+	reqService, reqAPI := grpcutil.GetMethodInformation("", fullMethod)
+
+	// Setup auditor log
+	log := correlation.NewFunctionLogger(ctx)
+	log.Out = s.auditLogOutput
+	logger := log.WithFields(logrus.Fields{
+		"issuer":   claims.Issuer,
+		"username": userinfo.Username,
+		"subject":  claims.Subject,
+		"name":     claims.Name,
+		"email":    claims.Email,
+		"roles":    claims.Roles,
+		"groups":   claims.Groups,
+		"method":   fmt.Sprintf("%s.%s", reqService, reqAPI),
+	}).WithContext(ctx)
+
+	// Authorize
+	if err := s.roleServer.Verify(ctx, claims.Roles, fullMethod); err != nil {
+		logger.Warning("Access denied")
+		if auth.IsGuest(ctx) {
+			return status.Errorf(
+				codes.PermissionDenied,
+				"Access denied without authentication token")
+		}
+
+		return status.Errorf(
+			codes.PermissionDenied,
+			"Access to %s denied: %v",
+			fullMethod, err)
+	}
+
+	// Check if we have been denied
+	err := handler()
+	if err != nil {
+		if gErr, ok := status.FromError(err); ok {
+			if gErr.Code() == codes.PermissionDenied {
+				logger.Warningf("Access denied: %v", err)
+				return err
+			}
+		}
+	}
+
+	// Log
+	logger.Info("Authorized")
+
+	return err
+}
+
+func (s *GrpcFrameworkServer) authorizationServerUnaryInterceptor(
+	ctx context.Context,
+	req interface{},
+	info *grpc.UnaryServerInfo,
+	handler grpc.UnaryHandler,
+) (interface{}, error) {
+	var i interface{}
+	var err error
+
+	err = s.authorizationInterceptor(ctx, func() error {
+		i, err = handler(ctx, req)
+		return err
+	}, info.FullMethod)
+
+	// Execute the command
+	return i, err
+}
+
+func (s *GrpcFrameworkServer) authorizationServerStreamInterceptor(
+	srv interface{},
+	stream grpc.ServerStream,
+	info *grpc.StreamServerInfo,
+	handler grpc.StreamHandler,
+) error {
+	return s.authorizationInterceptor(stream.Context(), func() error {
+		return handler(srv, stream)
+	}, info.FullMethod)
+}
diff --git a/vendor/github.com/libopenstorage/openstorage/pkg/dbg/log.go b/vendor/github.com/libopenstorage/openstorage/pkg/dbg/log.go
new file mode 100644
index 0000000000..d56ea2808e
--- /dev/null
+++ b/vendor/github.com/libopenstorage/openstorage/pkg/dbg/log.go
@@ -0,0 +1,36 @@
+package dbg
+
+import (
+	"os"
+
+	"github.com/sirupsen/logrus"
+)
+
+func LogErrorAndPanicf(err error, format string, args ...interface{}) {
+	logrus.Errorf("LogErrorAndPanicf: error: %v", err)
+	panicf(format, args...)
+
+}
+
+// Panicf outputs error message, dumps threads and exits.
+func Panicf(format string, args ...interface{}) {
+	panicf(format, args...)
+}
+
+// Panicf outputs error message, dumps threads and exits.
+func panicf(format string, args ...interface{}) {
+	logrus.Warnf(format, args...)
+	err := DumpGoProfile()
+	if err != nil {
+		logrus.Fatal(err)
+	}
+	DumpHeap()
+	os.Exit(6)
+}
+
+// Assert Panicf's if the condition evaluates to false.
+func Assert(condition bool, format string, args ...interface{}) {
+	if !condition {
+		Panicf(format, args...)
+	}
+}
diff --git a/vendor/github.com/libopenstorage/openstorage/pkg/dbg/profile_dump.go b/vendor/github.com/libopenstorage/openstorage/pkg/dbg/profile_dump.go
new file mode 100644
index 0000000000..5218462d66
--- /dev/null
+++ b/vendor/github.com/libopenstorage/openstorage/pkg/dbg/profile_dump.go
@@ -0,0 +1,71 @@
+package dbg
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"runtime"
+	"runtime/pprof"
+	"time"
+
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	// Path defailt location for debug/profile output
+	Path     = "/var/cores/"
+	fnameFmt = "2006-01-02T15:04:05.999999-0700MST"
+)
+
+// GetTimeStamp returns 'readable' timestamp with no spaces 'YYYYMMDDHHMMSS'
+func GetTimeStamp() string {
+	tnow := time.Now()
+	return fmt.Sprintf("%d%02d%02d%02d%02d%02d",
+		tnow.Year(), tnow.Month(), tnow.Day(),
+		tnow.Hour(), tnow.Minute(), tnow.Second())
+}
+
+// GetHostNamePrefix return '<hostname>' to use as prefix.
+func GetHostNamePrefix() string {
+	hname, _ := os.Hostname()
+	return hname
+}
+
+// GoProfileDump output goroutines to file.
+func DumpGoProfileTo(fname string) error {
+	trace := make([]byte, 5120*1024)
+	len := runtime.Stack(trace, true)
+	return ioutil.WriteFile(fname, trace[:len], 0644)
+}
+
+// HeapDump output heap to filename.
+func HeapDumpTo(fname string) {
+	f, err := os.Create(fname)
+	if err != nil {
+		logrus.Errorf("could not create memory profile: %v", err)
+		return
+	}
+	defer f.Close()
+	if err := pprof.WriteHeapProfile(f); err != nil {
+		logrus.Errorf("could not write memory profile: %v", err)
+	}
+}
+
+// DumpGoMemoryTrace output memory profile to logs.
+func DumpGoMemoryTrace() {
+	m := &runtime.MemStats{}
+	runtime.ReadMemStats(m)
+	res := fmt.Sprintf("%#v", m)
+	logrus.Infof("==== Dumping Memory Profile ===")
+	logrus.Infof(res)
+}
+
+// DumpGoProfile output goroutines to file.
+func DumpGoProfile() error {
+	return DumpGoProfileTo(Path + GetHostNamePrefix() + "-" + GetTimeStamp() + ".stack")
+}
+
+// DumpHeap output heap to file.
+func DumpHeap() {
+	HeapDumpTo(Path + GetHostNamePrefix() + "-" + GetTimeStamp() + ".heap")
+}
diff --git a/vendor/github.com/libopenstorage/openstorage/pkg/sched/intervals.go b/vendor/github.com/libopenstorage/openstorage/pkg/sched/intervals.go
new file mode 100644
index 0000000000..a9353e7878
--- /dev/null
+++ b/vendor/github.com/libopenstorage/openstorage/pkg/sched/intervals.go
@@ -0,0 +1,691 @@
+package sched
+
+import (
+	"fmt"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+
+	"gopkg.in/yaml.v2"
+)
+
+const (
+	scheduleSeparator    = ";"
+	nonYamlTypeSeparator = "="
+	MinutesPerDay        = float64(60 * 24)
+	DailyType            = "daily"
+	MonthlyType          = "monthly"
+	WeeklyType           = "weekly"
+	PeriodicType         = "periodic"
+	retainSeparator      = ","
+	MonthlyRetain        = 12
+	WeeklyRetain         = 5
+	DailyRetain          = 7
+)
+
+var (
+	// speedUp advances the clock faster for tests.
+	speedUp = false
+)
+
+// SpeedUp advances the clock faster for tests.
+func SpeedUp() {
+	speedUp = true
+}
+
+func inSpeedUp() bool {
+	return speedUp
+}
+
+type IntervalSpec struct {
+	Freq    string
+	Period  uint64 `yaml:"period,omitempty"`
+	Month   int    `yaml:"month,omitempty"`
+	Weekday int    `yaml:"weekday,omitempty"`
+	Day     int    `yaml:"day,omitempty"`
+	Hour    int    `yaml:"hour,omitempty"`
+	Minute  int    `yaml:"minute,omitempty"`
+}
+
+type Interval interface {
+	nextAfter(t time.Time) time.Time
+	String() string
+	IntervalType() string
+	Spec() IntervalSpec
+}
+
+type periodic struct {
+	delta time.Duration
+}
+
+func (p periodic) nextAfter(t time.Time) time.Time {
+	return t.Add(p.delta)
+}
+
+func (p periodic) String() string {
+	return fmt.Sprintf("%v %v", PeriodicType, p.delta)
+}
+
+func (p periodic) IntervalType() string {
+	return PeriodicType
+}
+
+func (p periodic) Spec() IntervalSpec {
+	return IntervalSpec{Freq: PeriodicType, Period: uint64(p.delta)}
+}
+
+func Periodic(period time.Duration) Interval {
+	return periodic{period}
+}
+
+type daily struct {
+	hour   int
+	minute int
+}
+
+func (d daily) nextAfter(t time.Time) time.Time {
+	h, m := t.Hour(), t.Minute()
+	if h < d.hour {
+		t = t.Add(time.Duration(d.hour-h) * time.Hour)
+	} else if h > d.hour || m >= d.minute {
+		t = t.Add(time.Duration(24-h+d.hour) * time.Hour)
+	}
+	return t.Add(time.Duration(d.minute-m) * time.Minute)
+}
+
+func (d daily) String() string {
+	return fmt.Sprintf("%s @%02d:%02d", DailyType, d.hour, d.minute)
+}
+
+func (p daily) IntervalType() string {
+	return DailyType
+}
+
+func (d daily) Spec() IntervalSpec {
+	return IntervalSpec{Freq: DailyType, Hour: d.hour, Minute: d.minute}
+}
+
+func Daily(hour int, minute int) Interval {
+	return daily{hour, minute}
+}
+
+type weekly struct {
+	day time.Weekday
+	tod daily
+}
+
+func (w weekly) nextAfter(t time.Time) time.Time {
+	t = w.tod.nextAfter(t)
+	d := t.Weekday()
+	delta := time.Duration(w.day - d)
+	if w.day < d {
+		delta += 7
+	}
+	return t.Add(delta * 24 * time.Hour)
+}
+
+func (w weekly) String() string {
+	return fmt.Sprintf("%s %s@%02d:%02d", WeeklyType, w.day.String(), w.tod.hour,
+		w.tod.minute)
+}
+
+func (p weekly) IntervalType() string {
+	return WeeklyType
+}
+
+func (w weekly) Spec() IntervalSpec {
+	return IntervalSpec{Freq: WeeklyType,
+		Weekday: int(w.day), Hour: w.tod.hour, Minute: w.tod.minute}
+}
+
+func Weekly(dow time.Weekday, hour int, minute int) Interval {
+	return weekly{dow, daily{hour, minute}}
+}
+
+type monthly struct {
+	day int
+	tod daily
+}
+
+func (m monthly) nextAfter(t time.Time) time.Time {
+	t = m.tod.nextAfter(t)
+	y, month, d := t.Date()
+	if d > m.day {
+		daysIn := time.Date(y, month+1, 0, 0, 0, 0, 0, time.UTC).Day()
+		t = t.Add(time.Duration(daysIn*24) * time.Hour)
+	}
+	return t
+}
+
+func (m monthly) String() string {
+	return fmt.Sprintf("%s %d@%02d:%02d", MonthlyType, m.day, m.tod.hour,
+		m.tod.minute)
+}
+
+func (p monthly) IntervalType() string {
+	return MonthlyType
+}
+
+func (m monthly) Spec() IntervalSpec {
+	return IntervalSpec{Freq: MonthlyType,
+		Day: m.day, Hour: m.tod.hour, Minute: m.tod.minute}
+}
+
+func Monthly(day int, hour int, minute int) Interval {
+	return monthly{day, daily{hour, minute}}
+}
+
+func parseSpec(spec *IntervalSpec) (Interval, error) {
+	switch spec.Freq {
+	case PeriodicType:
+		return Periodic(time.Duration(spec.Period)), nil
+	case DailyType:
+		return Daily(spec.Hour, spec.Minute), nil
+	case WeeklyType:
+		dow := time.Weekday(spec.Weekday)
+		return Weekly(dow, spec.Hour, spec.Minute), nil
+	case MonthlyType:
+		if spec.Day == 0 {
+			spec.Day = 1
+		}
+		return Monthly(spec.Day, spec.Hour, spec.Minute), nil
+	}
+	return nil, fmt.Errorf("Invalid schedule spec")
+}
+
+func parseRetainSpec(spec *RetainIntervalSpec) (RetainInterval, error) {
+	s, err := parseSpec(&spec.IntervalSpec)
+	if err != nil {
+		return nil, err
+	}
+	return &RetainIntervalImpl{iv: s, retain: spec.Retain}, nil
+}
+
+func parseNonYamlSchedule(schedule string) (RetainIntervalSpec, error) {
+	parts := strings.Split(schedule, nonYamlTypeSeparator)
+	if len(parts) != 2 || !IsIntervalType(parts[0]) {
+		return RetainIntervalSpec{},
+			fmt.Errorf("Invalid schedule specification: %s", schedule)
+	}
+	if fn, ok := ParseCLI[parts[0]]; ok {
+		return fn(parts[1])
+	}
+	return ParsePeriodic(parts[1])
+}
+
+func ParseSchedule(schedule string) ([]RetainInterval, error) {
+	var schedInts []RetainInterval
+	if schedule == "" {
+		return schedInts, nil
+	}
+	var sspec []RetainIntervalSpec
+	err := yaml.Unmarshal([]byte(schedule), &sspec)
+	if err != nil {
+		intv, err := parseNonYamlSchedule(schedule)
+		if err != nil {
+			return nil, err
+		}
+		sspec = []RetainIntervalSpec{intv}
+	}
+	for _, s := range sspec {
+		interval, err := parseRetainSpec(&s)
+		if err != nil {
+			return nil, err
+		}
+		schedInts = append(schedInts, interval)
+	}
+	return schedInts, nil
+}
+
+func ParseScheduleAndPolicies(scheduleString string) (
+	[]RetainInterval,
+	*PolicyTags,
+	error,
+) {
+	schedules := strings.Split(scheduleString, scheduleSeparator)
+	policies := &PolicyTags{}
+	var schedInts []RetainInterval
+	for _, schedule := range schedules {
+		if strings.HasPrefix(schedule, policyTag) {
+			if policy, err := ParsePolicyTags(schedule); err == nil {
+				policies.Names = append(policies.Names, policy.Names...)
+			} else {
+				return nil, nil, err
+			}
+		} else {
+			if scheds, err := ParseSchedule(schedule); err == nil {
+				if len(scheds) > 0 {
+					schedInts = append(schedInts, scheds...)
+				}
+			} else {
+				return nil, nil, err
+			}
+		}
+	}
+	if len(policies.Names) == 0 {
+		return schedInts, nil, nil
+	}
+	return schedInts, policies, nil
+}
+
+func ScheduleStringRetainInv(
+	intvs []RetainInterval,
+	p *PolicyTags,
+) (string, error) {
+	intvSpecs := make([]RetainIntervalSpec, 0)
+	for _, intv := range intvs {
+		intvSpecs = append(intvSpecs, intv.RetainIntervalSpec())
+	}
+	return ScheduleString(intvSpecs, p)
+}
+
+func ScheduleString(items []RetainIntervalSpec, p *PolicyTags) (string, error) {
+	schedString := ""
+	if len(items) != 0 {
+		s, err := yaml.Marshal(items)
+		if err != nil {
+			return "", err
+		}
+		schedString = string(s)
+	}
+	if p != nil {
+		pString := p.String()
+		if pString != "" {
+			if schedString != "" {
+				schedString = schedString + scheduleSeparator
+			}
+			schedString = schedString + pString
+		}
+	}
+	return schedString, nil
+}
+
+func ScheduleIntervalSummary(items []Interval, policyTags *PolicyTags) string {
+	if len(items) == 0 {
+		return ""
+	}
+	summary := ""
+	for i, iv := range items {
+		if i != 0 {
+			summary += ", "
+		}
+		summary += iv.String()
+	}
+	return summary
+}
+
+func MaxPerDayInstances(items []RetainInterval) uint32 {
+	var intervalsPerDay uint32
+	for _, iv := range items {
+		var perDay uint32
+		switch iv.Spec().Freq {
+		case PeriodicType:
+			perDay = uint32(1)
+			period := time.Duration(iv.Spec().Period).Minutes()
+			if period == 0 {
+				perDay = 0
+			} else if period < MinutesPerDay {
+				perDay = uint32(MinutesPerDay / period)
+			}
+		case DailyType:
+			perDay = uint32(1)
+		case WeeklyType:
+			perDay = uint32(1)
+		case MonthlyType:
+			perDay = uint32(1)
+		}
+		intervalsPerDay += perDay
+	}
+	return intervalsPerDay
+}
+
+func ScheduleRetainSum(items []RetainInterval) uint32 {
+	var totalRetains uint32
+	for _, iv := range items {
+		totalRetains += iv.RetainNumber()
+	}
+	return totalRetains
+}
+
+func ScheduleSummary(items []RetainInterval, policyTags *PolicyTags) string {
+	summary := ""
+	if policyTags != nil {
+		summary = policyTags.String()
+	}
+	if len(items) == 0 {
+		return summary
+	}
+	if len(summary) > 0 {
+		summary = summary + scheduleSeparator
+	}
+	for i, iv := range items {
+		if i != 0 {
+			summary += ", "
+		}
+		summary += iv.String()
+	}
+	return summary
+}
+
+func timeOfDay(hhmm string) (int, int, error) {
+	if hhmm == "" {
+		return 0, 0, nil
+	}
+	t := strings.Split(hhmm, ":")
+	if len(t) == 1 {
+		t = append(t, "0")
+	}
+	ok := len(t) == 2
+	var h, m int
+	if ok {
+		var e1, e2 error
+		h, e1 = strconv.Atoi(t[0])
+		m, e2 = strconv.Atoi(t[1])
+		ok = e1 == nil && e2 == nil && 0 <= h && h < 24 && 0 <= m && m < 60
+	}
+	if !ok {
+		return 0, 0, fmt.Errorf("invalid start time %v", hhmm)
+	}
+	return h, m, nil
+}
+
+func dayOfWeek(wd string) (time.Weekday, error) {
+	day := strings.Title(wd)
+	if day == "" {
+		day = "Sunday"
+	}
+	d := time.Sunday
+	for d <= time.Saturday && d.String() != day {
+		d++
+	}
+	if d > time.Saturday {
+		return time.Sunday, fmt.Errorf("invalid weekday %v", day)
+	}
+	return d, nil
+}
+
+func parseRetainNumber(input string) (RetainIntervalSpec, string, error) {
+	r := RetainIntervalSpec{}
+	parts := strings.Split(input, retainSeparator)
+	if len(parts) > 1 {
+		if retain, err := strconv.Atoi(parts[1]); err != nil {
+			return r, "", fmt.Errorf("Invalid number: %s", parts[1])
+		} else if retain <= 0 {
+			return r, "", fmt.Errorf("Keep number should be greater than 0")
+		} else {
+			r.Retain = uint32(retain)
+		}
+	}
+	return r, parts[0], nil
+}
+
+func ParsePeriodic(input string) (RetainIntervalSpec, error) {
+	r, intvl, err := parseRetainNumber(input)
+	if err != nil {
+		return r, err
+	}
+	if intvl == "" {
+		return r, fmt.Errorf("Interval is missing")
+	}
+	delta, err := strconv.ParseUint(intvl, 10, 64)
+	if err != nil {
+		return r, fmt.Errorf("Invalid interval %s", intvl)
+	}
+	dt := time.Duration(delta) * time.Minute
+	r.IntervalSpec = Periodic(dt).Spec()
+	return r, nil
+}
+
+// parseDaily item [@]hh:mm,r
+func parseDaily(dailyStr string) (RetainIntervalSpec, error) {
+	r, daily, err := parseRetainNumber(dailyStr)
+	if err != nil {
+		return r, err
+	}
+	if daily == "" {
+		return r, fmt.Errorf("Daily schedule is missing")
+	}
+	dt := strings.Split(daily, "@")
+	h, m, err := timeOfDay(dt[len(dt)-1])
+	if err != nil {
+		return RetainIntervalSpec{}, err
+	}
+	r.IntervalSpec = Daily(h, m).Spec()
+	return r, nil
+}
+
+// parseWeekly item weekday@hh:mm,r
+func parseWeekly(weeklyStr string) (RetainIntervalSpec, error) {
+	r, weekly, err := parseRetainNumber(weeklyStr)
+	if err != nil {
+		return r, err
+	}
+	if weekly == "" {
+		return r, fmt.Errorf("Weekly schedule is missing")
+	}
+	dt := strings.Split(weekly, "@")
+	if len(dt) == 1 {
+		dt = append(dt, "0:0")
+	}
+	if len(dt) != 2 {
+		return RetainIntervalSpec{},
+			fmt.Errorf("Invalid weekly spec %v", weeklyStr)
+	}
+	d, err := dayOfWeek(dt[0])
+	if err != nil {
+		return RetainIntervalSpec{}, err
+	}
+	h, m, err := timeOfDay(dt[1])
+	r.IntervalSpec = Weekly(d, h, m).Spec()
+	return r, err
+}
+
+// parseMonthly item day@hh:mm,r
+func parseMonthly(monthlyStr string) (RetainIntervalSpec, error) {
+	r, monthly, err := parseRetainNumber(monthlyStr)
+	if err != nil {
+		return r, err
+	}
+	if monthly == "" {
+		return r, fmt.Errorf("Monthly schedule is missing")
+	}
+	dt := strings.Split(monthly, "@")
+	if len(dt) == 1 {
+		dt = append(dt, "0:0")
+	}
+	if len(dt) != 2 {
+		return RetainIntervalSpec{},
+			fmt.Errorf("Invalid monthly spec %v", monthlyStr)
+	}
+	d, err := strconv.Atoi(dt[0])
+	if err != nil || d < 0 || d > 31 {
+		return RetainIntervalSpec{},
+			fmt.Errorf("Invalid day of month %v", dt[0])
+	}
+	h, m, err := timeOfDay(dt[1])
+	if err != nil {
+		return RetainIntervalSpec{}, err
+	}
+	r.IntervalSpec = Monthly(d, h, m).Spec()
+	return r, nil
+}
+
+var ParseCLI = map[string]func(string) (RetainIntervalSpec, error){
+	DailyType:   parseDaily,
+	WeeklyType:  parseWeekly,
+	MonthlyType: parseMonthly,
+}
+
+func IntervalType(interval Interval) string {
+	return strings.Split(interval.String(), " ")[0]
+}
+
+func IsIntervalType(t string) bool {
+	knownTypes := []string{PeriodicType, DailyType, WeeklyType, MonthlyType}
+	for _, p := range knownTypes {
+		if p == t {
+			return true
+		}
+	}
+	return false
+}
+
+// RetainIntervalSpec is the serialized form of retain interval
+type RetainIntervalSpec struct {
+	IntervalSpec `yaml:",inline"`
+	Retain       uint32 `yaml:"retain,omitempty"`
+}
+
+// RetainInterval is a schedule interval with a number of instances to retain.
+type RetainInterval interface {
+	Interval
+	// RetainNumber is the number of instances to retain
+	RetainNumber() uint32
+	// RetainIntervalSpec returns RetainIntervalSpec
+	RetainIntervalSpec() RetainIntervalSpec
+}
+
+// RetainIntervalImpl implements the RetainInterval interface
+type RetainIntervalImpl struct {
+	iv     Interval
+	retain uint32
+}
+
+func NewRetainInterval(iv Interval) RetainInterval {
+	return RetainIntervalImpl{iv: iv}
+}
+
+func (p RetainIntervalImpl) nextAfter(t time.Time) time.Time {
+	newTime := p.iv.nextAfter(t)
+	if inSpeedUp() {
+		return t.Add(time.Minute)
+	}
+	return newTime
+}
+
+func (p RetainIntervalImpl) String() string {
+	str := p.iv.String()
+	if p.RetainNumber() > 0 {
+		return fmt.Sprintf("%s,keep last %d", str, p.RetainNumber())
+	}
+	return str
+}
+
+func (p RetainIntervalImpl) IntervalType() string {
+	return p.iv.IntervalType()
+}
+
+func (p RetainIntervalImpl) Spec() IntervalSpec {
+	return p.iv.Spec()
+}
+
+func (p RetainIntervalImpl) RetainNumber() uint32 {
+	return p.retain
+}
+
+func SetupIntvWithDefaults(intvs []RetainInterval) []RetainInterval {
+	retIntvs := make([]RetainInterval, 0)
+	for _, intv := range intvs {
+		p := &RetainIntervalImpl{iv: intv}
+		if intv.RetainNumber() == 0 {
+			switch intv.IntervalType() {
+			case DailyType:
+				p.retain = DailyRetain
+			case WeeklyType, PeriodicType:
+				p.retain = WeeklyRetain
+			case MonthlyType:
+				p.retain = MonthlyRetain
+			}
+		} else {
+			p.retain = intv.RetainNumber()
+		}
+		retIntvs = append(retIntvs, p)
+	}
+	return retIntvs
+}
+
+func (p RetainIntervalImpl) RetainIntervalSpec() RetainIntervalSpec {
+	return RetainIntervalSpec{IntervalSpec: p.Spec(), Retain: p.RetainNumber()}
+}
+
+const (
+	policyTag           = "policy"
+	policyStrSeparator  = "="
+	policyNameSeparator = ","
+)
+
+// PolicyTags groups one or more policies together.
+type PolicyTags struct {
+	// Names is the list of policy names
+	Names []string
+}
+
+var policyNameRegex = regexp.MustCompile("[A-Za-z0-9_]+")
+
+func (p *PolicyTags) verifyPolicyTags() error {
+	for _, name := range p.Names {
+		if !policyNameRegex.MatchString(name) {
+			return fmt.Errorf("Invalid policy name '%s'", name)
+		}
+	}
+
+	return nil
+}
+
+// NewPolicyTagsFromSlice returns a new object from a string slice of names
+func NewPolicyTagsFromSlice(policies []string) (*PolicyTags, error) {
+	p := &PolicyTags{Names: policies}
+	return p, p.verifyPolicyTags()
+}
+
+func NewPolicyTags(policies string) (*PolicyTags, error) {
+	if policies == "" {
+		return nil, nil
+	}
+	p := &PolicyTags{Names: strings.Split(policies, policyNameSeparator)}
+	return p, p.verifyPolicyTags()
+}
+
+func (p *PolicyTags) Summary() string {
+	if len(p.Names) == 0 {
+		return ""
+	}
+	return fmt.Sprintf("%s=%s", policyTag,
+		strings.Join(p.Names, policyNameSeparator))
+}
+
+func (p *PolicyTags) String() string {
+	return p.Summary()
+}
+
+func ParsePolicyTags(policyTagsStr string) (*PolicyTags, error) {
+	if policyTagsStr == "" {
+		return nil, nil
+	}
+	names := strings.Split(policyTagsStr, policyStrSeparator)
+	if len(names) != 2 || names[0] != policyTag {
+		return nil, fmt.Errorf("Invalid policy string %s", policyTagsStr)
+	}
+	return NewPolicyTags(names[1])
+}
+
+func SamePolicyTags(p1, p2 *PolicyTags) bool {
+	if p1 == p2 {
+		return true
+	}
+	if p1 == nil && p2 != nil || p2 == nil && p1 != nil ||
+		len(p1.Names) != len(p2.Names) {
+		return false
+	}
+next:
+	for _, name := range p1.Names {
+		for _, othername := range p2.Names {
+			if name == othername {
+				continue next
+			}
+		}
+		return false
+	}
+	return true
+}
diff --git a/vendor/github.com/libopenstorage/openstorage/pkg/sched/sched.go b/vendor/github.com/libopenstorage/openstorage/pkg/sched/sched.go
new file mode 100644
index 0000000000..52238aa582
--- /dev/null
+++ b/vendor/github.com/libopenstorage/openstorage/pkg/sched/sched.go
@@ -0,0 +1,408 @@
+package sched
+
+import (
+	"container/list"
+	"fmt"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/libopenstorage/openstorage/pkg/dbg"
+	"github.com/sirupsen/logrus"
+)
+
+type TaskID uint64
+
+const (
+	TaskNone        = TaskID(0)
+	workerBatchSize = 10
+	maxWorkers      = 100
+	// Need to see how this value of idleTimeout works out. We may need to increase it if
+	// we see too much churn in the workers. But on the other hand, increasing the value by a lot could
+	// cause the excess workers to never exit since they might pick up tasks in round-robin fashion.
+	idleTimeout      = 30 * time.Second
+	statsLogDuration = 10 * time.Minute
+)
+
+func ValidTaskID(t TaskID) bool { return t != TaskNone }
+
+type ScheduleTask func(Interval)
+
+type histogram interface {
+	record(time.Duration)
+	getHistogram() string
+}
+
+type histImpl struct {
+	// lock for this struct
+	sync.Mutex
+	// name of the histogram
+	name string
+	// each bucket holds the count of values that fall between the limits of the previous bucket and this bucket
+	buckets []uint64
+	// limits for each bucket (except for the last one which is a catchall bucket);
+	// these are calcuated using min, max and multiplier
+	limits []time.Duration
+	// limit for the first bucket; values less than min are counted in the first bucket
+	min time.Duration
+	// limit for the second-to-last bucket; values greater than max are counted in the last bucket
+	max time.Duration
+	// each bucket's limit is calculated by multiplying the previous bucket's limit by this value
+	multiplier int
+}
+
+func newHistogram(name string, min, max time.Duration) histogram {
+	hist := &histImpl{
+		name:       name,
+		min:        min,
+		max:        max,
+		multiplier: 2,
+	}
+	for i := min; i < max; i = i * time.Duration(hist.multiplier) {
+		hist.buckets = append(hist.buckets, 0)
+		hist.limits = append(hist.limits, i)
+	}
+	// last bucket is a catchall for values greater than the max (approx)
+	hist.buckets = append(hist.buckets, 0)
+	return hist
+}
+
+func (h *histImpl) record(val time.Duration) {
+	h.Lock()
+	defer h.Unlock()
+	for i := range h.limits {
+		if val < h.limits[i] {
+			h.buckets[i]++
+			return
+		}
+	}
+	h.buckets[len(h.buckets)-1]++
+}
+
+func (h *histImpl) getHistogram() string {
+	h.Lock()
+	defer h.Unlock()
+
+	var total uint64
+	for i := range h.buckets {
+		total = total + h.buckets[i]
+	}
+	if total == 0 {
+		return ""
+	}
+	var out strings.Builder
+	out.WriteString(fmt.Sprintf("%s: ", h.name))
+	sep := ""
+	for i := range h.limits {
+		if h.buckets[i] > 0 {
+			out.WriteString(fmt.Sprintf("%s%v < %v (%v%%)", sep, h.buckets[i], h.limits[i], h.buckets[i]*100/total))
+			sep = ", "
+		}
+	}
+	lastBucket := len(h.buckets) - 1
+	if h.buckets[lastBucket] > 0 {
+		out.WriteString(fmt.Sprintf(
+			"%s%v > %v (%v%%)", sep, h.buckets[lastBucket], h.limits[lastBucket-1], h.buckets[lastBucket]*100/total))
+	}
+	return out.String()
+}
+
+type Scheduler interface {
+	// Schedule given task at given interval.
+	// Returns associated task id if scheduled successfully,
+	// or a non-nil error in case of error.
+	Schedule(task ScheduleTask, interval Interval,
+		runAt time.Time, onlyOnce bool) (TaskID, error)
+
+	// Cancel given task.
+	Cancel(taskID TaskID) error
+
+	// Restart scheduling.
+	Start()
+
+	// Stop scheduling.
+	Stop()
+}
+
+var instance Scheduler
+
+type taskInfo struct {
+	// ID unique task identifier
+	ID TaskID
+	// task function to run
+	task ScheduleTask
+	// interval at which task is scheduled
+	interval Interval
+	// runtAt is next time at which task is going to be scheduled
+	runAt time.Time
+	// onlyOnce one time execution only
+	onlyOnce bool
+	// valid is true until task is not cancelled
+	valid bool
+	// lock for the enqueued member
+	lock sync.Mutex
+	// enqueued is true if task is scheduled to run
+	enqueued bool
+}
+
+type manager struct {
+	sync.Mutex
+	// minimumInterval defines minimum task scheduling interval
+	minimumInterval time.Duration
+	// tasks is list of scheduled tasks
+	tasks *list.List
+	// currTaskID grows monotonically and gives next taskID
+	currTaskID TaskID
+	// ticker ticks every minimumInterval
+	ticker *time.Ticker
+	// started is true if schedular is not stopped
+	started bool
+	// enqueuedTasksLock protects enqueuedTasks
+	enqueuedTasksLock sync.Mutex
+	// cv signals when there are enqueuedTasks
+	cv *sync.Cond
+	// enqueuedTasks is list of tasks that must be run now
+	enqueuedTasks *list.List
+	// total number of worker goroutines that were started
+	workersStarted uint64
+	// total number of worker goroutines that exited
+	workersExited uint64
+	// histogram for interval between the ticks
+	tickIntervalHist histogram
+	// histogram for tick processing time
+	tickProcessHist histogram
+	// histogram for how late we were in enqueuing a ready task for handoff to the worker
+	taskScheduleHist histogram
+	// histogram for how late the worker was when starting the task
+	taskStartHist histogram
+	// histogram for how long a task was running
+	taskDurationHist histogram
+}
+
+func (s *manager) Schedule(
+	task ScheduleTask,
+	interval Interval,
+	runAt time.Time,
+	onlyOnce bool,
+) (TaskID, error) {
+	s.Lock()
+	defer s.Unlock()
+
+	if task == nil {
+		return TaskNone, fmt.Errorf("invalid task specified")
+	}
+	now := time.Now()
+	if interval.nextAfter(now).Sub(now) < time.Second {
+		return TaskNone, fmt.Errorf("minimum interval is a second")
+	}
+
+	s.currTaskID++
+	t := &taskInfo{ID: s.currTaskID,
+		task:     task,
+		interval: interval,
+		runAt:    interval.nextAfter(runAt),
+		valid:    true,
+		onlyOnce: onlyOnce,
+		lock:     sync.Mutex{},
+		enqueued: false}
+
+	s.tasks.PushBack(t)
+	return t.ID, nil
+}
+
+func (s *manager) Cancel(
+	taskID TaskID,
+) error {
+	s.Lock()
+	defer s.Unlock()
+
+	for e := s.tasks.Front(); e != nil; e = e.Next() {
+		t := e.Value.(*taskInfo)
+		if t.ID == taskID {
+			t.valid = false
+			s.tasks.Remove(e)
+			return nil
+		}
+	}
+	return fmt.Errorf("invalid task ID: %v", taskID)
+}
+
+func (s *manager) Stop() {
+	s.Lock()
+	s.ticker.Stop()
+	s.started = false
+	s.Unlock()
+
+	// Stop running any scheduled tasks.
+	s.enqueuedTasksLock.Lock()
+	s.enqueuedTasks.Init()
+	s.enqueuedTasksLock.Unlock()
+}
+
+func (s *manager) Start() {
+	s.Lock()
+	defer s.Unlock()
+
+	if !s.started {
+		s.ticker = time.NewTicker(s.minimumInterval)
+		s.started = true
+	}
+}
+
+func (s *manager) scheduleTasks() {
+	histLastPrinted := time.Now()
+	prevTick := time.Now()
+	for range s.ticker.C {
+		now := time.Now()
+		s.tickIntervalHist.record(now.Sub(prevTick))
+		s.Lock()
+		tasksReady := make([]*taskInfo, 0)
+		elementsToRemove := make([]*list.Element, 0)
+		for e := s.tasks.Front(); e != nil; e = e.Next() {
+			t := e.Value.(*taskInfo)
+			t.lock.Lock()
+			if !t.enqueued && (now.Equal(t.runAt) || now.After(t.runAt)) {
+				tasksReady = append(tasksReady, t)
+				t.enqueued = true
+				if t.onlyOnce {
+					elementsToRemove = append(elementsToRemove, e)
+				}
+			}
+			t.lock.Unlock()
+		}
+		for _, e := range elementsToRemove {
+			s.tasks.Remove(e)
+		}
+		s.Unlock()
+
+		var numEnqueued int
+		s.enqueuedTasksLock.Lock()
+		for _, t := range tasksReady {
+			s.taskScheduleHist.record(time.Since(t.runAt))
+			s.enqueuedTasks.PushBack(t)
+		}
+		s.cv.Broadcast()
+		numEnqueued = s.enqueuedTasks.Len()
+		s.enqueuedTasksLock.Unlock()
+		workersStarted, workersExited := s.addWorkersIfNeeded(numEnqueued)
+
+		// print stats
+		if time.Since(histLastPrinted) > statsLogDuration {
+			logrus.Infof("sched stats: workers: current=%v, started=%v, exited=%v",
+				workersStarted-workersExited, workersStarted, workersExited)
+			for _, hist := range []histogram{
+				s.tickIntervalHist, s.tickProcessHist, s.taskScheduleHist, s.taskStartHist, s.taskDurationHist} {
+
+				histStr := hist.getHistogram()
+				if histStr != "" {
+					logrus.Infof("sched stats: %s", hist.getHistogram())
+				}
+			}
+			histLastPrinted = time.Now()
+		}
+		s.tickProcessHist.record(time.Since(now))
+		prevTick = time.Now()
+	}
+}
+
+// for testing
+func (s *manager) getWorkerCount() int {
+	s.Lock()
+	defer s.Unlock()
+	return int(s.workersStarted - s.workersExited)
+}
+
+// Checks if the worker must exit because it has been idle for too long. The worker
+// must exit if the returned value is true.
+func (s *manager) workerMustExit(lastTaskRunAt time.Time) bool {
+	exit := false
+	if time.Since(lastTaskRunAt) > idleTimeout {
+		s.Lock()
+		if (s.workersStarted - s.workersExited) > workerBatchSize {
+			s.workersExited++
+			exit = true
+		}
+		s.Unlock()
+	}
+	return exit
+}
+
+func (s *manager) runTasks(workerID uuid.UUID) {
+	logrus.Debugf("sched worker %s starting", workerID)
+	lastTaskRunAt := time.Now()
+	for {
+		if s.workerMustExit(lastTaskRunAt) {
+			logrus.Debugf("sched worker %s exiting", workerID)
+			return
+		}
+		s.cv.L.Lock()
+		if s.enqueuedTasks.Len() == 0 {
+			s.cv.Wait()
+		}
+		var t *taskInfo
+		if s.enqueuedTasks.Len() > 0 {
+			t = s.enqueuedTasks.Front().Value.(*taskInfo)
+			s.enqueuedTasks.Remove(s.enqueuedTasks.Front())
+		}
+		s.cv.L.Unlock()
+		if t != nil && t.valid {
+			s.taskStartHist.record(time.Since(t.runAt))
+			// run the task
+			startTime := time.Now()
+			t.task(t.interval)
+			s.taskDurationHist.record(time.Since(startTime))
+
+			t.lock.Lock()
+			t.runAt = t.interval.nextAfter(time.Now())
+			t.enqueued = false
+			t.lock.Unlock()
+			lastTaskRunAt = time.Now()
+		}
+	}
+}
+
+// Starts a new batch of worker goroutines if needed
+func (s *manager) addWorkersIfNeeded(enqueuedTasks int) (uint64, uint64) {
+	s.Lock()
+	defer s.Unlock()
+	numWorkers := s.workersStarted - s.workersExited
+	if numWorkers < workerBatchSize || uint64(enqueuedTasks) > numWorkers+workerBatchSize {
+		for i := 0; i < workerBatchSize && numWorkers < maxWorkers; i++ {
+			go s.runTasks(uuid.New())
+			numWorkers++
+			s.workersStarted++
+		}
+	}
+	return s.workersStarted, s.workersExited
+}
+
+func New(minimumInterval time.Duration) Scheduler {
+	m := &manager{
+		tasks:             list.New(),
+		currTaskID:        0,
+		minimumInterval:   minimumInterval,
+		ticker:            time.NewTicker(minimumInterval),
+		enqueuedTasksLock: sync.Mutex{},
+		enqueuedTasks:     list.New(),
+		tickIntervalHist:  newHistogram("tick interval", 1200*time.Millisecond, 10*time.Minute),
+		tickProcessHist:   newHistogram("tick process durations", 500*time.Millisecond, 20*time.Minute),
+		taskScheduleHist:  newHistogram("task scheduling delay", 1*time.Second, 30*time.Minute),
+		taskStartHist:     newHistogram("task start delay", 1*time.Second, 30*time.Minute),
+		taskDurationHist:  newHistogram("task runtime", 500*time.Millisecond, 20*time.Minute),
+	}
+	m.cv = sync.NewCond(&m.enqueuedTasksLock)
+	m.addWorkersIfNeeded(0)
+	m.Start()
+	go m.scheduleTasks()
+	return m
+}
+
+func Init(minimumInterval time.Duration) {
+	dbg.Assert(instance == nil, "Scheduler already initialized")
+	instance = New(minimumInterval)
+}
+
+func Instance() Scheduler {
+	return instance
+}
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/NOTICE b/vendor/github.com/matttproud/golang_protobuf_extensions/NOTICE
deleted file mode 100644
index 5d8cb5b72e..0000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/NOTICE
+++ /dev/null
@@ -1 +0,0 @@
-Copyright 2012 Matt T. Proud (matt.proud@gmail.com)
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/.gitignore b/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/.gitignore
deleted file mode 100644
index e16fb946bb..0000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-cover.dat
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/Makefile b/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/Makefile
deleted file mode 100644
index 81be214370..0000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/Makefile
+++ /dev/null
@@ -1,7 +0,0 @@
-all:
-
-cover:
-	go test -cover -v -coverprofile=cover.dat ./...
-	go tool cover -func cover.dat
-
-.PHONY: cover
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/decode.go b/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/decode.go
deleted file mode 100644
index 258c0636aa..0000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/decode.go
+++ /dev/null
@@ -1,75 +0,0 @@
-// Copyright 2013 Matt T. Proud
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package pbutil
-
-import (
-	"encoding/binary"
-	"errors"
-	"io"
-
-	"github.com/golang/protobuf/proto"
-)
-
-var errInvalidVarint = errors.New("invalid varint32 encountered")
-
-// ReadDelimited decodes a message from the provided length-delimited stream,
-// where the length is encoded as 32-bit varint prefix to the message body.
-// It returns the total number of bytes read and any applicable error.  This is
-// roughly equivalent to the companion Java API's
-// MessageLite#parseDelimitedFrom.  As per the reader contract, this function
-// calls r.Read repeatedly as required until exactly one message including its
-// prefix is read and decoded (or an error has occurred).  The function never
-// reads more bytes from the stream than required.  The function never returns
-// an error if a message has been read and decoded correctly, even if the end
-// of the stream has been reached in doing so.  In that case, any subsequent
-// calls return (0, io.EOF).
-func ReadDelimited(r io.Reader, m proto.Message) (n int, err error) {
-	// Per AbstractParser#parsePartialDelimitedFrom with
-	// CodedInputStream#readRawVarint32.
-	var headerBuf [binary.MaxVarintLen32]byte
-	var bytesRead, varIntBytes int
-	var messageLength uint64
-	for varIntBytes == 0 { // i.e. no varint has been decoded yet.
-		if bytesRead >= len(headerBuf) {
-			return bytesRead, errInvalidVarint
-		}
-		// We have to read byte by byte here to avoid reading more bytes
-		// than required. Each read byte is appended to what we have
-		// read before.
-		newBytesRead, err := r.Read(headerBuf[bytesRead : bytesRead+1])
-		if newBytesRead == 0 {
-			if err != nil {
-				return bytesRead, err
-			}
-			// A Reader should not return (0, nil), but if it does,
-			// it should be treated as no-op (according to the
-			// Reader contract). So let's go on...
-			continue
-		}
-		bytesRead += newBytesRead
-		// Now present everything read so far to the varint decoder and
-		// see if a varint can be decoded already.
-		messageLength, varIntBytes = proto.DecodeVarint(headerBuf[:bytesRead])
-	}
-
-	messageBuf := make([]byte, messageLength)
-	newBytesRead, err := io.ReadFull(r, messageBuf)
-	bytesRead += newBytesRead
-	if err != nil {
-		return bytesRead, err
-	}
-
-	return bytesRead, proto.Unmarshal(messageBuf, m)
-}
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/encode.go b/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/encode.go
deleted file mode 100644
index 8fb59ad226..0000000000
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/encode.go
+++ /dev/null
@@ -1,46 +0,0 @@
-// Copyright 2013 Matt T. Proud
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package pbutil
-
-import (
-	"encoding/binary"
-	"io"
-
-	"github.com/golang/protobuf/proto"
-)
-
-// WriteDelimited encodes and dumps a message to the provided writer prefixed
-// with a 32-bit varint indicating the length of the encoded message, producing
-// a length-delimited record stream, which can be used to chain together
-// encoded messages of the same type together in a file.  It returns the total
-// number of bytes written and any applicable error.  This is roughly
-// equivalent to the companion Java API's MessageLite#writeDelimitedTo.
-func WriteDelimited(w io.Writer, m proto.Message) (n int, err error) {
-	buffer, err := proto.Marshal(m)
-	if err != nil {
-		return 0, err
-	}
-
-	var buf [binary.MaxVarintLen32]byte
-	encodedLength := binary.PutUvarint(buf[:], uint64(len(buffer)))
-
-	sync, err := w.Write(buf[:encodedLength])
-	if err != nil {
-		return sync, err
-	}
-
-	n, err = w.Write(buffer)
-	return n + sync, err
-}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/collectors/expvar_collector.go b/vendor/github.com/prometheus/client_golang/prometheus/collectors/expvar_collector.go
index 3aa8d0590b..b22d862fbc 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/collectors/expvar_collector.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/collectors/expvar_collector.go
@@ -22,7 +22,7 @@ import "github.com/prometheus/client_golang/prometheus"
 // Prometheus metrics. Note that the data models of expvar and Prometheus are
 // fundamentally different, and that the expvar Collector is inherently slower
 // than native Prometheus metrics. Thus, the expvar Collector is probably great
-// for experiments and prototying, but you should seriously consider a more
+// for experiments and prototyping, but you should seriously consider a more
 // direct implementation of Prometheus metrics for monitoring production
 // systems.
 //
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/collectors/go_collector_latest.go b/vendor/github.com/prometheus/client_golang/prometheus/collectors/go_collector_latest.go
index 2f5616894e..bcfa4fa10e 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/collectors/go_collector_latest.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/collectors/go_collector_latest.go
@@ -132,16 +132,19 @@ type GoCollectionOption uint32
 
 const (
 	// GoRuntimeMemStatsCollection represents the metrics represented by runtime.MemStats structure.
-	// Deprecated. Use WithGoCollectorMemStatsMetricsDisabled() function to disable those metrics in the collector.
+	//
+	// Deprecated: Use WithGoCollectorMemStatsMetricsDisabled() function to disable those metrics in the collector.
 	GoRuntimeMemStatsCollection GoCollectionOption = 1 << iota
 	// GoRuntimeMetricsCollection is the new set of metrics represented by runtime/metrics package.
-	// Deprecated. Use WithGoCollectorRuntimeMetrics(GoRuntimeMetricsRule{Matcher: regexp.MustCompile("/.*")})
+	//
+	// Deprecated: Use WithGoCollectorRuntimeMetrics(GoRuntimeMetricsRule{Matcher: regexp.MustCompile("/.*")})
 	// function to enable those metrics in the collector.
 	GoRuntimeMetricsCollection
 )
 
 // WithGoCollections allows enabling different collections for Go collector on top of base metrics.
-// Deprecated. Use WithGoCollectorRuntimeMetrics() and WithGoCollectorMemStatsMetricsDisabled() instead to control metrics.
+//
+// Deprecated: Use WithGoCollectorRuntimeMetrics() and WithGoCollectorMemStatsMetricsDisabled() instead to control metrics.
 func WithGoCollections(flags GoCollectionOption) func(options *internal.GoCollectorOptions) {
 	return func(options *internal.GoCollectorOptions) {
 		if flags&GoRuntimeMemStatsCollection == 0 {
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/counter.go b/vendor/github.com/prometheus/client_golang/prometheus/counter.go
index 62de4dc59a..4ce84e7a80 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/counter.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/counter.go
@@ -20,6 +20,7 @@ import (
 	"time"
 
 	dto "github.com/prometheus/client_model/go"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 // Counter is a Metric that represents a single numerical value that only ever
@@ -66,7 +67,7 @@ type CounterVecOpts struct {
 	CounterOpts
 
 	// VariableLabels are used to partition the metric vector by the given set
-	// of labels. Each label value will be constrained with the optional Contraint
+	// of labels. Each label value will be constrained with the optional Constraint
 	// function, if provided.
 	VariableLabels ConstrainableLabels
 }
@@ -90,8 +91,12 @@ func NewCounter(opts CounterOpts) Counter {
 		nil,
 		opts.ConstLabels,
 	)
-	result := &counter{desc: desc, labelPairs: desc.constLabelPairs, now: time.Now}
+	if opts.now == nil {
+		opts.now = time.Now
+	}
+	result := &counter{desc: desc, labelPairs: desc.constLabelPairs, now: opts.now}
 	result.init(result) // Init self-collection.
+	result.createdTs = timestamppb.New(opts.now())
 	return result
 }
 
@@ -106,10 +111,12 @@ type counter struct {
 	selfCollector
 	desc *Desc
 
+	createdTs  *timestamppb.Timestamp
 	labelPairs []*dto.LabelPair
 	exemplar   atomic.Value // Containing nil or a *dto.Exemplar.
 
-	now func() time.Time // To mock out time.Now() for testing.
+	// now is for testing purposes, by default it's time.Now.
+	now func() time.Time
 }
 
 func (c *counter) Desc() *Desc {
@@ -159,8 +166,7 @@ func (c *counter) Write(out *dto.Metric) error {
 		exemplar = e.(*dto.Exemplar)
 	}
 	val := c.get()
-
-	return populateMetric(CounterValue, val, c.labelPairs, exemplar, out)
+	return populateMetric(CounterValue, val, c.labelPairs, exemplar, out, c.createdTs)
 }
 
 func (c *counter) updateExemplar(v float64, l Labels) {
@@ -200,13 +206,17 @@ func (v2) NewCounterVec(opts CounterVecOpts) *CounterVec {
 		opts.VariableLabels,
 		opts.ConstLabels,
 	)
+	if opts.now == nil {
+		opts.now = time.Now
+	}
 	return &CounterVec{
 		MetricVec: NewMetricVec(desc, func(lvs ...string) Metric {
-			if len(lvs) != len(desc.variableLabels) {
-				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), lvs))
+			if len(lvs) != len(desc.variableLabels.names) {
+				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, lvs))
 			}
-			result := &counter{desc: desc, labelPairs: MakeLabelPairs(desc, lvs), now: time.Now}
+			result := &counter{desc: desc, labelPairs: MakeLabelPairs(desc, lvs), now: opts.now}
 			result.init(result) // Init self-collection.
+			result.createdTs = timestamppb.New(opts.now())
 			return result
 		}),
 	}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/desc.go b/vendor/github.com/prometheus/client_golang/prometheus/desc.go
index 12331542dd..68ffe3c248 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/desc.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/desc.go
@@ -18,12 +18,12 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/prometheus/client_golang/prometheus/internal"
-
 	"github.com/cespare/xxhash/v2"
 	dto "github.com/prometheus/client_model/go"
 	"github.com/prometheus/common/model"
 	"google.golang.org/protobuf/proto"
+
+	"github.com/prometheus/client_golang/prometheus/internal"
 )
 
 // Desc is the descriptor used by every Prometheus Metric. It is essentially
@@ -52,7 +52,7 @@ type Desc struct {
 	constLabelPairs []*dto.LabelPair
 	// variableLabels contains names of labels and normalization function for
 	// which the metric maintains variable values.
-	variableLabels ConstrainedLabels
+	variableLabels *compiledLabels
 	// id is a hash of the values of the ConstLabels and fqName. This
 	// must be unique among all registered descriptors and can therefore be
 	// used as an identifier of the descriptor.
@@ -93,7 +93,7 @@ func (v2) NewDesc(fqName, help string, variableLabels ConstrainableLabels, const
 	d := &Desc{
 		fqName:         fqName,
 		help:           help,
-		variableLabels: variableLabels.constrainedLabels(),
+		variableLabels: variableLabels.compile(),
 	}
 	if !model.IsValidMetricName(model.LabelValue(fqName)) {
 		d.err = fmt.Errorf("%q is not a valid metric name", fqName)
@@ -103,7 +103,7 @@ func (v2) NewDesc(fqName, help string, variableLabels ConstrainableLabels, const
 	// their sorted label names) plus the fqName (at position 0).
 	labelValues := make([]string, 1, len(constLabels)+1)
 	labelValues[0] = fqName
-	labelNames := make([]string, 0, len(constLabels)+len(d.variableLabels))
+	labelNames := make([]string, 0, len(constLabels)+len(d.variableLabels.names))
 	labelNameSet := map[string]struct{}{}
 	// First add only the const label names and sort them...
 	for labelName := range constLabels {
@@ -128,13 +128,13 @@ func (v2) NewDesc(fqName, help string, variableLabels ConstrainableLabels, const
 	// Now add the variable label names, but prefix them with something that
 	// cannot be in a regular label name. That prevents matching the label
 	// dimension with a different mix between preset and variable labels.
-	for _, label := range d.variableLabels {
-		if !checkLabelName(label.Name) {
-			d.err = fmt.Errorf("%q is not a valid label name for metric %q", label.Name, fqName)
+	for _, label := range d.variableLabels.names {
+		if !checkLabelName(label) {
+			d.err = fmt.Errorf("%q is not a valid label name for metric %q", label, fqName)
 			return d
 		}
-		labelNames = append(labelNames, "$"+label.Name)
-		labelNameSet[label.Name] = struct{}{}
+		labelNames = append(labelNames, "$"+label)
+		labelNameSet[label] = struct{}{}
 	}
 	if len(labelNames) != len(labelNameSet) {
 		d.err = fmt.Errorf("duplicate label names in constant and variable labels for metric %q", fqName)
@@ -189,11 +189,19 @@ func (d *Desc) String() string {
 			fmt.Sprintf("%s=%q", lp.GetName(), lp.GetValue()),
 		)
 	}
+	vlStrings := make([]string, 0, len(d.variableLabels.names))
+	for _, vl := range d.variableLabels.names {
+		if fn, ok := d.variableLabels.labelConstraints[vl]; ok && fn != nil {
+			vlStrings = append(vlStrings, fmt.Sprintf("c(%s)", vl))
+		} else {
+			vlStrings = append(vlStrings, vl)
+		}
+	}
 	return fmt.Sprintf(
-		"Desc{fqName: %q, help: %q, constLabels: {%s}, variableLabels: %v}",
+		"Desc{fqName: %q, help: %q, constLabels: {%s}, variableLabels: {%s}}",
 		d.fqName,
 		d.help,
 		strings.Join(lpStrings, ","),
-		d.variableLabels,
+		strings.Join(vlStrings, ","),
 	)
 }
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go b/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go
index c41ab37f3b..de5a856293 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go
@@ -48,7 +48,7 @@ func (e *expvarCollector) Collect(ch chan<- Metric) {
 			continue
 		}
 		var v interface{}
-		labels := make([]string, len(desc.variableLabels))
+		labels := make([]string, len(desc.variableLabels.names))
 		if err := json.Unmarshal([]byte(expVar.String()), &v); err != nil {
 			ch <- NewInvalidMetric(desc, err)
 			continue
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/gauge.go b/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
index f1ea6c76f7..dd2eac9406 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
@@ -62,7 +62,7 @@ type GaugeVecOpts struct {
 	GaugeOpts
 
 	// VariableLabels are used to partition the metric vector by the given set
-	// of labels. Each label value will be constrained with the optional Contraint
+	// of labels. Each label value will be constrained with the optional Constraint
 	// function, if provided.
 	VariableLabels ConstrainableLabels
 }
@@ -135,7 +135,7 @@ func (g *gauge) Sub(val float64) {
 
 func (g *gauge) Write(out *dto.Metric) error {
 	val := math.Float64frombits(atomic.LoadUint64(&g.valBits))
-	return populateMetric(GaugeValue, val, g.labelPairs, nil, out)
+	return populateMetric(GaugeValue, val, g.labelPairs, nil, out, nil)
 }
 
 // GaugeVec is a Collector that bundles a set of Gauges that all share the same
@@ -166,8 +166,8 @@ func (v2) NewGaugeVec(opts GaugeVecOpts) *GaugeVec {
 	)
 	return &GaugeVec{
 		MetricVec: NewMetricVec(desc, func(lvs ...string) Metric {
-			if len(lvs) != len(desc.variableLabels) {
-				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), lvs))
+			if len(lvs) != len(desc.variableLabels.names) {
+				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, lvs))
 			}
 			result := &gauge{desc: desc, labelPairs: MakeLabelPairs(desc, lvs)}
 			result.init(result) // Init self-collection.
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go b/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
index 5b69965b25..b5c8bcb395 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
@@ -25,6 +25,7 @@ import (
 	dto "github.com/prometheus/client_model/go"
 
 	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 // nativeHistogramBounds for the frac of observed values. Only relevant for
@@ -391,7 +392,7 @@ type HistogramOpts struct {
 	// zero, it is replaced by default buckets. The default buckets are
 	// DefBuckets if no buckets for a native histogram (see below) are used,
 	// otherwise the default is no buckets. (In other words, if you want to
-	// use both reguler buckets and buckets for a native histogram, you have
+	// use both regular buckets and buckets for a native histogram, you have
 	// to define the regular buckets here explicitly.)
 	Buckets []float64
 
@@ -401,7 +402,7 @@ type HistogramOpts struct {
 	// Histogram by a Prometheus server with that feature enabled (requires
 	// Prometheus v2.40+). Sparse buckets are exponential buckets covering
 	// the whole float64 range (with the exception of the “zero” bucket, see
-	// SparseBucketsZeroThreshold below). From any one bucket to the next,
+	// NativeHistogramZeroThreshold below). From any one bucket to the next,
 	// the width of the bucket grows by a constant
 	// factor. NativeHistogramBucketFactor provides an upper bound for this
 	// factor (exception see below). The smaller
@@ -413,8 +414,8 @@ type HistogramOpts struct {
 	// and 2, same as between 2 and 4, and 4 and 8, etc.).
 	//
 	// Details about the actually used factor: The factor is calculated as
-	// 2^(2^n), where n is an integer number between (and including) -8 and
-	// 4. n is chosen so that the resulting factor is the largest that is
+	// 2^(2^-n), where n is an integer number between (and including) -4 and
+	// 8. n is chosen so that the resulting factor is the largest that is
 	// still smaller or equal to NativeHistogramBucketFactor. Note that the
 	// smallest possible factor is therefore approx. 1.00271 (i.e. 2^(2^-8)
 	// ). If NativeHistogramBucketFactor is greater than 1 but smaller than
@@ -428,12 +429,12 @@ type HistogramOpts struct {
 	// a major version bump.
 	NativeHistogramBucketFactor float64
 	// All observations with an absolute value of less or equal
-	// NativeHistogramZeroThreshold are accumulated into a “zero”
-	// bucket. For best results, this should be close to a bucket
-	// boundary. This is usually the case if picking a power of two. If
+	// NativeHistogramZeroThreshold are accumulated into a “zero” bucket.
+	// For best results, this should be close to a bucket boundary. This is
+	// usually the case if picking a power of two. If
 	// NativeHistogramZeroThreshold is left at zero,
-	// DefSparseBucketsZeroThreshold is used as the threshold. To configure
-	// a zero bucket with an actual threshold of zero (i.e. only
+	// DefNativeHistogramZeroThreshold is used as the threshold. To
+	// configure a zero bucket with an actual threshold of zero (i.e. only
 	// observations of precisely zero will go into the zero bucket), set
 	// NativeHistogramZeroThreshold to the NativeHistogramZeroThresholdZero
 	// constant (or any negative float value).
@@ -446,26 +447,37 @@ type HistogramOpts struct {
 	// Histogram are sufficiently wide-spread. In particular, this could be
 	// used as a DoS attack vector. Where the observed values depend on
 	// external inputs, it is highly recommended to set a
-	// NativeHistogramMaxBucketNumber.)  Once the set
+	// NativeHistogramMaxBucketNumber.) Once the set
 	// NativeHistogramMaxBucketNumber is exceeded, the following strategy is
-	// enacted: First, if the last reset (or the creation) of the histogram
-	// is at least NativeHistogramMinResetDuration ago, then the whole
-	// histogram is reset to its initial state (including regular
-	// buckets). If less time has passed, or if
-	// NativeHistogramMinResetDuration is zero, no reset is
-	// performed. Instead, the zero threshold is increased sufficiently to
-	// reduce the number of buckets to or below
-	// NativeHistogramMaxBucketNumber, but not to more than
-	// NativeHistogramMaxZeroThreshold. Thus, if
-	// NativeHistogramMaxZeroThreshold is already at or below the current
-	// zero threshold, nothing happens at this step. After that, if the
-	// number of buckets still exceeds NativeHistogramMaxBucketNumber, the
-	// resolution of the histogram is reduced by doubling the width of the
-	// sparse buckets (up to a growth factor between one bucket to the next
-	// of 2^(2^4) = 65536, see above).
+	// enacted:
+	//  - First, if the last reset (or the creation) of the histogram is at
+	//    least NativeHistogramMinResetDuration ago, then the whole
+	//    histogram is reset to its initial state (including regular
+	//    buckets).
+	//  - If less time has passed, or if NativeHistogramMinResetDuration is
+	//    zero, no reset is performed. Instead, the zero threshold is
+	//    increased sufficiently to reduce the number of buckets to or below
+	//    NativeHistogramMaxBucketNumber, but not to more than
+	//    NativeHistogramMaxZeroThreshold. Thus, if
+	//    NativeHistogramMaxZeroThreshold is already at or below the current
+	//    zero threshold, nothing happens at this step.
+	//  - After that, if the number of buckets still exceeds
+	//    NativeHistogramMaxBucketNumber, the resolution of the histogram is
+	//    reduced by doubling the width of the sparse buckets (up to a
+	//    growth factor between one bucket to the next of 2^(2^4) = 65536,
+	//    see above).
+	//  - Any increased zero threshold or reduced resolution is reset back
+	//    to their original values once NativeHistogramMinResetDuration has
+	//    passed (since the last reset or the creation of the histogram).
 	NativeHistogramMaxBucketNumber  uint32
 	NativeHistogramMinResetDuration time.Duration
 	NativeHistogramMaxZeroThreshold float64
+
+	// now is for testing purposes, by default it's time.Now.
+	now func() time.Time
+
+	// afterFunc is for testing purposes, by default it's time.AfterFunc.
+	afterFunc func(time.Duration, func()) *time.Timer
 }
 
 // HistogramVecOpts bundles the options to create a HistogramVec metric.
@@ -475,7 +487,7 @@ type HistogramVecOpts struct {
 	HistogramOpts
 
 	// VariableLabels are used to partition the metric vector by the given set
-	// of labels. Each label value will be constrained with the optional Contraint
+	// of labels. Each label value will be constrained with the optional Constraint
 	// function, if provided.
 	VariableLabels ConstrainableLabels
 }
@@ -499,12 +511,12 @@ func NewHistogram(opts HistogramOpts) Histogram {
 }
 
 func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogram {
-	if len(desc.variableLabels) != len(labelValues) {
-		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), labelValues))
+	if len(desc.variableLabels.names) != len(labelValues) {
+		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, labelValues))
 	}
 
-	for _, n := range desc.variableLabels {
-		if n.Name == bucketLabel {
+	for _, n := range desc.variableLabels.names {
+		if n == bucketLabel {
 			panic(errBucketLabelNotAllowed)
 		}
 	}
@@ -514,6 +526,12 @@ func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogr
 		}
 	}
 
+	if opts.now == nil {
+		opts.now = time.Now
+	}
+	if opts.afterFunc == nil {
+		opts.afterFunc = time.AfterFunc
+	}
 	h := &histogram{
 		desc:                            desc,
 		upperBounds:                     opts.Buckets,
@@ -521,8 +539,9 @@ func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogr
 		nativeHistogramMaxBuckets:       opts.NativeHistogramMaxBucketNumber,
 		nativeHistogramMaxZeroThreshold: opts.NativeHistogramMaxZeroThreshold,
 		nativeHistogramMinResetDuration: opts.NativeHistogramMinResetDuration,
-		lastResetTime:                   time.Now(),
-		now:                             time.Now,
+		lastResetTime:                   opts.now(),
+		now:                             opts.now,
+		afterFunc:                       opts.afterFunc,
 	}
 	if len(h.upperBounds) == 0 && opts.NativeHistogramBucketFactor <= 1 {
 		h.upperBounds = DefBuckets
@@ -639,8 +658,8 @@ func (hc *histogramCounts) observe(v float64, bucket int, doSparse bool) {
 			if frac == 0.5 {
 				key--
 			}
-			div := 1 << -schema
-			key = (key + div - 1) / div
+			offset := (1 << -schema) - 1
+			key = (key + offset) >> -schema
 		}
 		if isInf {
 			key++
@@ -701,9 +720,18 @@ type histogram struct {
 	nativeHistogramMaxZeroThreshold float64
 	nativeHistogramMaxBuckets       uint32
 	nativeHistogramMinResetDuration time.Duration
-	lastResetTime                   time.Time // Protected by mtx.
-
-	now func() time.Time // To mock out time.Now() for testing.
+	// lastResetTime is protected by mtx. It is also used as created timestamp.
+	lastResetTime time.Time
+	// resetScheduled is protected by mtx. It is true if a reset is
+	// scheduled for a later time (when nativeHistogramMinResetDuration has
+	// passed).
+	resetScheduled bool
+
+	// now is for testing purposes, by default it's time.Now.
+	now func() time.Time
+
+	// afterFunc is for testing purposes, by default it's time.AfterFunc.
+	afterFunc func(time.Duration, func()) *time.Timer
 }
 
 func (h *histogram) Desc() *Desc {
@@ -742,9 +770,10 @@ func (h *histogram) Write(out *dto.Metric) error {
 	waitForCooldown(count, coldCounts)
 
 	his := &dto.Histogram{
-		Bucket:      make([]*dto.Bucket, len(h.upperBounds)),
-		SampleCount: proto.Uint64(count),
-		SampleSum:   proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
+		Bucket:           make([]*dto.Bucket, len(h.upperBounds)),
+		SampleCount:      proto.Uint64(count),
+		SampleSum:        proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
+		CreatedTimestamp: timestamppb.New(h.lastResetTime),
 	}
 	out.Histogram = his
 	out.Label = h.labelPairs
@@ -782,6 +811,16 @@ func (h *histogram) Write(out *dto.Metric) error {
 		his.ZeroCount = proto.Uint64(zeroBucket)
 		his.NegativeSpan, his.NegativeDelta = makeBuckets(&coldCounts.nativeHistogramBucketsNegative)
 		his.PositiveSpan, his.PositiveDelta = makeBuckets(&coldCounts.nativeHistogramBucketsPositive)
+
+		// Add a no-op span to a histogram without observations and with
+		// a zero threshold of zero. Otherwise, a native histogram would
+		// look like a classic histogram to scrapers.
+		if *his.ZeroThreshold == 0 && *his.ZeroCount == 0 && len(his.PositiveSpan) == 0 && len(his.NegativeSpan) == 0 {
+			his.PositiveSpan = []*dto.BucketSpan{{
+				Offset: proto.Int32(0),
+				Length: proto.Uint32(0),
+			}}
+		}
 	}
 	addAndResetCounts(hotCounts, coldCounts)
 	return nil
@@ -817,7 +856,7 @@ func (h *histogram) observe(v float64, bucket int) {
 	}
 }
 
-// limitSparsebuckets applies a strategy to limit the number of populated sparse
+// limitBuckets applies a strategy to limit the number of populated sparse
 // buckets. It's generally best effort, and there are situations where the
 // number can go higher (if even the lowest resolution isn't enough to reduce
 // the number sufficiently, or if the provided counts aren't fully updated yet
@@ -848,26 +887,39 @@ func (h *histogram) limitBuckets(counts *histogramCounts, value float64, bucket
 	if h.maybeReset(hotCounts, coldCounts, coldIdx, value, bucket) {
 		return
 	}
+	// One of the other strategies will happen. To undo what they will do as
+	// soon as enough time has passed to satisfy
+	// h.nativeHistogramMinResetDuration, schedule a reset at the right time
+	// if we haven't done so already.
+	if h.nativeHistogramMinResetDuration > 0 && !h.resetScheduled {
+		h.resetScheduled = true
+		h.afterFunc(h.nativeHistogramMinResetDuration-h.now().Sub(h.lastResetTime), h.reset)
+	}
+
 	if h.maybeWidenZeroBucket(hotCounts, coldCounts) {
 		return
 	}
 	h.doubleBucketWidth(hotCounts, coldCounts)
 }
 
-// maybeReset resests the whole histogram if at least h.nativeHistogramMinResetDuration
-// has been passed. It returns true if the histogram has been reset. The caller
-// must have locked h.mtx.
-func (h *histogram) maybeReset(hot, cold *histogramCounts, coldIdx uint64, value float64, bucket int) bool {
+// maybeReset resets the whole histogram if at least
+// h.nativeHistogramMinResetDuration has been passed. It returns true if the
+// histogram has been reset. The caller must have locked h.mtx.
+func (h *histogram) maybeReset(
+	hot, cold *histogramCounts, coldIdx uint64, value float64, bucket int,
+) bool {
 	// We are using the possibly mocked h.now() rather than
 	// time.Since(h.lastResetTime) to enable testing.
-	if h.nativeHistogramMinResetDuration == 0 || h.now().Sub(h.lastResetTime) < h.nativeHistogramMinResetDuration {
+	if h.nativeHistogramMinResetDuration == 0 || // No reset configured.
+		h.resetScheduled || // Do not interefere if a reset is already scheduled.
+		h.now().Sub(h.lastResetTime) < h.nativeHistogramMinResetDuration {
 		return false
 	}
 	// Completely reset coldCounts.
 	h.resetCounts(cold)
 	// Repeat the latest observation to not lose it completely.
 	cold.observe(value, bucket, true)
-	// Make coldCounts the new hot counts while ressetting countAndHotIdx.
+	// Make coldCounts the new hot counts while resetting countAndHotIdx.
 	n := atomic.SwapUint64(&h.countAndHotIdx, (coldIdx<<63)+1)
 	count := n & ((1 << 63) - 1)
 	waitForCooldown(count, hot)
@@ -877,6 +929,29 @@ func (h *histogram) maybeReset(hot, cold *histogramCounts, coldIdx uint64, value
 	return true
 }
 
+// reset resets the whole histogram. It locks h.mtx itself, i.e. it has to be
+// called without having locked h.mtx.
+func (h *histogram) reset() {
+	h.mtx.Lock()
+	defer h.mtx.Unlock()
+
+	n := atomic.LoadUint64(&h.countAndHotIdx)
+	hotIdx := n >> 63
+	coldIdx := (^n) >> 63
+	hot := h.counts[hotIdx]
+	cold := h.counts[coldIdx]
+	// Completely reset coldCounts.
+	h.resetCounts(cold)
+	// Make coldCounts the new hot counts while resetting countAndHotIdx.
+	n = atomic.SwapUint64(&h.countAndHotIdx, coldIdx<<63)
+	count := n & ((1 << 63) - 1)
+	waitForCooldown(count, hot)
+	// Finally, reset the formerly hot counts, too.
+	h.resetCounts(hot)
+	h.lastResetTime = h.now()
+	h.resetScheduled = false
+}
+
 // maybeWidenZeroBucket widens the zero bucket until it includes the existing
 // buckets closest to the zero bucket (which could be two, if an equidistant
 // negative and a positive bucket exists, but usually it's only one bucket to be
@@ -1176,6 +1251,7 @@ type constHistogram struct {
 	sum        float64
 	buckets    map[float64]uint64
 	labelPairs []*dto.LabelPair
+	createdTs  *timestamppb.Timestamp
 }
 
 func (h *constHistogram) Desc() *Desc {
@@ -1183,7 +1259,9 @@ func (h *constHistogram) Desc() *Desc {
 }
 
 func (h *constHistogram) Write(out *dto.Metric) error {
-	his := &dto.Histogram{}
+	his := &dto.Histogram{
+		CreatedTimestamp: h.createdTs,
+	}
 
 	buckets := make([]*dto.Bucket, 0, len(h.buckets))
 
@@ -1230,7 +1308,7 @@ func NewConstHistogram(
 	if desc.err != nil {
 		return nil, desc.err
 	}
-	if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil {
+	if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil {
 		return nil, err
 	}
 	return &constHistogram{
@@ -1324,7 +1402,7 @@ func makeBuckets(buckets *sync.Map) ([]*dto.BucketSpan, []int64) {
 		// Multiple spans with only small gaps in between are probably
 		// encoded more efficiently as one larger span with a few empty
 		// buckets. Needs some research to find the sweet spot. For now,
-		// we assume that gaps of one ore two buckets should not create
+		// we assume that gaps of one or two buckets should not create
 		// a new span.
 		iDelta := int32(i - nextI)
 		if n == 0 || iDelta > 2 {
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go b/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go
index fd0750f2cf..a595a20362 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go
@@ -14,7 +14,7 @@
 // It provides tools to compare sequences of strings and generate textual diffs.
 //
 // Maintaining `GetUnifiedDiffString` here because original repository
-// (https://github.com/pmezard/go-difflib) is no loger maintained.
+// (https://github.com/pmezard/go-difflib) is no longer maintained.
 package internal
 
 import (
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/labels.go b/vendor/github.com/prometheus/client_golang/prometheus/labels.go
index 63ff8683ce..c21911f292 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/labels.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/labels.go
@@ -32,19 +32,15 @@ import (
 // create a Desc.
 type Labels map[string]string
 
+// LabelConstraint normalizes label values.
+type LabelConstraint func(string) string
+
 // ConstrainedLabels represents a label name and its constrain function
 // to normalize label values. This type is commonly used when constructing
 // metric vector Collectors.
 type ConstrainedLabel struct {
 	Name       string
-	Constraint func(string) string
-}
-
-func (cl ConstrainedLabel) Constrain(v string) string {
-	if cl.Constraint == nil {
-		return v
-	}
-	return cl.Constraint(v)
+	Constraint LabelConstraint
 }
 
 // ConstrainableLabels is an interface that allows creating of labels that can
@@ -58,7 +54,7 @@ func (cl ConstrainedLabel) Constrain(v string) string {
 //	  },
 //	})
 type ConstrainableLabels interface {
-	constrainedLabels() ConstrainedLabels
+	compile() *compiledLabels
 	labelNames() []string
 }
 
@@ -67,8 +63,20 @@ type ConstrainableLabels interface {
 // metric vector Collectors.
 type ConstrainedLabels []ConstrainedLabel
 
-func (cls ConstrainedLabels) constrainedLabels() ConstrainedLabels {
-	return cls
+func (cls ConstrainedLabels) compile() *compiledLabels {
+	compiled := &compiledLabels{
+		names:            make([]string, len(cls)),
+		labelConstraints: map[string]LabelConstraint{},
+	}
+
+	for i, label := range cls {
+		compiled.names[i] = label.Name
+		if label.Constraint != nil {
+			compiled.labelConstraints[label.Name] = label.Constraint
+		}
+	}
+
+	return compiled
 }
 
 func (cls ConstrainedLabels) labelNames() []string {
@@ -92,18 +100,36 @@ func (cls ConstrainedLabels) labelNames() []string {
 //	}
 type UnconstrainedLabels []string
 
-func (uls UnconstrainedLabels) constrainedLabels() ConstrainedLabels {
-	constrainedLabels := make([]ConstrainedLabel, len(uls))
-	for i, l := range uls {
-		constrainedLabels[i] = ConstrainedLabel{Name: l}
+func (uls UnconstrainedLabels) compile() *compiledLabels {
+	return &compiledLabels{
+		names: uls,
 	}
-	return constrainedLabels
 }
 
 func (uls UnconstrainedLabels) labelNames() []string {
 	return uls
 }
 
+type compiledLabels struct {
+	names            []string
+	labelConstraints map[string]LabelConstraint
+}
+
+func (cls *compiledLabels) compile() *compiledLabels {
+	return cls
+}
+
+func (cls *compiledLabels) labelNames() []string {
+	return cls.names
+}
+
+func (cls *compiledLabels) constrain(labelName, value string) string {
+	if fn, ok := cls.labelConstraints[labelName]; ok && fn != nil {
+		return fn(value)
+	}
+	return value
+}
+
 // reservedLabelPrefix is a prefix which is not legal in user-supplied
 // label names.
 const reservedLabelPrefix = "__"
@@ -139,6 +165,8 @@ func validateValuesInLabels(labels Labels, expectedNumberOfValues int) error {
 
 func validateLabelValues(vals []string, expectedNumberOfValues int) error {
 	if len(vals) != expectedNumberOfValues {
+		// The call below makes vals escape, copy them to avoid that.
+		vals := append([]string(nil), vals...)
 		return fmt.Errorf(
 			"%w: expected %d label values but got %d in %#v",
 			errInconsistentCardinality, expectedNumberOfValues,
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/metric.go b/vendor/github.com/prometheus/client_golang/prometheus/metric.go
index 07bbc9d768..f018e57237 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/metric.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/metric.go
@@ -92,6 +92,9 @@ type Opts struct {
 	// machine_role metric). See also
 	// https://prometheus.io/docs/instrumenting/writing_exporters/#target-labels-not-static-scraped-labels
 	ConstLabels Labels
+
+	// now is for testing purposes, by default it's time.Now.
+	now func() time.Time
 }
 
 // BuildFQName joins the given three name components by "_". Empty name
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_other.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_other.go
index c0152cdb61..8c1136ceea 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/process_collector_other.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_other.go
@@ -11,8 +11,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-//go:build !windows && !js
-// +build !windows,!js
+//go:build !windows && !js && !wasip1
+// +build !windows,!js,!wasip1
 
 package prometheus
 
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/doc.go b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_wasip1.go
similarity index 63%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/doc.go
rename to vendor/github.com/prometheus/client_golang/prometheus/process_collector_wasip1.go
index c318385cbe..d8d9a6d7a2 100644
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/doc.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/process_collector_wasip1.go
@@ -1,10 +1,9 @@
-// Copyright 2013 Matt T. Proud
-//
+// Copyright 2023 The Prometheus Authors
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
-//     http://www.apache.org/licenses/LICENSE-2.0
+// http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,5 +11,16 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Package pbutil provides record length-delimited Protocol Buffer streaming.
-package pbutil
+//go:build wasip1
+// +build wasip1
+
+package prometheus
+
+func canCollectProcess() bool {
+	return false
+}
+
+func (*processCollector) processCollect(chan<- Metric) {
+	// noop on this platform
+	return
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/http.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/http.go
index a4cc9810b0..09b8d2fbea 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/http.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/http.go
@@ -37,6 +37,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -47,9 +48,10 @@ import (
 )
 
 const (
-	contentTypeHeader     = "Content-Type"
-	contentEncodingHeader = "Content-Encoding"
-	acceptEncodingHeader  = "Accept-Encoding"
+	contentTypeHeader      = "Content-Type"
+	contentEncodingHeader  = "Content-Encoding"
+	acceptEncodingHeader   = "Accept-Encoding"
+	processStartTimeHeader = "Process-Start-Time-Unix"
 )
 
 var gzipPool = sync.Pool{
@@ -121,6 +123,9 @@ func HandlerForTransactional(reg prometheus.TransactionalGatherer, opts HandlerO
 	}
 
 	h := http.HandlerFunc(func(rsp http.ResponseWriter, req *http.Request) {
+		if !opts.ProcessStartTime.IsZero() {
+			rsp.Header().Set(processStartTimeHeader, strconv.FormatInt(opts.ProcessStartTime.Unix(), 10))
+		}
 		if inFlightSem != nil {
 			select {
 			case inFlightSem <- struct{}{}: // All good, carry on.
@@ -366,6 +371,14 @@ type HandlerOpts struct {
 	// (which changes the identity of the resulting series on the Prometheus
 	// server).
 	EnableOpenMetrics bool
+	// ProcessStartTime allows setting process start timevalue that will be exposed
+	// with "Process-Start-Time-Unix" response header along with the metrics
+	// payload. This allow callers to have efficient transformations to cumulative
+	// counters (e.g. OpenTelemetry) or generally _created timestamp estimation per
+	// scrape target.
+	// NOTE: This feature is experimental and not covered by OpenMetrics or Prometheus
+	// exposition format.
+	ProcessStartTime time.Time
 }
 
 // gzipAccepted returns whether the client will accept gzip-encoded content.
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go
index 3793036ad0..356edb7868 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go
@@ -389,15 +389,12 @@ func isLabelCurried(c prometheus.Collector, label string) bool {
 	return true
 }
 
-// emptyLabels is a one-time allocation for non-partitioned metrics to avoid
-// unnecessary allocations on each request.
-var emptyLabels = prometheus.Labels{}
-
 func labels(code, method bool, reqMethod string, status int, extraMethods ...string) prometheus.Labels {
+	labels := prometheus.Labels{}
+
 	if !(code || method) {
-		return emptyLabels
+		return labels
 	}
-	labels := prometheus.Labels{}
 
 	if code {
 		labels["code"] = sanitizeCode(status)
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/registry.go b/vendor/github.com/prometheus/client_golang/prometheus/registry.go
index 44da9433be..5e2ced25a0 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/registry.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/registry.go
@@ -548,7 +548,7 @@ func (r *Registry) Gather() ([]*dto.MetricFamily, error) {
 			goroutineBudget--
 			runtime.Gosched()
 		}
-		// Once both checkedMetricChan and uncheckdMetricChan are closed
+		// Once both checkedMetricChan and uncheckedMetricChan are closed
 		// and drained, the contraption above will nil out cmc and umc,
 		// and then we can leave the collect loop here.
 		if cmc == nil && umc == nil {
@@ -963,9 +963,9 @@ func checkDescConsistency(
 	// Is the desc consistent with the content of the metric?
 	lpsFromDesc := make([]*dto.LabelPair, len(desc.constLabelPairs), len(dtoMetric.Label))
 	copy(lpsFromDesc, desc.constLabelPairs)
-	for _, l := range desc.variableLabels {
+	for _, l := range desc.variableLabels.names {
 		lpsFromDesc = append(lpsFromDesc, &dto.LabelPair{
-			Name: proto.String(l.Name),
+			Name: proto.String(l),
 		})
 	}
 	if len(lpsFromDesc) != len(dtoMetric.Label) {
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/summary.go b/vendor/github.com/prometheus/client_golang/prometheus/summary.go
index dd359264e5..1462704446 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/summary.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/summary.go
@@ -26,6 +26,7 @@ import (
 
 	"github.com/beorn7/perks/quantile"
 	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 // quantileLabel is used for the label that defines the quantile in a
@@ -145,6 +146,9 @@ type SummaryOpts struct {
 	// is the internal buffer size of the underlying package
 	// "github.com/bmizerany/perks/quantile").
 	BufCap uint32
+
+	// now is for testing purposes, by default it's time.Now.
+	now func() time.Time
 }
 
 // SummaryVecOpts bundles the options to create a SummaryVec metric.
@@ -154,7 +158,7 @@ type SummaryVecOpts struct {
 	SummaryOpts
 
 	// VariableLabels are used to partition the metric vector by the given set
-	// of labels. Each label value will be constrained with the optional Contraint
+	// of labels. Each label value will be constrained with the optional Constraint
 	// function, if provided.
 	VariableLabels ConstrainableLabels
 }
@@ -188,12 +192,12 @@ func NewSummary(opts SummaryOpts) Summary {
 }
 
 func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
-	if len(desc.variableLabels) != len(labelValues) {
-		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), labelValues))
+	if len(desc.variableLabels.names) != len(labelValues) {
+		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, labelValues))
 	}
 
-	for _, n := range desc.variableLabels {
-		if n.Name == quantileLabel {
+	for _, n := range desc.variableLabels.names {
+		if n == quantileLabel {
 			panic(errQuantileLabelNotAllowed)
 		}
 	}
@@ -222,6 +226,9 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 		opts.BufCap = DefBufCap
 	}
 
+	if opts.now == nil {
+		opts.now = time.Now
+	}
 	if len(opts.Objectives) == 0 {
 		// Use the lock-free implementation of a Summary without objectives.
 		s := &noObjectivesSummary{
@@ -230,6 +237,7 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 			counts:     [2]*summaryCounts{{}, {}},
 		}
 		s.init(s) // Init self-collection.
+		s.createdTs = timestamppb.New(opts.now())
 		return s
 	}
 
@@ -245,7 +253,7 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 		coldBuf:        make([]float64, 0, opts.BufCap),
 		streamDuration: opts.MaxAge / time.Duration(opts.AgeBuckets),
 	}
-	s.headStreamExpTime = time.Now().Add(s.streamDuration)
+	s.headStreamExpTime = opts.now().Add(s.streamDuration)
 	s.hotBufExpTime = s.headStreamExpTime
 
 	for i := uint32(0); i < opts.AgeBuckets; i++ {
@@ -259,6 +267,7 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 	sort.Float64s(s.sortedObjectives)
 
 	s.init(s) // Init self-collection.
+	s.createdTs = timestamppb.New(opts.now())
 	return s
 }
 
@@ -286,6 +295,8 @@ type summary struct {
 	headStream                       *quantile.Stream
 	headStreamIdx                    int
 	headStreamExpTime, hotBufExpTime time.Time
+
+	createdTs *timestamppb.Timestamp
 }
 
 func (s *summary) Desc() *Desc {
@@ -307,7 +318,9 @@ func (s *summary) Observe(v float64) {
 }
 
 func (s *summary) Write(out *dto.Metric) error {
-	sum := &dto.Summary{}
+	sum := &dto.Summary{
+		CreatedTimestamp: s.createdTs,
+	}
 	qs := make([]*dto.Quantile, 0, len(s.objectives))
 
 	s.bufMtx.Lock()
@@ -440,6 +453,8 @@ type noObjectivesSummary struct {
 	counts [2]*summaryCounts
 
 	labelPairs []*dto.LabelPair
+
+	createdTs *timestamppb.Timestamp
 }
 
 func (s *noObjectivesSummary) Desc() *Desc {
@@ -490,8 +505,9 @@ func (s *noObjectivesSummary) Write(out *dto.Metric) error {
 	}
 
 	sum := &dto.Summary{
-		SampleCount: proto.Uint64(count),
-		SampleSum:   proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
+		SampleCount:      proto.Uint64(count),
+		SampleSum:        proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
+		CreatedTimestamp: s.createdTs,
 	}
 
 	out.Summary = sum
@@ -681,6 +697,7 @@ type constSummary struct {
 	sum        float64
 	quantiles  map[float64]float64
 	labelPairs []*dto.LabelPair
+	createdTs  *timestamppb.Timestamp
 }
 
 func (s *constSummary) Desc() *Desc {
@@ -688,7 +705,9 @@ func (s *constSummary) Desc() *Desc {
 }
 
 func (s *constSummary) Write(out *dto.Metric) error {
-	sum := &dto.Summary{}
+	sum := &dto.Summary{
+		CreatedTimestamp: s.createdTs,
+	}
 	qs := make([]*dto.Quantile, 0, len(s.quantiles))
 
 	sum.SampleCount = proto.Uint64(s.count)
@@ -737,7 +756,7 @@ func NewConstSummary(
 	if desc.err != nil {
 		return nil, desc.err
 	}
-	if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil {
+	if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil {
 		return nil, err
 	}
 	return &constSummary{
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/value.go b/vendor/github.com/prometheus/client_golang/prometheus/value.go
index 5f6bb80014..cc23011fad 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/value.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/value.go
@@ -14,6 +14,7 @@
 package prometheus
 
 import (
+	"errors"
 	"fmt"
 	"sort"
 	"time"
@@ -91,7 +92,7 @@ func (v *valueFunc) Desc() *Desc {
 }
 
 func (v *valueFunc) Write(out *dto.Metric) error {
-	return populateMetric(v.valType, v.function(), v.labelPairs, nil, out)
+	return populateMetric(v.valType, v.function(), v.labelPairs, nil, out, nil)
 }
 
 // NewConstMetric returns a metric with one fixed value that cannot be
@@ -105,12 +106,12 @@ func NewConstMetric(desc *Desc, valueType ValueType, value float64, labelValues
 	if desc.err != nil {
 		return nil, desc.err
 	}
-	if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil {
+	if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil {
 		return nil, err
 	}
 
 	metric := &dto.Metric{}
-	if err := populateMetric(valueType, value, MakeLabelPairs(desc, labelValues), nil, metric); err != nil {
+	if err := populateMetric(valueType, value, MakeLabelPairs(desc, labelValues), nil, metric, nil); err != nil {
 		return nil, err
 	}
 
@@ -130,6 +131,43 @@ func MustNewConstMetric(desc *Desc, valueType ValueType, value float64, labelVal
 	return m
 }
 
+// NewConstMetricWithCreatedTimestamp does the same thing as NewConstMetric, but generates Counters
+// with created timestamp set and returns an error for other metric types.
+func NewConstMetricWithCreatedTimestamp(desc *Desc, valueType ValueType, value float64, ct time.Time, labelValues ...string) (Metric, error) {
+	if desc.err != nil {
+		return nil, desc.err
+	}
+	if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil {
+		return nil, err
+	}
+	switch valueType {
+	case CounterValue:
+		break
+	default:
+		return nil, errors.New("created timestamps are only supported for counters")
+	}
+
+	metric := &dto.Metric{}
+	if err := populateMetric(valueType, value, MakeLabelPairs(desc, labelValues), nil, metric, timestamppb.New(ct)); err != nil {
+		return nil, err
+	}
+
+	return &constMetric{
+		desc:   desc,
+		metric: metric,
+	}, nil
+}
+
+// MustNewConstMetricWithCreatedTimestamp is a version of NewConstMetricWithCreatedTimestamp that panics where
+// NewConstMetricWithCreatedTimestamp would have returned an error.
+func MustNewConstMetricWithCreatedTimestamp(desc *Desc, valueType ValueType, value float64, ct time.Time, labelValues ...string) Metric {
+	m, err := NewConstMetricWithCreatedTimestamp(desc, valueType, value, ct, labelValues...)
+	if err != nil {
+		panic(err)
+	}
+	return m
+}
+
 type constMetric struct {
 	desc   *Desc
 	metric *dto.Metric
@@ -153,11 +191,12 @@ func populateMetric(
 	labelPairs []*dto.LabelPair,
 	e *dto.Exemplar,
 	m *dto.Metric,
+	ct *timestamppb.Timestamp,
 ) error {
 	m.Label = labelPairs
 	switch t {
 	case CounterValue:
-		m.Counter = &dto.Counter{Value: proto.Float64(v), Exemplar: e}
+		m.Counter = &dto.Counter{Value: proto.Float64(v), Exemplar: e, CreatedTimestamp: ct}
 	case GaugeValue:
 		m.Gauge = &dto.Gauge{Value: proto.Float64(v)}
 	case UntypedValue:
@@ -176,19 +215,19 @@ func populateMetric(
 // This function is only needed for custom Metric implementations. See MetricVec
 // example.
 func MakeLabelPairs(desc *Desc, labelValues []string) []*dto.LabelPair {
-	totalLen := len(desc.variableLabels) + len(desc.constLabelPairs)
+	totalLen := len(desc.variableLabels.names) + len(desc.constLabelPairs)
 	if totalLen == 0 {
 		// Super fast path.
 		return nil
 	}
-	if len(desc.variableLabels) == 0 {
+	if len(desc.variableLabels.names) == 0 {
 		// Moderately fast path.
 		return desc.constLabelPairs
 	}
 	labelPairs := make([]*dto.LabelPair, 0, totalLen)
-	for i, l := range desc.variableLabels {
+	for i, l := range desc.variableLabels.names {
 		labelPairs = append(labelPairs, &dto.LabelPair{
-			Name:  proto.String(l.Name),
+			Name:  proto.String(l),
 			Value: proto.String(labelValues[i]),
 		})
 	}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/vec.go b/vendor/github.com/prometheus/client_golang/prometheus/vec.go
index 386fb2d23e..955cfd59f8 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/vec.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/vec.go
@@ -73,6 +73,7 @@ func NewMetricVec(desc *Desc, newMetric func(lvs ...string) Metric) *MetricVec {
 // See also the CounterVec example.
 func (m *MetricVec) DeleteLabelValues(lvs ...string) bool {
 	lvs = constrainLabelValues(m.desc, lvs, m.curry)
+
 	h, err := m.hashLabelValues(lvs)
 	if err != nil {
 		return false
@@ -92,7 +93,9 @@ func (m *MetricVec) DeleteLabelValues(lvs ...string) bool {
 // This method is used for the same purpose as DeleteLabelValues(...string). See
 // there for pros and cons of the two methods.
 func (m *MetricVec) Delete(labels Labels) bool {
-	labels = constrainLabels(m.desc, labels)
+	labels, closer := constrainLabels(m.desc, labels)
+	defer closer()
+
 	h, err := m.hashLabels(labels)
 	if err != nil {
 		return false
@@ -108,7 +111,9 @@ func (m *MetricVec) Delete(labels Labels) bool {
 // Note that curried labels will never be matched if deleting from the curried vector.
 // To match curried labels with DeletePartialMatch, it must be called on the base vector.
 func (m *MetricVec) DeletePartialMatch(labels Labels) int {
-	labels = constrainLabels(m.desc, labels)
+	labels, closer := constrainLabels(m.desc, labels)
+	defer closer()
+
 	return m.metricMap.deleteByLabels(labels, m.curry)
 }
 
@@ -147,11 +152,11 @@ func (m *MetricVec) CurryWith(labels Labels) (*MetricVec, error) {
 		oldCurry = m.curry
 		iCurry   int
 	)
-	for i, label := range m.desc.variableLabels {
-		val, ok := labels[label.Name]
+	for i, labelName := range m.desc.variableLabels.names {
+		val, ok := labels[labelName]
 		if iCurry < len(oldCurry) && oldCurry[iCurry].index == i {
 			if ok {
-				return nil, fmt.Errorf("label name %q is already curried", label.Name)
+				return nil, fmt.Errorf("label name %q is already curried", labelName)
 			}
 			newCurry = append(newCurry, oldCurry[iCurry])
 			iCurry++
@@ -159,7 +164,10 @@ func (m *MetricVec) CurryWith(labels Labels) (*MetricVec, error) {
 			if !ok {
 				continue // Label stays uncurried.
 			}
-			newCurry = append(newCurry, curriedLabelValue{i, label.Constrain(val)})
+			newCurry = append(newCurry, curriedLabelValue{
+				i,
+				m.desc.variableLabels.constrain(labelName, val),
+			})
 		}
 	}
 	if l := len(oldCurry) + len(labels) - len(newCurry); l > 0 {
@@ -228,7 +236,9 @@ func (m *MetricVec) GetMetricWithLabelValues(lvs ...string) (Metric, error) {
 // around MetricVec, implementing a vector for a specific Metric implementation,
 // for example GaugeVec.
 func (m *MetricVec) GetMetricWith(labels Labels) (Metric, error) {
-	labels = constrainLabels(m.desc, labels)
+	labels, closer := constrainLabels(m.desc, labels)
+	defer closer()
+
 	h, err := m.hashLabels(labels)
 	if err != nil {
 		return nil, err
@@ -238,7 +248,7 @@ func (m *MetricVec) GetMetricWith(labels Labels) (Metric, error) {
 }
 
 func (m *MetricVec) hashLabelValues(vals []string) (uint64, error) {
-	if err := validateLabelValues(vals, len(m.desc.variableLabels)-len(m.curry)); err != nil {
+	if err := validateLabelValues(vals, len(m.desc.variableLabels.names)-len(m.curry)); err != nil {
 		return 0, err
 	}
 
@@ -247,7 +257,7 @@ func (m *MetricVec) hashLabelValues(vals []string) (uint64, error) {
 		curry         = m.curry
 		iVals, iCurry int
 	)
-	for i := 0; i < len(m.desc.variableLabels); i++ {
+	for i := 0; i < len(m.desc.variableLabels.names); i++ {
 		if iCurry < len(curry) && curry[iCurry].index == i {
 			h = m.hashAdd(h, curry[iCurry].value)
 			iCurry++
@@ -261,7 +271,7 @@ func (m *MetricVec) hashLabelValues(vals []string) (uint64, error) {
 }
 
 func (m *MetricVec) hashLabels(labels Labels) (uint64, error) {
-	if err := validateValuesInLabels(labels, len(m.desc.variableLabels)-len(m.curry)); err != nil {
+	if err := validateValuesInLabels(labels, len(m.desc.variableLabels.names)-len(m.curry)); err != nil {
 		return 0, err
 	}
 
@@ -270,17 +280,17 @@ func (m *MetricVec) hashLabels(labels Labels) (uint64, error) {
 		curry  = m.curry
 		iCurry int
 	)
-	for i, label := range m.desc.variableLabels {
-		val, ok := labels[label.Name]
+	for i, labelName := range m.desc.variableLabels.names {
+		val, ok := labels[labelName]
 		if iCurry < len(curry) && curry[iCurry].index == i {
 			if ok {
-				return 0, fmt.Errorf("label name %q is already curried", label.Name)
+				return 0, fmt.Errorf("label name %q is already curried", labelName)
 			}
 			h = m.hashAdd(h, curry[iCurry].value)
 			iCurry++
 		} else {
 			if !ok {
-				return 0, fmt.Errorf("label name %q missing in label map", label.Name)
+				return 0, fmt.Errorf("label name %q missing in label map", labelName)
 			}
 			h = m.hashAdd(h, val)
 		}
@@ -458,7 +468,7 @@ func valueMatchesVariableOrCurriedValue(targetValue string, index int, values []
 func matchPartialLabels(desc *Desc, values []string, labels Labels, curry []curriedLabelValue) bool {
 	for l, v := range labels {
 		// Check if the target label exists in our metrics and get the index.
-		varLabelIndex, validLabel := indexOf(l, desc.variableLabels.labelNames())
+		varLabelIndex, validLabel := indexOf(l, desc.variableLabels.names)
 		if validLabel {
 			// Check the value of that label against the target value.
 			// We don't consider curried values in partial matches.
@@ -602,7 +612,7 @@ func matchLabels(desc *Desc, values []string, labels Labels, curry []curriedLabe
 		return false
 	}
 	iCurry := 0
-	for i, k := range desc.variableLabels {
+	for i, k := range desc.variableLabels.names {
 		if iCurry < len(curry) && curry[iCurry].index == i {
 			if values[i] != curry[iCurry].value {
 				return false
@@ -610,7 +620,7 @@ func matchLabels(desc *Desc, values []string, labels Labels, curry []curriedLabe
 			iCurry++
 			continue
 		}
-		if values[i] != labels[k.Name] {
+		if values[i] != labels[k] {
 			return false
 		}
 	}
@@ -620,13 +630,13 @@ func matchLabels(desc *Desc, values []string, labels Labels, curry []curriedLabe
 func extractLabelValues(desc *Desc, labels Labels, curry []curriedLabelValue) []string {
 	labelValues := make([]string, len(labels)+len(curry))
 	iCurry := 0
-	for i, k := range desc.variableLabels {
+	for i, k := range desc.variableLabels.names {
 		if iCurry < len(curry) && curry[iCurry].index == i {
 			labelValues[i] = curry[iCurry].value
 			iCurry++
 			continue
 		}
-		labelValues[i] = labels[k.Name]
+		labelValues[i] = labels[k]
 	}
 	return labelValues
 }
@@ -646,19 +656,37 @@ func inlineLabelValues(lvs []string, curry []curriedLabelValue) []string {
 	return labelValues
 }
 
-func constrainLabels(desc *Desc, labels Labels) Labels {
-	constrainedValues := make(Labels, len(labels))
+var labelsPool = &sync.Pool{
+	New: func() interface{} {
+		return make(Labels)
+	},
+}
+
+func constrainLabels(desc *Desc, labels Labels) (Labels, func()) {
+	if len(desc.variableLabels.labelConstraints) == 0 {
+		// Fast path when there's no constraints
+		return labels, func() {}
+	}
+
+	constrainedLabels := labelsPool.Get().(Labels)
 	for l, v := range labels {
-		if i, ok := indexOf(l, desc.variableLabels.labelNames()); ok {
-			constrainedValues[l] = desc.variableLabels[i].Constrain(v)
-			continue
+		constrainedLabels[l] = desc.variableLabels.constrain(l, v)
+	}
+
+	return constrainedLabels, func() {
+		for k := range constrainedLabels {
+			delete(constrainedLabels, k)
 		}
-		constrainedValues[l] = v
+		labelsPool.Put(constrainedLabels)
 	}
-	return constrainedValues
 }
 
 func constrainLabelValues(desc *Desc, lvs []string, curry []curriedLabelValue) []string {
+	if len(desc.variableLabels.labelConstraints) == 0 {
+		// Fast path when there's no constraints
+		return lvs
+	}
+
 	constrainedValues := make([]string, len(lvs))
 	var iCurry, iLVs int
 	for i := 0; i < len(lvs)+len(curry); i++ {
@@ -667,8 +695,11 @@ func constrainLabelValues(desc *Desc, lvs []string, curry []curriedLabelValue) [
 			continue
 		}
 
-		if i < len(desc.variableLabels) {
-			constrainedValues[iLVs] = desc.variableLabels[i].Constrain(lvs[iLVs])
+		if i < len(desc.variableLabels.names) {
+			constrainedValues[iLVs] = desc.variableLabels.constrain(
+				desc.variableLabels.names[i],
+				lvs[iLVs],
+			)
 		} else {
 			constrainedValues[iLVs] = lvs[iLVs]
 		}
diff --git a/vendor/github.com/prometheus/client_model/go/metrics.pb.go b/vendor/github.com/prometheus/client_model/go/metrics.pb.go
index 2b5bca4b99..2f15490758 100644
--- a/vendor/github.com/prometheus/client_model/go/metrics.pb.go
+++ b/vendor/github.com/prometheus/client_model/go/metrics.pb.go
@@ -215,8 +215,9 @@ type Counter struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Value    *float64  `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
-	Exemplar *Exemplar `protobuf:"bytes,2,opt,name=exemplar" json:"exemplar,omitempty"`
+	Value            *float64               `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
+	Exemplar         *Exemplar              `protobuf:"bytes,2,opt,name=exemplar" json:"exemplar,omitempty"`
+	CreatedTimestamp *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=created_timestamp,json=createdTimestamp" json:"created_timestamp,omitempty"`
 }
 
 func (x *Counter) Reset() {
@@ -265,6 +266,13 @@ func (x *Counter) GetExemplar() *Exemplar {
 	return nil
 }
 
+func (x *Counter) GetCreatedTimestamp() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedTimestamp
+	}
+	return nil
+}
+
 type Quantile struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -325,9 +333,10 @@ type Summary struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	SampleCount *uint64     `protobuf:"varint,1,opt,name=sample_count,json=sampleCount" json:"sample_count,omitempty"`
-	SampleSum   *float64    `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
-	Quantile    []*Quantile `protobuf:"bytes,3,rep,name=quantile" json:"quantile,omitempty"`
+	SampleCount      *uint64                `protobuf:"varint,1,opt,name=sample_count,json=sampleCount" json:"sample_count,omitempty"`
+	SampleSum        *float64               `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
+	Quantile         []*Quantile            `protobuf:"bytes,3,rep,name=quantile" json:"quantile,omitempty"`
+	CreatedTimestamp *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=created_timestamp,json=createdTimestamp" json:"created_timestamp,omitempty"`
 }
 
 func (x *Summary) Reset() {
@@ -383,6 +392,13 @@ func (x *Summary) GetQuantile() []*Quantile {
 	return nil
 }
 
+func (x *Summary) GetCreatedTimestamp() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedTimestamp
+	}
+	return nil
+}
+
 type Untyped struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -439,7 +455,8 @@ type Histogram struct {
 	SampleCountFloat *float64 `protobuf:"fixed64,4,opt,name=sample_count_float,json=sampleCountFloat" json:"sample_count_float,omitempty"` // Overrides sample_count if > 0.
 	SampleSum        *float64 `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
 	// Buckets for the conventional histogram.
-	Bucket []*Bucket `protobuf:"bytes,3,rep,name=bucket" json:"bucket,omitempty"` // Ordered in increasing order of upper_bound, +Inf bucket is optional.
+	Bucket           []*Bucket              `protobuf:"bytes,3,rep,name=bucket" json:"bucket,omitempty"` // Ordered in increasing order of upper_bound, +Inf bucket is optional.
+	CreatedTimestamp *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=created_timestamp,json=createdTimestamp" json:"created_timestamp,omitempty"`
 	// schema defines the bucket schema. Currently, valid numbers are -4 <= n <= 8.
 	// They are all for base-2 bucket schemas, where 1 is a bucket boundary in each case, and
 	// then each power of two is divided into 2^n logarithmic buckets.
@@ -457,12 +474,17 @@ type Histogram struct {
 	NegativeDelta []int64   `protobuf:"zigzag64,10,rep,name=negative_delta,json=negativeDelta" json:"negative_delta,omitempty"` // Count delta of each bucket compared to previous one (or to zero for 1st bucket).
 	NegativeCount []float64 `protobuf:"fixed64,11,rep,name=negative_count,json=negativeCount" json:"negative_count,omitempty"`  // Absolute count of each bucket.
 	// Positive buckets for the native histogram.
+	// Use a no-op span (offset 0, length 0) for a native histogram without any
+	// observations yet and with a zero_threshold of 0. Otherwise, it would be
+	// indistinguishable from a classic histogram.
 	PositiveSpan []*BucketSpan `protobuf:"bytes,12,rep,name=positive_span,json=positiveSpan" json:"positive_span,omitempty"`
 	// Use either "positive_delta" or "positive_count", the former for
 	// regular histograms with integer counts, the latter for float
 	// histograms.
 	PositiveDelta []int64   `protobuf:"zigzag64,13,rep,name=positive_delta,json=positiveDelta" json:"positive_delta,omitempty"` // Count delta of each bucket compared to previous one (or to zero for 1st bucket).
 	PositiveCount []float64 `protobuf:"fixed64,14,rep,name=positive_count,json=positiveCount" json:"positive_count,omitempty"`  // Absolute count of each bucket.
+	// Only used for native histograms. These exemplars MUST have a timestamp.
+	Exemplars []*Exemplar `protobuf:"bytes,16,rep,name=exemplars" json:"exemplars,omitempty"`
 }
 
 func (x *Histogram) Reset() {
@@ -525,6 +547,13 @@ func (x *Histogram) GetBucket() []*Bucket {
 	return nil
 }
 
+func (x *Histogram) GetCreatedTimestamp() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedTimestamp
+	}
+	return nil
+}
+
 func (x *Histogram) GetSchema() int32 {
 	if x != nil && x.Schema != nil {
 		return *x.Schema
@@ -595,6 +624,13 @@ func (x *Histogram) GetPositiveCount() []float64 {
 	return nil
 }
 
+func (x *Histogram) GetExemplars() []*Exemplar {
+	if x != nil {
+		return x.Exemplars
+	}
+	return nil
+}
+
 // A Bucket of a conventional histogram, each of which is treated as
 // an individual counter-like time series by Prometheus.
 type Bucket struct {
@@ -896,6 +932,7 @@ type MetricFamily struct {
 	Help   *string     `protobuf:"bytes,2,opt,name=help" json:"help,omitempty"`
 	Type   *MetricType `protobuf:"varint,3,opt,name=type,enum=io.prometheus.client.MetricType" json:"type,omitempty"`
 	Metric []*Metric   `protobuf:"bytes,4,rep,name=metric" json:"metric,omitempty"`
+	Unit   *string     `protobuf:"bytes,5,opt,name=unit" json:"unit,omitempty"`
 }
 
 func (x *MetricFamily) Reset() {
@@ -958,6 +995,13 @@ func (x *MetricFamily) GetMetric() []*Metric {
 	return nil
 }
 
+func (x *MetricFamily) GetUnit() string {
+	if x != nil && x.Unit != nil {
+		return *x.Unit
+	}
+	return ""
+}
+
 var File_io_prometheus_client_metrics_proto protoreflect.FileDescriptor
 
 var file_io_prometheus_client_metrics_proto_rawDesc = []byte{
@@ -972,137 +1016,156 @@ var file_io_prometheus_client_metrics_proto_rawDesc = []byte{
 	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c,
 	0x75, 0x65, 0x22, 0x1d, 0x0a, 0x05, 0x47, 0x61, 0x75, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76,
 	0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x22, 0x5b, 0x0a, 0x07, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c,
-	0x75, 0x65, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74,
-	0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65, 0x6d,
-	0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x22, 0x3c,
-	0x0a, 0x08, 0x51, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x71, 0x75,
-	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x08, 0x71, 0x75,
-	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x87, 0x01, 0x0a,
-	0x07, 0x53, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70,
+	0x65, 0x22, 0xa4, 0x01, 0x0a, 0x07, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65,
+	0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65,
+	0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x12,
+	0x47, 0x0a, 0x11, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73,
+	0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d,
+	0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x54,
+	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x3c, 0x0a, 0x08, 0x51, 0x75, 0x61, 0x6e,
+	0x74, 0x69, 0x6c, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65,
+	0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xd0, 0x01, 0x0a, 0x07, 0x53, 0x75, 0x6d, 0x6d, 0x61,
+	0x72, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75,
+	0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65,
+	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f,
+	0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x73, 0x61, 0x6d, 0x70, 0x6c,
+	0x65, 0x53, 0x75, 0x6d, 0x12, 0x3a, 0x0a, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65,
+	0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d,
+	0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x51, 0x75,
+	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x52, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65,
+	0x12, 0x47, 0x0a, 0x11, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69,
+	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64,
+	0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x1f, 0x0a, 0x07, 0x55, 0x6e, 0x74,
+	0x79, 0x70, 0x65, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xea, 0x05, 0x0a, 0x09, 0x48,
+	0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70,
 	0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b,
-	0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73,
-	0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52,
-	0x09, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x53, 0x75, 0x6d, 0x12, 0x3a, 0x0a, 0x08, 0x71, 0x75,
-	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69,
+	0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x73,
+	0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61,
+	0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x01, 0x52, 0x10, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43,
+	0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x61, 0x6d,
+	0x70, 0x6c, 0x65, 0x5f, 0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x73,
+	0x61, 0x6d, 0x70, 0x6c, 0x65, 0x53, 0x75, 0x6d, 0x12, 0x34, 0x0a, 0x06, 0x62, 0x75, 0x63, 0x6b,
+	0x65, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72,
+	0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e,
+	0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x06, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x47,
+	0x0a, 0x11, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74,
+	0x61, 0x6d, 0x70, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x54, 0x69,
+	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d,
+	0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x11, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12,
+	0x25, 0x0a, 0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c,
+	0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0d, 0x7a, 0x65, 0x72, 0x6f, 0x54, 0x68, 0x72,
+	0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x63,
+	0x6f, 0x75, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x7a, 0x65, 0x72, 0x6f,
+	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x63, 0x6f,
+	0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x01, 0x52,
+	0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12,
+	0x45, 0x0a, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x73, 0x70, 0x61, 0x6e,
+	0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d,
+	0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x42, 0x75,
+	0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x52, 0x0c, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69,
+	0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69,
+	0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x12, 0x52, 0x0d,
+	0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x25, 0x0a,
+	0x0e, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18,
+	0x0b, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43,
+	0x6f, 0x75, 0x6e, 0x74, 0x12, 0x45, 0x0a, 0x0d, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65,
+	0x5f, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x6f,
+	0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65,
+	0x6e, 0x74, 0x2e, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x52, 0x0c, 0x70,
+	0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x70,
+	0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x0d, 0x20,
+	0x03, 0x28, 0x12, 0x52, 0x0d, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x44, 0x65, 0x6c,
+	0x74, 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63,
+	0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d, 0x70, 0x6f, 0x73, 0x69,
+	0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x3c, 0x0a, 0x09, 0x65, 0x78, 0x65,
+	0x6d, 0x70, 0x6c, 0x61, 0x72, 0x73, 0x18, 0x10, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69,
 	0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69,
-	0x65, 0x6e, 0x74, 0x2e, 0x51, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x52, 0x08, 0x71, 0x75,
-	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x22, 0x1f, 0x0a, 0x07, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65,
-	0x64, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01,
-	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xe3, 0x04, 0x0a, 0x09, 0x48, 0x69, 0x73, 0x74,
-	0x6f, 0x67, 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f,
-	0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x61, 0x6d,
-	0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x73, 0x61, 0x6d, 0x70,
-	0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x01, 0x52, 0x10, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e,
-	0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65,
-	0x5f, 0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x73, 0x61, 0x6d, 0x70,
-	0x6c, 0x65, 0x53, 0x75, 0x6d, 0x12, 0x34, 0x0a, 0x06, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x18,
-	0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65,
-	0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x42, 0x75, 0x63,
-	0x6b, 0x65, 0x74, 0x52, 0x06, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73,
-	0x63, 0x68, 0x65, 0x6d, 0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x11, 0x52, 0x06, 0x73, 0x63, 0x68,
-	0x65, 0x6d, 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x74, 0x68, 0x72, 0x65,
-	0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0d, 0x7a, 0x65, 0x72,
-	0x6f, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x7a, 0x65,
-	0x72, 0x6f, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09,
-	0x7a, 0x65, 0x72, 0x6f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x7a, 0x65, 0x72,
-	0x6f, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x08, 0x20,
-	0x01, 0x28, 0x01, 0x52, 0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c,
-	0x6f, 0x61, 0x74, 0x12, 0x45, 0x0a, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f,
-	0x73, 0x70, 0x61, 0x6e, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x6f, 0x2e,
+	0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x09, 0x65, 0x78,
+	0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x73, 0x22, 0xc6, 0x01, 0x0a, 0x06, 0x42, 0x75, 0x63, 0x6b,
+	0x65, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65,
+	0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x63, 0x75,
+	0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x34, 0x0a,
+	0x16, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e,
+	0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x01, 0x52, 0x14, 0x63,
+	0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c,
+	0x6f, 0x61, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x75, 0x70, 0x70, 0x65, 0x72, 0x5f, 0x62, 0x6f, 0x75,
+	0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a, 0x75, 0x70, 0x70, 0x65, 0x72, 0x42,
+	0x6f, 0x75, 0x6e, 0x64, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d,
+	0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78,
+	0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72,
+	0x22, 0x3c, 0x0a, 0x0a, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x16,
+	0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x11, 0x52, 0x06,
+	0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x22, 0x91,
+	0x01, 0x0a, 0x08, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x12, 0x35, 0x0a, 0x05, 0x6c,
+	0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e,
 	0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e,
-	0x74, 0x2e, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x52, 0x0c, 0x6e, 0x65,
-	0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x65,
-	0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x0a, 0x20, 0x03,
-	0x28, 0x12, 0x52, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x44, 0x65, 0x6c, 0x74,
-	0x61, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f,
-	0x75, 0x6e, 0x74, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74,
-	0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x45, 0x0a, 0x0d, 0x70, 0x6f, 0x73, 0x69,
-	0x74, 0x69, 0x76, 0x65, 0x5f, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x20, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e,
-	0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61,
-	0x6e, 0x52, 0x0c, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12,
-	0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74,
-	0x61, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x12, 0x52, 0x0d, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76,
-	0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69,
-	0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d,
-	0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0xc6, 0x01,
-	0x0a, 0x06, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x75, 0x6d, 0x75,
-	0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x04, 0x52, 0x0f, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f,
-	0x75, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x16, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76,
-	0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04, 0x20,
-	0x01, 0x28, 0x01, 0x52, 0x14, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43,
-	0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x75, 0x70, 0x70,
-	0x65, 0x72, 0x5f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a,
-	0x75, 0x70, 0x70, 0x65, 0x72, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78,
-	0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69,
+	0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69, 0x72, 0x52, 0x05, 0x6c, 0x61, 0x62,
+	0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69,
+	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61,
+	0x6d, 0x70, 0x22, 0xff, 0x02, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x12, 0x35, 0x0a,
+	0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69,
 	0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69,
-	0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78,
-	0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x22, 0x3c, 0x0a, 0x0a, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74,
-	0x53, 0x70, 0x61, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x11, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06,
-	0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65,
-	0x6e, 0x67, 0x74, 0x68, 0x22, 0x91, 0x01, 0x0a, 0x08, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61,
-	0x72, 0x12, 0x35, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
-	0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69,
-	0x72, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x38,
-	0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74,
-	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0xff, 0x02, 0x0a, 0x06, 0x4d, 0x65, 0x74,
-	0x72, 0x69, 0x63, 0x12, 0x35, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65,
-	0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50,
-	0x61, 0x69, 0x72, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x31, 0x0a, 0x05, 0x67, 0x61,
-	0x75, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x6f, 0x2e, 0x70,
-	0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
-	0x2e, 0x47, 0x61, 0x75, 0x67, 0x65, 0x52, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x12, 0x37, 0x0a,
-	0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d,
-	0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63,
-	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x52, 0x07, 0x63,
-	0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x37, 0x0a, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72,
-	0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f,
-	0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x53,
-	0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x52, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12,
-	0x37, 0x0a, 0x07, 0x75, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
-	0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x52,
-	0x07, 0x75, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x12, 0x3d, 0x0a, 0x09, 0x68, 0x69, 0x73, 0x74,
-	0x6f, 0x67, 0x72, 0x61, 0x6d, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f,
+	0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69, 0x72, 0x52, 0x05, 0x6c,
+	0x61, 0x62, 0x65, 0x6c, 0x12, 0x31, 0x0a, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68,
+	0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x47, 0x61, 0x75, 0x67, 0x65,
+	0x52, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74,
+	0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72,
+	0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e,
+	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x52, 0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72,
+	0x12, 0x37, 0x0a, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75,
+	0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79,
+	0x52, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12, 0x37, 0x0a, 0x07, 0x75, 0x6e, 0x74,
+	0x79, 0x70, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e,
+	0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e,
+	0x74, 0x2e, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x52, 0x07, 0x75, 0x6e, 0x74, 0x79, 0x70,
+	0x65, 0x64, 0x12, 0x3d, 0x0a, 0x09, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x18,
+	0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65,
+	0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x48, 0x69, 0x73,
+	0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x52, 0x09, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61,
+	0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x5f, 0x6d,
+	0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61,
+	0x6d, 0x70, 0x4d, 0x73, 0x22, 0xb6, 0x01, 0x0a, 0x0c, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x46,
+	0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x65, 0x6c,
+	0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x65, 0x6c, 0x70, 0x12, 0x34, 0x0a,
+	0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x69, 0x6f,
 	0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65,
-	0x6e, 0x74, 0x2e, 0x48, 0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x52, 0x09, 0x68, 0x69,
-	0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x73,
-	0x74, 0x61, 0x6d, 0x70, 0x5f, 0x6d, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x74,
-	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4d, 0x73, 0x22, 0xa2, 0x01, 0x0a, 0x0c, 0x4d,
-	0x65, 0x74, 0x72, 0x69, 0x63, 0x46, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e,
-	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
-	0x12, 0x0a, 0x04, 0x68, 0x65, 0x6c, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68,
-	0x65, 0x6c, 0x70, 0x12, 0x34, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x0e, 0x32, 0x20, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75,
-	0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54,
-	0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x6d, 0x65, 0x74,
-	0x72, 0x69, 0x63, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70,
-	0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
-	0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x2a,
-	0x62, 0x0a, 0x0a, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a,
-	0x07, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x45, 0x52, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x47, 0x41,
-	0x55, 0x47, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x55, 0x4d, 0x4d, 0x41, 0x52, 0x59,
-	0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x54, 0x59, 0x50, 0x45, 0x44, 0x10, 0x03, 0x12,
-	0x0d, 0x0a, 0x09, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10, 0x04, 0x12, 0x13,
-	0x0a, 0x0f, 0x47, 0x41, 0x55, 0x47, 0x45, 0x5f, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41,
-	0x4d, 0x10, 0x05, 0x42, 0x52, 0x0a, 0x14, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74,
-	0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5a, 0x3a, 0x67, 0x69, 0x74,
-	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65,
-	0x75, 0x73, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x2f,
-	0x67, 0x6f, 0x3b, 0x69, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
-	0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
+	0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74,
+	0x79, 0x70, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x18, 0x04, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68,
+	0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69,
+	0x63, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x6e, 0x69,
+	0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x6e, 0x69, 0x74, 0x2a, 0x62, 0x0a,
+	0x0a, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x43,
+	0x4f, 0x55, 0x4e, 0x54, 0x45, 0x52, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x47, 0x41, 0x55, 0x47,
+	0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x55, 0x4d, 0x4d, 0x41, 0x52, 0x59, 0x10, 0x02,
+	0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x54, 0x59, 0x50, 0x45, 0x44, 0x10, 0x03, 0x12, 0x0d, 0x0a,
+	0x09, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10, 0x04, 0x12, 0x13, 0x0a, 0x0f,
+	0x47, 0x41, 0x55, 0x47, 0x45, 0x5f, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10,
+	0x05, 0x42, 0x52, 0x0a, 0x14, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65,
+	0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75,
+	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
+	0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x2f, 0x67, 0x6f,
+	0x3b, 0x69, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x5f, 0x63,
+	0x6c, 0x69, 0x65, 0x6e, 0x74,
 }
 
 var (
@@ -1137,26 +1200,30 @@ var file_io_prometheus_client_metrics_proto_goTypes = []interface{}{
 }
 var file_io_prometheus_client_metrics_proto_depIdxs = []int32{
 	10, // 0: io.prometheus.client.Counter.exemplar:type_name -> io.prometheus.client.Exemplar
-	4,  // 1: io.prometheus.client.Summary.quantile:type_name -> io.prometheus.client.Quantile
-	8,  // 2: io.prometheus.client.Histogram.bucket:type_name -> io.prometheus.client.Bucket
-	9,  // 3: io.prometheus.client.Histogram.negative_span:type_name -> io.prometheus.client.BucketSpan
-	9,  // 4: io.prometheus.client.Histogram.positive_span:type_name -> io.prometheus.client.BucketSpan
-	10, // 5: io.prometheus.client.Bucket.exemplar:type_name -> io.prometheus.client.Exemplar
-	1,  // 6: io.prometheus.client.Exemplar.label:type_name -> io.prometheus.client.LabelPair
-	13, // 7: io.prometheus.client.Exemplar.timestamp:type_name -> google.protobuf.Timestamp
-	1,  // 8: io.prometheus.client.Metric.label:type_name -> io.prometheus.client.LabelPair
-	2,  // 9: io.prometheus.client.Metric.gauge:type_name -> io.prometheus.client.Gauge
-	3,  // 10: io.prometheus.client.Metric.counter:type_name -> io.prometheus.client.Counter
-	5,  // 11: io.prometheus.client.Metric.summary:type_name -> io.prometheus.client.Summary
-	6,  // 12: io.prometheus.client.Metric.untyped:type_name -> io.prometheus.client.Untyped
-	7,  // 13: io.prometheus.client.Metric.histogram:type_name -> io.prometheus.client.Histogram
-	0,  // 14: io.prometheus.client.MetricFamily.type:type_name -> io.prometheus.client.MetricType
-	11, // 15: io.prometheus.client.MetricFamily.metric:type_name -> io.prometheus.client.Metric
-	16, // [16:16] is the sub-list for method output_type
-	16, // [16:16] is the sub-list for method input_type
-	16, // [16:16] is the sub-list for extension type_name
-	16, // [16:16] is the sub-list for extension extendee
-	0,  // [0:16] is the sub-list for field type_name
+	13, // 1: io.prometheus.client.Counter.created_timestamp:type_name -> google.protobuf.Timestamp
+	4,  // 2: io.prometheus.client.Summary.quantile:type_name -> io.prometheus.client.Quantile
+	13, // 3: io.prometheus.client.Summary.created_timestamp:type_name -> google.protobuf.Timestamp
+	8,  // 4: io.prometheus.client.Histogram.bucket:type_name -> io.prometheus.client.Bucket
+	13, // 5: io.prometheus.client.Histogram.created_timestamp:type_name -> google.protobuf.Timestamp
+	9,  // 6: io.prometheus.client.Histogram.negative_span:type_name -> io.prometheus.client.BucketSpan
+	9,  // 7: io.prometheus.client.Histogram.positive_span:type_name -> io.prometheus.client.BucketSpan
+	10, // 8: io.prometheus.client.Histogram.exemplars:type_name -> io.prometheus.client.Exemplar
+	10, // 9: io.prometheus.client.Bucket.exemplar:type_name -> io.prometheus.client.Exemplar
+	1,  // 10: io.prometheus.client.Exemplar.label:type_name -> io.prometheus.client.LabelPair
+	13, // 11: io.prometheus.client.Exemplar.timestamp:type_name -> google.protobuf.Timestamp
+	1,  // 12: io.prometheus.client.Metric.label:type_name -> io.prometheus.client.LabelPair
+	2,  // 13: io.prometheus.client.Metric.gauge:type_name -> io.prometheus.client.Gauge
+	3,  // 14: io.prometheus.client.Metric.counter:type_name -> io.prometheus.client.Counter
+	5,  // 15: io.prometheus.client.Metric.summary:type_name -> io.prometheus.client.Summary
+	6,  // 16: io.prometheus.client.Metric.untyped:type_name -> io.prometheus.client.Untyped
+	7,  // 17: io.prometheus.client.Metric.histogram:type_name -> io.prometheus.client.Histogram
+	0,  // 18: io.prometheus.client.MetricFamily.type:type_name -> io.prometheus.client.MetricType
+	11, // 19: io.prometheus.client.MetricFamily.metric:type_name -> io.prometheus.client.Metric
+	20, // [20:20] is the sub-list for method output_type
+	20, // [20:20] is the sub-list for method input_type
+	20, // [20:20] is the sub-list for extension type_name
+	20, // [20:20] is the sub-list for extension extendee
+	0,  // [0:20] is the sub-list for field type_name
 }
 
 func init() { file_io_prometheus_client_metrics_proto_init() }
diff --git a/vendor/github.com/prometheus/common/expfmt/decode.go b/vendor/github.com/prometheus/common/expfmt/decode.go
index f4fc884552..25cfaa2164 100644
--- a/vendor/github.com/prometheus/common/expfmt/decode.go
+++ b/vendor/github.com/prometheus/common/expfmt/decode.go
@@ -14,6 +14,7 @@
 package expfmt
 
 import (
+	"bufio"
 	"fmt"
 	"io"
 	"math"
@@ -21,8 +22,8 @@ import (
 	"net/http"
 
 	dto "github.com/prometheus/client_model/go"
+	"google.golang.org/protobuf/encoding/protodelim"
 
-	"github.com/matttproud/golang_protobuf_extensions/pbutil"
 	"github.com/prometheus/common/model"
 )
 
@@ -44,7 +45,7 @@ func ResponseFormat(h http.Header) Format {
 
 	mediatype, params, err := mime.ParseMediaType(ct)
 	if err != nil {
-		return FmtUnknown
+		return fmtUnknown
 	}
 
 	const textType = "text/plain"
@@ -52,42 +53,44 @@ func ResponseFormat(h http.Header) Format {
 	switch mediatype {
 	case ProtoType:
 		if p, ok := params["proto"]; ok && p != ProtoProtocol {
-			return FmtUnknown
+			return fmtUnknown
 		}
 		if e, ok := params["encoding"]; ok && e != "delimited" {
-			return FmtUnknown
+			return fmtUnknown
 		}
-		return FmtProtoDelim
+		return fmtProtoDelim
 
 	case textType:
 		if v, ok := params["version"]; ok && v != TextVersion {
-			return FmtUnknown
+			return fmtUnknown
 		}
-		return FmtText
+		return fmtText
 	}
 
-	return FmtUnknown
+	return fmtUnknown
 }
 
 // NewDecoder returns a new decoder based on the given input format.
 // If the input format does not imply otherwise, a text format decoder is returned.
 func NewDecoder(r io.Reader, format Format) Decoder {
-	switch format {
-	case FmtProtoDelim:
-		return &protoDecoder{r: r}
+	switch format.FormatType() {
+	case TypeProtoDelim:
+		return &protoDecoder{r: bufio.NewReader(r)}
 	}
 	return &textDecoder{r: r}
 }
 
 // protoDecoder implements the Decoder interface for protocol buffers.
 type protoDecoder struct {
-	r io.Reader
+	r protodelim.Reader
 }
 
 // Decode implements the Decoder interface.
 func (d *protoDecoder) Decode(v *dto.MetricFamily) error {
-	_, err := pbutil.ReadDelimited(d.r, v)
-	if err != nil {
+	opts := protodelim.UnmarshalOptions{
+		MaxSize: -1,
+	}
+	if err := opts.UnmarshalFrom(d.r, v); err != nil {
 		return err
 	}
 	if !model.IsValidMetricName(model.LabelValue(v.GetName())) {
@@ -132,7 +135,10 @@ func (d *textDecoder) Decode(v *dto.MetricFamily) error {
 	}
 	// Pick off one MetricFamily per Decode until there's nothing left.
 	for key, fam := range d.fams {
-		*v = *fam
+		v.Name = fam.Name
+		v.Help = fam.Help
+		v.Type = fam.Type
+		v.Metric = fam.Metric
 		delete(d.fams, key)
 		return nil
 	}
diff --git a/vendor/github.com/prometheus/common/expfmt/encode.go b/vendor/github.com/prometheus/common/expfmt/encode.go
index 64dc0eb40c..ff5ef7a9d9 100644
--- a/vendor/github.com/prometheus/common/expfmt/encode.go
+++ b/vendor/github.com/prometheus/common/expfmt/encode.go
@@ -18,9 +18,12 @@ import (
 	"io"
 	"net/http"
 
-	"github.com/golang/protobuf/proto" //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/matttproud/golang_protobuf_extensions/pbutil"
-	"github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg"
+	"google.golang.org/protobuf/encoding/protodelim"
+	"google.golang.org/protobuf/encoding/prototext"
+
+	"github.com/prometheus/common/model"
+
+	"github.com/munnerz/goautoneg"
 
 	dto "github.com/prometheus/client_model/go"
 )
@@ -60,23 +63,32 @@ func (ec encoderCloser) Close() error {
 // as the support is still experimental. To include the option to negotiate
 // FmtOpenMetrics, use NegotiateOpenMetrics.
 func Negotiate(h http.Header) Format {
+	escapingScheme := Format(fmt.Sprintf("; escaping=%s", Format(model.NameEscapingScheme.String())))
 	for _, ac := range goautoneg.ParseAccept(h.Get(hdrAccept)) {
+		if escapeParam := ac.Params[model.EscapingKey]; escapeParam != "" {
+			switch Format(escapeParam) {
+			case model.AllowUTF8, model.EscapeUnderscores, model.EscapeDots, model.EscapeValues:
+				escapingScheme = Format(fmt.Sprintf("; escaping=%s", escapeParam))
+			default:
+				// If the escaping parameter is unknown, ignore it.
+			}
+		}
 		ver := ac.Params["version"]
 		if ac.Type+"/"+ac.SubType == ProtoType && ac.Params["proto"] == ProtoProtocol {
 			switch ac.Params["encoding"] {
 			case "delimited":
-				return FmtProtoDelim
+				return fmtProtoDelim + escapingScheme
 			case "text":
-				return FmtProtoText
+				return fmtProtoText + escapingScheme
 			case "compact-text":
-				return FmtProtoCompact
+				return fmtProtoCompact + escapingScheme
 			}
 		}
 		if ac.Type == "text" && ac.SubType == "plain" && (ver == TextVersion || ver == "") {
-			return FmtText
+			return fmtText + escapingScheme
 		}
 	}
-	return FmtText
+	return fmtText + escapingScheme
 }
 
 // NegotiateIncludingOpenMetrics works like Negotiate but includes
@@ -84,26 +96,40 @@ func Negotiate(h http.Header) Format {
 // temporary and will disappear once FmtOpenMetrics is fully supported and as
 // such may be negotiated by the normal Negotiate function.
 func NegotiateIncludingOpenMetrics(h http.Header) Format {
+	escapingScheme := Format(fmt.Sprintf("; escaping=%s", Format(model.NameEscapingScheme.String())))
 	for _, ac := range goautoneg.ParseAccept(h.Get(hdrAccept)) {
+		if escapeParam := ac.Params[model.EscapingKey]; escapeParam != "" {
+			switch Format(escapeParam) {
+			case model.AllowUTF8, model.EscapeUnderscores, model.EscapeDots, model.EscapeValues:
+				escapingScheme = Format(fmt.Sprintf("; escaping=%s", escapeParam))
+			default:
+				// If the escaping parameter is unknown, ignore it.
+			}
+		}
 		ver := ac.Params["version"]
 		if ac.Type+"/"+ac.SubType == ProtoType && ac.Params["proto"] == ProtoProtocol {
 			switch ac.Params["encoding"] {
 			case "delimited":
-				return FmtProtoDelim
+				return fmtProtoDelim + escapingScheme
 			case "text":
-				return FmtProtoText
+				return fmtProtoText + escapingScheme
 			case "compact-text":
-				return FmtProtoCompact
+				return fmtProtoCompact + escapingScheme
 			}
 		}
 		if ac.Type == "text" && ac.SubType == "plain" && (ver == TextVersion || ver == "") {
-			return FmtText
+			return fmtText + escapingScheme
 		}
-		if ac.Type+"/"+ac.SubType == OpenMetricsType && (ver == OpenMetricsVersion || ver == "") {
-			return FmtOpenMetrics
+		if ac.Type+"/"+ac.SubType == OpenMetricsType && (ver == OpenMetricsVersion_0_0_1 || ver == OpenMetricsVersion_1_0_0 || ver == "") {
+			switch ver {
+			case OpenMetricsVersion_1_0_0:
+				return fmtOpenMetrics_1_0_0 + escapingScheme
+			default:
+				return fmtOpenMetrics_0_0_1 + escapingScheme
+			}
 		}
 	}
-	return FmtText
+	return fmtText + escapingScheme
 }
 
 // NewEncoder returns a new encoder based on content type negotiation. All
@@ -112,44 +138,54 @@ func NegotiateIncludingOpenMetrics(h http.Header) Format {
 // for FmtOpenMetrics, but a future (breaking) release will add the Close method
 // to the Encoder interface directly. The current version of the Encoder
 // interface is kept for backwards compatibility.
-func NewEncoder(w io.Writer, format Format) Encoder {
-	switch format {
-	case FmtProtoDelim:
+// In cases where the Format does not allow for UTF-8 names, the global
+// NameEscapingScheme will be applied.
+//
+// NewEncoder can be called with additional options to customize the OpenMetrics text output.
+// For example:
+// NewEncoder(w, FmtOpenMetrics_1_0_0, WithCreatedLines())
+//
+// Extra options are ignored for all other formats.
+func NewEncoder(w io.Writer, format Format, options ...EncoderOption) Encoder {
+	escapingScheme := format.ToEscapingScheme()
+
+	switch format.FormatType() {
+	case TypeProtoDelim:
 		return encoderCloser{
 			encode: func(v *dto.MetricFamily) error {
-				_, err := pbutil.WriteDelimited(w, v)
+				_, err := protodelim.MarshalTo(w, v)
 				return err
 			},
 			close: func() error { return nil },
 		}
-	case FmtProtoCompact:
+	case TypeProtoCompact:
 		return encoderCloser{
 			encode: func(v *dto.MetricFamily) error {
-				_, err := fmt.Fprintln(w, v.String())
+				_, err := fmt.Fprintln(w, model.EscapeMetricFamily(v, escapingScheme).String())
 				return err
 			},
 			close: func() error { return nil },
 		}
-	case FmtProtoText:
+	case TypeProtoText:
 		return encoderCloser{
 			encode: func(v *dto.MetricFamily) error {
-				_, err := fmt.Fprintln(w, proto.MarshalTextString(v))
+				_, err := fmt.Fprintln(w, prototext.Format(model.EscapeMetricFamily(v, escapingScheme)))
 				return err
 			},
 			close: func() error { return nil },
 		}
-	case FmtText:
+	case TypeTextPlain:
 		return encoderCloser{
 			encode: func(v *dto.MetricFamily) error {
-				_, err := MetricFamilyToText(w, v)
+				_, err := MetricFamilyToText(w, model.EscapeMetricFamily(v, escapingScheme))
 				return err
 			},
 			close: func() error { return nil },
 		}
-	case FmtOpenMetrics:
+	case TypeOpenMetrics:
 		return encoderCloser{
 			encode: func(v *dto.MetricFamily) error {
-				_, err := MetricFamilyToOpenMetrics(w, v)
+				_, err := MetricFamilyToOpenMetrics(w, model.EscapeMetricFamily(v, escapingScheme), options...)
 				return err
 			},
 			close: func() error {
diff --git a/vendor/github.com/prometheus/common/expfmt/expfmt.go b/vendor/github.com/prometheus/common/expfmt/expfmt.go
index 0f176fa64f..051b38cd17 100644
--- a/vendor/github.com/prometheus/common/expfmt/expfmt.go
+++ b/vendor/github.com/prometheus/common/expfmt/expfmt.go
@@ -14,28 +14,164 @@
 // Package expfmt contains tools for reading and writing Prometheus metrics.
 package expfmt
 
+import (
+	"fmt"
+	"strings"
+
+	"github.com/prometheus/common/model"
+)
+
 // Format specifies the HTTP content type of the different wire protocols.
 type Format string
 
-// Constants to assemble the Content-Type values for the different wire protocols.
+// Constants to assemble the Content-Type values for the different wire
+// protocols. The Content-Type strings here are all for the legacy exposition
+// formats, where valid characters for metric names and label names are limited.
+// Support for arbitrary UTF-8 characters in those names is already partially
+// implemented in this module (see model.ValidationScheme), but to actually use
+// it on the wire, new content-type strings will have to be agreed upon and
+// added here.
 const (
-	TextVersion        = "0.0.4"
-	ProtoType          = `application/vnd.google.protobuf`
-	ProtoProtocol      = `io.prometheus.client.MetricFamily`
-	ProtoFmt           = ProtoType + "; proto=" + ProtoProtocol + ";"
-	OpenMetricsType    = `application/openmetrics-text`
-	OpenMetricsVersion = "0.0.1"
-
-	// The Content-Type values for the different wire protocols.
-	FmtUnknown      Format = `<unknown>`
-	FmtText         Format = `text/plain; version=` + TextVersion + `; charset=utf-8`
-	FmtProtoDelim   Format = ProtoFmt + ` encoding=delimited`
-	FmtProtoText    Format = ProtoFmt + ` encoding=text`
-	FmtProtoCompact Format = ProtoFmt + ` encoding=compact-text`
-	FmtOpenMetrics  Format = OpenMetricsType + `; version=` + OpenMetricsVersion + `; charset=utf-8`
+	TextVersion              = "0.0.4"
+	ProtoType                = `application/vnd.google.protobuf`
+	ProtoProtocol            = `io.prometheus.client.MetricFamily`
+	protoFmt                 = ProtoType + "; proto=" + ProtoProtocol + ";"
+	OpenMetricsType          = `application/openmetrics-text`
+	OpenMetricsVersion_0_0_1 = "0.0.1"
+	OpenMetricsVersion_1_0_0 = "1.0.0"
+
+	// The Content-Type values for the different wire protocols. Note that these
+	// values are now unexported. If code was relying on comparisons to these
+	// constants, instead use FormatType().
+	fmtUnknown           Format = `<unknown>`
+	fmtText              Format = `text/plain; version=` + TextVersion + `; charset=utf-8`
+	fmtProtoDelim        Format = protoFmt + ` encoding=delimited`
+	fmtProtoText         Format = protoFmt + ` encoding=text`
+	fmtProtoCompact      Format = protoFmt + ` encoding=compact-text`
+	fmtOpenMetrics_1_0_0 Format = OpenMetricsType + `; version=` + OpenMetricsVersion_1_0_0 + `; charset=utf-8`
+	fmtOpenMetrics_0_0_1 Format = OpenMetricsType + `; version=` + OpenMetricsVersion_0_0_1 + `; charset=utf-8`
 )
 
 const (
 	hdrContentType = "Content-Type"
 	hdrAccept      = "Accept"
 )
+
+// FormatType is a Go enum representing the overall category for the given
+// Format. As the number of Format permutations increases, doing basic string
+// comparisons are not feasible, so this enum captures the most useful
+// high-level attribute of the Format string.
+type FormatType int
+
+const (
+	TypeUnknown FormatType = iota
+	TypeProtoCompact
+	TypeProtoDelim
+	TypeProtoText
+	TypeTextPlain
+	TypeOpenMetrics
+)
+
+// NewFormat generates a new Format from the type provided. Mostly used for
+// tests, most Formats should be generated as part of content negotiation in
+// encode.go. If a type has more than one version, the latest version will be
+// returned.
+func NewFormat(t FormatType) Format {
+	switch t {
+	case TypeProtoCompact:
+		return fmtProtoCompact
+	case TypeProtoDelim:
+		return fmtProtoDelim
+	case TypeProtoText:
+		return fmtProtoText
+	case TypeTextPlain:
+		return fmtText
+	case TypeOpenMetrics:
+		return fmtOpenMetrics_1_0_0
+	default:
+		return fmtUnknown
+	}
+}
+
+// NewOpenMetricsFormat generates a new OpenMetrics format matching the
+// specified version number.
+func NewOpenMetricsFormat(version string) (Format, error) {
+	if version == OpenMetricsVersion_0_0_1 {
+		return fmtOpenMetrics_0_0_1, nil
+	}
+	if version == OpenMetricsVersion_1_0_0 {
+		return fmtOpenMetrics_1_0_0, nil
+	}
+	return fmtUnknown, fmt.Errorf("unknown open metrics version string")
+}
+
+// FormatType deduces an overall FormatType for the given format.
+func (f Format) FormatType() FormatType {
+	toks := strings.Split(string(f), ";")
+	params := make(map[string]string)
+	for i, t := range toks {
+		if i == 0 {
+			continue
+		}
+		args := strings.Split(t, "=")
+		if len(args) != 2 {
+			continue
+		}
+		params[strings.TrimSpace(args[0])] = strings.TrimSpace(args[1])
+	}
+
+	switch strings.TrimSpace(toks[0]) {
+	case ProtoType:
+		if params["proto"] != ProtoProtocol {
+			return TypeUnknown
+		}
+		switch params["encoding"] {
+		case "delimited":
+			return TypeProtoDelim
+		case "text":
+			return TypeProtoText
+		case "compact-text":
+			return TypeProtoCompact
+		default:
+			return TypeUnknown
+		}
+	case OpenMetricsType:
+		if params["charset"] != "utf-8" {
+			return TypeUnknown
+		}
+		return TypeOpenMetrics
+	case "text/plain":
+		v, ok := params["version"]
+		if !ok {
+			return TypeTextPlain
+		}
+		if v == TextVersion {
+			return TypeTextPlain
+		}
+		return TypeUnknown
+	default:
+		return TypeUnknown
+	}
+}
+
+// ToEscapingScheme returns an EscapingScheme depending on the Format. Iff the
+// Format contains a escaping=allow-utf-8 term, it will select NoEscaping. If a valid
+// "escaping" term exists, that will be used. Otherwise, the global default will
+// be returned.
+func (format Format) ToEscapingScheme() model.EscapingScheme {
+	for _, p := range strings.Split(string(format), ";") {
+		toks := strings.Split(p, "=")
+		if len(toks) != 2 {
+			continue
+		}
+		key, value := strings.TrimSpace(toks[0]), strings.TrimSpace(toks[1])
+		if key == model.EscapingKey {
+			scheme, err := model.ToEscapingScheme(value)
+			if err != nil {
+				return model.NameEscapingScheme
+			}
+			return scheme
+		}
+	}
+	return model.NameEscapingScheme
+}
diff --git a/vendor/github.com/prometheus/common/expfmt/openmetrics_create.go b/vendor/github.com/prometheus/common/expfmt/openmetrics_create.go
index 21cdddcf05..353c5e93f9 100644
--- a/vendor/github.com/prometheus/common/expfmt/openmetrics_create.go
+++ b/vendor/github.com/prometheus/common/expfmt/openmetrics_create.go
@@ -22,11 +22,47 @@ import (
 	"strconv"
 	"strings"
 
+	"google.golang.org/protobuf/types/known/timestamppb"
+
 	"github.com/prometheus/common/model"
 
 	dto "github.com/prometheus/client_model/go"
 )
 
+type encoderOption struct {
+	withCreatedLines bool
+	withUnit         bool
+}
+
+type EncoderOption func(*encoderOption)
+
+// WithCreatedLines is an EncoderOption that configures the OpenMetrics encoder
+// to include _created lines (See
+// https://github.com/OpenObservability/OpenMetrics/blob/main/specification/OpenMetrics.md#counter-1).
+// Created timestamps can improve the accuracy of series reset detection, but
+// come with a bandwidth cost.
+//
+// At the time of writing, created timestamp ingestion is still experimental in
+// Prometheus and need to be enabled with the feature-flag
+// `--feature-flag=created-timestamp-zero-ingestion`, and breaking changes are
+// still possible. Therefore, it is recommended to use this feature with caution.
+func WithCreatedLines() EncoderOption {
+	return func(t *encoderOption) {
+		t.withCreatedLines = true
+	}
+}
+
+// WithUnit is an EncoderOption enabling a set unit to be written to the output
+// and to be added to the metric name, if it's not there already, as a suffix.
+// Without opting in this way, the unit will not be added to the metric name and,
+// on top of that, the unit will not be passed onto the output, even if it
+// were declared in the *dto.MetricFamily struct, i.e. even if in.Unit !=nil.
+func WithUnit() EncoderOption {
+	return func(t *encoderOption) {
+		t.withUnit = true
+	}
+}
+
 // MetricFamilyToOpenMetrics converts a MetricFamily proto message into the
 // OpenMetrics text format and writes the resulting lines to 'out'. It returns
 // the number of bytes written and any error encountered. The output will have
@@ -35,6 +71,18 @@ import (
 // sanity checks. If the input contains duplicate metrics or invalid metric or
 // label names, the conversion will result in invalid text format output.
 //
+// If metric names conform to the legacy validation pattern, they will be placed
+// outside the brackets in the traditional way, like `foo{}`. If the metric name
+// fails the legacy validation check, it will be placed quoted inside the
+// brackets: `{"foo"}`. As stated above, the input is assumed to be santized and
+// no error will be thrown in this case.
+//
+// Similar to metric names, if label names conform to the legacy validation
+// pattern, they will be unquoted as normal, like `foo{bar="baz"}`. If the label
+// name fails the legacy validation check, it will be quoted:
+// `foo{"bar"="baz"}`. As stated above, the input is assumed to be santized and
+// no error will be thrown in this case.
+//
 // This function fulfills the type 'expfmt.encoder'.
 //
 // Note that OpenMetrics requires a final `# EOF` line. Since this function acts
@@ -47,20 +95,34 @@ import (
 // Prometheus to OpenMetrics or vice versa:
 //
 //   - Counters are expected to have the `_total` suffix in their metric name. In
-//     the output, the suffix will be truncated from the `# TYPE` and `# HELP`
-//     line. A counter with a missing `_total` suffix is not an error. However,
+//     the output, the suffix will be truncated from the `# TYPE`, `# HELP` and `# UNIT`
+//     lines. A counter with a missing `_total` suffix is not an error. However,
 //     its type will be set to `unknown` in that case to avoid invalid OpenMetrics
 //     output.
 //
-//   - No support for the following (optional) features: `# UNIT` line, `_created`
-//     line, info type, stateset type, gaugehistogram type.
+//   - According to the OM specs, the `# UNIT` line is optional, but if populated,
+//     the unit has to be present in the metric name as its suffix:
+//     (see https://github.com/OpenObservability/OpenMetrics/blob/main/specification/OpenMetrics.md#unit).
+//     However, in order to accommodate any potential scenario where such a change in the
+//     metric name is not desirable, the users are here given the choice of either explicitly
+//     opt in, in case they wish for the unit to be included in the output AND in the metric name
+//     as a suffix (see the description of the WithUnit function above),
+//     or not to opt in, in case they don't want for any of that to happen.
+//
+//   - No support for the following (optional) features: info type,
+//     stateset type, gaugehistogram type.
 //
 //   - The size of exemplar labels is not checked (i.e. it's possible to create
 //     exemplars that are larger than allowed by the OpenMetrics specification).
 //
 //   - The value of Counters is not checked. (OpenMetrics doesn't allow counters
 //     with a `NaN` value.)
-func MetricFamilyToOpenMetrics(out io.Writer, in *dto.MetricFamily) (written int, err error) {
+func MetricFamilyToOpenMetrics(out io.Writer, in *dto.MetricFamily, options ...EncoderOption) (written int, err error) {
+	toOM := encoderOption{}
+	for _, option := range options {
+		option(&toOM)
+	}
+
 	name := in.GetName()
 	if name == "" {
 		return 0, fmt.Errorf("MetricFamily has no name: %s", in)
@@ -83,12 +145,15 @@ func MetricFamilyToOpenMetrics(out io.Writer, in *dto.MetricFamily) (written int
 	}
 
 	var (
-		n          int
-		metricType = in.GetType()
-		shortName  = name
+		n             int
+		metricType    = in.GetType()
+		compliantName = name
 	)
-	if metricType == dto.MetricType_COUNTER && strings.HasSuffix(shortName, "_total") {
-		shortName = name[:len(name)-6]
+	if metricType == dto.MetricType_COUNTER && strings.HasSuffix(compliantName, "_total") {
+		compliantName = name[:len(name)-6]
+	}
+	if toOM.withUnit && in.Unit != nil && !strings.HasSuffix(compliantName, fmt.Sprintf("_%s", *in.Unit)) {
+		compliantName = compliantName + fmt.Sprintf("_%s", *in.Unit)
 	}
 
 	// Comments, first HELP, then TYPE.
@@ -98,7 +163,7 @@ func MetricFamilyToOpenMetrics(out io.Writer, in *dto.MetricFamily) (written int
 		if err != nil {
 			return
 		}
-		n, err = w.WriteString(shortName)
+		n, err = writeName(w, compliantName)
 		written += n
 		if err != nil {
 			return
@@ -124,7 +189,7 @@ func MetricFamilyToOpenMetrics(out io.Writer, in *dto.MetricFamily) (written int
 	if err != nil {
 		return
 	}
-	n, err = w.WriteString(shortName)
+	n, err = writeName(w, compliantName)
 	written += n
 	if err != nil {
 		return
@@ -151,55 +216,89 @@ func MetricFamilyToOpenMetrics(out io.Writer, in *dto.MetricFamily) (written int
 	if err != nil {
 		return
 	}
+	if toOM.withUnit && in.Unit != nil {
+		n, err = w.WriteString("# UNIT ")
+		written += n
+		if err != nil {
+			return
+		}
+		n, err = writeName(w, compliantName)
+		written += n
+		if err != nil {
+			return
+		}
+
+		err = w.WriteByte(' ')
+		written++
+		if err != nil {
+			return
+		}
+		n, err = writeEscapedString(w, *in.Unit, true)
+		written += n
+		if err != nil {
+			return
+		}
+		err = w.WriteByte('\n')
+		written++
+		if err != nil {
+			return
+		}
+	}
+
+	var createdTsBytesWritten int
 
 	// Finally the samples, one line for each.
+	if metricType == dto.MetricType_COUNTER && strings.HasSuffix(name, "_total") {
+		compliantName = compliantName + "_total"
+	}
 	for _, metric := range in.Metric {
 		switch metricType {
 		case dto.MetricType_COUNTER:
 			if metric.Counter == nil {
 				return written, fmt.Errorf(
-					"expected counter in metric %s %s", name, metric,
+					"expected counter in metric %s %s", compliantName, metric,
 				)
 			}
-			// Note that we have ensured above that either the name
-			// ends on `_total` or that the rendered type is
-			// `unknown`. Therefore, no `_total` must be added here.
 			n, err = writeOpenMetricsSample(
-				w, name, "", metric, "", 0,
+				w, compliantName, "", metric, "", 0,
 				metric.Counter.GetValue(), 0, false,
 				metric.Counter.Exemplar,
 			)
+			if toOM.withCreatedLines && metric.Counter.CreatedTimestamp != nil {
+				createdTsBytesWritten, err = writeOpenMetricsCreated(w, compliantName, "_total", metric, "", 0, metric.Counter.GetCreatedTimestamp())
+				n += createdTsBytesWritten
+			}
 		case dto.MetricType_GAUGE:
 			if metric.Gauge == nil {
 				return written, fmt.Errorf(
-					"expected gauge in metric %s %s", name, metric,
+					"expected gauge in metric %s %s", compliantName, metric,
 				)
 			}
 			n, err = writeOpenMetricsSample(
-				w, name, "", metric, "", 0,
+				w, compliantName, "", metric, "", 0,
 				metric.Gauge.GetValue(), 0, false,
 				nil,
 			)
 		case dto.MetricType_UNTYPED:
 			if metric.Untyped == nil {
 				return written, fmt.Errorf(
-					"expected untyped in metric %s %s", name, metric,
+					"expected untyped in metric %s %s", compliantName, metric,
 				)
 			}
 			n, err = writeOpenMetricsSample(
-				w, name, "", metric, "", 0,
+				w, compliantName, "", metric, "", 0,
 				metric.Untyped.GetValue(), 0, false,
 				nil,
 			)
 		case dto.MetricType_SUMMARY:
 			if metric.Summary == nil {
 				return written, fmt.Errorf(
-					"expected summary in metric %s %s", name, metric,
+					"expected summary in metric %s %s", compliantName, metric,
 				)
 			}
 			for _, q := range metric.Summary.Quantile {
 				n, err = writeOpenMetricsSample(
-					w, name, "", metric,
+					w, compliantName, "", metric,
 					model.QuantileLabel, q.GetQuantile(),
 					q.GetValue(), 0, false,
 					nil,
@@ -210,7 +309,7 @@ func MetricFamilyToOpenMetrics(out io.Writer, in *dto.MetricFamily) (written int
 				}
 			}
 			n, err = writeOpenMetricsSample(
-				w, name, "_sum", metric, "", 0,
+				w, compliantName, "_sum", metric, "", 0,
 				metric.Summary.GetSampleSum(), 0, false,
 				nil,
 			)
@@ -219,20 +318,24 @@ func MetricFamilyToOpenMetrics(out io.Writer, in *dto.MetricFamily) (written int
 				return
 			}
 			n, err = writeOpenMetricsSample(
-				w, name, "_count", metric, "", 0,
+				w, compliantName, "_count", metric, "", 0,
 				0, metric.Summary.GetSampleCount(), true,
 				nil,
 			)
+			if toOM.withCreatedLines && metric.Summary.CreatedTimestamp != nil {
+				createdTsBytesWritten, err = writeOpenMetricsCreated(w, compliantName, "", metric, "", 0, metric.Summary.GetCreatedTimestamp())
+				n += createdTsBytesWritten
+			}
 		case dto.MetricType_HISTOGRAM:
 			if metric.Histogram == nil {
 				return written, fmt.Errorf(
-					"expected histogram in metric %s %s", name, metric,
+					"expected histogram in metric %s %s", compliantName, metric,
 				)
 			}
 			infSeen := false
 			for _, b := range metric.Histogram.Bucket {
 				n, err = writeOpenMetricsSample(
-					w, name, "_bucket", metric,
+					w, compliantName, "_bucket", metric,
 					model.BucketLabel, b.GetUpperBound(),
 					0, b.GetCumulativeCount(), true,
 					b.Exemplar,
@@ -247,7 +350,7 @@ func MetricFamilyToOpenMetrics(out io.Writer, in *dto.MetricFamily) (written int
 			}
 			if !infSeen {
 				n, err = writeOpenMetricsSample(
-					w, name, "_bucket", metric,
+					w, compliantName, "_bucket", metric,
 					model.BucketLabel, math.Inf(+1),
 					0, metric.Histogram.GetSampleCount(), true,
 					nil,
@@ -258,7 +361,7 @@ func MetricFamilyToOpenMetrics(out io.Writer, in *dto.MetricFamily) (written int
 				}
 			}
 			n, err = writeOpenMetricsSample(
-				w, name, "_sum", metric, "", 0,
+				w, compliantName, "_sum", metric, "", 0,
 				metric.Histogram.GetSampleSum(), 0, false,
 				nil,
 			)
@@ -267,13 +370,17 @@ func MetricFamilyToOpenMetrics(out io.Writer, in *dto.MetricFamily) (written int
 				return
 			}
 			n, err = writeOpenMetricsSample(
-				w, name, "_count", metric, "", 0,
+				w, compliantName, "_count", metric, "", 0,
 				0, metric.Histogram.GetSampleCount(), true,
 				nil,
 			)
+			if toOM.withCreatedLines && metric.Histogram.CreatedTimestamp != nil {
+				createdTsBytesWritten, err = writeOpenMetricsCreated(w, compliantName, "", metric, "", 0, metric.Histogram.GetCreatedTimestamp())
+				n += createdTsBytesWritten
+			}
 		default:
 			return written, fmt.Errorf(
-				"unexpected type in metric %s %s", name, metric,
+				"unexpected type in metric %s %s", compliantName, metric,
 			)
 		}
 		written += n
@@ -303,21 +410,9 @@ func writeOpenMetricsSample(
 	floatValue float64, intValue uint64, useIntValue bool,
 	exemplar *dto.Exemplar,
 ) (int, error) {
-	var written int
-	n, err := w.WriteString(name)
-	written += n
-	if err != nil {
-		return written, err
-	}
-	if suffix != "" {
-		n, err = w.WriteString(suffix)
-		written += n
-		if err != nil {
-			return written, err
-		}
-	}
-	n, err = writeOpenMetricsLabelPairs(
-		w, metric.Label, additionalLabelName, additionalLabelValue,
+	written := 0
+	n, err := writeOpenMetricsNameAndLabelPairs(
+		w, name+suffix, metric.Label, additionalLabelName, additionalLabelValue,
 	)
 	written += n
 	if err != nil {
@@ -350,7 +445,7 @@ func writeOpenMetricsSample(
 			return written, err
 		}
 	}
-	if exemplar != nil {
+	if exemplar != nil && len(exemplar.Label) > 0 {
 		n, err = writeExemplar(w, exemplar)
 		written += n
 		if err != nil {
@@ -365,27 +460,58 @@ func writeOpenMetricsSample(
 	return written, nil
 }
 
-// writeOpenMetricsLabelPairs works like writeOpenMetrics but formats the float
-// in OpenMetrics style.
-func writeOpenMetricsLabelPairs(
+// writeOpenMetricsNameAndLabelPairs works like writeOpenMetricsSample but
+// formats the float in OpenMetrics style.
+func writeOpenMetricsNameAndLabelPairs(
 	w enhancedWriter,
+	name string,
 	in []*dto.LabelPair,
 	additionalLabelName string, additionalLabelValue float64,
 ) (int, error) {
-	if len(in) == 0 && additionalLabelName == "" {
-		return 0, nil
-	}
 	var (
-		written   int
-		separator byte = '{'
+		written            int
+		separator          byte = '{'
+		metricInsideBraces      = false
 	)
+
+	if name != "" {
+		// If the name does not pass the legacy validity check, we must put the
+		// metric name inside the braces, quoted.
+		if !model.IsValidLegacyMetricName(model.LabelValue(name)) {
+			metricInsideBraces = true
+			err := w.WriteByte(separator)
+			written++
+			if err != nil {
+				return written, err
+			}
+			separator = ','
+		}
+
+		n, err := writeName(w, name)
+		written += n
+		if err != nil {
+			return written, err
+		}
+	}
+
+	if len(in) == 0 && additionalLabelName == "" {
+		if metricInsideBraces {
+			err := w.WriteByte('}')
+			written++
+			if err != nil {
+				return written, err
+			}
+		}
+		return written, nil
+	}
+
 	for _, lp := range in {
 		err := w.WriteByte(separator)
 		written++
 		if err != nil {
 			return written, err
 		}
-		n, err := w.WriteString(lp.GetName())
+		n, err := writeName(w, lp.GetName())
 		written += n
 		if err != nil {
 			return written, err
@@ -442,6 +568,49 @@ func writeOpenMetricsLabelPairs(
 	return written, nil
 }
 
+// writeOpenMetricsCreated writes the created timestamp for a single time series
+// following OpenMetrics text format to w, given the metric name, the metric proto
+// message itself, optionally a suffix to be removed, e.g. '_total' for counters,
+// an additional label name with a float64 value (use empty string as label name if
+// not required) and the timestamp that represents the created timestamp.
+// The function returns the number of bytes written and any error encountered.
+func writeOpenMetricsCreated(w enhancedWriter,
+	name, suffixToTrim string, metric *dto.Metric,
+	additionalLabelName string, additionalLabelValue float64,
+	createdTimestamp *timestamppb.Timestamp,
+) (int, error) {
+	written := 0
+	n, err := writeOpenMetricsNameAndLabelPairs(
+		w, strings.TrimSuffix(name, suffixToTrim)+"_created", metric.Label, additionalLabelName, additionalLabelValue,
+	)
+	written += n
+	if err != nil {
+		return written, err
+	}
+
+	err = w.WriteByte(' ')
+	written++
+	if err != nil {
+		return written, err
+	}
+
+	// TODO(beorn7): Format this directly from components of ts to
+	// avoid overflow/underflow and precision issues of the float
+	// conversion.
+	n, err = writeOpenMetricsFloat(w, float64(createdTimestamp.AsTime().UnixNano())/1e9)
+	written += n
+	if err != nil {
+		return written, err
+	}
+
+	err = w.WriteByte('\n')
+	written++
+	if err != nil {
+		return written, err
+	}
+	return written, nil
+}
+
 // writeExemplar writes the provided exemplar in OpenMetrics format to w. The
 // function returns the number of bytes written and any error encountered.
 func writeExemplar(w enhancedWriter, e *dto.Exemplar) (int, error) {
@@ -451,7 +620,7 @@ func writeExemplar(w enhancedWriter, e *dto.Exemplar) (int, error) {
 	if err != nil {
 		return written, err
 	}
-	n, err = writeOpenMetricsLabelPairs(w, e.Label, "", 0)
+	n, err = writeOpenMetricsNameAndLabelPairs(w, "", e.Label, "", 0)
 	written += n
 	if err != nil {
 		return written, err
diff --git a/vendor/github.com/prometheus/common/expfmt/text_create.go b/vendor/github.com/prometheus/common/expfmt/text_create.go
index 2946b8f1a6..f9b8265a9e 100644
--- a/vendor/github.com/prometheus/common/expfmt/text_create.go
+++ b/vendor/github.com/prometheus/common/expfmt/text_create.go
@@ -62,6 +62,18 @@ var (
 // contains duplicate metrics or invalid metric or label names, the conversion
 // will result in invalid text format output.
 //
+// If metric names conform to the legacy validation pattern, they will be placed
+// outside the brackets in the traditional way, like `foo{}`. If the metric name
+// fails the legacy validation check, it will be placed quoted inside the
+// brackets: `{"foo"}`. As stated above, the input is assumed to be santized and
+// no error will be thrown in this case.
+//
+// Similar to metric names, if label names conform to the legacy validation
+// pattern, they will be unquoted as normal, like `foo{bar="baz"}`. If the label
+// name fails the legacy validation check, it will be quoted:
+// `foo{"bar"="baz"}`. As stated above, the input is assumed to be santized and
+// no error will be thrown in this case.
+//
 // This method fulfills the type 'prometheus.encoder'.
 func MetricFamilyToText(out io.Writer, in *dto.MetricFamily) (written int, err error) {
 	// Fail-fast checks.
@@ -98,7 +110,7 @@ func MetricFamilyToText(out io.Writer, in *dto.MetricFamily) (written int, err e
 		if err != nil {
 			return
 		}
-		n, err = w.WriteString(name)
+		n, err = writeName(w, name)
 		written += n
 		if err != nil {
 			return
@@ -124,7 +136,7 @@ func MetricFamilyToText(out io.Writer, in *dto.MetricFamily) (written int, err e
 	if err != nil {
 		return
 	}
-	n, err = w.WriteString(name)
+	n, err = writeName(w, name)
 	written += n
 	if err != nil {
 		return
@@ -280,21 +292,9 @@ func writeSample(
 	additionalLabelName string, additionalLabelValue float64,
 	value float64,
 ) (int, error) {
-	var written int
-	n, err := w.WriteString(name)
-	written += n
-	if err != nil {
-		return written, err
-	}
-	if suffix != "" {
-		n, err = w.WriteString(suffix)
-		written += n
-		if err != nil {
-			return written, err
-		}
-	}
-	n, err = writeLabelPairs(
-		w, metric.Label, additionalLabelName, additionalLabelValue,
+	written := 0
+	n, err := writeNameAndLabelPairs(
+		w, name+suffix, metric.Label, additionalLabelName, additionalLabelValue,
 	)
 	written += n
 	if err != nil {
@@ -330,32 +330,64 @@ func writeSample(
 	return written, nil
 }
 
-// writeLabelPairs converts a slice of LabelPair proto messages plus the
-// explicitly given additional label pair into text formatted as required by the
-// text format and writes it to 'w'. An empty slice in combination with an empty
-// string 'additionalLabelName' results in nothing being written. Otherwise, the
-// label pairs are written, escaped as required by the text format, and enclosed
-// in '{...}'. The function returns the number of bytes written and any error
-// encountered.
-func writeLabelPairs(
+// writeNameAndLabelPairs converts a slice of LabelPair proto messages plus the
+// explicitly given metric name and additional label pair into text formatted as
+// required by the text format and writes it to 'w'. An empty slice in
+// combination with an empty string 'additionalLabelName' results in nothing
+// being written. Otherwise, the label pairs are written, escaped as required by
+// the text format, and enclosed in '{...}'. The function returns the number of
+// bytes written and any error encountered. If the metric name is not
+// legacy-valid, it will be put inside the brackets as well. Legacy-invalid
+// label names will also be quoted.
+func writeNameAndLabelPairs(
 	w enhancedWriter,
+	name string,
 	in []*dto.LabelPair,
 	additionalLabelName string, additionalLabelValue float64,
 ) (int, error) {
-	if len(in) == 0 && additionalLabelName == "" {
-		return 0, nil
-	}
 	var (
-		written   int
-		separator byte = '{'
+		written            int
+		separator          byte = '{'
+		metricInsideBraces      = false
 	)
+
+	if name != "" {
+		// If the name does not pass the legacy validity check, we must put the
+		// metric name inside the braces.
+		if !model.IsValidLegacyMetricName(model.LabelValue(name)) {
+			metricInsideBraces = true
+			err := w.WriteByte(separator)
+			written++
+			if err != nil {
+				return written, err
+			}
+			separator = ','
+		}
+		n, err := writeName(w, name)
+		written += n
+		if err != nil {
+			return written, err
+		}
+	}
+
+	if len(in) == 0 && additionalLabelName == "" {
+		if metricInsideBraces {
+			err := w.WriteByte('}')
+			written++
+			if err != nil {
+				return written, err
+			}
+		}
+		return written, nil
+	}
+
 	for _, lp := range in {
 		err := w.WriteByte(separator)
 		written++
 		if err != nil {
 			return written, err
 		}
-		n, err := w.WriteString(lp.GetName())
+		n, err := writeName(w, lp.GetName())
 		written += n
 		if err != nil {
 			return written, err
@@ -462,3 +494,27 @@ func writeInt(w enhancedWriter, i int64) (int, error) {
 	numBufPool.Put(bp)
 	return written, err
 }
+
+// writeName writes a string as-is if it complies with the legacy naming
+// scheme, or escapes it in double quotes if not.
+func writeName(w enhancedWriter, name string) (int, error) {
+	if model.IsValidLegacyMetricName(model.LabelValue(name)) {
+		return w.WriteString(name)
+	}
+	var written int
+	var err error
+	err = w.WriteByte('"')
+	written++
+	if err != nil {
+		return written, err
+	}
+	var n int
+	n, err = writeEscapedString(w, name, true)
+	written += n
+	if err != nil {
+		return written, err
+	}
+	err = w.WriteByte('"')
+	written++
+	return written, err
+}
diff --git a/vendor/github.com/prometheus/common/expfmt/text_parse.go b/vendor/github.com/prometheus/common/expfmt/text_parse.go
index ac2482782c..26490211af 100644
--- a/vendor/github.com/prometheus/common/expfmt/text_parse.go
+++ b/vendor/github.com/prometheus/common/expfmt/text_parse.go
@@ -16,6 +16,7 @@ package expfmt
 import (
 	"bufio"
 	"bytes"
+	"errors"
 	"fmt"
 	"io"
 	"math"
@@ -24,7 +25,8 @@ import (
 
 	dto "github.com/prometheus/client_model/go"
 
-	"github.com/golang/protobuf/proto" //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
+	"google.golang.org/protobuf/proto"
+
 	"github.com/prometheus/common/model"
 )
 
@@ -112,7 +114,7 @@ func (p *TextParser) TextToMetricFamilies(in io.Reader) (map[string]*dto.MetricF
 	// stream. Turn this error into something nicer and more
 	// meaningful. (io.EOF is often used as a signal for the legitimate end
 	// of an input stream.)
-	if p.err == io.EOF {
+	if p.err != nil && errors.Is(p.err, io.EOF) {
 		p.parseError("unexpected end of input stream")
 	}
 	return p.metricFamiliesByName, p.err
@@ -146,7 +148,7 @@ func (p *TextParser) startOfLine() stateFn {
 		// which is not an error but the signal that we are done.
 		// Any other error that happens to align with the start of
 		// a line is still an error.
-		if p.err == io.EOF {
+		if errors.Is(p.err, io.EOF) {
 			p.err = nil
 		}
 		return nil
diff --git a/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/README.txt b/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/README.txt
deleted file mode 100644
index 7723656d58..0000000000
--- a/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/README.txt
+++ /dev/null
@@ -1,67 +0,0 @@
-PACKAGE
-
-package goautoneg
-import "bitbucket.org/ww/goautoneg"
-
-HTTP Content-Type Autonegotiation.
-
-The functions in this package implement the behaviour specified in
-http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
-
-Copyright (c) 2011, Open Knowledge Foundation Ltd.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    Redistributions of source code must retain the above copyright
-    notice, this list of conditions and the following disclaimer.
-
-    Redistributions in binary form must reproduce the above copyright
-    notice, this list of conditions and the following disclaimer in
-    the documentation and/or other materials provided with the
-    distribution.
-
-    Neither the name of the Open Knowledge Foundation Ltd. nor the
-    names of its contributors may be used to endorse or promote
-    products derived from this software without specific prior written
-    permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-FUNCTIONS
-
-func Negotiate(header string, alternatives []string) (content_type string)
-Negotiate the most appropriate content_type given the accept header
-and a list of alternatives.
-
-func ParseAccept(header string) (accept []Accept)
-Parse an Accept Header string returning a sorted list
-of clauses
-
-
-TYPES
-
-type Accept struct {
-    Type, SubType string
-    Q             float32
-    Params        map[string]string
-}
-Structure to represent a clause in an HTTP Accept Header
-
-
-SUBDIRECTORIES
-
-	.hg
diff --git a/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/autoneg.go b/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/autoneg.go
deleted file mode 100644
index a21b9d15dd..0000000000
--- a/vendor/github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg/autoneg.go
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
-Copyright (c) 2011, Open Knowledge Foundation Ltd.
-All rights reserved.
-
-HTTP Content-Type Autonegotiation.
-
-The functions in this package implement the behaviour specified in
-http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-	Redistributions of source code must retain the above copyright
-	notice, this list of conditions and the following disclaimer.
-
-	Redistributions in binary form must reproduce the above copyright
-	notice, this list of conditions and the following disclaimer in
-	the documentation and/or other materials provided with the
-	distribution.
-
-	Neither the name of the Open Knowledge Foundation Ltd. nor the
-	names of its contributors may be used to endorse or promote
-	products derived from this software without specific prior written
-	permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-package goautoneg
-
-import (
-	"sort"
-	"strconv"
-	"strings"
-)
-
-// Structure to represent a clause in an HTTP Accept Header
-type Accept struct {
-	Type, SubType string
-	Q             float64
-	Params        map[string]string
-}
-
-// For internal use, so that we can use the sort interface
-type accept_slice []Accept
-
-func (accept accept_slice) Len() int {
-	slice := []Accept(accept)
-	return len(slice)
-}
-
-func (accept accept_slice) Less(i, j int) bool {
-	slice := []Accept(accept)
-	ai, aj := slice[i], slice[j]
-	if ai.Q > aj.Q {
-		return true
-	}
-	if ai.Type != "*" && aj.Type == "*" {
-		return true
-	}
-	if ai.SubType != "*" && aj.SubType == "*" {
-		return true
-	}
-	return false
-}
-
-func (accept accept_slice) Swap(i, j int) {
-	slice := []Accept(accept)
-	slice[i], slice[j] = slice[j], slice[i]
-}
-
-// Parse an Accept Header string returning a sorted list
-// of clauses
-func ParseAccept(header string) (accept []Accept) {
-	parts := strings.Split(header, ",")
-	accept = make([]Accept, 0, len(parts))
-	for _, part := range parts {
-		part := strings.Trim(part, " ")
-
-		a := Accept{}
-		a.Params = make(map[string]string)
-		a.Q = 1.0
-
-		mrp := strings.Split(part, ";")
-
-		media_range := mrp[0]
-		sp := strings.Split(media_range, "/")
-		a.Type = strings.Trim(sp[0], " ")
-
-		switch {
-		case len(sp) == 1 && a.Type == "*":
-			a.SubType = "*"
-		case len(sp) == 2:
-			a.SubType = strings.Trim(sp[1], " ")
-		default:
-			continue
-		}
-
-		if len(mrp) == 1 {
-			accept = append(accept, a)
-			continue
-		}
-
-		for _, param := range mrp[1:] {
-			sp := strings.SplitN(param, "=", 2)
-			if len(sp) != 2 {
-				continue
-			}
-			token := strings.Trim(sp[0], " ")
-			if token == "q" {
-				a.Q, _ = strconv.ParseFloat(sp[1], 32)
-			} else {
-				a.Params[token] = strings.Trim(sp[1], " ")
-			}
-		}
-
-		accept = append(accept, a)
-	}
-
-	slice := accept_slice(accept)
-	sort.Sort(slice)
-
-	return
-}
-
-// Negotiate the most appropriate content_type given the accept header
-// and a list of alternatives.
-func Negotiate(header string, alternatives []string) (content_type string) {
-	asp := make([][]string, 0, len(alternatives))
-	for _, ctype := range alternatives {
-		asp = append(asp, strings.SplitN(ctype, "/", 2))
-	}
-	for _, clause := range ParseAccept(header) {
-		for i, ctsp := range asp {
-			if clause.Type == ctsp[0] && clause.SubType == ctsp[1] {
-				content_type = alternatives[i]
-				return
-			}
-			if clause.Type == ctsp[0] && clause.SubType == "*" {
-				content_type = alternatives[i]
-				return
-			}
-			if clause.Type == "*" && clause.SubType == "*" {
-				content_type = alternatives[i]
-				return
-			}
-		}
-	}
-	return
-}
diff --git a/vendor/github.com/prometheus/common/model/alert.go b/vendor/github.com/prometheus/common/model/alert.go
index 35e739c7ad..80d1fe944e 100644
--- a/vendor/github.com/prometheus/common/model/alert.go
+++ b/vendor/github.com/prometheus/common/model/alert.go
@@ -75,7 +75,12 @@ func (a *Alert) ResolvedAt(ts time.Time) bool {
 
 // Status returns the status of the alert.
 func (a *Alert) Status() AlertStatus {
-	if a.Resolved() {
+	return a.StatusAt(time.Now())
+}
+
+// StatusAt returns the status of the alert at the given timestamp.
+func (a *Alert) StatusAt(ts time.Time) AlertStatus {
+	if a.ResolvedAt(ts) {
 		return AlertResolved
 	}
 	return AlertFiring
@@ -90,13 +95,13 @@ func (a *Alert) Validate() error {
 		return fmt.Errorf("start time must be before end time")
 	}
 	if err := a.Labels.Validate(); err != nil {
-		return fmt.Errorf("invalid label set: %s", err)
+		return fmt.Errorf("invalid label set: %w", err)
 	}
 	if len(a.Labels) == 0 {
 		return fmt.Errorf("at least one label pair required")
 	}
 	if err := a.Annotations.Validate(); err != nil {
-		return fmt.Errorf("invalid annotations: %s", err)
+		return fmt.Errorf("invalid annotations: %w", err)
 	}
 	return nil
 }
@@ -127,6 +132,17 @@ func (as Alerts) HasFiring() bool {
 	return false
 }
 
+// HasFiringAt returns true iff one of the alerts is not resolved
+// at the time ts.
+func (as Alerts) HasFiringAt(ts time.Time) bool {
+	for _, a := range as {
+		if !a.ResolvedAt(ts) {
+			return true
+		}
+	}
+	return false
+}
+
 // Status returns StatusFiring iff at least one of the alerts is firing.
 func (as Alerts) Status() AlertStatus {
 	if as.HasFiring() {
@@ -134,3 +150,12 @@ func (as Alerts) Status() AlertStatus {
 	}
 	return AlertResolved
 }
+
+// StatusAt returns StatusFiring iff at least one of the alerts is firing
+// at the time ts.
+func (as Alerts) StatusAt(ts time.Time) AlertStatus {
+	if as.HasFiringAt(ts) {
+		return AlertFiring
+	}
+	return AlertResolved
+}
diff --git a/vendor/github.com/prometheus/common/model/labels.go b/vendor/github.com/prometheus/common/model/labels.go
index ef89563354..3317ce22ff 100644
--- a/vendor/github.com/prometheus/common/model/labels.go
+++ b/vendor/github.com/prometheus/common/model/labels.go
@@ -97,17 +97,25 @@ var LabelNameRE = regexp.MustCompile("^[a-zA-Z_][a-zA-Z0-9_]*$")
 // therewith.
 type LabelName string
 
-// IsValid is true iff the label name matches the pattern of LabelNameRE. This
-// method, however, does not use LabelNameRE for the check but a much faster
-// hardcoded implementation.
+// IsValid returns true iff name matches the pattern of LabelNameRE for legacy
+// names, and iff it's valid UTF-8 if NameValidationScheme is set to
+// UTF8Validation. For the legacy matching, it does not use LabelNameRE for the
+// check but a much faster hardcoded implementation.
 func (ln LabelName) IsValid() bool {
 	if len(ln) == 0 {
 		return false
 	}
-	for i, b := range ln {
-		if !((b >= 'a' && b <= 'z') || (b >= 'A' && b <= 'Z') || b == '_' || (b >= '0' && b <= '9' && i > 0)) {
-			return false
+	switch NameValidationScheme {
+	case LegacyValidation:
+		for i, b := range ln {
+			if !((b >= 'a' && b <= 'z') || (b >= 'A' && b <= 'Z') || b == '_' || (b >= '0' && b <= '9' && i > 0)) {
+				return false
+			}
 		}
+	case UTF8Validation:
+		return utf8.ValidString(string(ln))
+	default:
+		panic(fmt.Sprintf("Invalid name validation scheme requested: %d", NameValidationScheme))
 	}
 	return true
 }
@@ -164,7 +172,7 @@ func (l LabelNames) String() string {
 // A LabelValue is an associated value for a LabelName.
 type LabelValue string
 
-// IsValid returns true iff the string is a valid UTF8.
+// IsValid returns true iff the string is a valid UTF-8.
 func (lv LabelValue) IsValid() bool {
 	return utf8.ValidString(string(lv))
 }
diff --git a/vendor/github.com/prometheus/common/model/labelset.go b/vendor/github.com/prometheus/common/model/labelset.go
index 6eda08a739..d0ad88da33 100644
--- a/vendor/github.com/prometheus/common/model/labelset.go
+++ b/vendor/github.com/prometheus/common/model/labelset.go
@@ -17,7 +17,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"sort"
-	"strings"
 )
 
 // A LabelSet is a collection of LabelName and LabelValue pairs.  The LabelSet
@@ -129,16 +128,6 @@ func (l LabelSet) Merge(other LabelSet) LabelSet {
 	return result
 }
 
-func (l LabelSet) String() string {
-	lstrs := make([]string, 0, len(l))
-	for l, v := range l {
-		lstrs = append(lstrs, fmt.Sprintf("%s=%q", l, v))
-	}
-
-	sort.Strings(lstrs)
-	return fmt.Sprintf("{%s}", strings.Join(lstrs, ", "))
-}
-
 // Fingerprint returns the LabelSet's fingerprint.
 func (ls LabelSet) Fingerprint() Fingerprint {
 	return labelSetToFingerprint(ls)
diff --git a/vendor/github.com/prometheus/common/model/labelset_string.go b/vendor/github.com/prometheus/common/model/labelset_string.go
new file mode 100644
index 0000000000..481c47b46e
--- /dev/null
+++ b/vendor/github.com/prometheus/common/model/labelset_string.go
@@ -0,0 +1,45 @@
+// Copyright 2024 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build go1.21
+
+package model
+
+import (
+	"bytes"
+	"slices"
+	"strconv"
+)
+
+// String will look like `{foo="bar", more="less"}`. Names are sorted alphabetically.
+func (l LabelSet) String() string {
+	var lna [32]string // On stack to avoid memory allocation for sorting names.
+	labelNames := lna[:0]
+	for name := range l {
+		labelNames = append(labelNames, string(name))
+	}
+	slices.Sort(labelNames)
+	var bytea [1024]byte // On stack to avoid memory allocation while building the output.
+	b := bytes.NewBuffer(bytea[:0])
+	b.WriteByte('{')
+	for i, name := range labelNames {
+		if i > 0 {
+			b.WriteString(", ")
+		}
+		b.WriteString(name)
+		b.WriteByte('=')
+		b.Write(strconv.AppendQuote(b.AvailableBuffer(), string(l[LabelName(name)])))
+	}
+	b.WriteByte('}')
+	return b.String()
+}
diff --git a/vendor/github.com/prometheus/common/model/labelset_string_go120.go b/vendor/github.com/prometheus/common/model/labelset_string_go120.go
new file mode 100644
index 0000000000..c4212685e7
--- /dev/null
+++ b/vendor/github.com/prometheus/common/model/labelset_string_go120.go
@@ -0,0 +1,39 @@
+// Copyright 2024 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build !go1.21
+
+package model
+
+import (
+	"fmt"
+	"sort"
+	"strings"
+)
+
+// String was optimized using functions not available for go 1.20
+// or lower. We keep the old implementation for compatibility with client_golang.
+// Once client golang drops support for go 1.20 (scheduled for August 2024), this
+// file can be removed.
+func (l LabelSet) String() string {
+	labelNames := make([]string, 0, len(l))
+	for name := range l {
+		labelNames = append(labelNames, string(name))
+	}
+	sort.Strings(labelNames)
+	lstrs := make([]string, 0, len(l))
+	for _, name := range labelNames {
+		lstrs = append(lstrs, fmt.Sprintf("%s=%q", name, l[LabelName(name)]))
+	}
+	return fmt.Sprintf("{%s}", strings.Join(lstrs, ", "))
+}
diff --git a/vendor/github.com/prometheus/common/model/metadata.go b/vendor/github.com/prometheus/common/model/metadata.go
new file mode 100644
index 0000000000..447ab8ad63
--- /dev/null
+++ b/vendor/github.com/prometheus/common/model/metadata.go
@@ -0,0 +1,28 @@
+// Copyright 2023 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package model
+
+// MetricType represents metric type values.
+type MetricType string
+
+const (
+	MetricTypeCounter        = MetricType("counter")
+	MetricTypeGauge          = MetricType("gauge")
+	MetricTypeHistogram      = MetricType("histogram")
+	MetricTypeGaugeHistogram = MetricType("gaugehistogram")
+	MetricTypeSummary        = MetricType("summary")
+	MetricTypeInfo           = MetricType("info")
+	MetricTypeStateset       = MetricType("stateset")
+	MetricTypeUnknown        = MetricType("unknown")
+)
diff --git a/vendor/github.com/prometheus/common/model/metric.go b/vendor/github.com/prometheus/common/model/metric.go
index 00804b7fed..eb865e5a59 100644
--- a/vendor/github.com/prometheus/common/model/metric.go
+++ b/vendor/github.com/prometheus/common/model/metric.go
@@ -18,15 +18,84 @@ import (
 	"regexp"
 	"sort"
 	"strings"
+	"unicode/utf8"
+
+	dto "github.com/prometheus/client_model/go"
+	"google.golang.org/protobuf/proto"
 )
 
 var (
-	// MetricNameRE is a regular expression matching valid metric
-	// names. Note that the IsValidMetricName function performs the same
-	// check but faster than a match with this regular expression.
-	MetricNameRE = regexp.MustCompile(`^[a-zA-Z_:][a-zA-Z0-9_:]*$`)
+	// NameValidationScheme determines the method of name validation to be used by
+	// all calls to IsValidMetricName() and LabelName IsValid(). Setting UTF-8 mode
+	// in isolation from other components that don't support UTF-8 may result in
+	// bugs or other undefined behavior. This value is intended to be set by
+	// UTF-8-aware binaries as part of their startup. To avoid need for locking,
+	// this value should be set once, ideally in an init(), before multiple
+	// goroutines are started.
+	NameValidationScheme = LegacyValidation
+
+	// NameEscapingScheme defines the default way that names will be
+	// escaped when presented to systems that do not support UTF-8 names. If the
+	// Content-Type "escaping" term is specified, that will override this value.
+	NameEscapingScheme = ValueEncodingEscaping
+)
+
+// ValidationScheme is a Go enum for determining how metric and label names will
+// be validated by this library.
+type ValidationScheme int
+
+const (
+	// LegacyValidation is a setting that requirets that metric and label names
+	// conform to the original Prometheus character requirements described by
+	// MetricNameRE and LabelNameRE.
+	LegacyValidation ValidationScheme = iota
+
+	// UTF8Validation only requires that metric and label names be valid UTF-8
+	// strings.
+	UTF8Validation
+)
+
+type EscapingScheme int
+
+const (
+	// NoEscaping indicates that a name will not be escaped. Unescaped names that
+	// do not conform to the legacy validity check will use a new exposition
+	// format syntax that will be officially standardized in future versions.
+	NoEscaping EscapingScheme = iota
+
+	// UnderscoreEscaping replaces all legacy-invalid characters with underscores.
+	UnderscoreEscaping
+
+	// DotsEscaping is similar to UnderscoreEscaping, except that dots are
+	// converted to `_dot_` and pre-existing underscores are converted to `__`.
+	DotsEscaping
+
+	// ValueEncodingEscaping prepends the name with `U__` and replaces all invalid
+	// characters with the unicode value, surrounded by underscores. Single
+	// underscores are replaced with double underscores.
+	ValueEncodingEscaping
+)
+
+const (
+	// EscapingKey is the key in an Accept or Content-Type header that defines how
+	// metric and label names that do not conform to the legacy character
+	// requirements should be escaped when being scraped by a legacy prometheus
+	// system. If a system does not explicitly pass an escaping parameter in the
+	// Accept header, the default NameEscapingScheme will be used.
+	EscapingKey = "escaping"
+
+	// Possible values for Escaping Key:
+	AllowUTF8         = "allow-utf-8" // No escaping required.
+	EscapeUnderscores = "underscores"
+	EscapeDots        = "dots"
+	EscapeValues      = "values"
 )
 
+// MetricNameRE is a regular expression matching valid metric
+// names. Note that the IsValidMetricName function performs the same
+// check but faster than a match with this regular expression.
+var MetricNameRE = regexp.MustCompile(`^[a-zA-Z_:][a-zA-Z0-9_:]*$`)
+
 // A Metric is similar to a LabelSet, but the key difference is that a Metric is
 // a singleton and refers to one and only one stream of samples.
 type Metric LabelSet
@@ -86,17 +155,303 @@ func (m Metric) FastFingerprint() Fingerprint {
 	return LabelSet(m).FastFingerprint()
 }
 
-// IsValidMetricName returns true iff name matches the pattern of MetricNameRE.
+// IsValidMetricName returns true iff name matches the pattern of MetricNameRE
+// for legacy names, and iff it's valid UTF-8 if the UTF8Validation scheme is
+// selected.
+func IsValidMetricName(n LabelValue) bool {
+	switch NameValidationScheme {
+	case LegacyValidation:
+		return IsValidLegacyMetricName(n)
+	case UTF8Validation:
+		if len(n) == 0 {
+			return false
+		}
+		return utf8.ValidString(string(n))
+	default:
+		panic(fmt.Sprintf("Invalid name validation scheme requested: %d", NameValidationScheme))
+	}
+}
+
+// IsValidLegacyMetricName is similar to IsValidMetricName but always uses the
+// legacy validation scheme regardless of the value of NameValidationScheme.
 // This function, however, does not use MetricNameRE for the check but a much
 // faster hardcoded implementation.
-func IsValidMetricName(n LabelValue) bool {
+func IsValidLegacyMetricName(n LabelValue) bool {
 	if len(n) == 0 {
 		return false
 	}
 	for i, b := range n {
-		if !((b >= 'a' && b <= 'z') || (b >= 'A' && b <= 'Z') || b == '_' || b == ':' || (b >= '0' && b <= '9' && i > 0)) {
+		if !isValidLegacyRune(b, i) {
 			return false
 		}
 	}
 	return true
 }
+
+// EscapeMetricFamily escapes the given metric names and labels with the given
+// escaping scheme. Returns a new object that uses the same pointers to fields
+// when possible and creates new escaped versions so as not to mutate the
+// input.
+func EscapeMetricFamily(v *dto.MetricFamily, scheme EscapingScheme) *dto.MetricFamily {
+	if v == nil {
+		return nil
+	}
+
+	if scheme == NoEscaping {
+		return v
+	}
+
+	out := &dto.MetricFamily{
+		Help: v.Help,
+		Type: v.Type,
+		Unit: v.Unit,
+	}
+
+	// If the name is nil, copy as-is, don't try to escape.
+	if v.Name == nil || IsValidLegacyMetricName(LabelValue(v.GetName())) {
+		out.Name = v.Name
+	} else {
+		out.Name = proto.String(EscapeName(v.GetName(), scheme))
+	}
+	for _, m := range v.Metric {
+		if !metricNeedsEscaping(m) {
+			out.Metric = append(out.Metric, m)
+			continue
+		}
+
+		escaped := &dto.Metric{
+			Gauge:       m.Gauge,
+			Counter:     m.Counter,
+			Summary:     m.Summary,
+			Untyped:     m.Untyped,
+			Histogram:   m.Histogram,
+			TimestampMs: m.TimestampMs,
+		}
+
+		for _, l := range m.Label {
+			if l.GetName() == MetricNameLabel {
+				if l.Value == nil || IsValidLegacyMetricName(LabelValue(l.GetValue())) {
+					escaped.Label = append(escaped.Label, l)
+					continue
+				}
+				escaped.Label = append(escaped.Label, &dto.LabelPair{
+					Name:  proto.String(MetricNameLabel),
+					Value: proto.String(EscapeName(l.GetValue(), scheme)),
+				})
+				continue
+			}
+			if l.Name == nil || IsValidLegacyMetricName(LabelValue(l.GetName())) {
+				escaped.Label = append(escaped.Label, l)
+				continue
+			}
+			escaped.Label = append(escaped.Label, &dto.LabelPair{
+				Name:  proto.String(EscapeName(l.GetName(), scheme)),
+				Value: l.Value,
+			})
+		}
+		out.Metric = append(out.Metric, escaped)
+	}
+	return out
+}
+
+func metricNeedsEscaping(m *dto.Metric) bool {
+	for _, l := range m.Label {
+		if l.GetName() == MetricNameLabel && !IsValidLegacyMetricName(LabelValue(l.GetValue())) {
+			return true
+		}
+		if !IsValidLegacyMetricName(LabelValue(l.GetName())) {
+			return true
+		}
+	}
+	return false
+}
+
+const (
+	lowerhex = "0123456789abcdef"
+)
+
+// EscapeName escapes the incoming name according to the provided escaping
+// scheme. Depending on the rules of escaping, this may cause no change in the
+// string that is returned. (Especially NoEscaping, which by definition is a
+// noop). This function does not do any validation of the name.
+func EscapeName(name string, scheme EscapingScheme) string {
+	if len(name) == 0 {
+		return name
+	}
+	var escaped strings.Builder
+	switch scheme {
+	case NoEscaping:
+		return name
+	case UnderscoreEscaping:
+		if IsValidLegacyMetricName(LabelValue(name)) {
+			return name
+		}
+		for i, b := range name {
+			if isValidLegacyRune(b, i) {
+				escaped.WriteRune(b)
+			} else {
+				escaped.WriteRune('_')
+			}
+		}
+		return escaped.String()
+	case DotsEscaping:
+		// Do not early return for legacy valid names, we still escape underscores.
+		for i, b := range name {
+			if b == '_' {
+				escaped.WriteString("__")
+			} else if b == '.' {
+				escaped.WriteString("_dot_")
+			} else if isValidLegacyRune(b, i) {
+				escaped.WriteRune(b)
+			} else {
+				escaped.WriteRune('_')
+			}
+		}
+		return escaped.String()
+	case ValueEncodingEscaping:
+		if IsValidLegacyMetricName(LabelValue(name)) {
+			return name
+		}
+		escaped.WriteString("U__")
+		for i, b := range name {
+			if isValidLegacyRune(b, i) {
+				escaped.WriteRune(b)
+			} else if !utf8.ValidRune(b) {
+				escaped.WriteString("_FFFD_")
+			} else if b < 0x100 {
+				escaped.WriteRune('_')
+				for s := 4; s >= 0; s -= 4 {
+					escaped.WriteByte(lowerhex[b>>uint(s)&0xF])
+				}
+				escaped.WriteRune('_')
+			} else if b < 0x10000 {
+				escaped.WriteRune('_')
+				for s := 12; s >= 0; s -= 4 {
+					escaped.WriteByte(lowerhex[b>>uint(s)&0xF])
+				}
+				escaped.WriteRune('_')
+			}
+		}
+		return escaped.String()
+	default:
+		panic(fmt.Sprintf("invalid escaping scheme %d", scheme))
+	}
+}
+
+// lower function taken from strconv.atoi
+func lower(c byte) byte {
+	return c | ('x' - 'X')
+}
+
+// UnescapeName unescapes the incoming name according to the provided escaping
+// scheme if possible. Some schemes are partially or totally non-roundtripable.
+// If any error is enountered, returns the original input.
+func UnescapeName(name string, scheme EscapingScheme) string {
+	if len(name) == 0 {
+		return name
+	}
+	switch scheme {
+	case NoEscaping:
+		return name
+	case UnderscoreEscaping:
+		// It is not possible to unescape from underscore replacement.
+		return name
+	case DotsEscaping:
+		name = strings.ReplaceAll(name, "_dot_", ".")
+		name = strings.ReplaceAll(name, "__", "_")
+		return name
+	case ValueEncodingEscaping:
+		escapedName, found := strings.CutPrefix(name, "U__")
+		if !found {
+			return name
+		}
+
+		var unescaped strings.Builder
+	TOP:
+		for i := 0; i < len(escapedName); i++ {
+			// All non-underscores are treated normally.
+			if escapedName[i] != '_' {
+				unescaped.WriteByte(escapedName[i])
+				continue
+			}
+			i++
+			if i >= len(escapedName) {
+				return name
+			}
+			// A double underscore is a single underscore.
+			if escapedName[i] == '_' {
+				unescaped.WriteByte('_')
+				continue
+			}
+			// We think we are in a UTF-8 code, process it.
+			var utf8Val uint
+			for j := 0; i < len(escapedName); j++ {
+				// This is too many characters for a utf8 value.
+				if j > 4 {
+					return name
+				}
+				// Found a closing underscore, convert to a rune, check validity, and append.
+				if escapedName[i] == '_' {
+					utf8Rune := rune(utf8Val)
+					if !utf8.ValidRune(utf8Rune) {
+						return name
+					}
+					unescaped.WriteRune(utf8Rune)
+					continue TOP
+				}
+				r := lower(escapedName[i])
+				utf8Val *= 16
+				if r >= '0' && r <= '9' {
+					utf8Val += uint(r) - '0'
+				} else if r >= 'a' && r <= 'f' {
+					utf8Val += uint(r) - 'a' + 10
+				} else {
+					return name
+				}
+				i++
+			}
+			// Didn't find closing underscore, invalid.
+			return name
+		}
+		return unescaped.String()
+	default:
+		panic(fmt.Sprintf("invalid escaping scheme %d", scheme))
+	}
+}
+
+func isValidLegacyRune(b rune, i int) bool {
+	return (b >= 'a' && b <= 'z') || (b >= 'A' && b <= 'Z') || b == '_' || b == ':' || (b >= '0' && b <= '9' && i > 0)
+}
+
+func (e EscapingScheme) String() string {
+	switch e {
+	case NoEscaping:
+		return AllowUTF8
+	case UnderscoreEscaping:
+		return EscapeUnderscores
+	case DotsEscaping:
+		return EscapeDots
+	case ValueEncodingEscaping:
+		return EscapeValues
+	default:
+		panic(fmt.Sprintf("unknown format scheme %d", e))
+	}
+}
+
+func ToEscapingScheme(s string) (EscapingScheme, error) {
+	if s == "" {
+		return NoEscaping, fmt.Errorf("got empty string instead of escaping scheme")
+	}
+	switch s {
+	case AllowUTF8:
+		return NoEscaping, nil
+	case EscapeUnderscores:
+		return UnderscoreEscaping, nil
+	case EscapeDots:
+		return DotsEscaping, nil
+	case EscapeValues:
+		return ValueEncodingEscaping, nil
+	default:
+		return NoEscaping, fmt.Errorf("unknown format scheme " + s)
+	}
+}
diff --git a/vendor/github.com/prometheus/common/model/signature.go b/vendor/github.com/prometheus/common/model/signature.go
index 8762b13c63..dc8a0026c4 100644
--- a/vendor/github.com/prometheus/common/model/signature.go
+++ b/vendor/github.com/prometheus/common/model/signature.go
@@ -22,10 +22,8 @@ import (
 // when calculating their combined hash value (aka signature aka fingerprint).
 const SeparatorByte byte = 255
 
-var (
-	// cache the signature of an empty label set.
-	emptyLabelSignature = hashNew()
-)
+// cache the signature of an empty label set.
+var emptyLabelSignature = hashNew()
 
 // LabelsToSignature returns a quasi-unique signature (i.e., fingerprint) for a
 // given label set. (Collisions are possible but unlikely if the number of label
diff --git a/vendor/github.com/prometheus/common/model/silence.go b/vendor/github.com/prometheus/common/model/silence.go
index bb99889d2c..910b0b71fc 100644
--- a/vendor/github.com/prometheus/common/model/silence.go
+++ b/vendor/github.com/prometheus/common/model/silence.go
@@ -81,7 +81,7 @@ func (s *Silence) Validate() error {
 	}
 	for _, m := range s.Matchers {
 		if err := m.Validate(); err != nil {
-			return fmt.Errorf("invalid matcher: %s", err)
+			return fmt.Errorf("invalid matcher: %w", err)
 		}
 	}
 	if s.StartsAt.IsZero() {
diff --git a/vendor/github.com/prometheus/common/model/value.go b/vendor/github.com/prometheus/common/model/value.go
index 9eb440413f..8050637d82 100644
--- a/vendor/github.com/prometheus/common/model/value.go
+++ b/vendor/github.com/prometheus/common/model/value.go
@@ -21,14 +21,12 @@ import (
 	"strings"
 )
 
-var (
-	// ZeroSample is the pseudo zero-value of Sample used to signal a
-	// non-existing sample. It is a Sample with timestamp Earliest, value 0.0,
-	// and metric nil. Note that the natural zero value of Sample has a timestamp
-	// of 0, which is possible to appear in a real Sample and thus not suitable
-	// to signal a non-existing Sample.
-	ZeroSample = Sample{Timestamp: Earliest}
-)
+// ZeroSample is the pseudo zero-value of Sample used to signal a
+// non-existing sample. It is a Sample with timestamp Earliest, value 0.0,
+// and metric nil. Note that the natural zero value of Sample has a timestamp
+// of 0, which is possible to appear in a real Sample and thus not suitable
+// to signal a non-existing Sample.
+var ZeroSample = Sample{Timestamp: Earliest}
 
 // Sample is a sample pair associated with a metric. A single sample must either
 // define Value or Histogram but not both. Histogram == nil implies the Value
@@ -274,7 +272,7 @@ func (s *Scalar) UnmarshalJSON(b []byte) error {
 
 	value, err := strconv.ParseFloat(f, 64)
 	if err != nil {
-		return fmt.Errorf("error parsing sample value: %s", err)
+		return fmt.Errorf("error parsing sample value: %w", err)
 	}
 	s.Value = SampleValue(value)
 	return nil
diff --git a/vendor/github.com/prometheus/common/model/value_float.go b/vendor/github.com/prometheus/common/model/value_float.go
index 0f615a7053..ae35cc2ab4 100644
--- a/vendor/github.com/prometheus/common/model/value_float.go
+++ b/vendor/github.com/prometheus/common/model/value_float.go
@@ -20,14 +20,12 @@ import (
 	"strconv"
 )
 
-var (
-	// ZeroSamplePair is the pseudo zero-value of SamplePair used to signal a
-	// non-existing sample pair. It is a SamplePair with timestamp Earliest and
-	// value 0.0. Note that the natural zero value of SamplePair has a timestamp
-	// of 0, which is possible to appear in a real SamplePair and thus not
-	// suitable to signal a non-existing SamplePair.
-	ZeroSamplePair = SamplePair{Timestamp: Earliest}
-)
+// ZeroSamplePair is the pseudo zero-value of SamplePair used to signal a
+// non-existing sample pair. It is a SamplePair with timestamp Earliest and
+// value 0.0. Note that the natural zero value of SamplePair has a timestamp
+// of 0, which is possible to appear in a real SamplePair and thus not
+// suitable to signal a non-existing SamplePair.
+var ZeroSamplePair = SamplePair{Timestamp: Earliest}
 
 // A SampleValue is a representation of a value for a given sample at a given
 // time.
diff --git a/vendor/github.com/prometheus/procfs/.golangci.yml b/vendor/github.com/prometheus/procfs/.golangci.yml
index a197699a1e..126df9e67a 100644
--- a/vendor/github.com/prometheus/procfs/.golangci.yml
+++ b/vendor/github.com/prometheus/procfs/.golangci.yml
@@ -1,8 +1,16 @@
 ---
 linters:
   enable:
+  - errcheck
   - godot
+  - gosimple
+  - govet
+  - ineffassign
+  - misspell
   - revive
+  - staticcheck
+  - testifylint
+  - unused
 
 linter-settings:
   godot:
@@ -10,3 +18,5 @@ linter-settings:
     exclude:
     # Ignore "See: URL"
     - 'See:'
+  misspell:
+    locale: US
diff --git a/vendor/github.com/prometheus/procfs/MAINTAINERS.md b/vendor/github.com/prometheus/procfs/MAINTAINERS.md
index 56ba67d3e3..e00f3b365b 100644
--- a/vendor/github.com/prometheus/procfs/MAINTAINERS.md
+++ b/vendor/github.com/prometheus/procfs/MAINTAINERS.md
@@ -1,2 +1,3 @@
 * Johannes 'fish' Ziemke <github@freigeist.org> @discordianfish
-* Paul Gier <pgier@redhat.com> @pgier
+* Paul Gier <paulgier@gmail.com> @pgier
+* Ben Kochie <superq@gmail.com> @SuperQ
diff --git a/vendor/github.com/prometheus/procfs/Makefile.common b/vendor/github.com/prometheus/procfs/Makefile.common
index e358db69c5..1617292350 100644
--- a/vendor/github.com/prometheus/procfs/Makefile.common
+++ b/vendor/github.com/prometheus/procfs/Makefile.common
@@ -49,23 +49,23 @@ endif
 GOTEST := $(GO) test
 GOTEST_DIR :=
 ifneq ($(CIRCLE_JOB),)
-ifneq ($(shell which gotestsum),)
+ifneq ($(shell command -v gotestsum 2> /dev/null),)
 	GOTEST_DIR := test-results
 	GOTEST := gotestsum --junitfile $(GOTEST_DIR)/unit-tests.xml --
 endif
 endif
 
-PROMU_VERSION ?= 0.14.0
+PROMU_VERSION ?= 0.17.0
 PROMU_URL     := https://github.com/prometheus/promu/releases/download/v$(PROMU_VERSION)/promu-$(PROMU_VERSION).$(GO_BUILD_PLATFORM).tar.gz
 
 SKIP_GOLANGCI_LINT :=
 GOLANGCI_LINT :=
 GOLANGCI_LINT_OPTS ?=
-GOLANGCI_LINT_VERSION ?= v1.49.0
-# golangci-lint only supports linux, darwin and windows platforms on i386/amd64.
+GOLANGCI_LINT_VERSION ?= v1.59.0
+# golangci-lint only supports linux, darwin and windows platforms on i386/amd64/arm64.
 # windows isn't included here because of the path separator being different.
 ifeq ($(GOHOSTOS),$(filter $(GOHOSTOS),linux darwin))
-	ifeq ($(GOHOSTARCH),$(filter $(GOHOSTARCH),amd64 i386))
+	ifeq ($(GOHOSTARCH),$(filter $(GOHOSTARCH),amd64 i386 arm64))
 		# If we're in CI and there is an Actions file, that means the linter
 		# is being run in Actions, so we don't need to run it here.
 		ifneq (,$(SKIP_GOLANGCI_LINT))
@@ -91,6 +91,8 @@ BUILD_DOCKER_ARCHS = $(addprefix common-docker-,$(DOCKER_ARCHS))
 PUBLISH_DOCKER_ARCHS = $(addprefix common-docker-publish-,$(DOCKER_ARCHS))
 TAG_DOCKER_ARCHS = $(addprefix common-docker-tag-latest-,$(DOCKER_ARCHS))
 
+SANITIZED_DOCKER_IMAGE_TAG := $(subst +,-,$(DOCKER_IMAGE_TAG))
+
 ifeq ($(GOHOSTARCH),amd64)
         ifeq ($(GOHOSTOS),$(filter $(GOHOSTOS),linux freebsd darwin windows))
                 # Only supported on amd64
@@ -167,16 +169,20 @@ common-vet:
 common-lint: $(GOLANGCI_LINT)
 ifdef GOLANGCI_LINT
 	@echo ">> running golangci-lint"
-# 'go list' needs to be executed before staticcheck to prepopulate the modules cache.
-# Otherwise staticcheck might fail randomly for some reason not yet explained.
-	$(GO) list -e -compiled -test=true -export=false -deps=true -find=false -tags= -- ./... > /dev/null
 	$(GOLANGCI_LINT) run $(GOLANGCI_LINT_OPTS) $(pkgs)
 endif
 
+.PHONY: common-lint-fix
+common-lint-fix: $(GOLANGCI_LINT)
+ifdef GOLANGCI_LINT
+	@echo ">> running golangci-lint fix"
+	$(GOLANGCI_LINT) run --fix $(GOLANGCI_LINT_OPTS) $(pkgs)
+endif
+
 .PHONY: common-yamllint
 common-yamllint:
 	@echo ">> running yamllint on all YAML files in the repository"
-ifeq (, $(shell which yamllint))
+ifeq (, $(shell command -v yamllint 2> /dev/null))
 	@echo "yamllint not installed so skipping"
 else
 	yamllint .
@@ -202,10 +208,14 @@ common-tarball: promu
 	@echo ">> building release tarball"
 	$(PROMU) tarball --prefix $(PREFIX) $(BIN_DIR)
 
+.PHONY: common-docker-repo-name
+common-docker-repo-name:
+	@echo "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)"
+
 .PHONY: common-docker $(BUILD_DOCKER_ARCHS)
 common-docker: $(BUILD_DOCKER_ARCHS)
 $(BUILD_DOCKER_ARCHS): common-docker-%:
-	docker build -t "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(DOCKER_IMAGE_TAG)" \
+	docker build -t "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(SANITIZED_DOCKER_IMAGE_TAG)" \
 		-f $(DOCKERFILE_PATH) \
 		--build-arg ARCH="$*" \
 		--build-arg OS="linux" \
@@ -214,19 +224,19 @@ $(BUILD_DOCKER_ARCHS): common-docker-%:
 .PHONY: common-docker-publish $(PUBLISH_DOCKER_ARCHS)
 common-docker-publish: $(PUBLISH_DOCKER_ARCHS)
 $(PUBLISH_DOCKER_ARCHS): common-docker-publish-%:
-	docker push "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(DOCKER_IMAGE_TAG)"
+	docker push "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(SANITIZED_DOCKER_IMAGE_TAG)"
 
 DOCKER_MAJOR_VERSION_TAG = $(firstword $(subst ., ,$(shell cat VERSION)))
 .PHONY: common-docker-tag-latest $(TAG_DOCKER_ARCHS)
 common-docker-tag-latest: $(TAG_DOCKER_ARCHS)
 $(TAG_DOCKER_ARCHS): common-docker-tag-latest-%:
-	docker tag "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(DOCKER_IMAGE_TAG)" "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:latest"
-	docker tag "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(DOCKER_IMAGE_TAG)" "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:v$(DOCKER_MAJOR_VERSION_TAG)"
+	docker tag "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(SANITIZED_DOCKER_IMAGE_TAG)" "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:latest"
+	docker tag "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(SANITIZED_DOCKER_IMAGE_TAG)" "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:v$(DOCKER_MAJOR_VERSION_TAG)"
 
 .PHONY: common-docker-manifest
 common-docker-manifest:
-	DOCKER_CLI_EXPERIMENTAL=enabled docker manifest create -a "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)" $(foreach ARCH,$(DOCKER_ARCHS),$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$(ARCH):$(DOCKER_IMAGE_TAG))
-	DOCKER_CLI_EXPERIMENTAL=enabled docker manifest push "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)"
+	DOCKER_CLI_EXPERIMENTAL=enabled docker manifest create -a "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME):$(SANITIZED_DOCKER_IMAGE_TAG)" $(foreach ARCH,$(DOCKER_ARCHS),$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$(ARCH):$(SANITIZED_DOCKER_IMAGE_TAG))
+	DOCKER_CLI_EXPERIMENTAL=enabled docker manifest push "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME):$(SANITIZED_DOCKER_IMAGE_TAG)"
 
 .PHONY: promu
 promu: $(PROMU)
diff --git a/vendor/github.com/prometheus/procfs/README.md b/vendor/github.com/prometheus/procfs/README.md
index 43c37735a7..1224816c2a 100644
--- a/vendor/github.com/prometheus/procfs/README.md
+++ b/vendor/github.com/prometheus/procfs/README.md
@@ -51,11 +51,11 @@ ensure the `fixtures` directory is up to date by removing the existing directory
 extracting the ttar file using `make fixtures/.unpacked` or just `make test`.
 
 ```bash
-rm -rf fixtures
+rm -rf testdata/fixtures
 make test
 ```
 
 Next, make the required changes to the extracted files in the `fixtures` directory.  When
 the changes are complete, run `make update_fixtures` to create a new `fixtures.ttar` file
 based on the updated `fixtures` directory.  And finally, verify the changes using
-`git diff fixtures.ttar`.
+`git diff testdata/fixtures.ttar`.
diff --git a/vendor/github.com/prometheus/procfs/arp.go b/vendor/github.com/prometheus/procfs/arp.go
index 68f36e888f..cdcc8a7ccc 100644
--- a/vendor/github.com/prometheus/procfs/arp.go
+++ b/vendor/github.com/prometheus/procfs/arp.go
@@ -55,7 +55,7 @@ type ARPEntry struct {
 func (fs FS) GatherARPEntries() ([]ARPEntry, error) {
 	data, err := os.ReadFile(fs.proc.Path("net/arp"))
 	if err != nil {
-		return nil, fmt.Errorf("error reading arp %q: %w", fs.proc.Path("net/arp"), err)
+		return nil, fmt.Errorf("%w: error reading arp %s: %w", ErrFileRead, fs.proc.Path("net/arp"), err)
 	}
 
 	return parseARPEntries(data)
@@ -78,11 +78,11 @@ func parseARPEntries(data []byte) ([]ARPEntry, error) {
 		} else if width == expectedDataWidth {
 			entry, err := parseARPEntry(columns)
 			if err != nil {
-				return []ARPEntry{}, fmt.Errorf("failed to parse ARP entry: %w", err)
+				return []ARPEntry{}, fmt.Errorf("%w: Failed to parse ARP entry: %v: %w", ErrFileParse, entry, err)
 			}
 			entries = append(entries, entry)
 		} else {
-			return []ARPEntry{}, fmt.Errorf("%d columns were detected, but %d were expected", width, expectedDataWidth)
+			return []ARPEntry{}, fmt.Errorf("%w: %d columns found, but expected %d: %w", ErrFileParse, width, expectedDataWidth, err)
 		}
 
 	}
diff --git a/vendor/github.com/prometheus/procfs/buddyinfo.go b/vendor/github.com/prometheus/procfs/buddyinfo.go
index f5b7939b26..8380750090 100644
--- a/vendor/github.com/prometheus/procfs/buddyinfo.go
+++ b/vendor/github.com/prometheus/procfs/buddyinfo.go
@@ -55,18 +55,18 @@ func parseBuddyInfo(r io.Reader) ([]BuddyInfo, error) {
 		parts := strings.Fields(line)
 
 		if len(parts) < 4 {
-			return nil, fmt.Errorf("invalid number of fields when parsing buddyinfo")
+			return nil, fmt.Errorf("%w: Invalid number of fields, found: %v", ErrFileParse, parts)
 		}
 
-		node := strings.TrimRight(parts[1], ",")
-		zone := strings.TrimRight(parts[3], ",")
+		node := strings.TrimSuffix(parts[1], ",")
+		zone := strings.TrimSuffix(parts[3], ",")
 		arraySize := len(parts[4:])
 
 		if bucketCount == -1 {
 			bucketCount = arraySize
 		} else {
 			if bucketCount != arraySize {
-				return nil, fmt.Errorf("mismatch in number of buddyinfo buckets, previous count %d, new count %d", bucketCount, arraySize)
+				return nil, fmt.Errorf("%w: mismatch in number of buddyinfo buckets, previous count %d, new count %d", ErrFileParse, bucketCount, arraySize)
 			}
 		}
 
@@ -74,7 +74,7 @@ func parseBuddyInfo(r io.Reader) ([]BuddyInfo, error) {
 		for i := 0; i < arraySize; i++ {
 			sizes[i], err = strconv.ParseFloat(parts[i+4], 64)
 			if err != nil {
-				return nil, fmt.Errorf("invalid value in buddyinfo: %w", err)
+				return nil, fmt.Errorf("%w: Invalid valid in buddyinfo: %f: %w", ErrFileParse, sizes[i], err)
 			}
 		}
 
diff --git a/vendor/github.com/prometheus/procfs/cpuinfo.go b/vendor/github.com/prometheus/procfs/cpuinfo.go
index 06968ca2ed..f0950bb495 100644
--- a/vendor/github.com/prometheus/procfs/cpuinfo.go
+++ b/vendor/github.com/prometheus/procfs/cpuinfo.go
@@ -79,7 +79,7 @@ func parseCPUInfoX86(info []byte) ([]CPUInfo, error) {
 	// find the first "processor" line
 	firstLine := firstNonEmptyLine(scanner)
 	if !strings.HasPrefix(firstLine, "processor") || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
+		return nil, fmt.Errorf("%w: Cannot parse  line: %q", ErrFileParse, firstLine)
 	}
 	field := strings.SplitN(firstLine, ": ", 2)
 	v, err := strconv.ParseUint(field[1], 0, 32)
@@ -192,9 +192,10 @@ func parseCPUInfoARM(info []byte) ([]CPUInfo, error) {
 	scanner := bufio.NewScanner(bytes.NewReader(info))
 
 	firstLine := firstNonEmptyLine(scanner)
-	match, _ := regexp.MatchString("^[Pp]rocessor", firstLine)
+	match, err := regexp.MatchString("^[Pp]rocessor", firstLine)
 	if !match || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
+		return nil, fmt.Errorf("%w: Cannot parse line: %q: %w", ErrFileParse, firstLine, err)
+
 	}
 	field := strings.SplitN(firstLine, ": ", 2)
 	cpuinfo := []CPUInfo{}
@@ -258,7 +259,7 @@ func parseCPUInfoS390X(info []byte) ([]CPUInfo, error) {
 
 	firstLine := firstNonEmptyLine(scanner)
 	if !strings.HasPrefix(firstLine, "vendor_id") || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
+		return nil, fmt.Errorf("%w: Cannot parse line: %q", ErrFileParse, firstLine)
 	}
 	field := strings.SplitN(firstLine, ": ", 2)
 	cpuinfo := []CPUInfo{}
@@ -283,7 +284,7 @@ func parseCPUInfoS390X(info []byte) ([]CPUInfo, error) {
 		if strings.HasPrefix(line, "processor") {
 			match := cpuinfoS390XProcessorRegexp.FindStringSubmatch(line)
 			if len(match) < 2 {
-				return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
+				return nil, fmt.Errorf("%w: %q", ErrFileParse, firstLine)
 			}
 			cpu := commonCPUInfo
 			v, err := strconv.ParseUint(match[1], 0, 32)
@@ -343,7 +344,7 @@ func parseCPUInfoMips(info []byte) ([]CPUInfo, error) {
 	// find the first "processor" line
 	firstLine := firstNonEmptyLine(scanner)
 	if !strings.HasPrefix(firstLine, "system type") || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
+		return nil, fmt.Errorf("%w: %q", ErrFileParse, firstLine)
 	}
 	field := strings.SplitN(firstLine, ": ", 2)
 	cpuinfo := []CPUInfo{}
@@ -385,7 +386,7 @@ func parseCPUInfoLoong(info []byte) ([]CPUInfo, error) {
 	// find the first "processor" line
 	firstLine := firstNonEmptyLine(scanner)
 	if !strings.HasPrefix(firstLine, "system type") || !strings.Contains(firstLine, ":") {
-		return nil, errors.New("invalid cpuinfo file: " + firstLine)
+		return nil, fmt.Errorf("%w: %q", ErrFileParse, firstLine)
 	}
 	field := strings.SplitN(firstLine, ": ", 2)
 	cpuinfo := []CPUInfo{}
@@ -421,7 +422,7 @@ func parseCPUInfoPPC(info []byte) ([]CPUInfo, error) {
 
 	firstLine := firstNonEmptyLine(scanner)
 	if !strings.HasPrefix(firstLine, "processor") || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
+		return nil, fmt.Errorf("%w: %q", ErrFileParse, firstLine)
 	}
 	field := strings.SplitN(firstLine, ": ", 2)
 	v, err := strconv.ParseUint(field[1], 0, 32)
@@ -466,7 +467,7 @@ func parseCPUInfoRISCV(info []byte) ([]CPUInfo, error) {
 
 	firstLine := firstNonEmptyLine(scanner)
 	if !strings.HasPrefix(firstLine, "processor") || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
+		return nil, fmt.Errorf("%w: %q", ErrFileParse, firstLine)
 	}
 	field := strings.SplitN(firstLine, ": ", 2)
 	v, err := strconv.ParseUint(field[1], 0, 32)
diff --git a/vendor/github.com/prometheus/procfs/crypto.go b/vendor/github.com/prometheus/procfs/crypto.go
index 5048ad1f21..5f2a37a78b 100644
--- a/vendor/github.com/prometheus/procfs/crypto.go
+++ b/vendor/github.com/prometheus/procfs/crypto.go
@@ -55,12 +55,13 @@ func (fs FS) Crypto() ([]Crypto, error) {
 	path := fs.proc.Path("crypto")
 	b, err := util.ReadFileNoStat(path)
 	if err != nil {
-		return nil, fmt.Errorf("error reading crypto %q: %w", path, err)
+		return nil, fmt.Errorf("%w: Cannot read file %v: %w", ErrFileRead, b, err)
+
 	}
 
 	crypto, err := parseCrypto(bytes.NewReader(b))
 	if err != nil {
-		return nil, fmt.Errorf("error parsing crypto %q: %w", path, err)
+		return nil, fmt.Errorf("%w: Cannot parse %v: %w", ErrFileParse, crypto, err)
 	}
 
 	return crypto, nil
@@ -83,7 +84,7 @@ func parseCrypto(r io.Reader) ([]Crypto, error) {
 
 		kv := strings.Split(text, ":")
 		if len(kv) != 2 {
-			return nil, fmt.Errorf("malformed crypto line: %q", text)
+			return nil, fmt.Errorf("%w: Cannot parse line: %q", ErrFileParse, text)
 		}
 
 		k := strings.TrimSpace(kv[0])
diff --git a/vendor/github.com/prometheus/procfs/fs.go b/vendor/github.com/prometheus/procfs/fs.go
index 0102ab0fd8..4980c875bf 100644
--- a/vendor/github.com/prometheus/procfs/fs.go
+++ b/vendor/github.com/prometheus/procfs/fs.go
@@ -20,7 +20,8 @@ import (
 // FS represents the pseudo-filesystem sys, which provides an interface to
 // kernel data structures.
 type FS struct {
-	proc fs.FS
+	proc   fs.FS
+	isReal bool
 }
 
 // DefaultMountPoint is the common mount point of the proc filesystem.
@@ -39,5 +40,11 @@ func NewFS(mountPoint string) (FS, error) {
 	if err != nil {
 		return FS{}, err
 	}
-	return FS{fs}, nil
+
+	isReal, err := isRealProc(mountPoint)
+	if err != nil {
+		return FS{}, err
+	}
+
+	return FS{fs, isReal}, nil
 }
diff --git a/vendor/google.golang.org/genproto/internal/doc.go b/vendor/github.com/prometheus/procfs/fs_statfs_notype.go
similarity index 60%
rename from vendor/google.golang.org/genproto/internal/doc.go
rename to vendor/github.com/prometheus/procfs/fs_statfs_notype.go
index 90e89b4aa3..134767d69a 100644
--- a/vendor/google.golang.org/genproto/internal/doc.go
+++ b/vendor/github.com/prometheus/procfs/fs_statfs_notype.go
@@ -1,10 +1,9 @@
-// Copyright 2023 Google LLC
-//
+// Copyright 2018 The Prometheus Authors
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
-//      http://www.apache.org/licenses/LICENSE-2.0
+// http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
@@ -12,6 +11,13 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// This file makes internal an importable go package
-// for use with backreferences from submodules.
-package internal
+//go:build !freebsd && !linux
+// +build !freebsd,!linux
+
+package procfs
+
+// isRealProc returns true on architectures that don't have a Type argument
+// in their Statfs_t struct
+func isRealProc(mountPoint string) (bool, error) {
+	return true, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/fs_statfs_type.go b/vendor/github.com/prometheus/procfs/fs_statfs_type.go
new file mode 100644
index 0000000000..80df79c319
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/fs_statfs_type.go
@@ -0,0 +1,33 @@
+// Copyright 2018 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build freebsd || linux
+// +build freebsd linux
+
+package procfs
+
+import (
+	"syscall"
+)
+
+// isRealProc determines whether supplied mountpoint is really a proc filesystem.
+func isRealProc(mountPoint string) (bool, error) {
+	stat := syscall.Statfs_t{}
+	err := syscall.Statfs(mountPoint, &stat)
+	if err != nil {
+		return false, err
+	}
+
+	// 0x9fa0 is PROC_SUPER_MAGIC: https://elixir.bootlin.com/linux/v6.1/source/include/uapi/linux/magic.h#L87
+	return stat.Type == 0x9fa0, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/fscache.go b/vendor/github.com/prometheus/procfs/fscache.go
index f8070e6e2b..cf2e3eaa03 100644
--- a/vendor/github.com/prometheus/procfs/fscache.go
+++ b/vendor/github.com/prometheus/procfs/fscache.go
@@ -236,7 +236,7 @@ func (fs FS) Fscacheinfo() (Fscacheinfo, error) {
 
 	m, err := parseFscacheinfo(bytes.NewReader(b))
 	if err != nil {
-		return Fscacheinfo{}, fmt.Errorf("failed to parse Fscacheinfo: %w", err)
+		return Fscacheinfo{}, fmt.Errorf("%w: Cannot parse %v: %w", ErrFileParse, m, err)
 	}
 
 	return *m, nil
@@ -245,7 +245,7 @@ func (fs FS) Fscacheinfo() (Fscacheinfo, error) {
 func setFSCacheFields(fields []string, setFields ...*uint64) error {
 	var err error
 	if len(fields) < len(setFields) {
-		return fmt.Errorf("Insufficient number of fields, expected %v, got %v", len(setFields), len(fields))
+		return fmt.Errorf("%w: Expected %d, but got %d: %w", ErrFileParse, len(setFields), len(fields), err)
 	}
 
 	for i := range setFields {
@@ -263,7 +263,7 @@ func parseFscacheinfo(r io.Reader) (*Fscacheinfo, error) {
 	for s.Scan() {
 		fields := strings.Fields(s.Text())
 		if len(fields) < 2 {
-			return nil, fmt.Errorf("malformed Fscacheinfo line: %q", s.Text())
+			return nil, fmt.Errorf("%w: malformed Fscacheinfo line: %q", ErrFileParse, s.Text())
 		}
 
 		switch fields[0] {
diff --git a/vendor/github.com/prometheus/procfs/internal/util/parse.go b/vendor/github.com/prometheus/procfs/internal/util/parse.go
index b030951faf..14272dc788 100644
--- a/vendor/github.com/prometheus/procfs/internal/util/parse.go
+++ b/vendor/github.com/prometheus/procfs/internal/util/parse.go
@@ -64,6 +64,21 @@ func ParsePInt64s(ss []string) ([]*int64, error) {
 	return us, nil
 }
 
+// Parses a uint64 from given hex in string.
+func ParseHexUint64s(ss []string) ([]*uint64, error) {
+	us := make([]*uint64, 0, len(ss))
+	for _, s := range ss {
+		u, err := strconv.ParseUint(s, 16, 64)
+		if err != nil {
+			return nil, err
+		}
+
+		us = append(us, &u)
+	}
+
+	return us, nil
+}
+
 // ReadUintFromFile reads a file and attempts to parse a uint64 from it.
 func ReadUintFromFile(path string) (uint64, error) {
 	data, err := os.ReadFile(path)
diff --git a/vendor/github.com/prometheus/procfs/ipvs.go b/vendor/github.com/prometheus/procfs/ipvs.go
index 391c07957e..bc3a20c932 100644
--- a/vendor/github.com/prometheus/procfs/ipvs.go
+++ b/vendor/github.com/prometheus/procfs/ipvs.go
@@ -221,15 +221,16 @@ func parseIPPort(s string) (net.IP, uint16, error) {
 	case 46:
 		ip = net.ParseIP(s[1:40])
 		if ip == nil {
-			return nil, 0, fmt.Errorf("invalid IPv6 address: %s", s[1:40])
+			return nil, 0, fmt.Errorf("%w: Invalid IPv6 addr %s: %w", ErrFileParse, s[1:40], err)
 		}
 	default:
-		return nil, 0, fmt.Errorf("unexpected IP:Port: %s", s)
+		return nil, 0, fmt.Errorf("%w: Unexpected IP:Port %s: %w", ErrFileParse, s, err)
 	}
 
 	portString := s[len(s)-4:]
 	if len(portString) != 4 {
-		return nil, 0, fmt.Errorf("unexpected port string format: %s", portString)
+		return nil, 0,
+			fmt.Errorf("%w: Unexpected port string format %s: %w", ErrFileParse, portString, err)
 	}
 	port, err := strconv.ParseUint(portString, 16, 16)
 	if err != nil {
diff --git a/vendor/github.com/prometheus/procfs/loadavg.go b/vendor/github.com/prometheus/procfs/loadavg.go
index 0096cafbdf..332e76c17f 100644
--- a/vendor/github.com/prometheus/procfs/loadavg.go
+++ b/vendor/github.com/prometheus/procfs/loadavg.go
@@ -44,14 +44,14 @@ func parseLoad(loadavgBytes []byte) (*LoadAvg, error) {
 	loads := make([]float64, 3)
 	parts := strings.Fields(string(loadavgBytes))
 	if len(parts) < 3 {
-		return nil, fmt.Errorf("malformed loadavg line: too few fields in loadavg string: %q", string(loadavgBytes))
+		return nil, fmt.Errorf("%w: Malformed line %q", ErrFileParse, string(loadavgBytes))
 	}
 
 	var err error
 	for i, load := range parts[0:3] {
 		loads[i], err = strconv.ParseFloat(load, 64)
 		if err != nil {
-			return nil, fmt.Errorf("could not parse load %q: %w", load, err)
+			return nil, fmt.Errorf("%w: Cannot parse load: %f: %w", ErrFileParse, loads[i], err)
 		}
 	}
 	return &LoadAvg{
diff --git a/vendor/github.com/prometheus/procfs/mdstat.go b/vendor/github.com/prometheus/procfs/mdstat.go
index a95c889cb9..67a9d2b448 100644
--- a/vendor/github.com/prometheus/procfs/mdstat.go
+++ b/vendor/github.com/prometheus/procfs/mdstat.go
@@ -23,7 +23,7 @@ import (
 
 var (
 	statusLineRE         = regexp.MustCompile(`(\d+) blocks .*\[(\d+)/(\d+)\] \[([U_]+)\]`)
-	recoveryLineBlocksRE = regexp.MustCompile(`\((\d+)/\d+\)`)
+	recoveryLineBlocksRE = regexp.MustCompile(`\((\d+/\d+)\)`)
 	recoveryLinePctRE    = regexp.MustCompile(`= (.+)%`)
 	recoveryLineFinishRE = regexp.MustCompile(`finish=(.+)min`)
 	recoveryLineSpeedRE  = regexp.MustCompile(`speed=(.+)[A-Z]`)
@@ -50,6 +50,8 @@ type MDStat struct {
 	BlocksTotal int64
 	// Number of blocks on the device that are in sync.
 	BlocksSynced int64
+	// Number of blocks on the device that need to be synced.
+	BlocksToBeSynced int64
 	// progress percentage of current sync
 	BlocksSyncedPct float64
 	// estimated finishing time for current sync (in minutes)
@@ -70,7 +72,7 @@ func (fs FS) MDStat() ([]MDStat, error) {
 	}
 	mdstat, err := parseMDStat(data)
 	if err != nil {
-		return nil, fmt.Errorf("error parsing mdstat %q: %w", fs.proc.Path("mdstat"), err)
+		return nil, fmt.Errorf("%w: Cannot parse %v: %w", ErrFileParse, fs.proc.Path("mdstat"), err)
 	}
 	return mdstat, nil
 }
@@ -90,13 +92,13 @@ func parseMDStat(mdStatData []byte) ([]MDStat, error) {
 
 		deviceFields := strings.Fields(line)
 		if len(deviceFields) < 3 {
-			return nil, fmt.Errorf("not enough fields in mdline (expected at least 3): %s", line)
+			return nil, fmt.Errorf("%w: Expected 3+ lines, got %q", ErrFileParse, line)
 		}
 		mdName := deviceFields[0] // mdx
 		state := deviceFields[2]  // active or inactive
 
 		if len(lines) <= i+3 {
-			return nil, fmt.Errorf("error parsing %q: too few lines for md device", mdName)
+			return nil, fmt.Errorf("%w: Too few lines for md device: %q", ErrFileParse, mdName)
 		}
 
 		// Failed disks have the suffix (F) & Spare disks have the suffix (S).
@@ -105,7 +107,7 @@ func parseMDStat(mdStatData []byte) ([]MDStat, error) {
 		active, total, down, size, err := evalStatusLine(lines[i], lines[i+1])
 
 		if err != nil {
-			return nil, fmt.Errorf("error parsing md device lines: %w", err)
+			return nil, fmt.Errorf("%w: Cannot parse md device lines: %v: %w", ErrFileParse, active, err)
 		}
 
 		syncLineIdx := i + 2
@@ -115,7 +117,8 @@ func parseMDStat(mdStatData []byte) ([]MDStat, error) {
 
 		// If device is syncing at the moment, get the number of currently
 		// synced bytes, otherwise that number equals the size of the device.
-		syncedBlocks := size
+		blocksSynced := size
+		blocksToBeSynced := size
 		speed := float64(0)
 		finish := float64(0)
 		pct := float64(0)
@@ -136,11 +139,11 @@ func parseMDStat(mdStatData []byte) ([]MDStat, error) {
 			// Handle case when resync=PENDING or resync=DELAYED.
 			if strings.Contains(lines[syncLineIdx], "PENDING") ||
 				strings.Contains(lines[syncLineIdx], "DELAYED") {
-				syncedBlocks = 0
+				blocksSynced = 0
 			} else {
-				syncedBlocks, pct, finish, speed, err = evalRecoveryLine(lines[syncLineIdx])
+				blocksSynced, blocksToBeSynced, pct, finish, speed, err = evalRecoveryLine(lines[syncLineIdx])
 				if err != nil {
-					return nil, fmt.Errorf("error parsing sync line in md device %q: %w", mdName, err)
+					return nil, fmt.Errorf("%w: Cannot parse sync line in md device: %q: %w", ErrFileParse, mdName, err)
 				}
 			}
 		}
@@ -154,7 +157,8 @@ func parseMDStat(mdStatData []byte) ([]MDStat, error) {
 			DisksSpare:             spare,
 			DisksTotal:             total,
 			BlocksTotal:            size,
-			BlocksSynced:           syncedBlocks,
+			BlocksSynced:           blocksSynced,
+			BlocksToBeSynced:       blocksToBeSynced,
 			BlocksSyncedPct:        pct,
 			BlocksSyncedFinishTime: finish,
 			BlocksSyncedSpeed:      speed,
@@ -168,13 +172,13 @@ func parseMDStat(mdStatData []byte) ([]MDStat, error) {
 func evalStatusLine(deviceLine, statusLine string) (active, total, down, size int64, err error) {
 	statusFields := strings.Fields(statusLine)
 	if len(statusFields) < 1 {
-		return 0, 0, 0, 0, fmt.Errorf("unexpected statusLine %q", statusLine)
+		return 0, 0, 0, 0, fmt.Errorf("%w: Unexpected statusline %q: %w", ErrFileParse, statusLine, err)
 	}
 
 	sizeStr := statusFields[0]
 	size, err = strconv.ParseInt(sizeStr, 10, 64)
 	if err != nil {
-		return 0, 0, 0, 0, fmt.Errorf("unexpected statusLine %q: %w", statusLine, err)
+		return 0, 0, 0, 0, fmt.Errorf("%w: Unexpected statusline %q: %w", ErrFileParse, statusLine, err)
 	}
 
 	if strings.Contains(deviceLine, "raid0") || strings.Contains(deviceLine, "linear") {
@@ -189,65 +193,71 @@ func evalStatusLine(deviceLine, statusLine string) (active, total, down, size in
 
 	matches := statusLineRE.FindStringSubmatch(statusLine)
 	if len(matches) != 5 {
-		return 0, 0, 0, 0, fmt.Errorf("couldn't find all the substring matches: %s", statusLine)
+		return 0, 0, 0, 0, fmt.Errorf("%w: Could not fild all substring matches %s: %w", ErrFileParse, statusLine, err)
 	}
 
 	total, err = strconv.ParseInt(matches[2], 10, 64)
 	if err != nil {
-		return 0, 0, 0, 0, fmt.Errorf("unexpected statusLine %q: %w", statusLine, err)
+		return 0, 0, 0, 0, fmt.Errorf("%w: Unexpected statusline %q: %w", ErrFileParse, statusLine, err)
 	}
 
 	active, err = strconv.ParseInt(matches[3], 10, 64)
 	if err != nil {
-		return 0, 0, 0, 0, fmt.Errorf("unexpected statusLine %q: %w", statusLine, err)
+		return 0, 0, 0, 0, fmt.Errorf("%w: Unexpected active %d: %w", ErrFileParse, active, err)
 	}
 	down = int64(strings.Count(matches[4], "_"))
 
 	return active, total, down, size, nil
 }
 
-func evalRecoveryLine(recoveryLine string) (syncedBlocks int64, pct float64, finish float64, speed float64, err error) {
+func evalRecoveryLine(recoveryLine string) (blocksSynced int64, blocksToBeSynced int64, pct float64, finish float64, speed float64, err error) {
 	matches := recoveryLineBlocksRE.FindStringSubmatch(recoveryLine)
 	if len(matches) != 2 {
-		return 0, 0, 0, 0, fmt.Errorf("unexpected recoveryLine: %s", recoveryLine)
+		return 0, 0, 0, 0, 0, fmt.Errorf("%w: Unexpected recoveryLine blocks %s: %w", ErrFileParse, recoveryLine, err)
 	}
 
-	syncedBlocks, err = strconv.ParseInt(matches[1], 10, 64)
+	blocks := strings.Split(matches[1], "/")
+	blocksSynced, err = strconv.ParseInt(blocks[0], 10, 64)
 	if err != nil {
-		return 0, 0, 0, 0, fmt.Errorf("error parsing int from recoveryLine %q: %w", recoveryLine, err)
+		return 0, 0, 0, 0, 0, fmt.Errorf("%w: Unable to parse recovery blocks synced %q: %w", ErrFileParse, matches[1], err)
+	}
+
+	blocksToBeSynced, err = strconv.ParseInt(blocks[1], 10, 64)
+	if err != nil {
+		return blocksSynced, 0, 0, 0, 0, fmt.Errorf("%w: Unable to parse recovery to be synced blocks %q: %w", ErrFileParse, matches[2], err)
 	}
 
 	// Get percentage complete
 	matches = recoveryLinePctRE.FindStringSubmatch(recoveryLine)
 	if len(matches) != 2 {
-		return syncedBlocks, 0, 0, 0, fmt.Errorf("unexpected recoveryLine matching percentage: %s", recoveryLine)
+		return blocksSynced, blocksToBeSynced, 0, 0, 0, fmt.Errorf("%w: Unexpected recoveryLine matching percentage %s", ErrFileParse, recoveryLine)
 	}
 	pct, err = strconv.ParseFloat(strings.TrimSpace(matches[1]), 64)
 	if err != nil {
-		return syncedBlocks, 0, 0, 0, fmt.Errorf("error parsing float from recoveryLine %q: %w", recoveryLine, err)
+		return blocksSynced, blocksToBeSynced, 0, 0, 0, fmt.Errorf("%w: Error parsing float from recoveryLine %q", ErrFileParse, recoveryLine)
 	}
 
 	// Get time expected left to complete
 	matches = recoveryLineFinishRE.FindStringSubmatch(recoveryLine)
 	if len(matches) != 2 {
-		return syncedBlocks, pct, 0, 0, fmt.Errorf("unexpected recoveryLine matching est. finish time: %s", recoveryLine)
+		return blocksSynced, blocksToBeSynced, pct, 0, 0, fmt.Errorf("%w: Unexpected recoveryLine matching est. finish time: %s", ErrFileParse, recoveryLine)
 	}
 	finish, err = strconv.ParseFloat(matches[1], 64)
 	if err != nil {
-		return syncedBlocks, pct, 0, 0, fmt.Errorf("error parsing float from recoveryLine %q: %w", recoveryLine, err)
+		return blocksSynced, blocksToBeSynced, pct, 0, 0, fmt.Errorf("%w: Unable to parse float from recoveryLine: %q", ErrFileParse, recoveryLine)
 	}
 
 	// Get recovery speed
 	matches = recoveryLineSpeedRE.FindStringSubmatch(recoveryLine)
 	if len(matches) != 2 {
-		return syncedBlocks, pct, finish, 0, fmt.Errorf("unexpected recoveryLine matching speed: %s", recoveryLine)
+		return blocksSynced, blocksToBeSynced, pct, finish, 0, fmt.Errorf("%w: Unexpected recoveryLine value: %s", ErrFileParse, recoveryLine)
 	}
 	speed, err = strconv.ParseFloat(matches[1], 64)
 	if err != nil {
-		return syncedBlocks, pct, finish, 0, fmt.Errorf("error parsing float from recoveryLine %q: %w", recoveryLine, err)
+		return blocksSynced, blocksToBeSynced, pct, finish, 0, fmt.Errorf("%w: Error parsing float from recoveryLine: %q: %w", ErrFileParse, recoveryLine, err)
 	}
 
-	return syncedBlocks, pct, finish, speed, nil
+	return blocksSynced, blocksToBeSynced, pct, finish, speed, nil
 }
 
 func evalComponentDevices(deviceFields []string) []string {
diff --git a/vendor/github.com/prometheus/procfs/meminfo.go b/vendor/github.com/prometheus/procfs/meminfo.go
index f65e174e57..4b2c4050a3 100644
--- a/vendor/github.com/prometheus/procfs/meminfo.go
+++ b/vendor/github.com/prometheus/procfs/meminfo.go
@@ -126,6 +126,7 @@ type Meminfo struct {
 	VmallocUsed *uint64
 	// largest contiguous block of vmalloc area which is free
 	VmallocChunk      *uint64
+	Percpu            *uint64
 	HardwareCorrupted *uint64
 	AnonHugePages     *uint64
 	ShmemHugePages    *uint64
@@ -140,6 +141,55 @@ type Meminfo struct {
 	DirectMap4k       *uint64
 	DirectMap2M       *uint64
 	DirectMap1G       *uint64
+
+	// The struct fields below are the byte-normalized counterparts to the
+	// existing struct fields. Values are normalized using the optional
+	// unit field in the meminfo line.
+	MemTotalBytes          *uint64
+	MemFreeBytes           *uint64
+	MemAvailableBytes      *uint64
+	BuffersBytes           *uint64
+	CachedBytes            *uint64
+	SwapCachedBytes        *uint64
+	ActiveBytes            *uint64
+	InactiveBytes          *uint64
+	ActiveAnonBytes        *uint64
+	InactiveAnonBytes      *uint64
+	ActiveFileBytes        *uint64
+	InactiveFileBytes      *uint64
+	UnevictableBytes       *uint64
+	MlockedBytes           *uint64
+	SwapTotalBytes         *uint64
+	SwapFreeBytes          *uint64
+	DirtyBytes             *uint64
+	WritebackBytes         *uint64
+	AnonPagesBytes         *uint64
+	MappedBytes            *uint64
+	ShmemBytes             *uint64
+	SlabBytes              *uint64
+	SReclaimableBytes      *uint64
+	SUnreclaimBytes        *uint64
+	KernelStackBytes       *uint64
+	PageTablesBytes        *uint64
+	NFSUnstableBytes       *uint64
+	BounceBytes            *uint64
+	WritebackTmpBytes      *uint64
+	CommitLimitBytes       *uint64
+	CommittedASBytes       *uint64
+	VmallocTotalBytes      *uint64
+	VmallocUsedBytes       *uint64
+	VmallocChunkBytes      *uint64
+	PercpuBytes            *uint64
+	HardwareCorruptedBytes *uint64
+	AnonHugePagesBytes     *uint64
+	ShmemHugePagesBytes    *uint64
+	ShmemPmdMappedBytes    *uint64
+	CmaTotalBytes          *uint64
+	CmaFreeBytes           *uint64
+	HugepagesizeBytes      *uint64
+	DirectMap4kBytes       *uint64
+	DirectMap2MBytes       *uint64
+	DirectMap1GBytes       *uint64
 }
 
 // Meminfo returns an information about current kernel/system memory statistics.
@@ -152,7 +202,7 @@ func (fs FS) Meminfo() (Meminfo, error) {
 
 	m, err := parseMemInfo(bytes.NewReader(b))
 	if err != nil {
-		return Meminfo{}, fmt.Errorf("failed to parse meminfo: %w", err)
+		return Meminfo{}, fmt.Errorf("%w: %w", ErrFileParse, err)
 	}
 
 	return *m, nil
@@ -162,114 +212,176 @@ func parseMemInfo(r io.Reader) (*Meminfo, error) {
 	var m Meminfo
 	s := bufio.NewScanner(r)
 	for s.Scan() {
-		// Each line has at least a name and value; we ignore the unit.
 		fields := strings.Fields(s.Text())
-		if len(fields) < 2 {
-			return nil, fmt.Errorf("malformed meminfo line: %q", s.Text())
-		}
+		var val, valBytes uint64
 
-		v, err := strconv.ParseUint(fields[1], 0, 64)
+		val, err := strconv.ParseUint(fields[1], 0, 64)
 		if err != nil {
 			return nil, err
 		}
 
+		switch len(fields) {
+		case 2:
+			// No unit present, use the parsed the value as bytes directly.
+			valBytes = val
+		case 3:
+			// Unit present in optional 3rd field, convert it to
+			// bytes. The only unit supported within the Linux
+			// kernel is `kB`.
+			if fields[2] != "kB" {
+				return nil, fmt.Errorf("%w: Unsupported unit in optional 3rd field %q", ErrFileParse, fields[2])
+			}
+
+			valBytes = 1024 * val
+
+		default:
+			return nil, fmt.Errorf("%w: Malformed line %q", ErrFileParse, s.Text())
+		}
+
 		switch fields[0] {
 		case "MemTotal:":
-			m.MemTotal = &v
+			m.MemTotal = &val
+			m.MemTotalBytes = &valBytes
 		case "MemFree:":
-			m.MemFree = &v
+			m.MemFree = &val
+			m.MemFreeBytes = &valBytes
 		case "MemAvailable:":
-			m.MemAvailable = &v
+			m.MemAvailable = &val
+			m.MemAvailableBytes = &valBytes
 		case "Buffers:":
-			m.Buffers = &v
+			m.Buffers = &val
+			m.BuffersBytes = &valBytes
 		case "Cached:":
-			m.Cached = &v
+			m.Cached = &val
+			m.CachedBytes = &valBytes
 		case "SwapCached:":
-			m.SwapCached = &v
+			m.SwapCached = &val
+			m.SwapCachedBytes = &valBytes
 		case "Active:":
-			m.Active = &v
+			m.Active = &val
+			m.ActiveBytes = &valBytes
 		case "Inactive:":
-			m.Inactive = &v
+			m.Inactive = &val
+			m.InactiveBytes = &valBytes
 		case "Active(anon):":
-			m.ActiveAnon = &v
+			m.ActiveAnon = &val
+			m.ActiveAnonBytes = &valBytes
 		case "Inactive(anon):":
-			m.InactiveAnon = &v
+			m.InactiveAnon = &val
+			m.InactiveAnonBytes = &valBytes
 		case "Active(file):":
-			m.ActiveFile = &v
+			m.ActiveFile = &val
+			m.ActiveFileBytes = &valBytes
 		case "Inactive(file):":
-			m.InactiveFile = &v
+			m.InactiveFile = &val
+			m.InactiveFileBytes = &valBytes
 		case "Unevictable:":
-			m.Unevictable = &v
+			m.Unevictable = &val
+			m.UnevictableBytes = &valBytes
 		case "Mlocked:":
-			m.Mlocked = &v
+			m.Mlocked = &val
+			m.MlockedBytes = &valBytes
 		case "SwapTotal:":
-			m.SwapTotal = &v
+			m.SwapTotal = &val
+			m.SwapTotalBytes = &valBytes
 		case "SwapFree:":
-			m.SwapFree = &v
+			m.SwapFree = &val
+			m.SwapFreeBytes = &valBytes
 		case "Dirty:":
-			m.Dirty = &v
+			m.Dirty = &val
+			m.DirtyBytes = &valBytes
 		case "Writeback:":
-			m.Writeback = &v
+			m.Writeback = &val
+			m.WritebackBytes = &valBytes
 		case "AnonPages:":
-			m.AnonPages = &v
+			m.AnonPages = &val
+			m.AnonPagesBytes = &valBytes
 		case "Mapped:":
-			m.Mapped = &v
+			m.Mapped = &val
+			m.MappedBytes = &valBytes
 		case "Shmem:":
-			m.Shmem = &v
+			m.Shmem = &val
+			m.ShmemBytes = &valBytes
 		case "Slab:":
-			m.Slab = &v
+			m.Slab = &val
+			m.SlabBytes = &valBytes
 		case "SReclaimable:":
-			m.SReclaimable = &v
+			m.SReclaimable = &val
+			m.SReclaimableBytes = &valBytes
 		case "SUnreclaim:":
-			m.SUnreclaim = &v
+			m.SUnreclaim = &val
+			m.SUnreclaimBytes = &valBytes
 		case "KernelStack:":
-			m.KernelStack = &v
+			m.KernelStack = &val
+			m.KernelStackBytes = &valBytes
 		case "PageTables:":
-			m.PageTables = &v
+			m.PageTables = &val
+			m.PageTablesBytes = &valBytes
 		case "NFS_Unstable:":
-			m.NFSUnstable = &v
+			m.NFSUnstable = &val
+			m.NFSUnstableBytes = &valBytes
 		case "Bounce:":
-			m.Bounce = &v
+			m.Bounce = &val
+			m.BounceBytes = &valBytes
 		case "WritebackTmp:":
-			m.WritebackTmp = &v
+			m.WritebackTmp = &val
+			m.WritebackTmpBytes = &valBytes
 		case "CommitLimit:":
-			m.CommitLimit = &v
+			m.CommitLimit = &val
+			m.CommitLimitBytes = &valBytes
 		case "Committed_AS:":
-			m.CommittedAS = &v
+			m.CommittedAS = &val
+			m.CommittedASBytes = &valBytes
 		case "VmallocTotal:":
-			m.VmallocTotal = &v
+			m.VmallocTotal = &val
+			m.VmallocTotalBytes = &valBytes
 		case "VmallocUsed:":
-			m.VmallocUsed = &v
+			m.VmallocUsed = &val
+			m.VmallocUsedBytes = &valBytes
 		case "VmallocChunk:":
-			m.VmallocChunk = &v
+			m.VmallocChunk = &val
+			m.VmallocChunkBytes = &valBytes
+		case "Percpu:":
+			m.Percpu = &val
+			m.PercpuBytes = &valBytes
 		case "HardwareCorrupted:":
-			m.HardwareCorrupted = &v
+			m.HardwareCorrupted = &val
+			m.HardwareCorruptedBytes = &valBytes
 		case "AnonHugePages:":
-			m.AnonHugePages = &v
+			m.AnonHugePages = &val
+			m.AnonHugePagesBytes = &valBytes
 		case "ShmemHugePages:":
-			m.ShmemHugePages = &v
+			m.ShmemHugePages = &val
+			m.ShmemHugePagesBytes = &valBytes
 		case "ShmemPmdMapped:":
-			m.ShmemPmdMapped = &v
+			m.ShmemPmdMapped = &val
+			m.ShmemPmdMappedBytes = &valBytes
 		case "CmaTotal:":
-			m.CmaTotal = &v
+			m.CmaTotal = &val
+			m.CmaTotalBytes = &valBytes
 		case "CmaFree:":
-			m.CmaFree = &v
+			m.CmaFree = &val
+			m.CmaFreeBytes = &valBytes
 		case "HugePages_Total:":
-			m.HugePagesTotal = &v
+			m.HugePagesTotal = &val
 		case "HugePages_Free:":
-			m.HugePagesFree = &v
+			m.HugePagesFree = &val
 		case "HugePages_Rsvd:":
-			m.HugePagesRsvd = &v
+			m.HugePagesRsvd = &val
 		case "HugePages_Surp:":
-			m.HugePagesSurp = &v
+			m.HugePagesSurp = &val
 		case "Hugepagesize:":
-			m.Hugepagesize = &v
+			m.Hugepagesize = &val
+			m.HugepagesizeBytes = &valBytes
 		case "DirectMap4k:":
-			m.DirectMap4k = &v
+			m.DirectMap4k = &val
+			m.DirectMap4kBytes = &valBytes
 		case "DirectMap2M:":
-			m.DirectMap2M = &v
+			m.DirectMap2M = &val
+			m.DirectMap2MBytes = &valBytes
 		case "DirectMap1G:":
-			m.DirectMap1G = &v
+			m.DirectMap1G = &val
+			m.DirectMap1GBytes = &valBytes
 		}
 	}
 
diff --git a/vendor/github.com/prometheus/procfs/mountinfo.go b/vendor/github.com/prometheus/procfs/mountinfo.go
index 59f4d50558..a704c5e735 100644
--- a/vendor/github.com/prometheus/procfs/mountinfo.go
+++ b/vendor/github.com/prometheus/procfs/mountinfo.go
@@ -78,11 +78,11 @@ func parseMountInfoString(mountString string) (*MountInfo, error) {
 	mountInfo := strings.Split(mountString, " ")
 	mountInfoLength := len(mountInfo)
 	if mountInfoLength < 10 {
-		return nil, fmt.Errorf("couldn't find enough fields in mount string: %s", mountString)
+		return nil, fmt.Errorf("%w: Too few fields in mount string: %s", ErrFileParse, mountString)
 	}
 
 	if mountInfo[mountInfoLength-4] != "-" {
-		return nil, fmt.Errorf("couldn't find separator in expected field: %s", mountInfo[mountInfoLength-4])
+		return nil, fmt.Errorf("%w: couldn't find separator in expected field: %s", ErrFileParse, mountInfo[mountInfoLength-4])
 	}
 
 	mount := &MountInfo{
@@ -98,18 +98,18 @@ func parseMountInfoString(mountString string) (*MountInfo, error) {
 
 	mount.MountID, err = strconv.Atoi(mountInfo[0])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse mount ID")
+		return nil, fmt.Errorf("%w: mount ID: %q", ErrFileParse, mount.MountID)
 	}
 	mount.ParentID, err = strconv.Atoi(mountInfo[1])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse parent ID")
+		return nil, fmt.Errorf("%w: parent ID: %q", ErrFileParse, mount.ParentID)
 	}
 	// Has optional fields, which is a space separated list of values.
 	// Example: shared:2 master:7
 	if mountInfo[6] != "" {
 		mount.OptionalFields, err = mountOptionsParseOptionalFields(mountInfo[6 : mountInfoLength-4])
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("%w: %w", ErrFileParse, err)
 		}
 	}
 	return mount, nil
diff --git a/vendor/github.com/prometheus/procfs/mountstats.go b/vendor/github.com/prometheus/procfs/mountstats.go
index 0c482c18cc..75a3b6c810 100644
--- a/vendor/github.com/prometheus/procfs/mountstats.go
+++ b/vendor/github.com/prometheus/procfs/mountstats.go
@@ -44,6 +44,14 @@ const (
 
 	fieldTransport11TCPLen = 13
 	fieldTransport11UDPLen = 10
+
+	// kernel version >= 4.14 MaxLen
+	// See: https://elixir.bootlin.com/linux/v6.4.8/source/net/sunrpc/xprtrdma/xprt_rdma.h#L393
+	fieldTransport11RDMAMaxLen = 28
+
+	// kernel version <= 4.2 MinLen
+	// See: https://elixir.bootlin.com/linux/v4.2.8/source/net/sunrpc/xprtrdma/xprt_rdma.h#L331
+	fieldTransport11RDMAMinLen = 20
 )
 
 // A Mount is a device mount parsed from /proc/[pid]/mountstats.
@@ -80,7 +88,7 @@ type MountStatsNFS struct {
 	// Statistics broken down by filesystem operation.
 	Operations []NFSOperationStats
 	// Statistics about the NFS RPC transport.
-	Transport NFSTransportStats
+	Transport []NFSTransportStats
 }
 
 // mountStats implements MountStats.
@@ -231,6 +239,33 @@ type NFSTransportStats struct {
 	// A running counter, incremented on each request as the current size of the
 	// pending queue.
 	CumulativePendingQueue uint64
+
+	// Stats below only available with stat version 1.1.
+	// Transport over RDMA
+
+	// accessed when sending a call
+	ReadChunkCount   uint64
+	WriteChunkCount  uint64
+	ReplyChunkCount  uint64
+	TotalRdmaRequest uint64
+
+	// rarely accessed error counters
+	PullupCopyCount      uint64
+	HardwayRegisterCount uint64
+	FailedMarshalCount   uint64
+	BadReplyCount        uint64
+	MrsRecovered         uint64
+	MrsOrphaned          uint64
+	MrsAllocated         uint64
+	EmptySendctxQ        uint64
+
+	// accessed when receiving a reply
+	TotalRdmaReply    uint64
+	FixupCopyCount    uint64
+	ReplyWaitsForSend uint64
+	LocalInvNeeded    uint64
+	NomsgCallCount    uint64
+	BcallCount        uint64
 }
 
 // parseMountStats parses a /proc/[pid]/mountstats file and returns a slice
@@ -264,7 +299,7 @@ func parseMountStats(r io.Reader) ([]*Mount, error) {
 		if len(ss) > deviceEntryLen {
 			// Only NFSv3 and v4 are supported for parsing statistics
 			if m.Type != nfs3Type && m.Type != nfs4Type {
-				return nil, fmt.Errorf("cannot parse MountStats for fstype %q", m.Type)
+				return nil, fmt.Errorf("%w: Cannot parse MountStats for %q", ErrFileParse, m.Type)
 			}
 
 			statVersion := strings.TrimPrefix(ss[8], statVersionPrefix)
@@ -288,7 +323,7 @@ func parseMountStats(r io.Reader) ([]*Mount, error) {
 //	device [device] mounted on [mount] with fstype [type]
 func parseMount(ss []string) (*Mount, error) {
 	if len(ss) < deviceEntryLen {
-		return nil, fmt.Errorf("invalid device entry: %v", ss)
+		return nil, fmt.Errorf("%w: Invalid device %q", ErrFileParse, ss)
 	}
 
 	// Check for specific words appearing at specific indices to ensure
@@ -306,7 +341,7 @@ func parseMount(ss []string) (*Mount, error) {
 
 	for _, f := range format {
 		if ss[f.i] != f.s {
-			return nil, fmt.Errorf("invalid device entry: %v", ss)
+			return nil, fmt.Errorf("%w: Invalid device %q", ErrFileParse, ss)
 		}
 	}
 
@@ -343,7 +378,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e
 		switch ss[0] {
 		case fieldOpts:
 			if len(ss) < 2 {
-				return nil, fmt.Errorf("not enough information for NFS stats: %v", ss)
+				return nil, fmt.Errorf("%w: Incomplete information for NFS stats: %v", ErrFileParse, ss)
 			}
 			if stats.Opts == nil {
 				stats.Opts = map[string]string{}
@@ -358,7 +393,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e
 			}
 		case fieldAge:
 			if len(ss) < 2 {
-				return nil, fmt.Errorf("not enough information for NFS stats: %v", ss)
+				return nil, fmt.Errorf("%w: Incomplete information for NFS stats: %v", ErrFileParse, ss)
 			}
 			// Age integer is in seconds
 			d, err := time.ParseDuration(ss[1] + "s")
@@ -369,7 +404,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e
 			stats.Age = d
 		case fieldBytes:
 			if len(ss) < 2 {
-				return nil, fmt.Errorf("not enough information for NFS stats: %v", ss)
+				return nil, fmt.Errorf("%w: Incomplete information for NFS stats: %v", ErrFileParse, ss)
 			}
 			bstats, err := parseNFSBytesStats(ss[1:])
 			if err != nil {
@@ -379,7 +414,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e
 			stats.Bytes = *bstats
 		case fieldEvents:
 			if len(ss) < 2 {
-				return nil, fmt.Errorf("not enough information for NFS stats: %v", ss)
+				return nil, fmt.Errorf("%w: Incomplete information for NFS events: %v", ErrFileParse, ss)
 			}
 			estats, err := parseNFSEventsStats(ss[1:])
 			if err != nil {
@@ -389,7 +424,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e
 			stats.Events = *estats
 		case fieldTransport:
 			if len(ss) < 3 {
-				return nil, fmt.Errorf("not enough information for NFS transport stats: %v", ss)
+				return nil, fmt.Errorf("%w: Incomplete information for NFS transport stats: %v", ErrFileParse, ss)
 			}
 
 			tstats, err := parseNFSTransportStats(ss[1:], statVersion)
@@ -397,7 +432,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e
 				return nil, err
 			}
 
-			stats.Transport = *tstats
+			stats.Transport = append(stats.Transport, *tstats)
 		}
 
 		// When encountering "per-operation statistics", we must break this
@@ -428,7 +463,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e
 // integer fields.
 func parseNFSBytesStats(ss []string) (*NFSBytesStats, error) {
 	if len(ss) != fieldBytesLen {
-		return nil, fmt.Errorf("invalid NFS bytes stats: %v", ss)
+		return nil, fmt.Errorf("%w: Invalid NFS bytes stats: %v", ErrFileParse, ss)
 	}
 
 	ns := make([]uint64, 0, fieldBytesLen)
@@ -457,7 +492,7 @@ func parseNFSBytesStats(ss []string) (*NFSBytesStats, error) {
 // integer fields.
 func parseNFSEventsStats(ss []string) (*NFSEventsStats, error) {
 	if len(ss) != fieldEventsLen {
-		return nil, fmt.Errorf("invalid NFS events stats: %v", ss)
+		return nil, fmt.Errorf("%w: invalid NFS events stats: %v", ErrFileParse, ss)
 	}
 
 	ns := make([]uint64, 0, fieldEventsLen)
@@ -521,7 +556,7 @@ func parseNFSOperationStats(s *bufio.Scanner) ([]NFSOperationStats, error) {
 		}
 
 		if len(ss) < minFields {
-			return nil, fmt.Errorf("invalid NFS per-operations stats: %v", ss)
+			return nil, fmt.Errorf("%w: invalid NFS per-operations stats: %v", ErrFileParse, ss)
 		}
 
 		// Skip string operation name for integers
@@ -534,7 +569,6 @@ func parseNFSOperationStats(s *bufio.Scanner) ([]NFSOperationStats, error) {
 
 			ns = append(ns, n)
 		}
-
 		opStats := NFSOperationStats{
 			Operation:                           strings.TrimSuffix(ss[0], ":"),
 			Requests:                            ns[0],
@@ -572,10 +606,10 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 		} else if protocol == "udp" {
 			expectedLength = fieldTransport10UDPLen
 		} else {
-			return nil, fmt.Errorf("invalid NFS protocol \"%s\" in stats 1.0 statement: %v", protocol, ss)
+			return nil, fmt.Errorf("%w: Invalid NFS protocol \"%s\" in stats 1.0 statement: %v", ErrFileParse, protocol, ss)
 		}
 		if len(ss) != expectedLength {
-			return nil, fmt.Errorf("invalid NFS transport stats 1.0 statement: %v", ss)
+			return nil, fmt.Errorf("%w: Invalid NFS transport stats 1.0 statement: %v", ErrFileParse, ss)
 		}
 	case statVersion11:
 		var expectedLength int
@@ -583,14 +617,17 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 			expectedLength = fieldTransport11TCPLen
 		} else if protocol == "udp" {
 			expectedLength = fieldTransport11UDPLen
+		} else if protocol == "rdma" {
+			expectedLength = fieldTransport11RDMAMinLen
 		} else {
-			return nil, fmt.Errorf("invalid NFS protocol \"%s\" in stats 1.1 statement: %v", protocol, ss)
+			return nil, fmt.Errorf("%w: invalid NFS protocol \"%s\" in stats 1.1 statement: %v", ErrFileParse, protocol, ss)
 		}
-		if len(ss) != expectedLength {
-			return nil, fmt.Errorf("invalid NFS transport stats 1.1 statement: %v", ss)
+		if (len(ss) != expectedLength && (protocol == "tcp" || protocol == "udp")) ||
+			(protocol == "rdma" && len(ss) < expectedLength) {
+			return nil, fmt.Errorf("%w: invalid NFS transport stats 1.1 statement: %v, protocol: %v", ErrFileParse, ss, protocol)
 		}
 	default:
-		return nil, fmt.Errorf("unrecognized NFS transport stats version: %q", statVersion)
+		return nil, fmt.Errorf("%w: Unrecognized NFS transport stats version: %q, protocol: %v", ErrFileParse, statVersion, protocol)
 	}
 
 	// Allocate enough for v1.1 stats since zero value for v1.1 stats will be okay
@@ -600,7 +637,9 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 	// Note: slice length must be set to length of v1.1 stats to avoid a panic when
 	// only v1.0 stats are present.
 	// See: https://github.com/prometheus/node_exporter/issues/571.
-	ns := make([]uint64, fieldTransport11TCPLen)
+	//
+	// Note: NFS Over RDMA slice length is fieldTransport11RDMAMaxLen
+	ns := make([]uint64, fieldTransport11RDMAMaxLen+3)
 	for i, s := range ss {
 		n, err := strconv.ParseUint(s, 10, 64)
 		if err != nil {
@@ -618,9 +657,14 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 	// we set them to 0 here.
 	if protocol == "udp" {
 		ns = append(ns[:2], append(make([]uint64, 3), ns[2:]...)...)
+	} else if protocol == "tcp" {
+		ns = append(ns[:fieldTransport11TCPLen], make([]uint64, fieldTransport11RDMAMaxLen-fieldTransport11TCPLen+3)...)
+	} else if protocol == "rdma" {
+		ns = append(ns[:fieldTransport10TCPLen], append(make([]uint64, 3), ns[fieldTransport10TCPLen:]...)...)
 	}
 
 	return &NFSTransportStats{
+		// NFS xprt over tcp or udp
 		Protocol:                 protocol,
 		Port:                     ns[0],
 		Bind:                     ns[1],
@@ -632,8 +676,32 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 		BadTransactionIDs:        ns[7],
 		CumulativeActiveRequests: ns[8],
 		CumulativeBacklog:        ns[9],
-		MaximumRPCSlotsUsed:      ns[10],
-		CumulativeSendingQueue:   ns[11],
-		CumulativePendingQueue:   ns[12],
+
+		// NFS xprt over tcp or udp
+		// And statVersion 1.1
+		MaximumRPCSlotsUsed:    ns[10],
+		CumulativeSendingQueue: ns[11],
+		CumulativePendingQueue: ns[12],
+
+		// NFS xprt over rdma
+		// And stat Version 1.1
+		ReadChunkCount:       ns[13],
+		WriteChunkCount:      ns[14],
+		ReplyChunkCount:      ns[15],
+		TotalRdmaRequest:     ns[16],
+		PullupCopyCount:      ns[17],
+		HardwayRegisterCount: ns[18],
+		FailedMarshalCount:   ns[19],
+		BadReplyCount:        ns[20],
+		MrsRecovered:         ns[21],
+		MrsOrphaned:          ns[22],
+		MrsAllocated:         ns[23],
+		EmptySendctxQ:        ns[24],
+		TotalRdmaReply:       ns[25],
+		FixupCopyCount:       ns[26],
+		ReplyWaitsForSend:    ns[27],
+		LocalInvNeeded:       ns[28],
+		NomsgCallCount:       ns[29],
+		BcallCount:           ns[30],
 	}, nil
 }
diff --git a/vendor/github.com/prometheus/procfs/net_conntrackstat.go b/vendor/github.com/prometheus/procfs/net_conntrackstat.go
index 8300daca05..316df5fbb7 100644
--- a/vendor/github.com/prometheus/procfs/net_conntrackstat.go
+++ b/vendor/github.com/prometheus/procfs/net_conntrackstat.go
@@ -18,7 +18,6 @@ import (
 	"bytes"
 	"fmt"
 	"io"
-	"strconv"
 	"strings"
 
 	"github.com/prometheus/procfs/internal/util"
@@ -28,9 +27,13 @@ import (
 // and contains netfilter conntrack statistics at one CPU core.
 type ConntrackStatEntry struct {
 	Entries       uint64
+	Searched      uint64
 	Found         uint64
+	New           uint64
 	Invalid       uint64
 	Ignore        uint64
+	Delete        uint64
+	DeleteList    uint64
 	Insert        uint64
 	InsertFailed  uint64
 	Drop          uint64
@@ -55,7 +58,7 @@ func readConntrackStat(path string) ([]ConntrackStatEntry, error) {
 
 	stat, err := parseConntrackStat(bytes.NewReader(b))
 	if err != nil {
-		return nil, fmt.Errorf("failed to read conntrack stats from %q: %w", path, err)
+		return nil, fmt.Errorf("%w: Cannot read file: %v: %w", ErrFileRead, path, err)
 	}
 
 	return stat, nil
@@ -81,73 +84,35 @@ func parseConntrackStat(r io.Reader) ([]ConntrackStatEntry, error) {
 
 // Parses a ConntrackStatEntry from given array of fields.
 func parseConntrackStatEntry(fields []string) (*ConntrackStatEntry, error) {
-	if len(fields) != 17 {
-		return nil, fmt.Errorf("invalid conntrackstat entry, missing fields")
-	}
-	entry := &ConntrackStatEntry{}
-
-	entries, err := parseConntrackStatField(fields[0])
-	if err != nil {
-		return nil, err
-	}
-	entry.Entries = entries
-
-	found, err := parseConntrackStatField(fields[2])
-	if err != nil {
-		return nil, err
-	}
-	entry.Found = found
-
-	invalid, err := parseConntrackStatField(fields[4])
-	if err != nil {
-		return nil, err
-	}
-	entry.Invalid = invalid
-
-	ignore, err := parseConntrackStatField(fields[5])
-	if err != nil {
-		return nil, err
-	}
-	entry.Ignore = ignore
-
-	insert, err := parseConntrackStatField(fields[8])
+	entries, err := util.ParseHexUint64s(fields)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("%w: Cannot parse entry: %d: %w", ErrFileParse, entries, err)
 	}
-	entry.Insert = insert
-
-	insertFailed, err := parseConntrackStatField(fields[9])
-	if err != nil {
-		return nil, err
+	numEntries := len(entries)
+	if numEntries < 16 || numEntries > 17 {
+		return nil,
+			fmt.Errorf("%w: invalid conntrackstat entry, invalid number of fields: %d", ErrFileParse, numEntries)
 	}
-	entry.InsertFailed = insertFailed
 
-	drop, err := parseConntrackStatField(fields[10])
-	if err != nil {
-		return nil, err
+	stats := &ConntrackStatEntry{
+		Entries:      *entries[0],
+		Searched:     *entries[1],
+		Found:        *entries[2],
+		New:          *entries[3],
+		Invalid:      *entries[4],
+		Ignore:       *entries[5],
+		Delete:       *entries[6],
+		DeleteList:   *entries[7],
+		Insert:       *entries[8],
+		InsertFailed: *entries[9],
+		Drop:         *entries[10],
+		EarlyDrop:    *entries[11],
 	}
-	entry.Drop = drop
 
-	earlyDrop, err := parseConntrackStatField(fields[11])
-	if err != nil {
-		return nil, err
+	// Ignore missing search_restart on Linux < 2.6.35.
+	if numEntries == 17 {
+		stats.SearchRestart = *entries[16]
 	}
-	entry.EarlyDrop = earlyDrop
 
-	searchRestart, err := parseConntrackStatField(fields[16])
-	if err != nil {
-		return nil, err
-	}
-	entry.SearchRestart = searchRestart
-
-	return entry, nil
-}
-
-// Parses a uint64 from given hex in string.
-func parseConntrackStatField(field string) (uint64, error) {
-	val, err := strconv.ParseUint(field, 16, 64)
-	if err != nil {
-		return 0, fmt.Errorf("couldn't parse %q field: %w", field, err)
-	}
-	return val, err
+	return stats, nil
 }
diff --git a/vendor/github.com/prometheus/procfs/net_ip_socket.go b/vendor/github.com/prometheus/procfs/net_ip_socket.go
index 7fd57d7f46..b70f1fc7a4 100644
--- a/vendor/github.com/prometheus/procfs/net_ip_socket.go
+++ b/vendor/github.com/prometheus/procfs/net_ip_socket.go
@@ -50,10 +50,13 @@ type (
 		// UsedSockets shows the total number of parsed lines representing the
 		// number of used sockets.
 		UsedSockets uint64
+		// Drops shows the total number of dropped packets of all UPD sockets.
+		Drops *uint64
 	}
 
 	// netIPSocketLine represents the fields parsed from a single line
 	// in /proc/net/{t,u}dp{,6}. Fields which are not used by IPSocket are skipped.
+	// Drops is non-nil for udp{,6}, but nil for tcp{,6}.
 	// For the proc file format details, see https://linux.die.net/man/5/proc.
 	netIPSocketLine struct {
 		Sl        uint64
@@ -66,6 +69,7 @@ type (
 		RxQueue   uint64
 		UID       uint64
 		Inode     uint64
+		Drops     *uint64
 	}
 )
 
@@ -77,13 +81,14 @@ func newNetIPSocket(file string) (NetIPSocket, error) {
 	defer f.Close()
 
 	var netIPSocket NetIPSocket
+	isUDP := strings.Contains(file, "udp")
 
 	lr := io.LimitReader(f, readLimit)
 	s := bufio.NewScanner(lr)
 	s.Scan() // skip first line with headers
 	for s.Scan() {
 		fields := strings.Fields(s.Text())
-		line, err := parseNetIPSocketLine(fields)
+		line, err := parseNetIPSocketLine(fields, isUDP)
 		if err != nil {
 			return nil, err
 		}
@@ -104,19 +109,25 @@ func newNetIPSocketSummary(file string) (*NetIPSocketSummary, error) {
 	defer f.Close()
 
 	var netIPSocketSummary NetIPSocketSummary
+	var udpPacketDrops uint64
+	isUDP := strings.Contains(file, "udp")
 
 	lr := io.LimitReader(f, readLimit)
 	s := bufio.NewScanner(lr)
 	s.Scan() // skip first line with headers
 	for s.Scan() {
 		fields := strings.Fields(s.Text())
-		line, err := parseNetIPSocketLine(fields)
+		line, err := parseNetIPSocketLine(fields, isUDP)
 		if err != nil {
 			return nil, err
 		}
 		netIPSocketSummary.TxQueueLength += line.TxQueue
 		netIPSocketSummary.RxQueueLength += line.RxQueue
 		netIPSocketSummary.UsedSockets++
+		if isUDP {
+			udpPacketDrops += *line.Drops
+			netIPSocketSummary.Drops = &udpPacketDrops
+		}
 	}
 	if err := s.Err(); err != nil {
 		return nil, err
@@ -130,7 +141,7 @@ func parseIP(hexIP string) (net.IP, error) {
 	var byteIP []byte
 	byteIP, err := hex.DecodeString(hexIP)
 	if err != nil {
-		return nil, fmt.Errorf("cannot parse address field in socket line %q", hexIP)
+		return nil, fmt.Errorf("%w: Cannot parse socket field in %q: %w", ErrFileParse, hexIP, err)
 	}
 	switch len(byteIP) {
 	case 4:
@@ -144,16 +155,17 @@ func parseIP(hexIP string) (net.IP, error) {
 		}
 		return i, nil
 	default:
-		return nil, fmt.Errorf("Unable to parse IP %s", hexIP)
+		return nil, fmt.Errorf("%w: Unable to parse IP %s: %v", ErrFileParse, hexIP, nil)
 	}
 }
 
 // parseNetIPSocketLine parses a single line, represented by a list of fields.
-func parseNetIPSocketLine(fields []string) (*netIPSocketLine, error) {
+func parseNetIPSocketLine(fields []string, isUDP bool) (*netIPSocketLine, error) {
 	line := &netIPSocketLine{}
 	if len(fields) < 10 {
 		return nil, fmt.Errorf(
-			"cannot parse net socket line as it has less then 10 columns %q",
+			"%w: Less than 10 columns found %q",
+			ErrFileParse,
 			strings.Join(fields, " "),
 		)
 	}
@@ -162,64 +174,74 @@ func parseNetIPSocketLine(fields []string) (*netIPSocketLine, error) {
 	// sl
 	s := strings.Split(fields[0], ":")
 	if len(s) != 2 {
-		return nil, fmt.Errorf("cannot parse sl field in socket line %q", fields[0])
+		return nil, fmt.Errorf("%w: Unable to parse sl field in line %q", ErrFileParse, fields[0])
 	}
 
 	if line.Sl, err = strconv.ParseUint(s[0], 0, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse sl value in socket line: %w", err)
+		return nil, fmt.Errorf("%w: Unable to parse sl field in %q: %w", ErrFileParse, line.Sl, err)
 	}
 	// local_address
 	l := strings.Split(fields[1], ":")
 	if len(l) != 2 {
-		return nil, fmt.Errorf("cannot parse local_address field in socket line %q", fields[1])
+		return nil, fmt.Errorf("%w: Unable to parse local_address field in %q", ErrFileParse, fields[1])
 	}
 	if line.LocalAddr, err = parseIP(l[0]); err != nil {
 		return nil, err
 	}
 	if line.LocalPort, err = strconv.ParseUint(l[1], 16, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse local_address port value in socket line: %w", err)
+		return nil, fmt.Errorf("%w: Unable to parse local_address port value line %q: %w", ErrFileParse, line.LocalPort, err)
 	}
 
 	// remote_address
 	r := strings.Split(fields[2], ":")
 	if len(r) != 2 {
-		return nil, fmt.Errorf("cannot parse rem_address field in socket line %q", fields[1])
+		return nil, fmt.Errorf("%w: Unable to parse rem_address field in %q", ErrFileParse, fields[1])
 	}
 	if line.RemAddr, err = parseIP(r[0]); err != nil {
 		return nil, err
 	}
 	if line.RemPort, err = strconv.ParseUint(r[1], 16, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse rem_address port value in socket line: %w", err)
+		return nil, fmt.Errorf("%w: Cannot parse rem_address port value in %q: %w", ErrFileParse, line.RemPort, err)
 	}
 
 	// st
 	if line.St, err = strconv.ParseUint(fields[3], 16, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse st value in socket line: %w", err)
+		return nil, fmt.Errorf("%w: Cannot parse st value in %q: %w", ErrFileParse, line.St, err)
 	}
 
 	// tx_queue and rx_queue
 	q := strings.Split(fields[4], ":")
 	if len(q) != 2 {
 		return nil, fmt.Errorf(
-			"cannot parse tx/rx queues in socket line as it has a missing colon %q",
+			"%w: Missing colon for tx/rx queues in socket line %q",
+			ErrFileParse,
 			fields[4],
 		)
 	}
 	if line.TxQueue, err = strconv.ParseUint(q[0], 16, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse tx_queue value in socket line: %w", err)
+		return nil, fmt.Errorf("%w: Cannot parse tx_queue value in %q: %w", ErrFileParse, line.TxQueue, err)
 	}
 	if line.RxQueue, err = strconv.ParseUint(q[1], 16, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse rx_queue value in socket line: %w", err)
+		return nil, fmt.Errorf("%w: Cannot parse trx_queue value in %q: %w", ErrFileParse, line.RxQueue, err)
 	}
 
 	// uid
 	if line.UID, err = strconv.ParseUint(fields[7], 0, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse uid value in socket line: %w", err)
+		return nil, fmt.Errorf("%w: Cannot parse UID value in %q: %w", ErrFileParse, line.UID, err)
 	}
 
 	// inode
 	if line.Inode, err = strconv.ParseUint(fields[9], 0, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse inode value in socket line: %w", err)
+		return nil, fmt.Errorf("%w: Cannot parse inode value in %q: %w", ErrFileParse, line.Inode, err)
+	}
+
+	// drops
+	if isUDP {
+		drops, err := strconv.ParseUint(fields[12], 0, 64)
+		if err != nil {
+			return nil, fmt.Errorf("%w: Cannot parse drops value in %q: %w", ErrFileParse, drops, err)
+		}
+		line.Drops = &drops
 	}
 
 	return line, nil
diff --git a/vendor/github.com/prometheus/procfs/net_protocols.go b/vendor/github.com/prometheus/procfs/net_protocols.go
index 374b6f73f8..b6c77b709f 100644
--- a/vendor/github.com/prometheus/procfs/net_protocols.go
+++ b/vendor/github.com/prometheus/procfs/net_protocols.go
@@ -131,7 +131,7 @@ func (ps NetProtocolStats) parseLine(rawLine string) (*NetProtocolStatLine, erro
 	} else if fields[6] == disabled {
 		line.Slab = false
 	} else {
-		return nil, fmt.Errorf("unable to parse capability for protocol: %s", line.Name)
+		return nil, fmt.Errorf("%w: capability for protocol: %s", ErrFileParse, line.Name)
 	}
 	line.ModuleName = fields[7]
 
@@ -173,7 +173,7 @@ func (pc *NetProtocolCapabilities) parseCapabilities(capabilities []string) erro
 		} else if capabilities[i] == "n" {
 			*capabilityFields[i] = false
 		} else {
-			return fmt.Errorf("unable to parse capability block for protocol: position %d", i)
+			return fmt.Errorf("%w: capability block for protocol: position %d", ErrFileParse, i)
 		}
 	}
 	return nil
diff --git a/vendor/github.com/prometheus/procfs/net_route.go b/vendor/github.com/prometheus/procfs/net_route.go
new file mode 100644
index 0000000000..deb7029fe1
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/net_route.go
@@ -0,0 +1,143 @@
+// Copyright 2023 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"strconv"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+const (
+	blackholeRepresentation string = "*"
+	blackholeIfaceName      string = "blackhole"
+	routeLineColumns        int    = 11
+)
+
+// A NetRouteLine represents one line from net/route.
+type NetRouteLine struct {
+	Iface       string
+	Destination uint32
+	Gateway     uint32
+	Flags       uint32
+	RefCnt      uint32
+	Use         uint32
+	Metric      uint32
+	Mask        uint32
+	MTU         uint32
+	Window      uint32
+	IRTT        uint32
+}
+
+func (fs FS) NetRoute() ([]NetRouteLine, error) {
+	return readNetRoute(fs.proc.Path("net", "route"))
+}
+
+func readNetRoute(path string) ([]NetRouteLine, error) {
+	b, err := util.ReadFileNoStat(path)
+	if err != nil {
+		return nil, err
+	}
+
+	routelines, err := parseNetRoute(bytes.NewReader(b))
+	if err != nil {
+		return nil, fmt.Errorf("failed to read net route from %s: %w", path, err)
+	}
+	return routelines, nil
+}
+
+func parseNetRoute(r io.Reader) ([]NetRouteLine, error) {
+	var routelines []NetRouteLine
+
+	scanner := bufio.NewScanner(r)
+	scanner.Scan()
+	for scanner.Scan() {
+		fields := strings.Fields(scanner.Text())
+		routeline, err := parseNetRouteLine(fields)
+		if err != nil {
+			return nil, err
+		}
+		routelines = append(routelines, *routeline)
+	}
+	return routelines, nil
+}
+
+func parseNetRouteLine(fields []string) (*NetRouteLine, error) {
+	if len(fields) != routeLineColumns {
+		return nil, fmt.Errorf("invalid routeline, num of digits: %d", len(fields))
+	}
+	iface := fields[0]
+	if iface == blackholeRepresentation {
+		iface = blackholeIfaceName
+	}
+	destination, err := strconv.ParseUint(fields[1], 16, 32)
+	if err != nil {
+		return nil, err
+	}
+	gateway, err := strconv.ParseUint(fields[2], 16, 32)
+	if err != nil {
+		return nil, err
+	}
+	flags, err := strconv.ParseUint(fields[3], 10, 32)
+	if err != nil {
+		return nil, err
+	}
+	refcnt, err := strconv.ParseUint(fields[4], 10, 32)
+	if err != nil {
+		return nil, err
+	}
+	use, err := strconv.ParseUint(fields[5], 10, 32)
+	if err != nil {
+		return nil, err
+	}
+	metric, err := strconv.ParseUint(fields[6], 10, 32)
+	if err != nil {
+		return nil, err
+	}
+	mask, err := strconv.ParseUint(fields[7], 16, 32)
+	if err != nil {
+		return nil, err
+	}
+	mtu, err := strconv.ParseUint(fields[8], 10, 32)
+	if err != nil {
+		return nil, err
+	}
+	window, err := strconv.ParseUint(fields[9], 10, 32)
+	if err != nil {
+		return nil, err
+	}
+	irtt, err := strconv.ParseUint(fields[10], 10, 32)
+	if err != nil {
+		return nil, err
+	}
+	routeline := &NetRouteLine{
+		Iface:       iface,
+		Destination: uint32(destination),
+		Gateway:     uint32(gateway),
+		Flags:       uint32(flags),
+		RefCnt:      uint32(refcnt),
+		Use:         uint32(use),
+		Metric:      uint32(metric),
+		Mask:        uint32(mask),
+		MTU:         uint32(mtu),
+		Window:      uint32(window),
+		IRTT:        uint32(irtt),
+	}
+	return routeline, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/net_sockstat.go b/vendor/github.com/prometheus/procfs/net_sockstat.go
index e36f4872dd..fae62b13d9 100644
--- a/vendor/github.com/prometheus/procfs/net_sockstat.go
+++ b/vendor/github.com/prometheus/procfs/net_sockstat.go
@@ -16,7 +16,6 @@ package procfs
 import (
 	"bufio"
 	"bytes"
-	"errors"
 	"fmt"
 	"io"
 	"strings"
@@ -70,7 +69,7 @@ func readSockstat(name string) (*NetSockstat, error) {
 
 	stat, err := parseSockstat(bytes.NewReader(b))
 	if err != nil {
-		return nil, fmt.Errorf("failed to read sockstats from %q: %w", name, err)
+		return nil, fmt.Errorf("%w: sockstats from %q: %w", ErrFileRead, name, err)
 	}
 
 	return stat, nil
@@ -84,13 +83,13 @@ func parseSockstat(r io.Reader) (*NetSockstat, error) {
 		// Expect a minimum of a protocol and one key/value pair.
 		fields := strings.Split(s.Text(), " ")
 		if len(fields) < 3 {
-			return nil, fmt.Errorf("malformed sockstat line: %q", s.Text())
+			return nil, fmt.Errorf("%w: Malformed sockstat line: %q", ErrFileParse, s.Text())
 		}
 
 		// The remaining fields are key/value pairs.
 		kvs, err := parseSockstatKVs(fields[1:])
 		if err != nil {
-			return nil, fmt.Errorf("error parsing sockstat key/value pairs from %q: %w", s.Text(), err)
+			return nil, fmt.Errorf("%w: sockstat key/value pairs from %q: %w", ErrFileParse, s.Text(), err)
 		}
 
 		// The first field is the protocol. We must trim its colon suffix.
@@ -119,7 +118,7 @@ func parseSockstat(r io.Reader) (*NetSockstat, error) {
 // parseSockstatKVs parses a string slice into a map of key/value pairs.
 func parseSockstatKVs(kvs []string) (map[string]int, error) {
 	if len(kvs)%2 != 0 {
-		return nil, errors.New("odd number of fields in key/value pairs")
+		return nil, fmt.Errorf("%w:: Odd number of fields in key/value pairs %q", ErrFileParse, kvs)
 	}
 
 	// Iterate two values at a time to gather key/value pairs.
diff --git a/vendor/github.com/prometheus/procfs/net_softnet.go b/vendor/github.com/prometheus/procfs/net_softnet.go
index 06b7b8f216..71c8059f4d 100644
--- a/vendor/github.com/prometheus/procfs/net_softnet.go
+++ b/vendor/github.com/prometheus/procfs/net_softnet.go
@@ -64,7 +64,7 @@ func (fs FS) NetSoftnetStat() ([]SoftnetStat, error) {
 
 	entries, err := parseSoftnet(bytes.NewReader(b))
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse /proc/net/softnet_stat: %w", err)
+		return nil, fmt.Errorf("%w: /proc/net/softnet_stat: %w", ErrFileParse, err)
 	}
 
 	return entries, nil
@@ -76,13 +76,14 @@ func parseSoftnet(r io.Reader) ([]SoftnetStat, error) {
 	s := bufio.NewScanner(r)
 
 	var stats []SoftnetStat
+	cpuIndex := 0
 	for s.Scan() {
 		columns := strings.Fields(s.Text())
 		width := len(columns)
 		softnetStat := SoftnetStat{}
 
 		if width < minColumns {
-			return nil, fmt.Errorf("%d columns were detected, but at least %d were expected", width, minColumns)
+			return nil, fmt.Errorf("%w: detected %d columns, but expected at least %d", ErrFileParse, width, minColumns)
 		}
 
 		// Linux 2.6.23 https://elixir.bootlin.com/linux/v2.6.23/source/net/core/dev.c#L2347
@@ -127,9 +128,13 @@ func parseSoftnet(r io.Reader) ([]SoftnetStat, error) {
 
 			softnetStat.SoftnetBacklogLen = us[0]
 			softnetStat.Index = us[1]
+		} else {
+			// For older kernels, create the Index based on the scan line number.
+			softnetStat.Index = uint32(cpuIndex)
 		}
 		softnetStat.Width = width
 		stats = append(stats, softnetStat)
+		cpuIndex++
 	}
 
 	return stats, nil
diff --git a/vendor/github.com/prometheus/procfs/net_tls_stat.go b/vendor/github.com/prometheus/procfs/net_tls_stat.go
new file mode 100644
index 0000000000..13994c1782
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/net_tls_stat.go
@@ -0,0 +1,119 @@
+// Copyright 2023 Prometheus Team
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+)
+
+// TLSStat struct represents data in /proc/net/tls_stat.
+// See https://docs.kernel.org/networking/tls.html#statistics
+type TLSStat struct {
+	// number of TX sessions currently installed where host handles cryptography
+	TLSCurrTxSw int
+	// number of RX sessions currently installed where host handles cryptography
+	TLSCurrRxSw int
+	// number of TX sessions currently installed where NIC handles cryptography
+	TLSCurrTxDevice int
+	// number of RX sessions currently installed where NIC handles cryptography
+	TLSCurrRxDevice int
+	//number of TX sessions opened with host cryptography
+	TLSTxSw int
+	//number of RX sessions opened with host cryptography
+	TLSRxSw int
+	// number of TX sessions opened with NIC cryptography
+	TLSTxDevice int
+	// number of RX sessions opened with NIC cryptography
+	TLSRxDevice int
+	// record decryption failed (e.g. due to incorrect authentication tag)
+	TLSDecryptError int
+	//  number of RX resyncs sent to NICs handling cryptography
+	TLSRxDeviceResync int
+	// number of RX records which had to be re-decrypted due to TLS_RX_EXPECT_NO_PAD mis-prediction. Note that this counter will also increment for non-data records.
+	TLSDecryptRetry int
+	// number of data RX records which had to be re-decrypted due to TLS_RX_EXPECT_NO_PAD mis-prediction.
+	TLSRxNoPadViolation int
+}
+
+// NewTLSStat reads the tls_stat statistics.
+func NewTLSStat() (TLSStat, error) {
+	fs, err := NewFS(DefaultMountPoint)
+	if err != nil {
+		return TLSStat{}, err
+	}
+
+	return fs.NewTLSStat()
+}
+
+// NewTLSStat reads the tls_stat statistics.
+func (fs FS) NewTLSStat() (TLSStat, error) {
+	file, err := os.Open(fs.proc.Path("net/tls_stat"))
+	if err != nil {
+		return TLSStat{}, err
+	}
+	defer file.Close()
+
+	var (
+		tlsstat = TLSStat{}
+		s       = bufio.NewScanner(file)
+	)
+
+	for s.Scan() {
+		fields := strings.Fields(s.Text())
+
+		if len(fields) != 2 {
+			return TLSStat{}, fmt.Errorf("%w: %q line %q", ErrFileParse, file.Name(), s.Text())
+		}
+
+		name := fields[0]
+		value, err := strconv.Atoi(fields[1])
+		if err != nil {
+			return TLSStat{}, err
+		}
+
+		switch name {
+		case "TlsCurrTxSw":
+			tlsstat.TLSCurrTxSw = value
+		case "TlsCurrRxSw":
+			tlsstat.TLSCurrRxSw = value
+		case "TlsCurrTxDevice":
+			tlsstat.TLSCurrTxDevice = value
+		case "TlsCurrRxDevice":
+			tlsstat.TLSCurrRxDevice = value
+		case "TlsTxSw":
+			tlsstat.TLSTxSw = value
+		case "TlsRxSw":
+			tlsstat.TLSRxSw = value
+		case "TlsTxDevice":
+			tlsstat.TLSTxDevice = value
+		case "TlsRxDevice":
+			tlsstat.TLSRxDevice = value
+		case "TlsDecryptError":
+			tlsstat.TLSDecryptError = value
+		case "TlsRxDeviceResync":
+			tlsstat.TLSRxDeviceResync = value
+		case "TlsDecryptRetry":
+			tlsstat.TLSDecryptRetry = value
+		case "TlsRxNoPadViolation":
+			tlsstat.TLSRxNoPadViolation = value
+		}
+
+	}
+
+	return tlsstat, s.Err()
+}
diff --git a/vendor/github.com/prometheus/procfs/net_unix.go b/vendor/github.com/prometheus/procfs/net_unix.go
index 98aa8e1c31..d868cebdaa 100644
--- a/vendor/github.com/prometheus/procfs/net_unix.go
+++ b/vendor/github.com/prometheus/procfs/net_unix.go
@@ -108,14 +108,14 @@ func parseNetUNIX(r io.Reader) (*NetUNIX, error) {
 		line := s.Text()
 		item, err := nu.parseLine(line, hasInode, minFields)
 		if err != nil {
-			return nil, fmt.Errorf("failed to parse /proc/net/unix data %q: %w", line, err)
+			return nil, fmt.Errorf("%w: /proc/net/unix encountered data %q: %w", ErrFileParse, line, err)
 		}
 
 		nu.Rows = append(nu.Rows, item)
 	}
 
 	if err := s.Err(); err != nil {
-		return nil, fmt.Errorf("failed to scan /proc/net/unix data: %w", err)
+		return nil, fmt.Errorf("%w: /proc/net/unix encountered data: %w", ErrFileParse, err)
 	}
 
 	return &nu, nil
@@ -126,7 +126,7 @@ func (u *NetUNIX) parseLine(line string, hasInode bool, min int) (*NetUNIXLine,
 
 	l := len(fields)
 	if l < min {
-		return nil, fmt.Errorf("expected at least %d fields but got %d", min, l)
+		return nil, fmt.Errorf("%w: expected at least %d fields but got %d", ErrFileParse, min, l)
 	}
 
 	// Field offsets are as follows:
@@ -136,29 +136,29 @@ func (u *NetUNIX) parseLine(line string, hasInode bool, min int) (*NetUNIXLine,
 
 	users, err := u.parseUsers(fields[1])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse ref count %q: %w", fields[1], err)
+		return nil, fmt.Errorf("%w: ref count %q: %w", ErrFileParse, fields[1], err)
 	}
 
 	flags, err := u.parseFlags(fields[3])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse flags %q: %w", fields[3], err)
+		return nil, fmt.Errorf("%w: Unable to parse flags %q: %w", ErrFileParse, fields[3], err)
 	}
 
 	typ, err := u.parseType(fields[4])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse type %q: %w", fields[4], err)
+		return nil, fmt.Errorf("%w: Failed to parse type %q: %w", ErrFileParse, fields[4], err)
 	}
 
 	state, err := u.parseState(fields[5])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse state %q: %w", fields[5], err)
+		return nil, fmt.Errorf("%w: Failed to parse state %q: %w", ErrFileParse, fields[5], err)
 	}
 
 	var inode uint64
 	if hasInode {
 		inode, err = u.parseInode(fields[6])
 		if err != nil {
-			return nil, fmt.Errorf("failed to parse inode %q: %w", fields[6], err)
+			return nil, fmt.Errorf("%w failed to parse inode %q: %w", ErrFileParse, fields[6], err)
 		}
 	}
 
diff --git a/vendor/github.com/prometheus/procfs/net_wireless.go b/vendor/github.com/prometheus/procfs/net_wireless.go
new file mode 100644
index 0000000000..7c597bc870
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/net_wireless.go
@@ -0,0 +1,182 @@
+// Copyright 2023 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"strconv"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// Wireless models the content of /proc/net/wireless.
+type Wireless struct {
+	Name string
+
+	// Status is the current 4-digit hex value status of the interface.
+	Status uint64
+
+	// QualityLink is the link quality.
+	QualityLink int
+
+	// QualityLevel is the signal gain (dBm).
+	QualityLevel int
+
+	// QualityNoise is the signal noise baseline (dBm).
+	QualityNoise int
+
+	// DiscardedNwid is the number of discarded packets with wrong nwid/essid.
+	DiscardedNwid int
+
+	// DiscardedCrypt is the number of discarded packets with wrong code/decode (WEP).
+	DiscardedCrypt int
+
+	// DiscardedFrag is the number of discarded packets that can't perform MAC reassembly.
+	DiscardedFrag int
+
+	// DiscardedRetry is the number of discarded packets that reached max MAC retries.
+	DiscardedRetry int
+
+	// DiscardedMisc is the number of discarded packets for other reasons.
+	DiscardedMisc int
+
+	// MissedBeacon is the number of missed beacons/superframe.
+	MissedBeacon int
+}
+
+// Wireless returns kernel wireless statistics.
+func (fs FS) Wireless() ([]*Wireless, error) {
+	b, err := util.ReadFileNoStat(fs.proc.Path("net/wireless"))
+	if err != nil {
+		return nil, err
+	}
+
+	m, err := parseWireless(bytes.NewReader(b))
+	if err != nil {
+		return nil, fmt.Errorf("%w: wireless: %w", ErrFileParse, err)
+	}
+
+	return m, nil
+}
+
+// parseWireless parses the contents of /proc/net/wireless.
+/*
+Inter-| sta-|   Quality        |   Discarded packets               | Missed | WE
+face | tus | link level noise |  nwid  crypt   frag  retry   misc | beacon | 22
+ eth1: 0000    5.  -256.  -10.       0      1      0     3      0        0
+ eth2: 0000    5.  -256.  -20.       0      2      0     4      0        0
+*/
+func parseWireless(r io.Reader) ([]*Wireless, error) {
+	var (
+		interfaces []*Wireless
+		scanner    = bufio.NewScanner(r)
+	)
+
+	for n := 0; scanner.Scan(); n++ {
+		// Skip the 2 header lines.
+		if n < 2 {
+			continue
+		}
+
+		line := scanner.Text()
+
+		parts := strings.Split(line, ":")
+		if len(parts) != 2 {
+			return nil, fmt.Errorf("%w: expected 2 parts after splitting line by ':', got %d for line %q", ErrFileParse, len(parts), line)
+		}
+
+		name := strings.TrimSpace(parts[0])
+		stats := strings.Fields(parts[1])
+
+		if len(stats) < 10 {
+			return nil, fmt.Errorf("%w: invalid number of fields in line %d, expected 10+, got %d: %q", ErrFileParse, n, len(stats), line)
+		}
+
+		status, err := strconv.ParseUint(stats[0], 16, 16)
+		if err != nil {
+			return nil, fmt.Errorf("%w: invalid status in line %d: %q", ErrFileParse, n, line)
+		}
+
+		qlink, err := strconv.Atoi(strings.TrimSuffix(stats[1], "."))
+		if err != nil {
+			return nil, fmt.Errorf("%w: parse Quality:link as integer %q: %w", ErrFileParse, qlink, err)
+		}
+
+		qlevel, err := strconv.Atoi(strings.TrimSuffix(stats[2], "."))
+		if err != nil {
+			return nil, fmt.Errorf("%w: Quality:level as integer %q: %w", ErrFileParse, qlevel, err)
+		}
+
+		qnoise, err := strconv.Atoi(strings.TrimSuffix(stats[3], "."))
+		if err != nil {
+			return nil, fmt.Errorf("%w: Quality:noise as integer %q: %w", ErrFileParse, qnoise, err)
+		}
+
+		dnwid, err := strconv.Atoi(stats[4])
+		if err != nil {
+			return nil, fmt.Errorf("%w: Discarded:nwid as integer %q: %w", ErrFileParse, dnwid, err)
+		}
+
+		dcrypt, err := strconv.Atoi(stats[5])
+		if err != nil {
+			return nil, fmt.Errorf("%w: Discarded:crypt as integer %q: %w", ErrFileParse, dcrypt, err)
+		}
+
+		dfrag, err := strconv.Atoi(stats[6])
+		if err != nil {
+			return nil, fmt.Errorf("%w: Discarded:frag as integer %q: %w", ErrFileParse, dfrag, err)
+		}
+
+		dretry, err := strconv.Atoi(stats[7])
+		if err != nil {
+			return nil, fmt.Errorf("%w: Discarded:retry as integer %q: %w", ErrFileParse, dretry, err)
+		}
+
+		dmisc, err := strconv.Atoi(stats[8])
+		if err != nil {
+			return nil, fmt.Errorf("%w: Discarded:misc as integer %q: %w", ErrFileParse, dmisc, err)
+		}
+
+		mbeacon, err := strconv.Atoi(stats[9])
+		if err != nil {
+			return nil, fmt.Errorf("%w: Missed:beacon as integer %q: %w", ErrFileParse, mbeacon, err)
+		}
+
+		w := &Wireless{
+			Name:           name,
+			Status:         status,
+			QualityLink:    qlink,
+			QualityLevel:   qlevel,
+			QualityNoise:   qnoise,
+			DiscardedNwid:  dnwid,
+			DiscardedCrypt: dcrypt,
+			DiscardedFrag:  dfrag,
+			DiscardedRetry: dretry,
+			DiscardedMisc:  dmisc,
+			MissedBeacon:   mbeacon,
+		}
+
+		interfaces = append(interfaces, w)
+	}
+
+	if err := scanner.Err(); err != nil {
+		return nil, fmt.Errorf("%w: Failed to scan /proc/net/wireless: %w", ErrFileRead, err)
+	}
+
+	return interfaces, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/net_xfrm.go b/vendor/github.com/prometheus/procfs/net_xfrm.go
index f9d9d243db..932ef20468 100644
--- a/vendor/github.com/prometheus/procfs/net_xfrm.go
+++ b/vendor/github.com/prometheus/procfs/net_xfrm.go
@@ -115,7 +115,7 @@ func (fs FS) NewXfrmStat() (XfrmStat, error) {
 		fields := strings.Fields(s.Text())
 
 		if len(fields) != 2 {
-			return XfrmStat{}, fmt.Errorf("couldn't parse %q line %q", file.Name(), s.Text())
+			return XfrmStat{}, fmt.Errorf("%w: %q line %q", ErrFileParse, file.Name(), s.Text())
 		}
 
 		name := fields[0]
diff --git a/vendor/github.com/prometheus/procfs/netstat.go b/vendor/github.com/prometheus/procfs/netstat.go
index 5cc40aef55..742dff453b 100644
--- a/vendor/github.com/prometheus/procfs/netstat.go
+++ b/vendor/github.com/prometheus/procfs/netstat.go
@@ -15,7 +15,6 @@ package procfs
 
 import (
 	"bufio"
-	"io"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -38,12 +37,7 @@ func (fs FS) NetStat() ([]NetStat, error) {
 	var netStatsTotal []NetStat
 
 	for _, filePath := range statFiles {
-		file, err := os.Open(filePath)
-		if err != nil {
-			return nil, err
-		}
-
-		procNetstat, err := parseNetstat(file)
+		procNetstat, err := parseNetstat(filePath)
 		if err != nil {
 			return nil, err
 		}
@@ -56,14 +50,17 @@ func (fs FS) NetStat() ([]NetStat, error) {
 
 // parseNetstat parses the metrics from `/proc/net/stat/` file
 // and returns a NetStat structure.
-func parseNetstat(r io.Reader) (NetStat, error) {
-	var (
-		scanner = bufio.NewScanner(r)
-		netStat = NetStat{
-			Stats: make(map[string][]uint64),
-		}
-	)
+func parseNetstat(filePath string) (NetStat, error) {
+	netStat := NetStat{
+		Stats: make(map[string][]uint64),
+	}
+	file, err := os.Open(filePath)
+	if err != nil {
+		return netStat, err
+	}
+	defer file.Close()
 
+	scanner := bufio.NewScanner(file)
 	scanner.Scan()
 
 	// First string is always a header for stats
diff --git a/vendor/github.com/prometheus/procfs/proc.go b/vendor/github.com/prometheus/procfs/proc.go
index c30223af72..142796368f 100644
--- a/vendor/github.com/prometheus/procfs/proc.go
+++ b/vendor/github.com/prometheus/procfs/proc.go
@@ -15,13 +15,13 @@ package procfs
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"io"
 	"os"
 	"strconv"
 	"strings"
 
-	"github.com/prometheus/procfs/internal/fs"
 	"github.com/prometheus/procfs/internal/util"
 )
 
@@ -30,12 +30,18 @@ type Proc struct {
 	// The process ID.
 	PID int
 
-	fs fs.FS
+	fs FS
 }
 
 // Procs represents a list of Proc structs.
 type Procs []Proc
 
+var (
+	ErrFileParse  = errors.New("Error Parsing File")
+	ErrFileRead   = errors.New("Error Reading File")
+	ErrMountPoint = errors.New("Error Accessing Mount point")
+)
+
 func (p Procs) Len() int           { return len(p) }
 func (p Procs) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
 func (p Procs) Less(i, j int) bool { return p[i].PID < p[j].PID }
@@ -43,7 +49,7 @@ func (p Procs) Less(i, j int) bool { return p[i].PID < p[j].PID }
 // Self returns a process for the current process read via /proc/self.
 func Self() (Proc, error) {
 	fs, err := NewFS(DefaultMountPoint)
-	if err != nil {
+	if err != nil || errors.Unwrap(err) == ErrMountPoint {
 		return Proc{}, err
 	}
 	return fs.Self()
@@ -92,7 +98,7 @@ func (fs FS) Proc(pid int) (Proc, error) {
 	if _, err := os.Stat(fs.proc.Path(strconv.Itoa(pid))); err != nil {
 		return Proc{}, err
 	}
-	return Proc{PID: pid, fs: fs.proc}, nil
+	return Proc{PID: pid, fs: fs}, nil
 }
 
 // AllProcs returns a list of all currently available processes.
@@ -105,7 +111,7 @@ func (fs FS) AllProcs() (Procs, error) {
 
 	names, err := d.Readdirnames(-1)
 	if err != nil {
-		return Procs{}, fmt.Errorf("could not read %q: %w", d.Name(), err)
+		return Procs{}, fmt.Errorf("%w: Cannot read file: %v: %w", ErrFileRead, names, err)
 	}
 
 	p := Procs{}
@@ -114,7 +120,7 @@ func (fs FS) AllProcs() (Procs, error) {
 		if err != nil {
 			continue
 		}
-		p = append(p, Proc{PID: int(pid), fs: fs.proc})
+		p = append(p, Proc{PID: int(pid), fs: fs})
 	}
 
 	return p, nil
@@ -131,7 +137,7 @@ func (p Proc) CmdLine() ([]string, error) {
 		return []string{}, nil
 	}
 
-	return strings.Split(string(bytes.TrimRight(data, string("\x00"))), string(byte(0))), nil
+	return strings.Split(string(bytes.TrimRight(data, "\x00")), "\x00"), nil
 }
 
 // Wchan returns the wchan (wait channel) of a process.
@@ -206,7 +212,7 @@ func (p Proc) FileDescriptors() ([]uintptr, error) {
 	for i, n := range names {
 		fd, err := strconv.ParseInt(n, 10, 32)
 		if err != nil {
-			return nil, fmt.Errorf("could not parse fd %q: %w", n, err)
+			return nil, fmt.Errorf("%w: Cannot parse line: %v: %w", ErrFileParse, i, err)
 		}
 		fds[i] = uintptr(fd)
 	}
@@ -237,6 +243,19 @@ func (p Proc) FileDescriptorTargets() ([]string, error) {
 // FileDescriptorsLen returns the number of currently open file descriptors of
 // a process.
 func (p Proc) FileDescriptorsLen() (int, error) {
+	// Use fast path if available (Linux v6.2): https://github.com/torvalds/linux/commit/f1f1f2569901
+	if p.fs.isReal {
+		stat, err := os.Stat(p.path("fd"))
+		if err != nil {
+			return 0, err
+		}
+
+		size := stat.Size()
+		if size > 0 {
+			return int(size), nil
+		}
+	}
+
 	fds, err := p.fileDescriptors()
 	if err != nil {
 		return 0, err
@@ -278,14 +297,14 @@ func (p Proc) fileDescriptors() ([]string, error) {
 
 	names, err := d.Readdirnames(-1)
 	if err != nil {
-		return nil, fmt.Errorf("could not read %q: %w", d.Name(), err)
+		return nil, fmt.Errorf("%w: Cannot read file: %v: %w", ErrFileRead, names, err)
 	}
 
 	return names, nil
 }
 
 func (p Proc) path(pa ...string) string {
-	return p.fs.Path(append([]string{strconv.Itoa(p.PID)}, pa...)...)
+	return p.fs.proc.Path(append([]string{strconv.Itoa(p.PID)}, pa...)...)
 }
 
 // FileDescriptorsInfo retrieves information about all file descriptors of
diff --git a/vendor/github.com/prometheus/procfs/proc_cgroup.go b/vendor/github.com/prometheus/procfs/proc_cgroup.go
index ea83a75ffc..daeed7f571 100644
--- a/vendor/github.com/prometheus/procfs/proc_cgroup.go
+++ b/vendor/github.com/prometheus/procfs/proc_cgroup.go
@@ -51,7 +51,7 @@ func parseCgroupString(cgroupStr string) (*Cgroup, error) {
 
 	fields := strings.SplitN(cgroupStr, ":", 3)
 	if len(fields) < 3 {
-		return nil, fmt.Errorf("at least 3 fields required, found %d fields in cgroup string: %s", len(fields), cgroupStr)
+		return nil, fmt.Errorf("%w: 3+ fields required, found %d fields in cgroup string: %s", ErrFileParse, len(fields), cgroupStr)
 	}
 
 	cgroup := &Cgroup{
@@ -60,7 +60,7 @@ func parseCgroupString(cgroupStr string) (*Cgroup, error) {
 	}
 	cgroup.HierarchyID, err = strconv.Atoi(fields[0])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse hierarchy ID")
+		return nil, fmt.Errorf("%w: hierarchy ID: %q", ErrFileParse, cgroup.HierarchyID)
 	}
 	if fields[1] != "" {
 		ssNames := strings.Split(fields[1], ",")
diff --git a/vendor/github.com/prometheus/procfs/proc_cgroups.go b/vendor/github.com/prometheus/procfs/proc_cgroups.go
index 24d4dce9cf..5dd4938999 100644
--- a/vendor/github.com/prometheus/procfs/proc_cgroups.go
+++ b/vendor/github.com/prometheus/procfs/proc_cgroups.go
@@ -46,7 +46,7 @@ func parseCgroupSummaryString(CgroupSummaryStr string) (*CgroupSummary, error) {
 	fields := strings.Fields(CgroupSummaryStr)
 	// require at least 4 fields
 	if len(fields) < 4 {
-		return nil, fmt.Errorf("at least 4 fields required, found %d fields in cgroup info string: %s", len(fields), CgroupSummaryStr)
+		return nil, fmt.Errorf("%w: 4+ fields required, found %d fields in cgroup info string: %s", ErrFileParse, len(fields), CgroupSummaryStr)
 	}
 
 	CgroupSummary := &CgroupSummary{
@@ -54,15 +54,15 @@ func parseCgroupSummaryString(CgroupSummaryStr string) (*CgroupSummary, error) {
 	}
 	CgroupSummary.Hierarchy, err = strconv.Atoi(fields[1])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse hierarchy ID")
+		return nil, fmt.Errorf("%w: Unable to parse hierarchy ID from %q", ErrFileParse, fields[1])
 	}
 	CgroupSummary.Cgroups, err = strconv.Atoi(fields[2])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse Cgroup Num")
+		return nil, fmt.Errorf("%w: Unable to parse Cgroup Num from %q", ErrFileParse, fields[2])
 	}
 	CgroupSummary.Enabled, err = strconv.Atoi(fields[3])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse Enabled")
+		return nil, fmt.Errorf("%w: Unable to parse Enabled from %q", ErrFileParse, fields[3])
 	}
 	return CgroupSummary, nil
 }
diff --git a/vendor/github.com/prometheus/procfs/proc_fdinfo.go b/vendor/github.com/prometheus/procfs/proc_fdinfo.go
index 1bbdd4a8e9..fa761b3529 100644
--- a/vendor/github.com/prometheus/procfs/proc_fdinfo.go
+++ b/vendor/github.com/prometheus/procfs/proc_fdinfo.go
@@ -26,6 +26,7 @@ var (
 	rPos          = regexp.MustCompile(`^pos:\s+(\d+)$`)
 	rFlags        = regexp.MustCompile(`^flags:\s+(\d+)$`)
 	rMntID        = regexp.MustCompile(`^mnt_id:\s+(\d+)$`)
+	rIno          = regexp.MustCompile(`^ino:\s+(\d+)$`)
 	rInotify      = regexp.MustCompile(`^inotify`)
 	rInotifyParts = regexp.MustCompile(`^inotify\s+wd:([0-9a-f]+)\s+ino:([0-9a-f]+)\s+sdev:([0-9a-f]+)(?:\s+mask:([0-9a-f]+))?`)
 )
@@ -40,6 +41,8 @@ type ProcFDInfo struct {
 	Flags string
 	// Mount point ID
 	MntID string
+	// Inode number
+	Ino string
 	// List of inotify lines (structured) in the fdinfo file (kernel 3.8+ only)
 	InotifyInfos []InotifyInfo
 }
@@ -51,7 +54,7 @@ func (p Proc) FDInfo(fd string) (*ProcFDInfo, error) {
 		return nil, err
 	}
 
-	var text, pos, flags, mntid string
+	var text, pos, flags, mntid, ino string
 	var inotify []InotifyInfo
 
 	scanner := bufio.NewScanner(bytes.NewReader(data))
@@ -63,6 +66,8 @@ func (p Proc) FDInfo(fd string) (*ProcFDInfo, error) {
 			flags = rFlags.FindStringSubmatch(text)[1]
 		} else if rMntID.MatchString(text) {
 			mntid = rMntID.FindStringSubmatch(text)[1]
+		} else if rIno.MatchString(text) {
+			ino = rIno.FindStringSubmatch(text)[1]
 		} else if rInotify.MatchString(text) {
 			newInotify, err := parseInotifyInfo(text)
 			if err != nil {
@@ -77,6 +82,7 @@ func (p Proc) FDInfo(fd string) (*ProcFDInfo, error) {
 		Pos:          pos,
 		Flags:        flags,
 		MntID:        mntid,
+		Ino:          ino,
 		InotifyInfos: inotify,
 	}
 
@@ -111,7 +117,7 @@ func parseInotifyInfo(line string) (*InotifyInfo, error) {
 		}
 		return i, nil
 	}
-	return nil, fmt.Errorf("invalid inode entry: %q", line)
+	return nil, fmt.Errorf("%w: invalid inode entry: %q", ErrFileParse, line)
 }
 
 // ProcFDInfos represents a list of ProcFDInfo structs.
diff --git a/vendor/github.com/prometheus/procfs/proc_interrupts.go b/vendor/github.com/prometheus/procfs/proc_interrupts.go
index 9df79c2379..86b4b45246 100644
--- a/vendor/github.com/prometheus/procfs/proc_interrupts.go
+++ b/vendor/github.com/prometheus/procfs/proc_interrupts.go
@@ -66,7 +66,7 @@ func parseInterrupts(r io.Reader) (Interrupts, error) {
 			continue
 		}
 		if len(parts) < 2 {
-			return nil, fmt.Errorf("not enough fields in interrupts (expected at least 2 fields but got %d): %s", len(parts), parts)
+			return nil, fmt.Errorf("%w: Not enough fields in interrupts (expected 2+ fields but got %d): %s", ErrFileParse, len(parts), parts)
 		}
 		intName := parts[0][:len(parts[0])-1] // remove trailing :
 
diff --git a/vendor/github.com/prometheus/procfs/proc_limits.go b/vendor/github.com/prometheus/procfs/proc_limits.go
index 7a1388185a..9530b14bc6 100644
--- a/vendor/github.com/prometheus/procfs/proc_limits.go
+++ b/vendor/github.com/prometheus/procfs/proc_limits.go
@@ -103,7 +103,7 @@ func (p Proc) Limits() (ProcLimits, error) {
 		//fields := limitsMatch.Split(s.Text(), limitsFields)
 		fields := limitsMatch.FindStringSubmatch(s.Text())
 		if len(fields) != limitsFields {
-			return ProcLimits{}, fmt.Errorf("couldn't parse %q line %q", f.Name(), s.Text())
+			return ProcLimits{}, fmt.Errorf("%w: couldn't parse %q line %q", ErrFileParse, f.Name(), s.Text())
 		}
 
 		switch fields[1] {
@@ -154,7 +154,7 @@ func parseUint(s string) (uint64, error) {
 	}
 	i, err := strconv.ParseUint(s, 10, 64)
 	if err != nil {
-		return 0, fmt.Errorf("couldn't parse value %q: %w", s, err)
+		return 0, fmt.Errorf("%w: couldn't parse value %q: %w", ErrFileParse, s, err)
 	}
 	return i, nil
 }
diff --git a/vendor/github.com/prometheus/procfs/proc_maps.go b/vendor/github.com/prometheus/procfs/proc_maps.go
index f1bcbf32bb..7e75c286b5 100644
--- a/vendor/github.com/prometheus/procfs/proc_maps.go
+++ b/vendor/github.com/prometheus/procfs/proc_maps.go
@@ -63,17 +63,17 @@ type ProcMap struct {
 // parseDevice parses the device token of a line and converts it to a dev_t
 // (mkdev) like structure.
 func parseDevice(s string) (uint64, error) {
-	toks := strings.Split(s, ":")
-	if len(toks) < 2 {
-		return 0, fmt.Errorf("unexpected number of fields")
+	i := strings.Index(s, ":")
+	if i == -1 {
+		return 0, fmt.Errorf("%w: expected separator `:` in %s", ErrFileParse, s)
 	}
 
-	major, err := strconv.ParseUint(toks[0], 16, 0)
+	major, err := strconv.ParseUint(s[0:i], 16, 0)
 	if err != nil {
 		return 0, err
 	}
 
-	minor, err := strconv.ParseUint(toks[1], 16, 0)
+	minor, err := strconv.ParseUint(s[i+1:], 16, 0)
 	if err != nil {
 		return 0, err
 	}
@@ -93,17 +93,17 @@ func parseAddress(s string) (uintptr, error) {
 
 // parseAddresses parses the start-end address.
 func parseAddresses(s string) (uintptr, uintptr, error) {
-	toks := strings.Split(s, "-")
-	if len(toks) < 2 {
-		return 0, 0, fmt.Errorf("invalid address")
+	idx := strings.Index(s, "-")
+	if idx == -1 {
+		return 0, 0, fmt.Errorf("%w: expected separator `-` in %s", ErrFileParse, s)
 	}
 
-	saddr, err := parseAddress(toks[0])
+	saddr, err := parseAddress(s[0:idx])
 	if err != nil {
 		return 0, 0, err
 	}
 
-	eaddr, err := parseAddress(toks[1])
+	eaddr, err := parseAddress(s[idx+1:])
 	if err != nil {
 		return 0, 0, err
 	}
@@ -114,7 +114,7 @@ func parseAddresses(s string) (uintptr, uintptr, error) {
 // parsePermissions parses a token and returns any that are set.
 func parsePermissions(s string) (*ProcMapPermissions, error) {
 	if len(s) < 4 {
-		return nil, fmt.Errorf("invalid permissions token")
+		return nil, fmt.Errorf("%w: invalid permissions token", ErrFileParse)
 	}
 
 	perms := ProcMapPermissions{}
@@ -141,7 +141,7 @@ func parsePermissions(s string) (*ProcMapPermissions, error) {
 func parseProcMap(text string) (*ProcMap, error) {
 	fields := strings.Fields(text)
 	if len(fields) < 5 {
-		return nil, fmt.Errorf("truncated procmap entry")
+		return nil, fmt.Errorf("%w: truncated procmap entry", ErrFileParse)
 	}
 
 	saddr, eaddr, err := parseAddresses(fields[0])
diff --git a/vendor/github.com/prometheus/procfs/proc_netstat.go b/vendor/github.com/prometheus/procfs/proc_netstat.go
index 6a43bb2459..8e3ff4d794 100644
--- a/vendor/github.com/prometheus/procfs/proc_netstat.go
+++ b/vendor/github.com/prometheus/procfs/proc_netstat.go
@@ -195,8 +195,8 @@ func parseProcNetstat(r io.Reader, fileName string) (ProcNetstat, error) {
 		// Remove trailing :.
 		protocol := strings.TrimSuffix(nameParts[0], ":")
 		if len(nameParts) != len(valueParts) {
-			return procNetstat, fmt.Errorf("mismatch field count mismatch in %s: %s",
-				fileName, protocol)
+			return procNetstat, fmt.Errorf("%w: mismatch field count mismatch in %s: %s",
+				ErrFileParse, fileName, protocol)
 		}
 		for i := 1; i < len(nameParts); i++ {
 			value, err := strconv.ParseFloat(valueParts[i], 64)
diff --git a/vendor/github.com/prometheus/procfs/proc_ns.go b/vendor/github.com/prometheus/procfs/proc_ns.go
index 391b4cbd11..0f8f847f95 100644
--- a/vendor/github.com/prometheus/procfs/proc_ns.go
+++ b/vendor/github.com/prometheus/procfs/proc_ns.go
@@ -40,7 +40,7 @@ func (p Proc) Namespaces() (Namespaces, error) {
 
 	names, err := d.Readdirnames(-1)
 	if err != nil {
-		return nil, fmt.Errorf("failed to read contents of ns dir: %w", err)
+		return nil, fmt.Errorf("%w: failed to read contents of ns dir: %w", ErrFileRead, err)
 	}
 
 	ns := make(Namespaces, len(names))
@@ -52,13 +52,13 @@ func (p Proc) Namespaces() (Namespaces, error) {
 
 		fields := strings.SplitN(target, ":", 2)
 		if len(fields) != 2 {
-			return nil, fmt.Errorf("failed to parse namespace type and inode from %q", target)
+			return nil, fmt.Errorf("%w: namespace type and inode from %q", ErrFileParse, target)
 		}
 
 		typ := fields[0]
 		inode, err := strconv.ParseUint(strings.Trim(fields[1], "[]"), 10, 32)
 		if err != nil {
-			return nil, fmt.Errorf("failed to parse inode from %q: %w", fields[1], err)
+			return nil, fmt.Errorf("%w: inode from %q: %w", ErrFileParse, fields[1], err)
 		}
 
 		ns[name] = Namespace{typ, uint32(inode)}
diff --git a/vendor/github.com/prometheus/procfs/proc_psi.go b/vendor/github.com/prometheus/procfs/proc_psi.go
index a68fe15290..ccd35f153a 100644
--- a/vendor/github.com/prometheus/procfs/proc_psi.go
+++ b/vendor/github.com/prometheus/procfs/proc_psi.go
@@ -61,14 +61,14 @@ type PSIStats struct {
 func (fs FS) PSIStatsForResource(resource string) (PSIStats, error) {
 	data, err := util.ReadFileNoStat(fs.proc.Path(fmt.Sprintf("%s/%s", "pressure", resource)))
 	if err != nil {
-		return PSIStats{}, fmt.Errorf("psi_stats: unavailable for %q: %w", resource, err)
+		return PSIStats{}, fmt.Errorf("%w: psi_stats: unavailable for %q: %w", ErrFileRead, resource, err)
 	}
 
-	return parsePSIStats(resource, bytes.NewReader(data))
+	return parsePSIStats(bytes.NewReader(data))
 }
 
 // parsePSIStats parses the specified file for pressure stall information.
-func parsePSIStats(resource string, r io.Reader) (PSIStats, error) {
+func parsePSIStats(r io.Reader) (PSIStats, error) {
 	psiStats := PSIStats{}
 
 	scanner := bufio.NewScanner(r)
diff --git a/vendor/github.com/prometheus/procfs/proc_smaps.go b/vendor/github.com/prometheus/procfs/proc_smaps.go
index 0e97d99575..09060e8208 100644
--- a/vendor/github.com/prometheus/procfs/proc_smaps.go
+++ b/vendor/github.com/prometheus/procfs/proc_smaps.go
@@ -127,7 +127,7 @@ func (s *ProcSMapsRollup) parseLine(line string) error {
 	}
 
 	v := strings.TrimSpace(kv[1])
-	v = strings.TrimRight(v, " kB")
+	v = strings.TrimSuffix(v, " kB")
 
 	vKBytes, err := strconv.ParseUint(v, 10, 64)
 	if err != nil {
@@ -135,12 +135,12 @@ func (s *ProcSMapsRollup) parseLine(line string) error {
 	}
 	vBytes := vKBytes * 1024
 
-	s.addValue(k, v, vKBytes, vBytes)
+	s.addValue(k, vBytes)
 
 	return nil
 }
 
-func (s *ProcSMapsRollup) addValue(k string, vString string, vUint uint64, vUintBytes uint64) {
+func (s *ProcSMapsRollup) addValue(k string, vUintBytes uint64) {
 	switch k {
 	case "Rss":
 		s.Rss += vUintBytes
diff --git a/vendor/github.com/prometheus/procfs/proc_snmp.go b/vendor/github.com/prometheus/procfs/proc_snmp.go
index 6c46b71884..b9d2cf642a 100644
--- a/vendor/github.com/prometheus/procfs/proc_snmp.go
+++ b/vendor/github.com/prometheus/procfs/proc_snmp.go
@@ -159,8 +159,8 @@ func parseSnmp(r io.Reader, fileName string) (ProcSnmp, error) {
 		// Remove trailing :.
 		protocol := strings.TrimSuffix(nameParts[0], ":")
 		if len(nameParts) != len(valueParts) {
-			return procSnmp, fmt.Errorf("mismatch field count mismatch in %s: %s",
-				fileName, protocol)
+			return procSnmp, fmt.Errorf("%w: mismatch field count mismatch in %s: %s",
+				ErrFileParse, fileName, protocol)
 		}
 		for i := 1; i < len(nameParts); i++ {
 			value, err := strconv.ParseFloat(valueParts[i], 64)
diff --git a/vendor/github.com/prometheus/procfs/proc_stat.go b/vendor/github.com/prometheus/procfs/proc_stat.go
index b278eb2c2d..06a8d931c9 100644
--- a/vendor/github.com/prometheus/procfs/proc_stat.go
+++ b/vendor/github.com/prometheus/procfs/proc_stat.go
@@ -18,7 +18,6 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/prometheus/procfs/internal/fs"
 	"github.com/prometheus/procfs/internal/util"
 )
 
@@ -111,8 +110,13 @@ type ProcStat struct {
 	Policy uint
 	// Aggregated block I/O delays, measured in clock ticks (centiseconds).
 	DelayAcctBlkIOTicks uint64
+	// Guest time of the process (time spent running a virtual CPU for a guest
+	// operating system), measured in clock ticks.
+	GuestTime int
+	// Guest time of the process's children, measured in clock ticks.
+	CGuestTime int
 
-	proc fs.FS
+	proc FS
 }
 
 // NewStat returns the current status information of the process.
@@ -139,7 +143,7 @@ func (p Proc) Stat() (ProcStat, error) {
 	)
 
 	if l < 0 || r < 0 {
-		return ProcStat{}, fmt.Errorf("unexpected format, couldn't extract comm %q", data)
+		return ProcStat{}, fmt.Errorf("%w: unexpected format, couldn't extract comm %q", ErrFileParse, data)
 	}
 
 	s.Comm = string(data[l+1 : r])
@@ -190,6 +194,8 @@ func (p Proc) Stat() (ProcStat, error) {
 		&s.RTPriority,
 		&s.Policy,
 		&s.DelayAcctBlkIOTicks,
+		&s.GuestTime,
+		&s.CGuestTime,
 	)
 	if err != nil {
 		return ProcStat{}, err
@@ -210,8 +216,7 @@ func (s ProcStat) ResidentMemory() int {
 
 // StartTime returns the unix timestamp of the process in seconds.
 func (s ProcStat) StartTime() (float64, error) {
-	fs := FS{proc: s.proc}
-	stat, err := fs.Stat()
+	stat, err := s.proc.Stat()
 	if err != nil {
 		return 0, err
 	}
diff --git a/vendor/github.com/prometheus/procfs/proc_status.go b/vendor/github.com/prometheus/procfs/proc_status.go
index 3d8c06439a..a055197c63 100644
--- a/vendor/github.com/prometheus/procfs/proc_status.go
+++ b/vendor/github.com/prometheus/procfs/proc_status.go
@@ -15,6 +15,8 @@ package procfs
 
 import (
 	"bytes"
+	"math/bits"
+	"sort"
 	"strconv"
 	"strings"
 
@@ -22,7 +24,7 @@ import (
 )
 
 // ProcStatus provides status information about the process,
-// read from /proc/[pid]/stat.
+// read from /proc/[pid]/status.
 type ProcStatus struct {
 	// The process ID.
 	PID int
@@ -31,6 +33,8 @@ type ProcStatus struct {
 
 	// Thread group ID.
 	TGID int
+	// List of Pid namespace.
+	NSpids []uint64
 
 	// Peak virtual memory size.
 	VmPeak uint64 // nolint:revive
@@ -73,9 +77,12 @@ type ProcStatus struct {
 	NonVoluntaryCtxtSwitches uint64
 
 	// UIDs of the process (Real, effective, saved set, and filesystem UIDs)
-	UIDs [4]string
+	UIDs [4]uint64
 	// GIDs of the process (Real, effective, saved set, and filesystem GIDs)
-	GIDs [4]string
+	GIDs [4]uint64
+
+	// CpusAllowedList: List of cpu cores processes are allowed to run on.
+	CpusAllowedList []uint64
 }
 
 // NewStatus returns the current status information of the process.
@@ -107,22 +114,39 @@ func (p Proc) NewStatus() (ProcStatus, error) {
 		// convert kB to B
 		vBytes := vKBytes * 1024
 
-		s.fillStatus(k, v, vKBytes, vBytes)
+		err = s.fillStatus(k, v, vKBytes, vBytes)
+		if err != nil {
+			return ProcStatus{}, err
+		}
 	}
 
 	return s, nil
 }
 
-func (s *ProcStatus) fillStatus(k string, vString string, vUint uint64, vUintBytes uint64) {
+func (s *ProcStatus) fillStatus(k string, vString string, vUint uint64, vUintBytes uint64) error {
 	switch k {
 	case "Tgid":
 		s.TGID = int(vUint)
 	case "Name":
 		s.Name = vString
 	case "Uid":
-		copy(s.UIDs[:], strings.Split(vString, "\t"))
+		var err error
+		for i, v := range strings.Split(vString, "\t") {
+			s.UIDs[i], err = strconv.ParseUint(v, 10, bits.UintSize)
+			if err != nil {
+				return err
+			}
+		}
 	case "Gid":
-		copy(s.GIDs[:], strings.Split(vString, "\t"))
+		var err error
+		for i, v := range strings.Split(vString, "\t") {
+			s.GIDs[i], err = strconv.ParseUint(v, 10, bits.UintSize)
+			if err != nil {
+				return err
+			}
+		}
+	case "NSpid":
+		s.NSpids = calcNSPidsList(vString)
 	case "VmPeak":
 		s.VmPeak = vUintBytes
 	case "VmSize":
@@ -161,10 +185,54 @@ func (s *ProcStatus) fillStatus(k string, vString string, vUint uint64, vUintByt
 		s.VoluntaryCtxtSwitches = vUint
 	case "nonvoluntary_ctxt_switches":
 		s.NonVoluntaryCtxtSwitches = vUint
+	case "Cpus_allowed_list":
+		s.CpusAllowedList = calcCpusAllowedList(vString)
 	}
+
+	return nil
 }
 
 // TotalCtxtSwitches returns the total context switch.
 func (s ProcStatus) TotalCtxtSwitches() uint64 {
 	return s.VoluntaryCtxtSwitches + s.NonVoluntaryCtxtSwitches
 }
+
+func calcCpusAllowedList(cpuString string) []uint64 {
+	s := strings.Split(cpuString, ",")
+
+	var g []uint64
+
+	for _, cpu := range s {
+		// parse cpu ranges, example: 1-3=[1,2,3]
+		if l := strings.Split(strings.TrimSpace(cpu), "-"); len(l) > 1 {
+			startCPU, _ := strconv.ParseUint(l[0], 10, 64)
+			endCPU, _ := strconv.ParseUint(l[1], 10, 64)
+
+			for i := startCPU; i <= endCPU; i++ {
+				g = append(g, i)
+			}
+		} else if len(l) == 1 {
+			cpu, _ := strconv.ParseUint(l[0], 10, 64)
+			g = append(g, cpu)
+		}
+
+	}
+
+	sort.Slice(g, func(i, j int) bool { return g[i] < g[j] })
+	return g
+}
+
+func calcNSPidsList(nspidsString string) []uint64 {
+	s := strings.Split(nspidsString, " ")
+	var nspids []uint64
+
+	for _, nspid := range s {
+		nspid, _ := strconv.ParseUint(nspid, 10, 64)
+		if nspid == 0 {
+			continue
+		}
+		nspids = append(nspids, nspid)
+	}
+
+	return nspids
+}
diff --git a/vendor/github.com/prometheus/procfs/proc_sys.go b/vendor/github.com/prometheus/procfs/proc_sys.go
index d46533ebf4..5eefbe2ef8 100644
--- a/vendor/github.com/prometheus/procfs/proc_sys.go
+++ b/vendor/github.com/prometheus/procfs/proc_sys.go
@@ -44,7 +44,7 @@ func (fs FS) SysctlInts(sysctl string) ([]int, error) {
 		vp := util.NewValueParser(f)
 		values[i] = vp.Int()
 		if err := vp.Err(); err != nil {
-			return nil, fmt.Errorf("field %d in sysctl %s is not a valid int: %w", i, sysctl, err)
+			return nil, fmt.Errorf("%w: field %d in sysctl %s is not a valid int: %w", ErrFileParse, i, sysctl, err)
 		}
 	}
 	return values, nil
diff --git a/vendor/github.com/prometheus/procfs/slab.go b/vendor/github.com/prometheus/procfs/slab.go
index bc9aaf5c28..8611c90177 100644
--- a/vendor/github.com/prometheus/procfs/slab.go
+++ b/vendor/github.com/prometheus/procfs/slab.go
@@ -68,7 +68,7 @@ func parseV21SlabEntry(line string) (*Slab, error) {
 	l := slabSpace.ReplaceAllString(line, " ")
 	s := strings.Split(l, " ")
 	if len(s) != 16 {
-		return nil, fmt.Errorf("unable to parse: %q", line)
+		return nil, fmt.Errorf("%w: unable to parse: %q", ErrFileParse, line)
 	}
 	var err error
 	i := &Slab{Name: s[0]}
diff --git a/vendor/github.com/prometheus/procfs/softirqs.go b/vendor/github.com/prometheus/procfs/softirqs.go
index 559129cbca..28708e0745 100644
--- a/vendor/github.com/prometheus/procfs/softirqs.go
+++ b/vendor/github.com/prometheus/procfs/softirqs.go
@@ -57,7 +57,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 	)
 
 	if !scanner.Scan() {
-		return Softirqs{}, fmt.Errorf("softirqs empty")
+		return Softirqs{}, fmt.Errorf("%w: softirqs empty", ErrFileRead)
 	}
 
 	for scanner.Scan() {
@@ -74,7 +74,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.Hi = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.Hi[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (HI%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%w: couldn't parse %q (HI%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "TIMER:":
@@ -82,7 +82,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.Timer = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.Timer[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (TIMER%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%w: couldn't parse %q (TIMER%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "NET_TX:":
@@ -90,7 +90,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.NetTx = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.NetTx[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (NET_TX%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%w: couldn't parse %q (NET_TX%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "NET_RX:":
@@ -98,7 +98,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.NetRx = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.NetRx[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (NET_RX%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%w: couldn't parse %q (NET_RX%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "BLOCK:":
@@ -106,7 +106,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.Block = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.Block[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (BLOCK%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%w: couldn't parse %q (BLOCK%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "IRQ_POLL:":
@@ -114,7 +114,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.IRQPoll = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.IRQPoll[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (IRQ_POLL%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%w: couldn't parse %q (IRQ_POLL%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "TASKLET:":
@@ -122,7 +122,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.Tasklet = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.Tasklet[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (TASKLET%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%w: couldn't parse %q (TASKLET%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "SCHED:":
@@ -130,7 +130,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.Sched = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.Sched[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (SCHED%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%w: couldn't parse %q (SCHED%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "HRTIMER:":
@@ -138,7 +138,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.HRTimer = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.HRTimer[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (HRTIMER%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%w: couldn't parse %q (HRTIMER%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "RCU:":
@@ -146,14 +146,14 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.RCU = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.RCU[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (RCU%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%w: couldn't parse %q (RCU%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		}
 	}
 
 	if err := scanner.Err(); err != nil {
-		return Softirqs{}, fmt.Errorf("couldn't parse softirqs: %w", err)
+		return Softirqs{}, fmt.Errorf("%w: couldn't parse softirqs: %w", ErrFileParse, err)
 	}
 
 	return softirqs, scanner.Err()
diff --git a/vendor/github.com/prometheus/procfs/stat.go b/vendor/github.com/prometheus/procfs/stat.go
index 586af48af9..e36b41c18a 100644
--- a/vendor/github.com/prometheus/procfs/stat.go
+++ b/vendor/github.com/prometheus/procfs/stat.go
@@ -93,10 +93,10 @@ func parseCPUStat(line string) (CPUStat, int64, error) {
 		&cpuStat.Guest, &cpuStat.GuestNice)
 
 	if err != nil && err != io.EOF {
-		return CPUStat{}, -1, fmt.Errorf("couldn't parse %q (cpu): %w", line, err)
+		return CPUStat{}, -1, fmt.Errorf("%w: couldn't parse %q (cpu): %w", ErrFileParse, line, err)
 	}
 	if count == 0 {
-		return CPUStat{}, -1, fmt.Errorf("couldn't parse %q (cpu): 0 elements parsed", line)
+		return CPUStat{}, -1, fmt.Errorf("%w: couldn't parse %q (cpu): 0 elements parsed", ErrFileParse, line)
 	}
 
 	cpuStat.User /= userHZ
@@ -116,7 +116,7 @@ func parseCPUStat(line string) (CPUStat, int64, error) {
 
 	cpuID, err := strconv.ParseInt(cpu[3:], 10, 64)
 	if err != nil {
-		return CPUStat{}, -1, fmt.Errorf("couldn't parse %q (cpu/cpuid): %w", line, err)
+		return CPUStat{}, -1, fmt.Errorf("%w: couldn't parse %q (cpu/cpuid): %w", ErrFileParse, line, err)
 	}
 
 	return cpuStat, cpuID, nil
@@ -136,7 +136,7 @@ func parseSoftIRQStat(line string) (SoftIRQStat, uint64, error) {
 		&softIRQStat.Hrtimer, &softIRQStat.Rcu)
 
 	if err != nil {
-		return SoftIRQStat{}, 0, fmt.Errorf("couldn't parse %q (softirq): %w", line, err)
+		return SoftIRQStat{}, 0, fmt.Errorf("%w: couldn't parse %q (softirq): %w", ErrFileParse, line, err)
 	}
 
 	return softIRQStat, total, nil
@@ -187,6 +187,10 @@ func parseStat(r io.Reader, fileName string) (Stat, error) {
 		err error
 	)
 
+	// Increase default scanner buffer to handle very long `intr` lines.
+	buf := make([]byte, 0, 8*1024)
+	scanner.Buffer(buf, 1024*1024)
+
 	for scanner.Scan() {
 		line := scanner.Text()
 		parts := strings.Fields(scanner.Text())
@@ -197,34 +201,34 @@ func parseStat(r io.Reader, fileName string) (Stat, error) {
 		switch {
 		case parts[0] == "btime":
 			if stat.BootTime, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (btime): %w", parts[1], err)
+				return Stat{}, fmt.Errorf("%w: couldn't parse %q (btime): %w", ErrFileParse, parts[1], err)
 			}
 		case parts[0] == "intr":
 			if stat.IRQTotal, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (intr): %w", parts[1], err)
+				return Stat{}, fmt.Errorf("%w: couldn't parse %q (intr): %w", ErrFileParse, parts[1], err)
 			}
 			numberedIRQs := parts[2:]
 			stat.IRQ = make([]uint64, len(numberedIRQs))
 			for i, count := range numberedIRQs {
 				if stat.IRQ[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Stat{}, fmt.Errorf("couldn't parse %q (intr%d): %w", count, i, err)
+					return Stat{}, fmt.Errorf("%w: couldn't parse %q (intr%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "ctxt":
 			if stat.ContextSwitches, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (ctxt): %w", parts[1], err)
+				return Stat{}, fmt.Errorf("%w: couldn't parse %q (ctxt): %w", ErrFileParse, parts[1], err)
 			}
 		case parts[0] == "processes":
 			if stat.ProcessCreated, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (processes): %w", parts[1], err)
+				return Stat{}, fmt.Errorf("%w: couldn't parse %q (processes): %w", ErrFileParse, parts[1], err)
 			}
 		case parts[0] == "procs_running":
 			if stat.ProcessesRunning, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (procs_running): %w", parts[1], err)
+				return Stat{}, fmt.Errorf("%w: couldn't parse %q (procs_running): %w", ErrFileParse, parts[1], err)
 			}
 		case parts[0] == "procs_blocked":
 			if stat.ProcessesBlocked, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (procs_blocked): %w", parts[1], err)
+				return Stat{}, fmt.Errorf("%w: couldn't parse %q (procs_blocked): %w", ErrFileParse, parts[1], err)
 			}
 		case parts[0] == "softirq":
 			softIRQStats, total, err := parseSoftIRQStat(line)
@@ -247,7 +251,7 @@ func parseStat(r io.Reader, fileName string) (Stat, error) {
 	}
 
 	if err := scanner.Err(); err != nil {
-		return Stat{}, fmt.Errorf("couldn't parse %q: %w", fileName, err)
+		return Stat{}, fmt.Errorf("%w: couldn't parse %q: %w", ErrFileParse, fileName, err)
 	}
 
 	return stat, nil
diff --git a/vendor/github.com/prometheus/procfs/swaps.go b/vendor/github.com/prometheus/procfs/swaps.go
index 15edc2212b..65fec834bf 100644
--- a/vendor/github.com/prometheus/procfs/swaps.go
+++ b/vendor/github.com/prometheus/procfs/swaps.go
@@ -64,7 +64,7 @@ func parseSwapString(swapString string) (*Swap, error) {
 	swapFields := strings.Fields(swapString)
 	swapLength := len(swapFields)
 	if swapLength < 5 {
-		return nil, fmt.Errorf("too few fields in swap string: %s", swapString)
+		return nil, fmt.Errorf("%w: too few fields in swap string: %s", ErrFileParse, swapString)
 	}
 
 	swap := &Swap{
@@ -74,15 +74,15 @@ func parseSwapString(swapString string) (*Swap, error) {
 
 	swap.Size, err = strconv.Atoi(swapFields[2])
 	if err != nil {
-		return nil, fmt.Errorf("invalid swap size: %s", swapFields[2])
+		return nil, fmt.Errorf("%w: invalid swap size: %s: %w", ErrFileParse, swapFields[2], err)
 	}
 	swap.Used, err = strconv.Atoi(swapFields[3])
 	if err != nil {
-		return nil, fmt.Errorf("invalid swap used: %s", swapFields[3])
+		return nil, fmt.Errorf("%w: invalid swap used: %s: %w", ErrFileParse, swapFields[3], err)
 	}
 	swap.Priority, err = strconv.Atoi(swapFields[4])
 	if err != nil {
-		return nil, fmt.Errorf("invalid swap priority: %s", swapFields[4])
+		return nil, fmt.Errorf("%w: invalid swap priority: %s: %w", ErrFileParse, swapFields[4], err)
 	}
 
 	return swap, nil
diff --git a/vendor/github.com/prometheus/procfs/thread.go b/vendor/github.com/prometheus/procfs/thread.go
index f08bfc769d..80e0e947be 100644
--- a/vendor/github.com/prometheus/procfs/thread.go
+++ b/vendor/github.com/prometheus/procfs/thread.go
@@ -45,7 +45,7 @@ func (fs FS) AllThreads(pid int) (Procs, error) {
 
 	names, err := d.Readdirnames(-1)
 	if err != nil {
-		return Procs{}, fmt.Errorf("could not read %q: %w", d.Name(), err)
+		return Procs{}, fmt.Errorf("%w: could not read %q: %w", ErrFileRead, d.Name(), err)
 	}
 
 	t := Procs{}
@@ -54,7 +54,8 @@ func (fs FS) AllThreads(pid int) (Procs, error) {
 		if err != nil {
 			continue
 		}
-		t = append(t, Proc{PID: int(tid), fs: fsi.FS(taskPath)})
+
+		t = append(t, Proc{PID: int(tid), fs: FS{fsi.FS(taskPath), fs.isReal}})
 	}
 
 	return t, nil
@@ -66,13 +67,13 @@ func (fs FS) Thread(pid, tid int) (Proc, error) {
 	if _, err := os.Stat(taskPath); err != nil {
 		return Proc{}, err
 	}
-	return Proc{PID: tid, fs: fsi.FS(taskPath)}, nil
+	return Proc{PID: tid, fs: FS{fsi.FS(taskPath), fs.isReal}}, nil
 }
 
 // Thread returns a process for a given TID of Proc.
 func (proc Proc) Thread(tid int) (Proc, error) {
-	tfs := fsi.FS(proc.path("task"))
-	if _, err := os.Stat(tfs.Path(strconv.Itoa(tid))); err != nil {
+	tfs := FS{fsi.FS(proc.path("task")), proc.fs.isReal}
+	if _, err := os.Stat(tfs.proc.Path(strconv.Itoa(tid))); err != nil {
 		return Proc{}, err
 	}
 	return Proc{PID: tid, fs: tfs}, nil
diff --git a/vendor/github.com/prometheus/procfs/vm.go b/vendor/github.com/prometheus/procfs/vm.go
index cdedcae996..51c49d89e8 100644
--- a/vendor/github.com/prometheus/procfs/vm.go
+++ b/vendor/github.com/prometheus/procfs/vm.go
@@ -86,7 +86,7 @@ func (fs FS) VM() (*VM, error) {
 		return nil, err
 	}
 	if !file.Mode().IsDir() {
-		return nil, fmt.Errorf("%s is not a directory", path)
+		return nil, fmt.Errorf("%w: %s is not a directory", ErrFileRead, path)
 	}
 
 	files, err := os.ReadDir(path)
diff --git a/vendor/github.com/prometheus/procfs/zoneinfo.go b/vendor/github.com/prometheus/procfs/zoneinfo.go
index c745a4c04f..e54d94b090 100644
--- a/vendor/github.com/prometheus/procfs/zoneinfo.go
+++ b/vendor/github.com/prometheus/procfs/zoneinfo.go
@@ -75,11 +75,11 @@ var nodeZoneRE = regexp.MustCompile(`(\d+), zone\s+(\w+)`)
 func (fs FS) Zoneinfo() ([]Zoneinfo, error) {
 	data, err := os.ReadFile(fs.proc.Path("zoneinfo"))
 	if err != nil {
-		return nil, fmt.Errorf("error reading zoneinfo %q: %w", fs.proc.Path("zoneinfo"), err)
+		return nil, fmt.Errorf("%w: error reading zoneinfo %q: %w", ErrFileRead, fs.proc.Path("zoneinfo"), err)
 	}
 	zoneinfo, err := parseZoneinfo(data)
 	if err != nil {
-		return nil, fmt.Errorf("error parsing zoneinfo %q: %w", fs.proc.Path("zoneinfo"), err)
+		return nil, fmt.Errorf("%w: error parsing zoneinfo %q: %w", ErrFileParse, fs.proc.Path("zoneinfo"), err)
 	}
 	return zoneinfo, nil
 }
diff --git a/vendor/github.com/rs/cors/LICENSE b/vendor/github.com/rs/cors/LICENSE
new file mode 100644
index 0000000000..d8e2df5a47
--- /dev/null
+++ b/vendor/github.com/rs/cors/LICENSE
@@ -0,0 +1,19 @@
+Copyright (c) 2014 Olivier Poitrey <rs@dailymotion.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished
+to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/vendor/github.com/rs/cors/README.md b/vendor/github.com/rs/cors/README.md
new file mode 100644
index 0000000000..c7fbea0034
--- /dev/null
+++ b/vendor/github.com/rs/cors/README.md
@@ -0,0 +1,125 @@
+# Go CORS handler [![godoc](http://img.shields.io/badge/godoc-reference-blue.svg?style=flat)](https://godoc.org/github.com/rs/cors) [![license](http://img.shields.io/badge/license-MIT-red.svg?style=flat)](https://raw.githubusercontent.com/rs/cors/master/LICENSE) [![Go Coverage](https://github.com/rs/cors/wiki/coverage.svg)](https://raw.githack.com/wiki/rs/cors/coverage.html)
+
+CORS is a `net/http` handler implementing [Cross Origin Resource Sharing W3 specification](http://www.w3.org/TR/cors/) in Golang.
+
+## Getting Started
+
+After installing Go and setting up your [GOPATH](http://golang.org/doc/code.html#GOPATH), create your first `.go` file. We'll call it `server.go`.
+
+```go
+package main
+
+import (
+    "net/http"
+
+    "github.com/rs/cors"
+)
+
+func main() {
+    mux := http.NewServeMux()
+    mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+        w.Header().Set("Content-Type", "application/json")
+        w.Write([]byte("{\"hello\": \"world\"}"))
+    })
+
+    // cors.Default() setup the middleware with default options being
+    // all origins accepted with simple methods (GET, POST). See
+    // documentation below for more options.
+    handler := cors.Default().Handler(mux)
+    http.ListenAndServe(":8080", handler)
+}
+```
+
+Install `cors`:
+
+    go get github.com/rs/cors
+
+Then run your server:
+
+    go run server.go
+
+The server now runs on `localhost:8080`:
+
+    $ curl -D - -H 'Origin: http://foo.com' http://localhost:8080/
+    HTTP/1.1 200 OK
+    Access-Control-Allow-Origin: foo.com
+    Content-Type: application/json
+    Date: Sat, 25 Oct 2014 03:43:57 GMT
+    Content-Length: 18
+
+    {"hello": "world"}
+
+### Allow * With Credentials Security Protection
+
+This library has been modified to avoid a well known security issue when configured with `AllowedOrigins` to `*` and `AllowCredentials` to `true`. Such setup used to make the library reflects the request `Origin` header value, working around a security protection embedded into the standard that makes clients to refuse such configuration. This behavior has been removed with [#55](https://github.com/rs/cors/issues/55) and [#57](https://github.com/rs/cors/issues/57).
+
+If you depend on this behavior and understand the implications, you can restore it using the `AllowOriginFunc` with `func(origin string) {return true}`.
+
+Please refer to [#55](https://github.com/rs/cors/issues/55) for more information about the security implications.
+
+### More Examples
+
+* `net/http`: [examples/nethttp/server.go](https://github.com/rs/cors/blob/master/examples/nethttp/server.go)
+* [Goji](https://goji.io): [examples/goji/server.go](https://github.com/rs/cors/blob/master/examples/goji/server.go)
+* [Martini](http://martini.codegangsta.io): [examples/martini/server.go](https://github.com/rs/cors/blob/master/examples/martini/server.go)
+* [Negroni](https://github.com/codegangsta/negroni): [examples/negroni/server.go](https://github.com/rs/cors/blob/master/examples/negroni/server.go)
+* [Alice](https://github.com/justinas/alice): [examples/alice/server.go](https://github.com/rs/cors/blob/master/examples/alice/server.go)
+* [HttpRouter](https://github.com/julienschmidt/httprouter): [examples/httprouter/server.go](https://github.com/rs/cors/blob/master/examples/httprouter/server.go)
+* [Gorilla](http://www.gorillatoolkit.org/pkg/mux): [examples/gorilla/server.go](https://github.com/rs/cors/blob/master/examples/gorilla/server.go)
+* [Buffalo](https://gobuffalo.io): [examples/buffalo/server.go](https://github.com/rs/cors/blob/master/examples/buffalo/server.go)
+* [Gin](https://gin-gonic.github.io/gin): [examples/gin/server.go](https://github.com/rs/cors/blob/master/examples/gin/server.go)
+* [Chi](https://github.com/go-chi/chi): [examples/chi/server.go](https://github.com/rs/cors/blob/master/examples/chi/server.go)
+
+## Parameters
+
+Parameters are passed to the middleware thru the `cors.New` method as follow:
+
+```go
+c := cors.New(cors.Options{
+    AllowedOrigins: []string{"http://foo.com", "http://foo.com:8080"},
+    AllowCredentials: true,
+    // Enable Debugging for testing, consider disabling in production
+    Debug: true,
+})
+
+// Insert the middleware
+handler = c.Handler(handler)
+```
+
+* **AllowedOrigins** `[]string`: A list of origins a cross-domain request can be executed from. If the special `*` value is present in the list, all origins will be allowed. An origin may contain a wildcard (`*`) to replace 0 or more characters (i.e.: `http://*.domain.com`). Usage of wildcards implies a small performance penality. Only one wildcard can be used per origin. The default value is `*`.
+* **AllowOriginFunc** `func (origin string) bool`: A custom function to validate the origin. It takes the origin as an argument and returns true if allowed, or false otherwise. If this option is set, the content of `AllowedOrigins` is ignored.
+* **AllowOriginRequestFunc** `func (r *http.Request, origin string) bool`: A custom function to validate the origin. It takes the HTTP Request object and the origin as argument and returns true if allowed or false otherwise. If this option is set, the contents of `AllowedOrigins` and `AllowOriginFunc` are ignored.
+Deprecated: use `AllowOriginVaryRequestFunc` instead.
+* **AllowOriginVaryRequestFunc** `func(r *http.Request, origin string) (bool, []string)`: A custom function to validate the origin. It takes the HTTP Request object and the origin as argument and returns true if allowed or false otherwise with a list of headers used to take that decision if any so they can be added to the Vary header. If this option is set, the contents of `AllowedOrigins`, `AllowOriginFunc` and `AllowOriginRequestFunc` are ignored.
+* **AllowedMethods** `[]string`: A list of methods the client is allowed to use with cross-domain requests. Default value is simple methods (`GET` and `POST`).
+* **AllowedHeaders** `[]string`: A list of non simple headers the client is allowed to use with cross-domain requests.
+* **ExposedHeaders** `[]string`: Indicates which headers are safe to expose to the API of a CORS API specification.
+* **AllowCredentials** `bool`: Indicates whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates. The default is `false`.
+* **AllowPrivateNetwork** `bool`: Indicates whether to accept cross-origin requests over a private network.
+* **MaxAge** `int`: Indicates how long (in seconds) the results of a preflight request can be cached. The default is `0` which stands for no max age.
+* **OptionsPassthrough** `bool`: Instructs preflight to let other potential next handlers to process the `OPTIONS` method. Turn this on if your application handles `OPTIONS`.
+* **OptionsSuccessStatus** `int`: Provides a status code to use for successful OPTIONS requests. Default value is `http.StatusNoContent` (`204`).
+* **Debug** `bool`: Debugging flag adds additional output to debug server side CORS issues.
+
+See [API documentation](http://godoc.org/github.com/rs/cors) for more info.
+
+## Benchmarks
+
+```
+goos: darwin
+goarch: arm64
+pkg: github.com/rs/cors
+BenchmarkWithout-10            	135325480	         8.124 ns/op	       0 B/op	       0 allocs/op
+BenchmarkDefault-10            	24082140	        51.40 ns/op	       0 B/op	       0 allocs/op
+BenchmarkAllowedOrigin-10      	16424518	        88.25 ns/op	       0 B/op	       0 allocs/op
+BenchmarkPreflight-10          	 8010259	       147.3 ns/op	       0 B/op	       0 allocs/op
+BenchmarkPreflightHeader-10    	 6850962	       175.0 ns/op	       0 B/op	       0 allocs/op
+BenchmarkWildcard/match-10     	253275342	         4.714 ns/op	       0 B/op	       0 allocs/op
+BenchmarkWildcard/too_short-10 	1000000000	         0.6235 ns/op	       0 B/op	       0 allocs/op
+PASS
+ok  	github.com/rs/cors	99.131s
+```
+
+## Licenses
+
+All source code is licensed under the [MIT License](https://raw.github.com/rs/cors/master/LICENSE).
diff --git a/vendor/github.com/rs/cors/cors.go b/vendor/github.com/rs/cors/cors.go
new file mode 100644
index 0000000000..da80d343b3
--- /dev/null
+++ b/vendor/github.com/rs/cors/cors.go
@@ -0,0 +1,502 @@
+/*
+Package cors is net/http handler to handle CORS related requests
+as defined by http://www.w3.org/TR/cors/
+
+You can configure it by passing an option struct to cors.New:
+
+	c := cors.New(cors.Options{
+	    AllowedOrigins:   []string{"foo.com"},
+	    AllowedMethods:   []string{http.MethodGet, http.MethodPost, http.MethodDelete},
+	    AllowCredentials: true,
+	})
+
+Then insert the handler in the chain:
+
+	handler = c.Handler(handler)
+
+See Options documentation for more options.
+
+The resulting handler is a standard net/http handler.
+*/
+package cors
+
+import (
+	"log"
+	"net/http"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/rs/cors/internal"
+)
+
+var headerVaryOrigin = []string{"Origin"}
+var headerOriginAll = []string{"*"}
+var headerTrue = []string{"true"}
+
+// Options is a configuration container to setup the CORS middleware.
+type Options struct {
+	// AllowedOrigins is a list of origins a cross-domain request can be executed from.
+	// If the special "*" value is present in the list, all origins will be allowed.
+	// An origin may contain a wildcard (*) to replace 0 or more characters
+	// (i.e.: http://*.domain.com). Usage of wildcards implies a small performance penalty.
+	// Only one wildcard can be used per origin.
+	// Default value is ["*"]
+	AllowedOrigins []string
+	// AllowOriginFunc is a custom function to validate the origin. It take the
+	// origin as argument and returns true if allowed or false otherwise. If
+	// this option is set, the content of `AllowedOrigins` is ignored.
+	AllowOriginFunc func(origin string) bool
+	// AllowOriginRequestFunc is a custom function to validate the origin. It
+	// takes the HTTP Request object and the origin as argument and returns true
+	// if allowed or false otherwise. If headers are used take the decision,
+	// consider using AllowOriginVaryRequestFunc instead. If this option is set,
+	// the contents of `AllowedOrigins`, `AllowOriginFunc` are ignored.
+	//
+	// Deprecated: use `AllowOriginVaryRequestFunc` instead.
+	AllowOriginRequestFunc func(r *http.Request, origin string) bool
+	// AllowOriginVaryRequestFunc is a custom function to validate the origin.
+	// It takes the HTTP Request object and the origin as argument and returns
+	// true if allowed or false otherwise with a list of headers used to take
+	// that decision if any so they can be added to the Vary header. If this
+	// option is set, the contents of `AllowedOrigins`, `AllowOriginFunc` and
+	// `AllowOriginRequestFunc` are ignored.
+	AllowOriginVaryRequestFunc func(r *http.Request, origin string) (bool, []string)
+	// AllowedMethods is a list of methods the client is allowed to use with
+	// cross-domain requests. Default value is simple methods (HEAD, GET and POST).
+	AllowedMethods []string
+	// AllowedHeaders is list of non simple headers the client is allowed to use with
+	// cross-domain requests.
+	// If the special "*" value is present in the list, all headers will be allowed.
+	// Default value is [].
+	AllowedHeaders []string
+	// ExposedHeaders indicates which headers are safe to expose to the API of a CORS
+	// API specification
+	ExposedHeaders []string
+	// MaxAge indicates how long (in seconds) the results of a preflight request
+	// can be cached. Default value is 0, which stands for no
+	// Access-Control-Max-Age header to be sent back, resulting in browsers
+	// using their default value (5s by spec). If you need to force a 0 max-age,
+	// set `MaxAge` to a negative value (ie: -1).
+	MaxAge int
+	// AllowCredentials indicates whether the request can include user credentials like
+	// cookies, HTTP authentication or client side SSL certificates.
+	AllowCredentials bool
+	// AllowPrivateNetwork indicates whether to accept cross-origin requests over a
+	// private network.
+	AllowPrivateNetwork bool
+	// OptionsPassthrough instructs preflight to let other potential next handlers to
+	// process the OPTIONS method. Turn this on if your application handles OPTIONS.
+	OptionsPassthrough bool
+	// Provides a status code to use for successful OPTIONS requests.
+	// Default value is http.StatusNoContent (204).
+	OptionsSuccessStatus int
+	// Debugging flag adds additional output to debug server side CORS issues
+	Debug bool
+	// Adds a custom logger, implies Debug is true
+	Logger Logger
+}
+
+// Logger generic interface for logger
+type Logger interface {
+	Printf(string, ...interface{})
+}
+
+// Cors http handler
+type Cors struct {
+	// Debug logger
+	Log Logger
+	// Normalized list of plain allowed origins
+	allowedOrigins []string
+	// List of allowed origins containing wildcards
+	allowedWOrigins []wildcard
+	// Optional origin validator function
+	allowOriginFunc func(r *http.Request, origin string) (bool, []string)
+	// Normalized list of allowed headers
+	// Note: the Fetch standard guarantees that CORS-unsafe request-header names
+	// (i.e. the values listed in the Access-Control-Request-Headers header)
+	// are unique and sorted;
+	// see https://fetch.spec.whatwg.org/#cors-unsafe-request-header-names.
+	allowedHeaders internal.SortedSet
+	// Normalized list of allowed methods
+	allowedMethods []string
+	// Pre-computed normalized list of exposed headers
+	exposedHeaders []string
+	// Pre-computed maxAge header value
+	maxAge []string
+	// Set to true when allowed origins contains a "*"
+	allowedOriginsAll bool
+	// Set to true when allowed headers contains a "*"
+	allowedHeadersAll bool
+	// Status code to use for successful OPTIONS requests
+	optionsSuccessStatus int
+	allowCredentials     bool
+	allowPrivateNetwork  bool
+	optionPassthrough    bool
+	preflightVary        []string
+}
+
+// New creates a new Cors handler with the provided options.
+func New(options Options) *Cors {
+	c := &Cors{
+		allowCredentials:    options.AllowCredentials,
+		allowPrivateNetwork: options.AllowPrivateNetwork,
+		optionPassthrough:   options.OptionsPassthrough,
+		Log:                 options.Logger,
+	}
+	if options.Debug && c.Log == nil {
+		c.Log = log.New(os.Stdout, "[cors] ", log.LstdFlags)
+	}
+
+	// Allowed origins
+	switch {
+	case options.AllowOriginVaryRequestFunc != nil:
+		c.allowOriginFunc = options.AllowOriginVaryRequestFunc
+	case options.AllowOriginRequestFunc != nil:
+		c.allowOriginFunc = func(r *http.Request, origin string) (bool, []string) {
+			return options.AllowOriginRequestFunc(r, origin), nil
+		}
+	case options.AllowOriginFunc != nil:
+		c.allowOriginFunc = func(r *http.Request, origin string) (bool, []string) {
+			return options.AllowOriginFunc(origin), nil
+		}
+	case len(options.AllowedOrigins) == 0:
+		if c.allowOriginFunc == nil {
+			// Default is all origins
+			c.allowedOriginsAll = true
+		}
+	default:
+		c.allowedOrigins = []string{}
+		c.allowedWOrigins = []wildcard{}
+		for _, origin := range options.AllowedOrigins {
+			// Note: for origins matching, the spec requires a case-sensitive matching.
+			// As it may error prone, we chose to ignore the spec here.
+			origin = strings.ToLower(origin)
+			if origin == "*" {
+				// If "*" is present in the list, turn the whole list into a match all
+				c.allowedOriginsAll = true
+				c.allowedOrigins = nil
+				c.allowedWOrigins = nil
+				break
+			} else if i := strings.IndexByte(origin, '*'); i >= 0 {
+				// Split the origin in two: start and end string without the *
+				w := wildcard{origin[0:i], origin[i+1:]}
+				c.allowedWOrigins = append(c.allowedWOrigins, w)
+			} else {
+				c.allowedOrigins = append(c.allowedOrigins, origin)
+			}
+		}
+	}
+
+	// Allowed Headers
+	// Note: the Fetch standard guarantees that CORS-unsafe request-header names
+	// (i.e. the values listed in the Access-Control-Request-Headers header)
+	// are lowercase; see https://fetch.spec.whatwg.org/#cors-unsafe-request-header-names.
+	if len(options.AllowedHeaders) == 0 {
+		// Use sensible defaults
+		c.allowedHeaders = internal.NewSortedSet("accept", "content-type", "x-requested-with")
+	} else {
+		normalized := convert(options.AllowedHeaders, strings.ToLower)
+		c.allowedHeaders = internal.NewSortedSet(normalized...)
+		for _, h := range options.AllowedHeaders {
+			if h == "*" {
+				c.allowedHeadersAll = true
+				c.allowedHeaders = internal.SortedSet{}
+				break
+			}
+		}
+	}
+
+	// Allowed Methods
+	if len(options.AllowedMethods) == 0 {
+		// Default is spec's "simple" methods
+		c.allowedMethods = []string{http.MethodGet, http.MethodPost, http.MethodHead}
+	} else {
+		c.allowedMethods = options.AllowedMethods
+	}
+
+	// Options Success Status Code
+	if options.OptionsSuccessStatus == 0 {
+		c.optionsSuccessStatus = http.StatusNoContent
+	} else {
+		c.optionsSuccessStatus = options.OptionsSuccessStatus
+	}
+
+	// Pre-compute exposed headers header value
+	if len(options.ExposedHeaders) > 0 {
+		c.exposedHeaders = []string{strings.Join(convert(options.ExposedHeaders, http.CanonicalHeaderKey), ", ")}
+	}
+
+	// Pre-compute prefight Vary header to save allocations
+	if c.allowPrivateNetwork {
+		c.preflightVary = []string{"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network"}
+	} else {
+		c.preflightVary = []string{"Origin, Access-Control-Request-Method, Access-Control-Request-Headers"}
+	}
+
+	// Precompute max-age
+	if options.MaxAge > 0 {
+		c.maxAge = []string{strconv.Itoa(options.MaxAge)}
+	} else if options.MaxAge < 0 {
+		c.maxAge = []string{"0"}
+	}
+
+	return c
+}
+
+// Default creates a new Cors handler with default options.
+func Default() *Cors {
+	return New(Options{})
+}
+
+// AllowAll create a new Cors handler with permissive configuration allowing all
+// origins with all standard methods with any header and credentials.
+func AllowAll() *Cors {
+	return New(Options{
+		AllowedOrigins: []string{"*"},
+		AllowedMethods: []string{
+			http.MethodHead,
+			http.MethodGet,
+			http.MethodPost,
+			http.MethodPut,
+			http.MethodPatch,
+			http.MethodDelete,
+		},
+		AllowedHeaders:   []string{"*"},
+		AllowCredentials: false,
+	})
+}
+
+// Handler apply the CORS specification on the request, and add relevant CORS headers
+// as necessary.
+func (c *Cors) Handler(h http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method == http.MethodOptions && r.Header.Get("Access-Control-Request-Method") != "" {
+			c.logf("Handler: Preflight request")
+			c.handlePreflight(w, r)
+			// Preflight requests are standalone and should stop the chain as some other
+			// middleware may not handle OPTIONS requests correctly. One typical example
+			// is authentication middleware ; OPTIONS requests won't carry authentication
+			// headers (see #1)
+			if c.optionPassthrough {
+				h.ServeHTTP(w, r)
+			} else {
+				w.WriteHeader(c.optionsSuccessStatus)
+			}
+		} else {
+			c.logf("Handler: Actual request")
+			c.handleActualRequest(w, r)
+			h.ServeHTTP(w, r)
+		}
+	})
+}
+
+// HandlerFunc provides Martini compatible handler
+func (c *Cors) HandlerFunc(w http.ResponseWriter, r *http.Request) {
+	if r.Method == http.MethodOptions && r.Header.Get("Access-Control-Request-Method") != "" {
+		c.logf("HandlerFunc: Preflight request")
+		c.handlePreflight(w, r)
+
+		w.WriteHeader(c.optionsSuccessStatus)
+	} else {
+		c.logf("HandlerFunc: Actual request")
+		c.handleActualRequest(w, r)
+	}
+}
+
+// Negroni compatible interface
+func (c *Cors) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
+	if r.Method == http.MethodOptions && r.Header.Get("Access-Control-Request-Method") != "" {
+		c.logf("ServeHTTP: Preflight request")
+		c.handlePreflight(w, r)
+		// Preflight requests are standalone and should stop the chain as some other
+		// middleware may not handle OPTIONS requests correctly. One typical example
+		// is authentication middleware ; OPTIONS requests won't carry authentication
+		// headers (see #1)
+		if c.optionPassthrough {
+			next(w, r)
+		} else {
+			w.WriteHeader(c.optionsSuccessStatus)
+		}
+	} else {
+		c.logf("ServeHTTP: Actual request")
+		c.handleActualRequest(w, r)
+		next(w, r)
+	}
+}
+
+// handlePreflight handles pre-flight CORS requests
+func (c *Cors) handlePreflight(w http.ResponseWriter, r *http.Request) {
+	headers := w.Header()
+	origin := r.Header.Get("Origin")
+
+	if r.Method != http.MethodOptions {
+		c.logf("  Preflight aborted: %s!=OPTIONS", r.Method)
+		return
+	}
+	// Always set Vary headers
+	// see https://github.com/rs/cors/issues/10,
+	//     https://github.com/rs/cors/commit/dbdca4d95feaa7511a46e6f1efb3b3aa505bc43f#commitcomment-12352001
+	if vary, found := headers["Vary"]; found {
+		headers["Vary"] = append(vary, c.preflightVary[0])
+	} else {
+		headers["Vary"] = c.preflightVary
+	}
+	allowed, additionalVaryHeaders := c.isOriginAllowed(r, origin)
+	if len(additionalVaryHeaders) > 0 {
+		headers.Add("Vary", strings.Join(convert(additionalVaryHeaders, http.CanonicalHeaderKey), ", "))
+	}
+
+	if origin == "" {
+		c.logf("  Preflight aborted: empty origin")
+		return
+	}
+	if !allowed {
+		c.logf("  Preflight aborted: origin '%s' not allowed", origin)
+		return
+	}
+
+	reqMethod := r.Header.Get("Access-Control-Request-Method")
+	if !c.isMethodAllowed(reqMethod) {
+		c.logf("  Preflight aborted: method '%s' not allowed", reqMethod)
+		return
+	}
+	// Note: the Fetch standard guarantees that at most one
+	// Access-Control-Request-Headers header is present in the preflight request;
+	// see step 5.2 in https://fetch.spec.whatwg.org/#cors-preflight-fetch-0.
+	reqHeaders, found := first(r.Header, "Access-Control-Request-Headers")
+	if found && !c.allowedHeadersAll && !c.allowedHeaders.Subsumes(reqHeaders[0]) {
+		c.logf("  Preflight aborted: headers '%v' not allowed", reqHeaders[0])
+		return
+	}
+	if c.allowedOriginsAll {
+		headers["Access-Control-Allow-Origin"] = headerOriginAll
+	} else {
+		headers["Access-Control-Allow-Origin"] = r.Header["Origin"]
+	}
+	// Spec says: Since the list of methods can be unbounded, simply returning the method indicated
+	// by Access-Control-Request-Method (if supported) can be enough
+	headers["Access-Control-Allow-Methods"] = r.Header["Access-Control-Request-Method"]
+	if found && len(reqHeaders[0]) > 0 {
+		// Spec says: Since the list of headers can be unbounded, simply returning supported headers
+		// from Access-Control-Request-Headers can be enough
+		headers["Access-Control-Allow-Headers"] = reqHeaders
+	}
+	if c.allowCredentials {
+		headers["Access-Control-Allow-Credentials"] = headerTrue
+	}
+	if c.allowPrivateNetwork && r.Header.Get("Access-Control-Request-Private-Network") == "true" {
+		headers["Access-Control-Allow-Private-Network"] = headerTrue
+	}
+	if len(c.maxAge) > 0 {
+		headers["Access-Control-Max-Age"] = c.maxAge
+	}
+	if c.Log != nil {
+		c.logf("  Preflight response headers: %v", headers)
+	}
+}
+
+// handleActualRequest handles simple cross-origin requests, actual request or redirects
+func (c *Cors) handleActualRequest(w http.ResponseWriter, r *http.Request) {
+	headers := w.Header()
+	origin := r.Header.Get("Origin")
+
+	allowed, additionalVaryHeaders := c.isOriginAllowed(r, origin)
+
+	// Always set Vary, see https://github.com/rs/cors/issues/10
+	if vary := headers["Vary"]; vary == nil {
+		headers["Vary"] = headerVaryOrigin
+	} else {
+		headers["Vary"] = append(vary, headerVaryOrigin[0])
+	}
+	if len(additionalVaryHeaders) > 0 {
+		headers.Add("Vary", strings.Join(convert(additionalVaryHeaders, http.CanonicalHeaderKey), ", "))
+	}
+	if origin == "" {
+		c.logf("  Actual request no headers added: missing origin")
+		return
+	}
+	if !allowed {
+		c.logf("  Actual request no headers added: origin '%s' not allowed", origin)
+		return
+	}
+
+	// Note that spec does define a way to specifically disallow a simple method like GET or
+	// POST. Access-Control-Allow-Methods is only used for pre-flight requests and the
+	// spec doesn't instruct to check the allowed methods for simple cross-origin requests.
+	// We think it's a nice feature to be able to have control on those methods though.
+	if !c.isMethodAllowed(r.Method) {
+		c.logf("  Actual request no headers added: method '%s' not allowed", r.Method)
+		return
+	}
+	if c.allowedOriginsAll {
+		headers["Access-Control-Allow-Origin"] = headerOriginAll
+	} else {
+		headers["Access-Control-Allow-Origin"] = r.Header["Origin"]
+	}
+	if len(c.exposedHeaders) > 0 {
+		headers["Access-Control-Expose-Headers"] = c.exposedHeaders
+	}
+	if c.allowCredentials {
+		headers["Access-Control-Allow-Credentials"] = headerTrue
+	}
+	if c.Log != nil {
+		c.logf("  Actual response added headers: %v", headers)
+	}
+}
+
+// convenience method. checks if a logger is set.
+func (c *Cors) logf(format string, a ...interface{}) {
+	if c.Log != nil {
+		c.Log.Printf(format, a...)
+	}
+}
+
+// check the Origin of a request. No origin at all is also allowed.
+func (c *Cors) OriginAllowed(r *http.Request) bool {
+	origin := r.Header.Get("Origin")
+	allowed, _ := c.isOriginAllowed(r, origin)
+	return allowed
+}
+
+// isOriginAllowed checks if a given origin is allowed to perform cross-domain requests
+// on the endpoint
+func (c *Cors) isOriginAllowed(r *http.Request, origin string) (allowed bool, varyHeaders []string) {
+	if c.allowOriginFunc != nil {
+		return c.allowOriginFunc(r, origin)
+	}
+	if c.allowedOriginsAll {
+		return true, nil
+	}
+	origin = strings.ToLower(origin)
+	for _, o := range c.allowedOrigins {
+		if o == origin {
+			return true, nil
+		}
+	}
+	for _, w := range c.allowedWOrigins {
+		if w.match(origin) {
+			return true, nil
+		}
+	}
+	return false, nil
+}
+
+// isMethodAllowed checks if a given method can be used as part of a cross-domain request
+// on the endpoint
+func (c *Cors) isMethodAllowed(method string) bool {
+	if len(c.allowedMethods) == 0 {
+		// If no method allowed, always return false, even for preflight request
+		return false
+	}
+	if method == http.MethodOptions {
+		// Always allow preflight requests
+		return true
+	}
+	for _, m := range c.allowedMethods {
+		if m == method {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/rs/cors/internal/sortedset.go b/vendor/github.com/rs/cors/internal/sortedset.go
new file mode 100644
index 0000000000..513da20f7d
--- /dev/null
+++ b/vendor/github.com/rs/cors/internal/sortedset.go
@@ -0,0 +1,113 @@
+// adapted from github.com/jub0bs/cors
+package internal
+
+import (
+	"sort"
+	"strings"
+)
+
+// A SortedSet represents a mathematical set of strings sorted in
+// lexicographical order.
+// Each element has a unique position ranging from 0 (inclusive)
+// to the set's cardinality (exclusive).
+// The zero value represents an empty set.
+type SortedSet struct {
+	m      map[string]int
+	maxLen int
+}
+
+// NewSortedSet returns a SortedSet that contains all of elems,
+// but no other elements.
+func NewSortedSet(elems ...string) SortedSet {
+	sort.Strings(elems)
+	m := make(map[string]int)
+	var maxLen int
+	i := 0
+	for _, s := range elems {
+		if _, exists := m[s]; exists {
+			continue
+		}
+		m[s] = i
+		i++
+		maxLen = max(maxLen, len(s))
+	}
+	return SortedSet{
+		m:      m,
+		maxLen: maxLen,
+	}
+}
+
+// Size returns the cardinality of set.
+func (set SortedSet) Size() int {
+	return len(set.m)
+}
+
+// String sorts joins the elements of set (in lexicographical order)
+// with a comma and returns the resulting string.
+func (set SortedSet) String() string {
+	elems := make([]string, len(set.m))
+	for elem, i := range set.m {
+		elems[i] = elem // safe indexing, by construction of SortedSet
+	}
+	return strings.Join(elems, ",")
+}
+
+// Subsumes reports whether csv is a sequence of comma-separated names that are
+//   - all elements of set,
+//   - sorted in lexicographically order,
+//   - unique.
+func (set SortedSet) Subsumes(csv string) bool {
+	if csv == "" {
+		return true
+	}
+	posOfLastNameSeen := -1
+	chunkSize := set.maxLen + 1 // (to accommodate for at least one comma)
+	for {
+		// As a defense against maliciously long names in csv,
+		// we only process at most chunkSize bytes per iteration.
+		end := min(len(csv), chunkSize)
+		comma := strings.IndexByte(csv[:end], ',')
+		var name string
+		if comma == -1 {
+			name = csv
+		} else {
+			name = csv[:comma]
+		}
+		pos, found := set.m[name]
+		if !found {
+			return false
+		}
+		// The names in csv are expected to be sorted in lexicographical order
+		// and appear at most once in csv.
+		// Therefore, the positions (in set) of the names that
+		// appear in csv should form a strictly increasing sequence.
+		// If that's not actually the case, bail out.
+		if pos <= posOfLastNameSeen {
+			return false
+		}
+		posOfLastNameSeen = pos
+		if comma < 0 { // We've now processed all the names in csv.
+			break
+		}
+		csv = csv[comma+1:]
+	}
+	return true
+}
+
+// TODO: when updating go directive to 1.21 or later,
+// use min builtin instead.
+func min(a, b int) int {
+	if a < b {
+		return a
+	}
+	return b
+}
+
+// TODO: when updating go directive to 1.21 or later,
+// use max builtin instead.
+func max(a, b int) int {
+	if a > b {
+		return a
+	}
+	return b
+}
diff --git a/vendor/github.com/rs/cors/utils.go b/vendor/github.com/rs/cors/utils.go
new file mode 100644
index 0000000000..7019f45cd9
--- /dev/null
+++ b/vendor/github.com/rs/cors/utils.go
@@ -0,0 +1,34 @@
+package cors
+
+import (
+	"net/http"
+	"strings"
+)
+
+type wildcard struct {
+	prefix string
+	suffix string
+}
+
+func (w wildcard) match(s string) bool {
+	return len(s) >= len(w.prefix)+len(w.suffix) &&
+		strings.HasPrefix(s, w.prefix) &&
+		strings.HasSuffix(s, w.suffix)
+}
+
+// convert converts a list of string using the passed converter function
+func convert(s []string, f func(string) string) []string {
+	out := make([]string, len(s))
+	for i := range s {
+		out[i] = f(s[i])
+	}
+	return out
+}
+
+func first(hdrs http.Header, k string) ([]string, bool) {
+	v, found := hdrs[k]
+	if !found || len(v) == 0 {
+		return nil, false
+	}
+	return v[:1], true
+}
diff --git a/vendor/github.com/stretchr/objx/README.md b/vendor/github.com/stretchr/objx/README.md
index 246660b21a..78dc1f8b03 100644
--- a/vendor/github.com/stretchr/objx/README.md
+++ b/vendor/github.com/stretchr/objx/README.md
@@ -4,20 +4,20 @@
 [![Maintainability](https://api.codeclimate.com/v1/badges/1d64bc6c8474c2074f2b/maintainability)](https://codeclimate.com/github/stretchr/objx/maintainability)
 [![Test Coverage](https://api.codeclimate.com/v1/badges/1d64bc6c8474c2074f2b/test_coverage)](https://codeclimate.com/github/stretchr/objx/test_coverage)
 [![Sourcegraph](https://sourcegraph.com/github.com/stretchr/objx/-/badge.svg)](https://sourcegraph.com/github.com/stretchr/objx)
-[![GoDoc](https://godoc.org/github.com/stretchr/objx?status.svg)](https://godoc.org/github.com/stretchr/objx)
+[![GoDoc](https://pkg.go.dev/badge/github.com/stretchr/objx?utm_source=godoc)](https://pkg.go.dev/github.com/stretchr/objx)
 
 Objx - Go package for dealing with maps, slices, JSON and other data.
 
 Get started:
 
 - Install Objx with [one line of code](#installation), or [update it with another](#staying-up-to-date)
-- Check out the API Documentation http://godoc.org/github.com/stretchr/objx
+- Check out the API Documentation http://pkg.go.dev/github.com/stretchr/objx
 
 ## Overview
 Objx provides the `objx.Map` type, which is a `map[string]interface{}` that exposes a powerful `Get` method (among others) that allows you to easily and quickly get access to data within the map, without having to worry too much about type assertions, missing data, default values etc.
 
 ### Pattern
-Objx uses a preditable pattern to make access data from within `map[string]interface{}` easy. Call one of the `objx.` functions to create your `objx.Map` to get going:
+Objx uses a predictable pattern to make access data from within `map[string]interface{}` easy. Call one of the `objx.` functions to create your `objx.Map` to get going:
 
     m, err := objx.FromJSON(json)
 
@@ -74,7 +74,7 @@ To update Objx to the latest version, run:
     go get -u github.com/stretchr/objx
 
 ### Supported go versions
-We support the lastest three major Go versions, which are 1.10, 1.11 and 1.12 at the moment.
+We currently support the three recent major Go versions.
 
 ## Contributing
 Please feel free to submit issues, fork the repository and send pull requests!
diff --git a/vendor/github.com/stretchr/objx/Taskfile.yml b/vendor/github.com/stretchr/objx/Taskfile.yml
index 7746f516da..8a79e8d674 100644
--- a/vendor/github.com/stretchr/objx/Taskfile.yml
+++ b/vendor/github.com/stretchr/objx/Taskfile.yml
@@ -1,7 +1,4 @@
-version: '2'
-
-env:
-  GOFLAGS: -mod=vendor
+version: '3'
 
 tasks:
   default:
diff --git a/vendor/github.com/stretchr/objx/accessors.go b/vendor/github.com/stretchr/objx/accessors.go
index 4c60455886..72f1d1c1ce 100644
--- a/vendor/github.com/stretchr/objx/accessors.go
+++ b/vendor/github.com/stretchr/objx/accessors.go
@@ -14,17 +14,17 @@ const (
 	// For example, `location.address.city`
 	PathSeparator string = "."
 
-	// arrayAccesRegexString is the regex used to extract the array number
+	// arrayAccessRegexString is the regex used to extract the array number
 	// from the access path
-	arrayAccesRegexString = `^(.+)\[([0-9]+)\]$`
+	arrayAccessRegexString = `^(.+)\[([0-9]+)\]$`
 
 	// mapAccessRegexString is the regex used to extract the map key
 	// from the access path
 	mapAccessRegexString = `^([^\[]*)\[([^\]]+)\](.*)$`
 )
 
-// arrayAccesRegex is the compiled arrayAccesRegexString
-var arrayAccesRegex = regexp.MustCompile(arrayAccesRegexString)
+// arrayAccessRegex is the compiled arrayAccessRegexString
+var arrayAccessRegex = regexp.MustCompile(arrayAccessRegexString)
 
 // mapAccessRegex is the compiled mapAccessRegexString
 var mapAccessRegex = regexp.MustCompile(mapAccessRegexString)
@@ -37,11 +37,11 @@ var mapAccessRegex = regexp.MustCompile(mapAccessRegexString)
 //
 // Get can only operate directly on map[string]interface{} and []interface.
 //
-// Example
+// # Example
 //
 // To access the title of the third chapter of the second book, do:
 //
-//    o.Get("books[1].chapters[2].title")
+//	o.Get("books[1].chapters[2].title")
 func (m Map) Get(selector string) *Value {
 	rawObj := access(m, selector, nil, false)
 	return &Value{data: rawObj}
@@ -52,26 +52,26 @@ func (m Map) Get(selector string) *Value {
 //
 // Set can only operate directly on map[string]interface{} and []interface
 //
-// Example
+// # Example
 //
 // To set the title of the third chapter of the second book, do:
 //
-//    o.Set("books[1].chapters[2].title","Time to Go")
+//	o.Set("books[1].chapters[2].title","Time to Go")
 func (m Map) Set(selector string, value interface{}) Map {
 	access(m, selector, value, true)
 	return m
 }
 
-// getIndex returns the index, which is hold in s by two braches.
-// It also returns s withour the index part, e.g. name[1] will return (1, name).
+// getIndex returns the index, which is hold in s by two branches.
+// It also returns s without the index part, e.g. name[1] will return (1, name).
 // If no index is found, -1 is returned
 func getIndex(s string) (int, string) {
-	arrayMatches := arrayAccesRegex.FindStringSubmatch(s)
+	arrayMatches := arrayAccessRegex.FindStringSubmatch(s)
 	if len(arrayMatches) > 0 {
 		// Get the key into the map
 		selector := arrayMatches[1]
 		// Get the index into the array at the key
-		// We know this cannt fail because arrayMatches[2] is an int for sure
+		// We know this can't fail because arrayMatches[2] is an int for sure
 		index, _ := strconv.Atoi(arrayMatches[2])
 		return index, selector
 	}
diff --git a/vendor/github.com/stretchr/objx/conversions.go b/vendor/github.com/stretchr/objx/conversions.go
index 080aa46e47..01c63d7d3b 100644
--- a/vendor/github.com/stretchr/objx/conversions.go
+++ b/vendor/github.com/stretchr/objx/conversions.go
@@ -15,7 +15,7 @@ import (
 const SignatureSeparator = "_"
 
 // URLValuesSliceKeySuffix is the character that is used to
-// specify a suffic for slices parsed by URLValues.
+// specify a suffix for slices parsed by URLValues.
 // If the suffix is set to "[i]", then the index of the slice
 // is used in place of i
 // Ex: Suffix "[]" would have the form a[]=b&a[]=c
@@ -30,7 +30,7 @@ const (
 )
 
 // SetURLValuesSliceKeySuffix sets the character that is used to
-// specify a suffic for slices parsed by URLValues.
+// specify a suffix for slices parsed by URLValues.
 // If the suffix is set to "[i]", then the index of the slice
 // is used in place of i
 // Ex: Suffix "[]" would have the form a[]=b&a[]=c
diff --git a/vendor/github.com/stretchr/objx/doc.go b/vendor/github.com/stretchr/objx/doc.go
index 6d6af1a83a..b170af74b3 100644
--- a/vendor/github.com/stretchr/objx/doc.go
+++ b/vendor/github.com/stretchr/objx/doc.go
@@ -1,19 +1,19 @@
 /*
-Objx - Go package for dealing with maps, slices, JSON and other data.
+Package objx provides utilities for dealing with maps, slices, JSON and other data.
 
-Overview
+# Overview
 
 Objx provides the `objx.Map` type, which is a `map[string]interface{}` that exposes
 a powerful `Get` method (among others) that allows you to easily and quickly get
 access to data within the map, without having to worry too much about type assertions,
 missing data, default values etc.
 
-Pattern
+# Pattern
 
-Objx uses a preditable pattern to make access data from within `map[string]interface{}` easy.
+Objx uses a predictable pattern to make access data from within `map[string]interface{}` easy.
 Call one of the `objx.` functions to create your `objx.Map` to get going:
 
-    m, err := objx.FromJSON(json)
+	m, err := objx.FromJSON(json)
 
 NOTE: Any methods or functions with the `Must` prefix will panic if something goes wrong,
 the rest will be optimistic and try to figure things out without panicking.
@@ -21,46 +21,46 @@ the rest will be optimistic and try to figure things out without panicking.
 Use `Get` to access the value you're interested in.  You can use dot and array
 notation too:
 
-     m.Get("places[0].latlng")
+	m.Get("places[0].latlng")
 
 Once you have sought the `Value` you're interested in, you can use the `Is*` methods to determine its type.
 
-     if m.Get("code").IsStr() { // Your code... }
+	if m.Get("code").IsStr() { // Your code... }
 
 Or you can just assume the type, and use one of the strong type methods to extract the real value:
 
-   m.Get("code").Int()
+	m.Get("code").Int()
 
 If there's no value there (or if it's the wrong type) then a default value will be returned,
 or you can be explicit about the default value.
 
-     Get("code").Int(-1)
+	Get("code").Int(-1)
 
 If you're dealing with a slice of data as a value, Objx provides many useful methods for iterating,
 manipulating and selecting that data.  You can find out more by exploring the index below.
 
-Reading data
+# Reading data
 
 A simple example of how to use Objx:
 
-   // Use MustFromJSON to make an objx.Map from some JSON
-   m := objx.MustFromJSON(`{"name": "Mat", "age": 30}`)
+	// Use MustFromJSON to make an objx.Map from some JSON
+	m := objx.MustFromJSON(`{"name": "Mat", "age": 30}`)
 
-   // Get the details
-   name := m.Get("name").Str()
-   age := m.Get("age").Int()
+	// Get the details
+	name := m.Get("name").Str()
+	age := m.Get("age").Int()
 
-   // Get their nickname (or use their name if they don't have one)
-   nickname := m.Get("nickname").Str(name)
+	// Get their nickname (or use their name if they don't have one)
+	nickname := m.Get("nickname").Str(name)
 
-Ranging
+# Ranging
 
 Since `objx.Map` is a `map[string]interface{}` you can treat it as such.
 For example, to `range` the data, do what you would expect:
 
-    m := objx.MustFromJSON(json)
-    for key, value := range m {
-      // Your code...
-    }
+	m := objx.MustFromJSON(json)
+	for key, value := range m {
+	  // Your code...
+	}
 */
 package objx
diff --git a/vendor/github.com/stretchr/objx/map.go b/vendor/github.com/stretchr/objx/map.go
index a64712a08b..ab9f9ae67c 100644
--- a/vendor/github.com/stretchr/objx/map.go
+++ b/vendor/github.com/stretchr/objx/map.go
@@ -47,17 +47,16 @@ func New(data interface{}) Map {
 //
 // The arguments follow a key, value pattern.
 //
-//
 // Returns nil if any key argument is non-string or if there are an odd number of arguments.
 //
-// Example
+// # Example
 //
 // To easily create Maps:
 //
-//     m := objx.MSI("name", "Mat", "age", 29, "subobj", objx.MSI("active", true))
+//	m := objx.MSI("name", "Mat", "age", 29, "subobj", objx.MSI("active", true))
 //
-//     // creates an Map equivalent to
-//     m := objx.Map{"name": "Mat", "age": 29, "subobj": objx.Map{"active": true}}
+//	// creates an Map equivalent to
+//	m := objx.Map{"name": "Mat", "age": 29, "subobj": objx.Map{"active": true}}
 func MSI(keyAndValuePairs ...interface{}) Map {
 	newMap := Map{}
 	keyAndValuePairsLen := len(keyAndValuePairs)
diff --git a/vendor/github.com/stretchr/testify/assert/assertion_compare.go b/vendor/github.com/stretchr/testify/assert/assertion_compare.go
index b774da88d8..4d4b4aad6f 100644
--- a/vendor/github.com/stretchr/testify/assert/assertion_compare.go
+++ b/vendor/github.com/stretchr/testify/assert/assertion_compare.go
@@ -28,6 +28,8 @@ var (
 	uint32Type = reflect.TypeOf(uint32(1))
 	uint64Type = reflect.TypeOf(uint64(1))
 
+	uintptrType = reflect.TypeOf(uintptr(1))
+
 	float32Type = reflect.TypeOf(float32(1))
 	float64Type = reflect.TypeOf(float64(1))
 
@@ -308,11 +310,11 @@ func compare(obj1, obj2 interface{}, kind reflect.Kind) (CompareType, bool) {
 	case reflect.Struct:
 		{
 			// All structs enter here. We're not interested in most types.
-			if !canConvert(obj1Value, timeType) {
+			if !obj1Value.CanConvert(timeType) {
 				break
 			}
 
-			// time.Time can compared!
+			// time.Time can be compared!
 			timeObj1, ok := obj1.(time.Time)
 			if !ok {
 				timeObj1 = obj1Value.Convert(timeType).Interface().(time.Time)
@@ -328,7 +330,7 @@ func compare(obj1, obj2 interface{}, kind reflect.Kind) (CompareType, bool) {
 	case reflect.Slice:
 		{
 			// We only care about the []byte type.
-			if !canConvert(obj1Value, bytesType) {
+			if !obj1Value.CanConvert(bytesType) {
 				break
 			}
 
@@ -345,6 +347,26 @@ func compare(obj1, obj2 interface{}, kind reflect.Kind) (CompareType, bool) {
 
 			return CompareType(bytes.Compare(bytesObj1, bytesObj2)), true
 		}
+	case reflect.Uintptr:
+		{
+			uintptrObj1, ok := obj1.(uintptr)
+			if !ok {
+				uintptrObj1 = obj1Value.Convert(uintptrType).Interface().(uintptr)
+			}
+			uintptrObj2, ok := obj2.(uintptr)
+			if !ok {
+				uintptrObj2 = obj2Value.Convert(uintptrType).Interface().(uintptr)
+			}
+			if uintptrObj1 > uintptrObj2 {
+				return compareGreater, true
+			}
+			if uintptrObj1 == uintptrObj2 {
+				return compareEqual, true
+			}
+			if uintptrObj1 < uintptrObj2 {
+				return compareLess, true
+			}
+		}
 	}
 
 	return compareEqual, false
diff --git a/vendor/github.com/stretchr/testify/assert/assertion_compare_can_convert.go b/vendor/github.com/stretchr/testify/assert/assertion_compare_can_convert.go
deleted file mode 100644
index da867903e2..0000000000
--- a/vendor/github.com/stretchr/testify/assert/assertion_compare_can_convert.go
+++ /dev/null
@@ -1,16 +0,0 @@
-//go:build go1.17
-// +build go1.17
-
-// TODO: once support for Go 1.16 is dropped, this file can be
-//       merged/removed with assertion_compare_go1.17_test.go and
-//       assertion_compare_legacy.go
-
-package assert
-
-import "reflect"
-
-// Wrapper around reflect.Value.CanConvert, for compatibility
-// reasons.
-func canConvert(value reflect.Value, to reflect.Type) bool {
-	return value.CanConvert(to)
-}
diff --git a/vendor/github.com/stretchr/testify/assert/assertion_compare_legacy.go b/vendor/github.com/stretchr/testify/assert/assertion_compare_legacy.go
deleted file mode 100644
index 1701af2a3c..0000000000
--- a/vendor/github.com/stretchr/testify/assert/assertion_compare_legacy.go
+++ /dev/null
@@ -1,16 +0,0 @@
-//go:build !go1.17
-// +build !go1.17
-
-// TODO: once support for Go 1.16 is dropped, this file can be
-//       merged/removed with assertion_compare_go1.17_test.go and
-//       assertion_compare_can_convert.go
-
-package assert
-
-import "reflect"
-
-// Older versions of Go does not have the reflect.Value.CanConvert
-// method.
-func canConvert(value reflect.Value, to reflect.Type) bool {
-	return false
-}
diff --git a/vendor/github.com/stretchr/testify/assert/assertion_format.go b/vendor/github.com/stretchr/testify/assert/assertion_format.go
index 84dbd6c790..3ddab109ad 100644
--- a/vendor/github.com/stretchr/testify/assert/assertion_format.go
+++ b/vendor/github.com/stretchr/testify/assert/assertion_format.go
@@ -1,7 +1,4 @@
-/*
-* CODE GENERATED AUTOMATICALLY WITH github.com/stretchr/testify/_codegen
-* THIS FILE MUST NOT BE EDITED BY HAND
- */
+// Code generated with github.com/stretchr/testify/_codegen; DO NOT EDIT.
 
 package assert
 
@@ -107,7 +104,7 @@ func EqualExportedValuesf(t TestingT, expected interface{}, actual interface{},
 	return EqualExportedValues(t, expected, actual, append([]interface{}{msg}, args...)...)
 }
 
-// EqualValuesf asserts that two objects are equal or convertable to the same types
+// EqualValuesf asserts that two objects are equal or convertible to the same types
 // and equal.
 //
 //	assert.EqualValuesf(t, uint32(123), int32(123), "error message %s", "formatted")
@@ -616,6 +613,16 @@ func NotErrorIsf(t TestingT, err error, target error, msg string, args ...interf
 	return NotErrorIs(t, err, target, append([]interface{}{msg}, args...)...)
 }
 
+// NotImplementsf asserts that an object does not implement the specified interface.
+//
+//	assert.NotImplementsf(t, (*MyInterface)(nil), new(MyObject), "error message %s", "formatted")
+func NotImplementsf(t TestingT, interfaceObject interface{}, object interface{}, msg string, args ...interface{}) bool {
+	if h, ok := t.(tHelper); ok {
+		h.Helper()
+	}
+	return NotImplements(t, interfaceObject, object, append([]interface{}{msg}, args...)...)
+}
+
 // NotNilf asserts that the specified object is not nil.
 //
 //	assert.NotNilf(t, err, "error message %s", "formatted")
@@ -660,10 +667,12 @@ func NotSamef(t TestingT, expected interface{}, actual interface{}, msg string,
 	return NotSame(t, expected, actual, append([]interface{}{msg}, args...)...)
 }
 
-// NotSubsetf asserts that the specified list(array, slice...) contains not all
-// elements given in the specified subset(array, slice...).
+// NotSubsetf asserts that the specified list(array, slice...) or map does NOT
+// contain all elements given in the specified subset list(array, slice...) or
+// map.
 //
-//	assert.NotSubsetf(t, [1, 3, 4], [1, 2], "But [1, 3, 4] does not contain [1, 2]", "error message %s", "formatted")
+//	assert.NotSubsetf(t, [1, 3, 4], [1, 2], "error message %s", "formatted")
+//	assert.NotSubsetf(t, {"x": 1, "y": 2}, {"z": 3}, "error message %s", "formatted")
 func NotSubsetf(t TestingT, list interface{}, subset interface{}, msg string, args ...interface{}) bool {
 	if h, ok := t.(tHelper); ok {
 		h.Helper()
@@ -747,10 +756,11 @@ func Samef(t TestingT, expected interface{}, actual interface{}, msg string, arg
 	return Same(t, expected, actual, append([]interface{}{msg}, args...)...)
 }
 
-// Subsetf asserts that the specified list(array, slice...) contains all
-// elements given in the specified subset(array, slice...).
+// Subsetf asserts that the specified list(array, slice...) or map contains all
+// elements given in the specified subset list(array, slice...) or map.
 //
-//	assert.Subsetf(t, [1, 2, 3], [1, 2], "But [1, 2, 3] does contain [1, 2]", "error message %s", "formatted")
+//	assert.Subsetf(t, [1, 2, 3], [1, 2], "error message %s", "formatted")
+//	assert.Subsetf(t, {"x": 1, "y": 2}, {"x": 1}, "error message %s", "formatted")
 func Subsetf(t TestingT, list interface{}, subset interface{}, msg string, args ...interface{}) bool {
 	if h, ok := t.(tHelper); ok {
 		h.Helper()
diff --git a/vendor/github.com/stretchr/testify/assert/assertion_forward.go b/vendor/github.com/stretchr/testify/assert/assertion_forward.go
index b1d94aec53..a84e09bd40 100644
--- a/vendor/github.com/stretchr/testify/assert/assertion_forward.go
+++ b/vendor/github.com/stretchr/testify/assert/assertion_forward.go
@@ -1,7 +1,4 @@
-/*
-* CODE GENERATED AUTOMATICALLY WITH github.com/stretchr/testify/_codegen
-* THIS FILE MUST NOT BE EDITED BY HAND
- */
+// Code generated with github.com/stretchr/testify/_codegen; DO NOT EDIT.
 
 package assert
 
@@ -189,7 +186,7 @@ func (a *Assertions) EqualExportedValuesf(expected interface{}, actual interface
 	return EqualExportedValuesf(a.t, expected, actual, msg, args...)
 }
 
-// EqualValues asserts that two objects are equal or convertable to the same types
+// EqualValues asserts that two objects are equal or convertible to the same types
 // and equal.
 //
 //	a.EqualValues(uint32(123), int32(123))
@@ -200,7 +197,7 @@ func (a *Assertions) EqualValues(expected interface{}, actual interface{}, msgAn
 	return EqualValues(a.t, expected, actual, msgAndArgs...)
 }
 
-// EqualValuesf asserts that two objects are equal or convertable to the same types
+// EqualValuesf asserts that two objects are equal or convertible to the same types
 // and equal.
 //
 //	a.EqualValuesf(uint32(123), int32(123), "error message %s", "formatted")
@@ -1221,6 +1218,26 @@ func (a *Assertions) NotErrorIsf(err error, target error, msg string, args ...in
 	return NotErrorIsf(a.t, err, target, msg, args...)
 }
 
+// NotImplements asserts that an object does not implement the specified interface.
+//
+//	a.NotImplements((*MyInterface)(nil), new(MyObject))
+func (a *Assertions) NotImplements(interfaceObject interface{}, object interface{}, msgAndArgs ...interface{}) bool {
+	if h, ok := a.t.(tHelper); ok {
+		h.Helper()
+	}
+	return NotImplements(a.t, interfaceObject, object, msgAndArgs...)
+}
+
+// NotImplementsf asserts that an object does not implement the specified interface.
+//
+//	a.NotImplementsf((*MyInterface)(nil), new(MyObject), "error message %s", "formatted")
+func (a *Assertions) NotImplementsf(interfaceObject interface{}, object interface{}, msg string, args ...interface{}) bool {
+	if h, ok := a.t.(tHelper); ok {
+		h.Helper()
+	}
+	return NotImplementsf(a.t, interfaceObject, object, msg, args...)
+}
+
 // NotNil asserts that the specified object is not nil.
 //
 //	a.NotNil(err)
@@ -1309,10 +1326,12 @@ func (a *Assertions) NotSamef(expected interface{}, actual interface{}, msg stri
 	return NotSamef(a.t, expected, actual, msg, args...)
 }
 
-// NotSubset asserts that the specified list(array, slice...) contains not all
-// elements given in the specified subset(array, slice...).
+// NotSubset asserts that the specified list(array, slice...) or map does NOT
+// contain all elements given in the specified subset list(array, slice...) or
+// map.
 //
-//	a.NotSubset([1, 3, 4], [1, 2], "But [1, 3, 4] does not contain [1, 2]")
+//	a.NotSubset([1, 3, 4], [1, 2])
+//	a.NotSubset({"x": 1, "y": 2}, {"z": 3})
 func (a *Assertions) NotSubset(list interface{}, subset interface{}, msgAndArgs ...interface{}) bool {
 	if h, ok := a.t.(tHelper); ok {
 		h.Helper()
@@ -1320,10 +1339,12 @@ func (a *Assertions) NotSubset(list interface{}, subset interface{}, msgAndArgs
 	return NotSubset(a.t, list, subset, msgAndArgs...)
 }
 
-// NotSubsetf asserts that the specified list(array, slice...) contains not all
-// elements given in the specified subset(array, slice...).
+// NotSubsetf asserts that the specified list(array, slice...) or map does NOT
+// contain all elements given in the specified subset list(array, slice...) or
+// map.
 //
-//	a.NotSubsetf([1, 3, 4], [1, 2], "But [1, 3, 4] does not contain [1, 2]", "error message %s", "formatted")
+//	a.NotSubsetf([1, 3, 4], [1, 2], "error message %s", "formatted")
+//	a.NotSubsetf({"x": 1, "y": 2}, {"z": 3}, "error message %s", "formatted")
 func (a *Assertions) NotSubsetf(list interface{}, subset interface{}, msg string, args ...interface{}) bool {
 	if h, ok := a.t.(tHelper); ok {
 		h.Helper()
@@ -1483,10 +1504,11 @@ func (a *Assertions) Samef(expected interface{}, actual interface{}, msg string,
 	return Samef(a.t, expected, actual, msg, args...)
 }
 
-// Subset asserts that the specified list(array, slice...) contains all
-// elements given in the specified subset(array, slice...).
+// Subset asserts that the specified list(array, slice...) or map contains all
+// elements given in the specified subset list(array, slice...) or map.
 //
-//	a.Subset([1, 2, 3], [1, 2], "But [1, 2, 3] does contain [1, 2]")
+//	a.Subset([1, 2, 3], [1, 2])
+//	a.Subset({"x": 1, "y": 2}, {"x": 1})
 func (a *Assertions) Subset(list interface{}, subset interface{}, msgAndArgs ...interface{}) bool {
 	if h, ok := a.t.(tHelper); ok {
 		h.Helper()
@@ -1494,10 +1516,11 @@ func (a *Assertions) Subset(list interface{}, subset interface{}, msgAndArgs ...
 	return Subset(a.t, list, subset, msgAndArgs...)
 }
 
-// Subsetf asserts that the specified list(array, slice...) contains all
-// elements given in the specified subset(array, slice...).
+// Subsetf asserts that the specified list(array, slice...) or map contains all
+// elements given in the specified subset list(array, slice...) or map.
 //
-//	a.Subsetf([1, 2, 3], [1, 2], "But [1, 2, 3] does contain [1, 2]", "error message %s", "formatted")
+//	a.Subsetf([1, 2, 3], [1, 2], "error message %s", "formatted")
+//	a.Subsetf({"x": 1, "y": 2}, {"x": 1}, "error message %s", "formatted")
 func (a *Assertions) Subsetf(list interface{}, subset interface{}, msg string, args ...interface{}) bool {
 	if h, ok := a.t.(tHelper); ok {
 		h.Helper()
diff --git a/vendor/github.com/stretchr/testify/assert/assertions.go b/vendor/github.com/stretchr/testify/assert/assertions.go
index a55d1bba92..0b7570f21c 100644
--- a/vendor/github.com/stretchr/testify/assert/assertions.go
+++ b/vendor/github.com/stretchr/testify/assert/assertions.go
@@ -19,7 +19,7 @@ import (
 
 	"github.com/davecgh/go-spew/spew"
 	"github.com/pmezard/go-difflib/difflib"
-	yaml "gopkg.in/yaml.v3"
+	"gopkg.in/yaml.v3"
 )
 
 //go:generate sh -c "cd ../_codegen && go build && cd - && ../_codegen/_codegen -output-package=assert -template=assertion_format.go.tmpl"
@@ -110,7 +110,12 @@ func copyExportedFields(expected interface{}) interface{} {
 		return result.Interface()
 
 	case reflect.Array, reflect.Slice:
-		result := reflect.MakeSlice(expectedType, expectedValue.Len(), expectedValue.Len())
+		var result reflect.Value
+		if expectedKind == reflect.Array {
+			result = reflect.New(reflect.ArrayOf(expectedValue.Len(), expectedType.Elem())).Elem()
+		} else {
+			result = reflect.MakeSlice(expectedType, expectedValue.Len(), expectedValue.Len())
+		}
 		for i := 0; i < expectedValue.Len(); i++ {
 			index := expectedValue.Index(i)
 			if isNil(index) {
@@ -140,6 +145,8 @@ func copyExportedFields(expected interface{}) interface{} {
 // structures.
 //
 // This function does no assertion of any kind.
+//
+// Deprecated: Use [EqualExportedValues] instead.
 func ObjectsExportedFieldsAreEqual(expected, actual interface{}) bool {
 	expectedCleaned := copyExportedFields(expected)
 	actualCleaned := copyExportedFields(actual)
@@ -153,17 +160,40 @@ func ObjectsAreEqualValues(expected, actual interface{}) bool {
 		return true
 	}
 
-	actualType := reflect.TypeOf(actual)
-	if actualType == nil {
+	expectedValue := reflect.ValueOf(expected)
+	actualValue := reflect.ValueOf(actual)
+	if !expectedValue.IsValid() || !actualValue.IsValid() {
 		return false
 	}
-	expectedValue := reflect.ValueOf(expected)
-	if expectedValue.IsValid() && expectedValue.Type().ConvertibleTo(actualType) {
+
+	expectedType := expectedValue.Type()
+	actualType := actualValue.Type()
+	if !expectedType.ConvertibleTo(actualType) {
+		return false
+	}
+
+	if !isNumericType(expectedType) || !isNumericType(actualType) {
 		// Attempt comparison after type conversion
-		return reflect.DeepEqual(expectedValue.Convert(actualType).Interface(), actual)
+		return reflect.DeepEqual(
+			expectedValue.Convert(actualType).Interface(), actual,
+		)
 	}
 
-	return false
+	// If BOTH values are numeric, there are chances of false positives due
+	// to overflow or underflow. So, we need to make sure to always convert
+	// the smaller type to a larger type before comparing.
+	if expectedType.Size() >= actualType.Size() {
+		return actualValue.Convert(expectedType).Interface() == expected
+	}
+
+	return expectedValue.Convert(actualType).Interface() == actual
+}
+
+// isNumericType returns true if the type is one of:
+// int, int8, int16, int32, int64, uint, uint8, uint16, uint32, uint64,
+// float32, float64, complex64, complex128
+func isNumericType(t reflect.Type) bool {
+	return t.Kind() >= reflect.Int && t.Kind() <= reflect.Complex128
 }
 
 /* CallerInfo is necessary because the assert functions use the testing object
@@ -266,7 +296,7 @@ func messageFromMsgAndArgs(msgAndArgs ...interface{}) string {
 
 // Aligns the provided message so that all lines after the first line start at the same location as the first line.
 // Assumes that the first line starts at the correct location (after carriage return, tab, label, spacer and tab).
-// The longestLabelLen parameter specifies the length of the longest label in the output (required becaues this is the
+// The longestLabelLen parameter specifies the length of the longest label in the output (required because this is the
 // basis on which the alignment occurs).
 func indentMessageLines(message string, longestLabelLen int) string {
 	outBuf := new(bytes.Buffer)
@@ -382,6 +412,25 @@ func Implements(t TestingT, interfaceObject interface{}, object interface{}, msg
 	return true
 }
 
+// NotImplements asserts that an object does not implement the specified interface.
+//
+//	assert.NotImplements(t, (*MyInterface)(nil), new(MyObject))
+func NotImplements(t TestingT, interfaceObject interface{}, object interface{}, msgAndArgs ...interface{}) bool {
+	if h, ok := t.(tHelper); ok {
+		h.Helper()
+	}
+	interfaceType := reflect.TypeOf(interfaceObject).Elem()
+
+	if object == nil {
+		return Fail(t, fmt.Sprintf("Cannot check if nil does not implement %v", interfaceType), msgAndArgs...)
+	}
+	if reflect.TypeOf(object).Implements(interfaceType) {
+		return Fail(t, fmt.Sprintf("%T implements %v", object, interfaceType), msgAndArgs...)
+	}
+
+	return true
+}
+
 // IsType asserts that the specified objects are of the same type.
 func IsType(t TestingT, expectedType interface{}, object interface{}, msgAndArgs ...interface{}) bool {
 	if h, ok := t.(tHelper); ok {
@@ -496,7 +545,7 @@ func samePointers(first, second interface{}) bool {
 // representations appropriate to be presented to the user.
 //
 // If the values are not of like type, the returned strings will be prefixed
-// with the type name, and the value will be enclosed in parenthesis similar
+// with the type name, and the value will be enclosed in parentheses similar
 // to a type conversion in the Go grammar.
 func formatUnequalValues(expected, actual interface{}) (e string, a string) {
 	if reflect.TypeOf(expected) != reflect.TypeOf(actual) {
@@ -523,7 +572,7 @@ func truncatingFormat(data interface{}) string {
 	return value
 }
 
-// EqualValues asserts that two objects are equal or convertable to the same types
+// EqualValues asserts that two objects are equal or convertible to the same types
 // and equal.
 //
 //	assert.EqualValues(t, uint32(123), int32(123))
@@ -566,12 +615,19 @@ func EqualExportedValues(t TestingT, expected, actual interface{}, msgAndArgs ..
 		return Fail(t, fmt.Sprintf("Types expected to match exactly\n\t%v != %v", aType, bType), msgAndArgs...)
 	}
 
+	if aType.Kind() == reflect.Ptr {
+		aType = aType.Elem()
+	}
+	if bType.Kind() == reflect.Ptr {
+		bType = bType.Elem()
+	}
+
 	if aType.Kind() != reflect.Struct {
-		return Fail(t, fmt.Sprintf("Types expected to both be struct \n\t%v != %v", aType.Kind(), reflect.Struct), msgAndArgs...)
+		return Fail(t, fmt.Sprintf("Types expected to both be struct or pointer to struct \n\t%v != %v", aType.Kind(), reflect.Struct), msgAndArgs...)
 	}
 
 	if bType.Kind() != reflect.Struct {
-		return Fail(t, fmt.Sprintf("Types expected to both be struct \n\t%v != %v", bType.Kind(), reflect.Struct), msgAndArgs...)
+		return Fail(t, fmt.Sprintf("Types expected to both be struct or pointer to struct \n\t%v != %v", bType.Kind(), reflect.Struct), msgAndArgs...)
 	}
 
 	expected = copyExportedFields(expected)
@@ -620,17 +676,6 @@ func NotNil(t TestingT, object interface{}, msgAndArgs ...interface{}) bool {
 	return Fail(t, "Expected value not to be nil.", msgAndArgs...)
 }
 
-// containsKind checks if a specified kind in the slice of kinds.
-func containsKind(kinds []reflect.Kind, kind reflect.Kind) bool {
-	for i := 0; i < len(kinds); i++ {
-		if kind == kinds[i] {
-			return true
-		}
-	}
-
-	return false
-}
-
 // isNil checks if a specified object is nil or not, without Failing.
 func isNil(object interface{}) bool {
 	if object == nil {
@@ -638,16 +683,13 @@ func isNil(object interface{}) bool {
 	}
 
 	value := reflect.ValueOf(object)
-	kind := value.Kind()
-	isNilableKind := containsKind(
-		[]reflect.Kind{
-			reflect.Chan, reflect.Func,
-			reflect.Interface, reflect.Map,
-			reflect.Ptr, reflect.Slice, reflect.UnsafePointer},
-		kind)
-
-	if isNilableKind && value.IsNil() {
-		return true
+	switch value.Kind() {
+	case
+		reflect.Chan, reflect.Func,
+		reflect.Interface, reflect.Map,
+		reflect.Ptr, reflect.Slice, reflect.UnsafePointer:
+
+		return value.IsNil()
 	}
 
 	return false
@@ -731,16 +773,14 @@ func NotEmpty(t TestingT, object interface{}, msgAndArgs ...interface{}) bool {
 
 }
 
-// getLen try to get length of object.
-// return (false, 0) if impossible.
-func getLen(x interface{}) (ok bool, length int) {
+// getLen tries to get the length of an object.
+// It returns (0, false) if impossible.
+func getLen(x interface{}) (length int, ok bool) {
 	v := reflect.ValueOf(x)
 	defer func() {
-		if e := recover(); e != nil {
-			ok = false
-		}
+		ok = recover() == nil
 	}()
-	return true, v.Len()
+	return v.Len(), true
 }
 
 // Len asserts that the specified object has specific length.
@@ -751,13 +791,13 @@ func Len(t TestingT, object interface{}, length int, msgAndArgs ...interface{})
 	if h, ok := t.(tHelper); ok {
 		h.Helper()
 	}
-	ok, l := getLen(object)
+	l, ok := getLen(object)
 	if !ok {
-		return Fail(t, fmt.Sprintf("\"%s\" could not be applied builtin len()", object), msgAndArgs...)
+		return Fail(t, fmt.Sprintf("\"%v\" could not be applied builtin len()", object), msgAndArgs...)
 	}
 
 	if l != length {
-		return Fail(t, fmt.Sprintf("\"%s\" should have %d item(s), but has %d", object, length, l), msgAndArgs...)
+		return Fail(t, fmt.Sprintf("\"%v\" should have %d item(s), but has %d", object, length, l), msgAndArgs...)
 	}
 	return true
 }
@@ -919,10 +959,11 @@ func NotContains(t TestingT, s, contains interface{}, msgAndArgs ...interface{})
 
 }
 
-// Subset asserts that the specified list(array, slice...) contains all
-// elements given in the specified subset(array, slice...).
+// Subset asserts that the specified list(array, slice...) or map contains all
+// elements given in the specified subset list(array, slice...) or map.
 //
-//	assert.Subset(t, [1, 2, 3], [1, 2], "But [1, 2, 3] does contain [1, 2]")
+//	assert.Subset(t, [1, 2, 3], [1, 2])
+//	assert.Subset(t, {"x": 1, "y": 2}, {"x": 1})
 func Subset(t TestingT, list, subset interface{}, msgAndArgs ...interface{}) (ok bool) {
 	if h, ok := t.(tHelper); ok {
 		h.Helper()
@@ -975,10 +1016,12 @@ func Subset(t TestingT, list, subset interface{}, msgAndArgs ...interface{}) (ok
 	return true
 }
 
-// NotSubset asserts that the specified list(array, slice...) contains not all
-// elements given in the specified subset(array, slice...).
+// NotSubset asserts that the specified list(array, slice...) or map does NOT
+// contain all elements given in the specified subset list(array, slice...) or
+// map.
 //
-//	assert.NotSubset(t, [1, 3, 4], [1, 2], "But [1, 3, 4] does not contain [1, 2]")
+//	assert.NotSubset(t, [1, 3, 4], [1, 2])
+//	assert.NotSubset(t, {"x": 1, "y": 2}, {"z": 3})
 func NotSubset(t TestingT, list, subset interface{}, msgAndArgs ...interface{}) (ok bool) {
 	if h, ok := t.(tHelper); ok {
 		h.Helper()
@@ -1439,7 +1482,7 @@ func InEpsilon(t TestingT, expected, actual interface{}, epsilon float64, msgAnd
 		h.Helper()
 	}
 	if math.IsNaN(epsilon) {
-		return Fail(t, "epsilon must not be NaN")
+		return Fail(t, "epsilon must not be NaN", msgAndArgs...)
 	}
 	actualEpsilon, err := calcRelativeError(expected, actual)
 	if err != nil {
@@ -1458,19 +1501,26 @@ func InEpsilonSlice(t TestingT, expected, actual interface{}, epsilon float64, m
 	if h, ok := t.(tHelper); ok {
 		h.Helper()
 	}
-	if expected == nil || actual == nil ||
-		reflect.TypeOf(actual).Kind() != reflect.Slice ||
-		reflect.TypeOf(expected).Kind() != reflect.Slice {
+
+	if expected == nil || actual == nil {
 		return Fail(t, "Parameters must be slice", msgAndArgs...)
 	}
 
-	actualSlice := reflect.ValueOf(actual)
 	expectedSlice := reflect.ValueOf(expected)
+	actualSlice := reflect.ValueOf(actual)
 
-	for i := 0; i < actualSlice.Len(); i++ {
-		result := InEpsilon(t, actualSlice.Index(i).Interface(), expectedSlice.Index(i).Interface(), epsilon)
-		if !result {
-			return result
+	if expectedSlice.Type().Kind() != reflect.Slice {
+		return Fail(t, "Expected value must be slice", msgAndArgs...)
+	}
+
+	expectedLen := expectedSlice.Len()
+	if !IsType(t, expected, actual) || !Len(t, actual, expectedLen) {
+		return false
+	}
+
+	for i := 0; i < expectedLen; i++ {
+		if !InEpsilon(t, expectedSlice.Index(i).Interface(), actualSlice.Index(i).Interface(), epsilon, "at index %d", i) {
+			return false
 		}
 	}
 
@@ -1870,23 +1920,18 @@ func (c *CollectT) Errorf(format string, args ...interface{}) {
 }
 
 // FailNow panics.
-func (c *CollectT) FailNow() {
+func (*CollectT) FailNow() {
 	panic("Assertion failed")
 }
 
-// Reset clears the collected errors.
-func (c *CollectT) Reset() {
-	c.errors = nil
+// Deprecated: That was a method for internal usage that should not have been published. Now just panics.
+func (*CollectT) Reset() {
+	panic("Reset() is deprecated")
 }
 
-// Copy copies the collected errors to the supplied t.
-func (c *CollectT) Copy(t TestingT) {
-	if tt, ok := t.(tHelper); ok {
-		tt.Helper()
-	}
-	for _, err := range c.errors {
-		t.Errorf("%v", err)
-	}
+// Deprecated: That was a method for internal usage that should not have been published. Now just panics.
+func (*CollectT) Copy(TestingT) {
+	panic("Copy() is deprecated")
 }
 
 // EventuallyWithT asserts that given condition will be met in waitFor time,
@@ -1912,8 +1957,8 @@ func EventuallyWithT(t TestingT, condition func(collect *CollectT), waitFor time
 		h.Helper()
 	}
 
-	collect := new(CollectT)
-	ch := make(chan bool, 1)
+	var lastFinishedTickErrs []error
+	ch := make(chan []error, 1)
 
 	timer := time.NewTimer(waitFor)
 	defer timer.Stop()
@@ -1924,19 +1969,25 @@ func EventuallyWithT(t TestingT, condition func(collect *CollectT), waitFor time
 	for tick := ticker.C; ; {
 		select {
 		case <-timer.C:
-			collect.Copy(t)
+			for _, err := range lastFinishedTickErrs {
+				t.Errorf("%v", err)
+			}
 			return Fail(t, "Condition never satisfied", msgAndArgs...)
 		case <-tick:
 			tick = nil
-			collect.Reset()
 			go func() {
+				collect := new(CollectT)
+				defer func() {
+					ch <- collect.errors
+				}()
 				condition(collect)
-				ch <- len(collect.errors) == 0
 			}()
-		case v := <-ch:
-			if v {
+		case errs := <-ch:
+			if len(errs) == 0 {
 				return true
 			}
+			// Keep the errors from the last ended condition, so that they can be copied to t if timeout is reached.
+			lastFinishedTickErrs = errs
 			tick = ticker.C
 		}
 	}
diff --git a/vendor/github.com/stretchr/testify/assert/http_assertions.go b/vendor/github.com/stretchr/testify/assert/http_assertions.go
index d8038c28a7..861ed4b7ce 100644
--- a/vendor/github.com/stretchr/testify/assert/http_assertions.go
+++ b/vendor/github.com/stretchr/testify/assert/http_assertions.go
@@ -12,7 +12,7 @@ import (
 // an error if building a new request fails.
 func httpCode(handler http.HandlerFunc, method, url string, values url.Values) (int, error) {
 	w := httptest.NewRecorder()
-	req, err := http.NewRequest(method, url, nil)
+	req, err := http.NewRequest(method, url, http.NoBody)
 	if err != nil {
 		return -1, err
 	}
@@ -32,12 +32,12 @@ func HTTPSuccess(t TestingT, handler http.HandlerFunc, method, url string, value
 	}
 	code, err := httpCode(handler, method, url, values)
 	if err != nil {
-		Fail(t, fmt.Sprintf("Failed to build test request, got error: %s", err))
+		Fail(t, fmt.Sprintf("Failed to build test request, got error: %s", err), msgAndArgs...)
 	}
 
 	isSuccessCode := code >= http.StatusOK && code <= http.StatusPartialContent
 	if !isSuccessCode {
-		Fail(t, fmt.Sprintf("Expected HTTP success status code for %q but received %d", url+"?"+values.Encode(), code))
+		Fail(t, fmt.Sprintf("Expected HTTP success status code for %q but received %d", url+"?"+values.Encode(), code), msgAndArgs...)
 	}
 
 	return isSuccessCode
@@ -54,12 +54,12 @@ func HTTPRedirect(t TestingT, handler http.HandlerFunc, method, url string, valu
 	}
 	code, err := httpCode(handler, method, url, values)
 	if err != nil {
-		Fail(t, fmt.Sprintf("Failed to build test request, got error: %s", err))
+		Fail(t, fmt.Sprintf("Failed to build test request, got error: %s", err), msgAndArgs...)
 	}
 
 	isRedirectCode := code >= http.StatusMultipleChoices && code <= http.StatusTemporaryRedirect
 	if !isRedirectCode {
-		Fail(t, fmt.Sprintf("Expected HTTP redirect status code for %q but received %d", url+"?"+values.Encode(), code))
+		Fail(t, fmt.Sprintf("Expected HTTP redirect status code for %q but received %d", url+"?"+values.Encode(), code), msgAndArgs...)
 	}
 
 	return isRedirectCode
@@ -76,12 +76,12 @@ func HTTPError(t TestingT, handler http.HandlerFunc, method, url string, values
 	}
 	code, err := httpCode(handler, method, url, values)
 	if err != nil {
-		Fail(t, fmt.Sprintf("Failed to build test request, got error: %s", err))
+		Fail(t, fmt.Sprintf("Failed to build test request, got error: %s", err), msgAndArgs...)
 	}
 
 	isErrorCode := code >= http.StatusBadRequest
 	if !isErrorCode {
-		Fail(t, fmt.Sprintf("Expected HTTP error status code for %q but received %d", url+"?"+values.Encode(), code))
+		Fail(t, fmt.Sprintf("Expected HTTP error status code for %q but received %d", url+"?"+values.Encode(), code), msgAndArgs...)
 	}
 
 	return isErrorCode
@@ -98,12 +98,12 @@ func HTTPStatusCode(t TestingT, handler http.HandlerFunc, method, url string, va
 	}
 	code, err := httpCode(handler, method, url, values)
 	if err != nil {
-		Fail(t, fmt.Sprintf("Failed to build test request, got error: %s", err))
+		Fail(t, fmt.Sprintf("Failed to build test request, got error: %s", err), msgAndArgs...)
 	}
 
 	successful := code == statuscode
 	if !successful {
-		Fail(t, fmt.Sprintf("Expected HTTP status code %d for %q but received %d", statuscode, url+"?"+values.Encode(), code))
+		Fail(t, fmt.Sprintf("Expected HTTP status code %d for %q but received %d", statuscode, url+"?"+values.Encode(), code), msgAndArgs...)
 	}
 
 	return successful
@@ -113,7 +113,10 @@ func HTTPStatusCode(t TestingT, handler http.HandlerFunc, method, url string, va
 // empty string if building a new request fails.
 func HTTPBody(handler http.HandlerFunc, method, url string, values url.Values) string {
 	w := httptest.NewRecorder()
-	req, err := http.NewRequest(method, url+"?"+values.Encode(), nil)
+	if len(values) > 0 {
+		url += "?" + values.Encode()
+	}
+	req, err := http.NewRequest(method, url, http.NoBody)
 	if err != nil {
 		return ""
 	}
@@ -135,7 +138,7 @@ func HTTPBodyContains(t TestingT, handler http.HandlerFunc, method, url string,
 
 	contains := strings.Contains(body, fmt.Sprint(str))
 	if !contains {
-		Fail(t, fmt.Sprintf("Expected response body for \"%s\" to contain \"%s\" but found \"%s\"", url+"?"+values.Encode(), str, body))
+		Fail(t, fmt.Sprintf("Expected response body for \"%s\" to contain \"%s\" but found \"%s\"", url+"?"+values.Encode(), str, body), msgAndArgs...)
 	}
 
 	return contains
@@ -155,7 +158,7 @@ func HTTPBodyNotContains(t TestingT, handler http.HandlerFunc, method, url strin
 
 	contains := strings.Contains(body, fmt.Sprint(str))
 	if contains {
-		Fail(t, fmt.Sprintf("Expected response body for \"%s\" to NOT contain \"%s\" but found \"%s\"", url+"?"+values.Encode(), str, body))
+		Fail(t, fmt.Sprintf("Expected response body for \"%s\" to NOT contain \"%s\" but found \"%s\"", url+"?"+values.Encode(), str, body), msgAndArgs...)
 	}
 
 	return !contains
diff --git a/vendor/github.com/stretchr/testify/mock/mock.go b/vendor/github.com/stretchr/testify/mock/mock.go
index f4b42e44ff..213bde2ea6 100644
--- a/vendor/github.com/stretchr/testify/mock/mock.go
+++ b/vendor/github.com/stretchr/testify/mock/mock.go
@@ -18,6 +18,9 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
+// regex for GCCGO functions
+var gccgoRE = regexp.MustCompile(`\.pN\d+_`)
+
 // TestingT is an interface wrapper around *testing.T
 type TestingT interface {
 	Logf(format string, args ...interface{})
@@ -111,7 +114,7 @@ func (c *Call) Return(returnArguments ...interface{}) *Call {
 	return c
 }
 
-// Panic specifies if the functon call should fail and the panic message
+// Panic specifies if the function call should fail and the panic message
 //
 //	Mock.On("DoSomething").Panic("test panic")
 func (c *Call) Panic(msg string) *Call {
@@ -123,21 +126,21 @@ func (c *Call) Panic(msg string) *Call {
 	return c
 }
 
-// Once indicates that that the mock should only return the value once.
+// Once indicates that the mock should only return the value once.
 //
 //	Mock.On("MyMethod", arg1, arg2).Return(returnArg1, returnArg2).Once()
 func (c *Call) Once() *Call {
 	return c.Times(1)
 }
 
-// Twice indicates that that the mock should only return the value twice.
+// Twice indicates that the mock should only return the value twice.
 //
 //	Mock.On("MyMethod", arg1, arg2).Return(returnArg1, returnArg2).Twice()
 func (c *Call) Twice() *Call {
 	return c.Times(2)
 }
 
-// Times indicates that that the mock should only return the indicated number
+// Times indicates that the mock should only return the indicated number
 // of times.
 //
 //	Mock.On("MyMethod", arg1, arg2).Return(returnArg1, returnArg2).Times(5)
@@ -455,9 +458,8 @@ func (m *Mock) Called(arguments ...interface{}) Arguments {
 	// For Ex:  github_com_docker_libkv_store_mock.WatchTree.pN39_github_com_docker_libkv_store_mock.Mock
 	// uses interface information unlike golang github.com/docker/libkv/store/mock.(*Mock).WatchTree
 	// With GCCGO we need to remove interface information starting from pN<dd>.
-	re := regexp.MustCompile("\\.pN\\d+_")
-	if re.MatchString(functionPath) {
-		functionPath = re.Split(functionPath, -1)[0]
+	if gccgoRE.MatchString(functionPath) {
+		functionPath = gccgoRE.Split(functionPath, -1)[0]
 	}
 	parts := strings.Split(functionPath, ".")
 	functionName := parts[len(parts)-1]
@@ -474,7 +476,7 @@ func (m *Mock) MethodCalled(methodName string, arguments ...interface{}) Argumen
 	found, call := m.findExpectedCall(methodName, arguments...)
 
 	if found < 0 {
-		// expected call found but it has already been called with repeatable times
+		// expected call found, but it has already been called with repeatable times
 		if call != nil {
 			m.mutex.Unlock()
 			m.fail("\nassert: mock: The method has been called over %d times.\n\tEither do one more Mock.On(\"%s\").Return(...), or remove extra call.\n\tThis call was unexpected:\n\t\t%s\n\tat: %s", call.totalCalls, methodName, callString(methodName, arguments, true), assert.CallerInfo())
@@ -563,7 +565,7 @@ func (m *Mock) MethodCalled(methodName string, arguments ...interface{}) Argumen
 	Assertions
 */
 
-type assertExpectationser interface {
+type assertExpectationiser interface {
 	AssertExpectations(TestingT) bool
 }
 
@@ -580,7 +582,7 @@ func AssertExpectationsForObjects(t TestingT, testObjects ...interface{}) bool {
 			t.Logf("Deprecated mock.AssertExpectationsForObjects(myMock.Mock) use mock.AssertExpectationsForObjects(myMock)")
 			obj = m
 		}
-		m := obj.(assertExpectationser)
+		m := obj.(assertExpectationiser)
 		if !m.AssertExpectations(t) {
 			t.Logf("Expectations didn't match for Mock: %+v", reflect.TypeOf(m))
 			return false
@@ -592,6 +594,9 @@ func AssertExpectationsForObjects(t TestingT, testObjects ...interface{}) bool {
 // AssertExpectations asserts that everything specified with On and Return was
 // in fact called as expected.  Calls may have occurred in any order.
 func (m *Mock) AssertExpectations(t TestingT) bool {
+	if s, ok := t.(interface{ Skipped() bool }); ok && s.Skipped() {
+		return true
+	}
 	if h, ok := t.(tHelper); ok {
 		h.Helper()
 	}
@@ -606,8 +611,8 @@ func (m *Mock) AssertExpectations(t TestingT) bool {
 		satisfied, reason := m.checkExpectation(expectedCall)
 		if !satisfied {
 			failedExpectations++
+			t.Logf(reason)
 		}
-		t.Logf(reason)
 	}
 
 	if failedExpectations != 0 {
@@ -758,25 +763,33 @@ const (
 	Anything = "mock.Anything"
 )
 
-// AnythingOfTypeArgument is a string that contains the type of an argument
+// AnythingOfTypeArgument contains the type of an argument
+// for use when type checking.  Used in Diff and Assert.
+//
+// Deprecated: this is an implementation detail that must not be used. Use [AnythingOfType] instead.
+type AnythingOfTypeArgument = anythingOfTypeArgument
+
+// anythingOfTypeArgument is a string that contains the type of an argument
 // for use when type checking.  Used in Diff and Assert.
-type AnythingOfTypeArgument string
+type anythingOfTypeArgument string
 
-// AnythingOfType returns an AnythingOfTypeArgument object containing the
-// name of the type to check for.  Used in Diff and Assert.
+// AnythingOfType returns a special value containing the
+// name of the type to check for. The type name will be matched against the type name returned by [reflect.Type.String].
+//
+// Used in Diff and Assert.
 //
 // For example:
 //
 //	Assert(t, AnythingOfType("string"), AnythingOfType("int"))
 func AnythingOfType(t string) AnythingOfTypeArgument {
-	return AnythingOfTypeArgument(t)
+	return anythingOfTypeArgument(t)
 }
 
 // IsTypeArgument is a struct that contains the type of an argument
 // for use when type checking.  This is an alternative to AnythingOfType.
 // Used in Diff and Assert.
 type IsTypeArgument struct {
-	t interface{}
+	t reflect.Type
 }
 
 // IsType returns an IsTypeArgument object containing the type to check for.
@@ -786,7 +799,7 @@ type IsTypeArgument struct {
 // For example:
 // Assert(t, IsType(""), IsType(0))
 func IsType(t interface{}) *IsTypeArgument {
-	return &IsTypeArgument{t: t}
+	return &IsTypeArgument{t: reflect.TypeOf(t)}
 }
 
 // FunctionalOptionsArgument is a struct that contains the type and value of an functional option argument
@@ -950,53 +963,55 @@ func (args Arguments) Diff(objects []interface{}) (string, int) {
 				differences++
 				output = fmt.Sprintf("%s\t%d: FAIL:  %s not matched by %s\n", output, i, actualFmt, matcher)
 			}
-		} else if reflect.TypeOf(expected) == reflect.TypeOf((*AnythingOfTypeArgument)(nil)).Elem() {
-			// type checking
-			if reflect.TypeOf(actual).Name() != string(expected.(AnythingOfTypeArgument)) && reflect.TypeOf(actual).String() != string(expected.(AnythingOfTypeArgument)) {
-				// not match
-				differences++
-				output = fmt.Sprintf("%s\t%d: FAIL:  type %s != type %s - %s\n", output, i, expected, reflect.TypeOf(actual).Name(), actualFmt)
-			}
-		} else if reflect.TypeOf(expected) == reflect.TypeOf((*IsTypeArgument)(nil)) {
-			t := expected.(*IsTypeArgument).t
-			if reflect.TypeOf(t) != reflect.TypeOf(actual) {
-				differences++
-				output = fmt.Sprintf("%s\t%d: FAIL:  type %s != type %s - %s\n", output, i, reflect.TypeOf(t).Name(), reflect.TypeOf(actual).Name(), actualFmt)
-			}
-		} else if reflect.TypeOf(expected) == reflect.TypeOf((*FunctionalOptionsArgument)(nil)) {
-			t := expected.(*FunctionalOptionsArgument).value
+		} else {
+			switch expected := expected.(type) {
+			case anythingOfTypeArgument:
+				// type checking
+				if reflect.TypeOf(actual).Name() != string(expected) && reflect.TypeOf(actual).String() != string(expected) {
+					// not match
+					differences++
+					output = fmt.Sprintf("%s\t%d: FAIL:  type %s != type %s - %s\n", output, i, expected, reflect.TypeOf(actual).Name(), actualFmt)
+				}
+			case *IsTypeArgument:
+				actualT := reflect.TypeOf(actual)
+				if actualT != expected.t {
+					differences++
+					output = fmt.Sprintf("%s\t%d: FAIL:  type %s != type %s - %s\n", output, i, expected.t.Name(), actualT.Name(), actualFmt)
+				}
+			case *FunctionalOptionsArgument:
+				t := expected.value
 
-			var name string
-			tValue := reflect.ValueOf(t)
-			if tValue.Len() > 0 {
-				name = "[]" + reflect.TypeOf(tValue.Index(0).Interface()).String()
-			}
+				var name string
+				tValue := reflect.ValueOf(t)
+				if tValue.Len() > 0 {
+					name = "[]" + reflect.TypeOf(tValue.Index(0).Interface()).String()
+				}
 
-			tName := reflect.TypeOf(t).Name()
-			if name != reflect.TypeOf(actual).String() && tValue.Len() != 0 {
-				differences++
-				output = fmt.Sprintf("%s\t%d: FAIL:  type %s != type %s - %s\n", output, i, tName, reflect.TypeOf(actual).Name(), actualFmt)
-			} else {
-				if ef, af := assertOpts(t, actual); ef == "" && af == "" {
+				tName := reflect.TypeOf(t).Name()
+				if name != reflect.TypeOf(actual).String() && tValue.Len() != 0 {
+					differences++
+					output = fmt.Sprintf("%s\t%d: FAIL:  type %s != type %s - %s\n", output, i, tName, reflect.TypeOf(actual).Name(), actualFmt)
+				} else {
+					if ef, af := assertOpts(t, actual); ef == "" && af == "" {
+						// match
+						output = fmt.Sprintf("%s\t%d: PASS:  %s == %s\n", output, i, tName, tName)
+					} else {
+						// not match
+						differences++
+						output = fmt.Sprintf("%s\t%d: FAIL:  %s != %s\n", output, i, af, ef)
+					}
+				}
+
+			default:
+				if assert.ObjectsAreEqual(expected, Anything) || assert.ObjectsAreEqual(actual, Anything) || assert.ObjectsAreEqual(actual, expected) {
 					// match
-					output = fmt.Sprintf("%s\t%d: PASS:  %s == %s\n", output, i, tName, tName)
+					output = fmt.Sprintf("%s\t%d: PASS:  %s == %s\n", output, i, actualFmt, expectedFmt)
 				} else {
 					// not match
 					differences++
-					output = fmt.Sprintf("%s\t%d: FAIL:  %s != %s\n", output, i, af, ef)
+					output = fmt.Sprintf("%s\t%d: FAIL:  %s != %s\n", output, i, actualFmt, expectedFmt)
 				}
 			}
-		} else {
-			// normal checking
-
-			if assert.ObjectsAreEqual(expected, Anything) || assert.ObjectsAreEqual(actual, Anything) || assert.ObjectsAreEqual(actual, expected) {
-				// match
-				output = fmt.Sprintf("%s\t%d: PASS:  %s == %s\n", output, i, actualFmt, expectedFmt)
-			} else {
-				// not match
-				differences++
-				output = fmt.Sprintf("%s\t%d: FAIL:  %s != %s\n", output, i, actualFmt, expectedFmt)
-			}
 		}
 
 	}
diff --git a/vendor/github.com/stretchr/testify/require/require.go b/vendor/github.com/stretchr/testify/require/require.go
index 63f8521476..506a82f807 100644
--- a/vendor/github.com/stretchr/testify/require/require.go
+++ b/vendor/github.com/stretchr/testify/require/require.go
@@ -1,7 +1,4 @@
-/*
-* CODE GENERATED AUTOMATICALLY WITH github.com/stretchr/testify/_codegen
-* THIS FILE MUST NOT BE EDITED BY HAND
- */
+// Code generated with github.com/stretchr/testify/_codegen; DO NOT EDIT.
 
 package require
 
@@ -235,7 +232,7 @@ func EqualExportedValuesf(t TestingT, expected interface{}, actual interface{},
 	t.FailNow()
 }
 
-// EqualValues asserts that two objects are equal or convertable to the same types
+// EqualValues asserts that two objects are equal or convertible to the same types
 // and equal.
 //
 //	assert.EqualValues(t, uint32(123), int32(123))
@@ -249,7 +246,7 @@ func EqualValues(t TestingT, expected interface{}, actual interface{}, msgAndArg
 	t.FailNow()
 }
 
-// EqualValuesf asserts that two objects are equal or convertable to the same types
+// EqualValuesf asserts that two objects are equal or convertible to the same types
 // and equal.
 //
 //	assert.EqualValuesf(t, uint32(123), int32(123), "error message %s", "formatted")
@@ -1546,6 +1543,32 @@ func NotErrorIsf(t TestingT, err error, target error, msg string, args ...interf
 	t.FailNow()
 }
 
+// NotImplements asserts that an object does not implement the specified interface.
+//
+//	assert.NotImplements(t, (*MyInterface)(nil), new(MyObject))
+func NotImplements(t TestingT, interfaceObject interface{}, object interface{}, msgAndArgs ...interface{}) {
+	if h, ok := t.(tHelper); ok {
+		h.Helper()
+	}
+	if assert.NotImplements(t, interfaceObject, object, msgAndArgs...) {
+		return
+	}
+	t.FailNow()
+}
+
+// NotImplementsf asserts that an object does not implement the specified interface.
+//
+//	assert.NotImplementsf(t, (*MyInterface)(nil), new(MyObject), "error message %s", "formatted")
+func NotImplementsf(t TestingT, interfaceObject interface{}, object interface{}, msg string, args ...interface{}) {
+	if h, ok := t.(tHelper); ok {
+		h.Helper()
+	}
+	if assert.NotImplementsf(t, interfaceObject, object, msg, args...) {
+		return
+	}
+	t.FailNow()
+}
+
 // NotNil asserts that the specified object is not nil.
 //
 //	assert.NotNil(t, err)
@@ -1658,10 +1681,12 @@ func NotSamef(t TestingT, expected interface{}, actual interface{}, msg string,
 	t.FailNow()
 }
 
-// NotSubset asserts that the specified list(array, slice...) contains not all
-// elements given in the specified subset(array, slice...).
+// NotSubset asserts that the specified list(array, slice...) or map does NOT
+// contain all elements given in the specified subset list(array, slice...) or
+// map.
 //
-//	assert.NotSubset(t, [1, 3, 4], [1, 2], "But [1, 3, 4] does not contain [1, 2]")
+//	assert.NotSubset(t, [1, 3, 4], [1, 2])
+//	assert.NotSubset(t, {"x": 1, "y": 2}, {"z": 3})
 func NotSubset(t TestingT, list interface{}, subset interface{}, msgAndArgs ...interface{}) {
 	if h, ok := t.(tHelper); ok {
 		h.Helper()
@@ -1672,10 +1697,12 @@ func NotSubset(t TestingT, list interface{}, subset interface{}, msgAndArgs ...i
 	t.FailNow()
 }
 
-// NotSubsetf asserts that the specified list(array, slice...) contains not all
-// elements given in the specified subset(array, slice...).
+// NotSubsetf asserts that the specified list(array, slice...) or map does NOT
+// contain all elements given in the specified subset list(array, slice...) or
+// map.
 //
-//	assert.NotSubsetf(t, [1, 3, 4], [1, 2], "But [1, 3, 4] does not contain [1, 2]", "error message %s", "formatted")
+//	assert.NotSubsetf(t, [1, 3, 4], [1, 2], "error message %s", "formatted")
+//	assert.NotSubsetf(t, {"x": 1, "y": 2}, {"z": 3}, "error message %s", "formatted")
 func NotSubsetf(t TestingT, list interface{}, subset interface{}, msg string, args ...interface{}) {
 	if h, ok := t.(tHelper); ok {
 		h.Helper()
@@ -1880,10 +1907,11 @@ func Samef(t TestingT, expected interface{}, actual interface{}, msg string, arg
 	t.FailNow()
 }
 
-// Subset asserts that the specified list(array, slice...) contains all
-// elements given in the specified subset(array, slice...).
+// Subset asserts that the specified list(array, slice...) or map contains all
+// elements given in the specified subset list(array, slice...) or map.
 //
-//	assert.Subset(t, [1, 2, 3], [1, 2], "But [1, 2, 3] does contain [1, 2]")
+//	assert.Subset(t, [1, 2, 3], [1, 2])
+//	assert.Subset(t, {"x": 1, "y": 2}, {"x": 1})
 func Subset(t TestingT, list interface{}, subset interface{}, msgAndArgs ...interface{}) {
 	if h, ok := t.(tHelper); ok {
 		h.Helper()
@@ -1894,10 +1922,11 @@ func Subset(t TestingT, list interface{}, subset interface{}, msgAndArgs ...inte
 	t.FailNow()
 }
 
-// Subsetf asserts that the specified list(array, slice...) contains all
-// elements given in the specified subset(array, slice...).
+// Subsetf asserts that the specified list(array, slice...) or map contains all
+// elements given in the specified subset list(array, slice...) or map.
 //
-//	assert.Subsetf(t, [1, 2, 3], [1, 2], "But [1, 2, 3] does contain [1, 2]", "error message %s", "formatted")
+//	assert.Subsetf(t, [1, 2, 3], [1, 2], "error message %s", "formatted")
+//	assert.Subsetf(t, {"x": 1, "y": 2}, {"x": 1}, "error message %s", "formatted")
 func Subsetf(t TestingT, list interface{}, subset interface{}, msg string, args ...interface{}) {
 	if h, ok := t.(tHelper); ok {
 		h.Helper()
diff --git a/vendor/github.com/stretchr/testify/require/require_forward.go b/vendor/github.com/stretchr/testify/require/require_forward.go
index 3b5b09330a..eee8310a5f 100644
--- a/vendor/github.com/stretchr/testify/require/require_forward.go
+++ b/vendor/github.com/stretchr/testify/require/require_forward.go
@@ -1,7 +1,4 @@
-/*
-* CODE GENERATED AUTOMATICALLY WITH github.com/stretchr/testify/_codegen
-* THIS FILE MUST NOT BE EDITED BY HAND
- */
+// Code generated with github.com/stretchr/testify/_codegen; DO NOT EDIT.
 
 package require
 
@@ -190,7 +187,7 @@ func (a *Assertions) EqualExportedValuesf(expected interface{}, actual interface
 	EqualExportedValuesf(a.t, expected, actual, msg, args...)
 }
 
-// EqualValues asserts that two objects are equal or convertable to the same types
+// EqualValues asserts that two objects are equal or convertible to the same types
 // and equal.
 //
 //	a.EqualValues(uint32(123), int32(123))
@@ -201,7 +198,7 @@ func (a *Assertions) EqualValues(expected interface{}, actual interface{}, msgAn
 	EqualValues(a.t, expected, actual, msgAndArgs...)
 }
 
-// EqualValuesf asserts that two objects are equal or convertable to the same types
+// EqualValuesf asserts that two objects are equal or convertible to the same types
 // and equal.
 //
 //	a.EqualValuesf(uint32(123), int32(123), "error message %s", "formatted")
@@ -1222,6 +1219,26 @@ func (a *Assertions) NotErrorIsf(err error, target error, msg string, args ...in
 	NotErrorIsf(a.t, err, target, msg, args...)
 }
 
+// NotImplements asserts that an object does not implement the specified interface.
+//
+//	a.NotImplements((*MyInterface)(nil), new(MyObject))
+func (a *Assertions) NotImplements(interfaceObject interface{}, object interface{}, msgAndArgs ...interface{}) {
+	if h, ok := a.t.(tHelper); ok {
+		h.Helper()
+	}
+	NotImplements(a.t, interfaceObject, object, msgAndArgs...)
+}
+
+// NotImplementsf asserts that an object does not implement the specified interface.
+//
+//	a.NotImplementsf((*MyInterface)(nil), new(MyObject), "error message %s", "formatted")
+func (a *Assertions) NotImplementsf(interfaceObject interface{}, object interface{}, msg string, args ...interface{}) {
+	if h, ok := a.t.(tHelper); ok {
+		h.Helper()
+	}
+	NotImplementsf(a.t, interfaceObject, object, msg, args...)
+}
+
 // NotNil asserts that the specified object is not nil.
 //
 //	a.NotNil(err)
@@ -1310,10 +1327,12 @@ func (a *Assertions) NotSamef(expected interface{}, actual interface{}, msg stri
 	NotSamef(a.t, expected, actual, msg, args...)
 }
 
-// NotSubset asserts that the specified list(array, slice...) contains not all
-// elements given in the specified subset(array, slice...).
+// NotSubset asserts that the specified list(array, slice...) or map does NOT
+// contain all elements given in the specified subset list(array, slice...) or
+// map.
 //
-//	a.NotSubset([1, 3, 4], [1, 2], "But [1, 3, 4] does not contain [1, 2]")
+//	a.NotSubset([1, 3, 4], [1, 2])
+//	a.NotSubset({"x": 1, "y": 2}, {"z": 3})
 func (a *Assertions) NotSubset(list interface{}, subset interface{}, msgAndArgs ...interface{}) {
 	if h, ok := a.t.(tHelper); ok {
 		h.Helper()
@@ -1321,10 +1340,12 @@ func (a *Assertions) NotSubset(list interface{}, subset interface{}, msgAndArgs
 	NotSubset(a.t, list, subset, msgAndArgs...)
 }
 
-// NotSubsetf asserts that the specified list(array, slice...) contains not all
-// elements given in the specified subset(array, slice...).
+// NotSubsetf asserts that the specified list(array, slice...) or map does NOT
+// contain all elements given in the specified subset list(array, slice...) or
+// map.
 //
-//	a.NotSubsetf([1, 3, 4], [1, 2], "But [1, 3, 4] does not contain [1, 2]", "error message %s", "formatted")
+//	a.NotSubsetf([1, 3, 4], [1, 2], "error message %s", "formatted")
+//	a.NotSubsetf({"x": 1, "y": 2}, {"z": 3}, "error message %s", "formatted")
 func (a *Assertions) NotSubsetf(list interface{}, subset interface{}, msg string, args ...interface{}) {
 	if h, ok := a.t.(tHelper); ok {
 		h.Helper()
@@ -1484,10 +1505,11 @@ func (a *Assertions) Samef(expected interface{}, actual interface{}, msg string,
 	Samef(a.t, expected, actual, msg, args...)
 }
 
-// Subset asserts that the specified list(array, slice...) contains all
-// elements given in the specified subset(array, slice...).
+// Subset asserts that the specified list(array, slice...) or map contains all
+// elements given in the specified subset list(array, slice...) or map.
 //
-//	a.Subset([1, 2, 3], [1, 2], "But [1, 2, 3] does contain [1, 2]")
+//	a.Subset([1, 2, 3], [1, 2])
+//	a.Subset({"x": 1, "y": 2}, {"x": 1})
 func (a *Assertions) Subset(list interface{}, subset interface{}, msgAndArgs ...interface{}) {
 	if h, ok := a.t.(tHelper); ok {
 		h.Helper()
@@ -1495,10 +1517,11 @@ func (a *Assertions) Subset(list interface{}, subset interface{}, msgAndArgs ...
 	Subset(a.t, list, subset, msgAndArgs...)
 }
 
-// Subsetf asserts that the specified list(array, slice...) contains all
-// elements given in the specified subset(array, slice...).
+// Subsetf asserts that the specified list(array, slice...) or map contains all
+// elements given in the specified subset list(array, slice...) or map.
 //
-//	a.Subsetf([1, 2, 3], [1, 2], "But [1, 2, 3] does contain [1, 2]", "error message %s", "formatted")
+//	a.Subsetf([1, 2, 3], [1, 2], "error message %s", "formatted")
+//	a.Subsetf({"x": 1, "y": 2}, {"x": 1}, "error message %s", "formatted")
 func (a *Assertions) Subsetf(list interface{}, subset interface{}, msg string, args ...interface{}) {
 	if h, ok := a.t.(tHelper); ok {
 		h.Helper()
diff --git a/vendor/golang.org/x/crypto/ed25519/ed25519.go b/vendor/golang.org/x/crypto/ed25519/ed25519.go
index a7828345fc..59b3a95a7d 100644
--- a/vendor/golang.org/x/crypto/ed25519/ed25519.go
+++ b/vendor/golang.org/x/crypto/ed25519/ed25519.go
@@ -11,9 +11,7 @@
 // operations with the same key more efficient. This package refers to the RFC
 // 8032 private key as the “seed”.
 //
-// Beginning with Go 1.13, the functionality of this package was moved to the
-// standard library as crypto/ed25519. This package only acts as a compatibility
-// wrapper.
+// This package is a wrapper around the standard library crypto/ed25519 package.
 package ed25519
 
 import (
diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
index 904b57e01d..28cd99c7f3 100644
--- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
+++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
@@ -16,7 +16,7 @@ Hash Functions SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 for HMAC. To
 choose, you can pass the `New` functions from the different SHA packages to
 pbkdf2.Key.
 */
-package pbkdf2 // import "golang.org/x/crypto/pbkdf2"
+package pbkdf2
 
 import (
 	"crypto/hmac"
diff --git a/vendor/golang.org/x/net/http/httpguts/httplex.go b/vendor/golang.org/x/net/http/httpguts/httplex.go
index 6e071e8524..9b4de94019 100644
--- a/vendor/golang.org/x/net/http/httpguts/httplex.go
+++ b/vendor/golang.org/x/net/http/httpguts/httplex.go
@@ -12,7 +12,7 @@ import (
 	"golang.org/x/net/idna"
 )
 
-var isTokenTable = [127]bool{
+var isTokenTable = [256]bool{
 	'!':  true,
 	'#':  true,
 	'$':  true,
@@ -93,12 +93,7 @@ var isTokenTable = [127]bool{
 }
 
 func IsTokenRune(r rune) bool {
-	i := int(r)
-	return i < len(isTokenTable) && isTokenTable[i]
-}
-
-func isNotToken(r rune) bool {
-	return !IsTokenRune(r)
+	return r < utf8.RuneSelf && isTokenTable[byte(r)]
 }
 
 // HeaderValuesContainsToken reports whether any string in values
@@ -202,8 +197,8 @@ func ValidHeaderFieldName(v string) bool {
 	if len(v) == 0 {
 		return false
 	}
-	for _, r := range v {
-		if !IsTokenRune(r) {
+	for i := 0; i < len(v); i++ {
+		if !isTokenTable[v[i]] {
 			return false
 		}
 	}
diff --git a/vendor/golang.org/x/net/http2/frame.go b/vendor/golang.org/x/net/http2/frame.go
index c1f6b90dc3..105c3b279c 100644
--- a/vendor/golang.org/x/net/http2/frame.go
+++ b/vendor/golang.org/x/net/http2/frame.go
@@ -490,6 +490,9 @@ func terminalReadFrameError(err error) bool {
 // returned error is ErrFrameTooLarge. Other errors may be of type
 // ConnectionError, StreamError, or anything else from the underlying
 // reader.
+//
+// If ReadFrame returns an error and a non-nil Frame, the Frame's StreamID
+// indicates the stream responsible for the error.
 func (fr *Framer) ReadFrame() (Frame, error) {
 	fr.errDetail = nil
 	if fr.lastFrame != nil {
@@ -1510,19 +1513,18 @@ func (mh *MetaHeadersFrame) checkPseudos() error {
 }
 
 func (fr *Framer) maxHeaderStringLen() int {
-	v := fr.maxHeaderListSize()
-	if uint32(int(v)) == v {
-		return int(v)
+	v := int(fr.maxHeaderListSize())
+	if v < 0 {
+		// If maxHeaderListSize overflows an int, use no limit (0).
+		return 0
 	}
-	// They had a crazy big number for MaxHeaderBytes anyway,
-	// so give them unlimited header lengths:
-	return 0
+	return v
 }
 
 // readMetaFrame returns 0 or more CONTINUATION frames from fr and
 // merge them into the provided hf and returns a MetaHeadersFrame
 // with the decoded hpack values.
-func (fr *Framer) readMetaFrame(hf *HeadersFrame) (*MetaHeadersFrame, error) {
+func (fr *Framer) readMetaFrame(hf *HeadersFrame) (Frame, error) {
 	if fr.AllowIllegalReads {
 		return nil, errors.New("illegal use of AllowIllegalReads with ReadMetaHeaders")
 	}
@@ -1565,6 +1567,7 @@ func (fr *Framer) readMetaFrame(hf *HeadersFrame) (*MetaHeadersFrame, error) {
 		if size > remainSize {
 			hdec.SetEmitEnabled(false)
 			mh.Truncated = true
+			remainSize = 0
 			return
 		}
 		remainSize -= size
@@ -1577,8 +1580,38 @@ func (fr *Framer) readMetaFrame(hf *HeadersFrame) (*MetaHeadersFrame, error) {
 	var hc headersOrContinuation = hf
 	for {
 		frag := hc.HeaderBlockFragment()
+
+		// Avoid parsing large amounts of headers that we will then discard.
+		// If the sender exceeds the max header list size by too much,
+		// skip parsing the fragment and close the connection.
+		//
+		// "Too much" is either any CONTINUATION frame after we've already
+		// exceeded the max header list size (in which case remainSize is 0),
+		// or a frame whose encoded size is more than twice the remaining
+		// header list bytes we're willing to accept.
+		if int64(len(frag)) > int64(2*remainSize) {
+			if VerboseLogs {
+				log.Printf("http2: header list too large")
+			}
+			// It would be nice to send a RST_STREAM before sending the GOAWAY,
+			// but the structure of the server's frame writer makes this difficult.
+			return mh, ConnectionError(ErrCodeProtocol)
+		}
+
+		// Also close the connection after any CONTINUATION frame following an
+		// invalid header, since we stop tracking the size of the headers after
+		// an invalid one.
+		if invalid != nil {
+			if VerboseLogs {
+				log.Printf("http2: invalid header: %v", invalid)
+			}
+			// It would be nice to send a RST_STREAM before sending the GOAWAY,
+			// but the structure of the server's frame writer makes this difficult.
+			return mh, ConnectionError(ErrCodeProtocol)
+		}
+
 		if _, err := hdec.Write(frag); err != nil {
-			return nil, ConnectionError(ErrCodeCompression)
+			return mh, ConnectionError(ErrCodeCompression)
 		}
 
 		if hc.HeadersEnded() {
@@ -1595,7 +1628,7 @@ func (fr *Framer) readMetaFrame(hf *HeadersFrame) (*MetaHeadersFrame, error) {
 	mh.HeadersFrame.invalidate()
 
 	if err := hdec.Close(); err != nil {
-		return nil, ConnectionError(ErrCodeCompression)
+		return mh, ConnectionError(ErrCodeCompression)
 	}
 	if invalid != nil {
 		fr.errDetail = invalid
diff --git a/vendor/golang.org/x/net/http2/http2.go b/vendor/golang.org/x/net/http2/http2.go
index 6f2df28187..003e649f30 100644
--- a/vendor/golang.org/x/net/http2/http2.go
+++ b/vendor/golang.org/x/net/http2/http2.go
@@ -17,6 +17,7 @@ package http2 // import "golang.org/x/net/http2"
 
 import (
 	"bufio"
+	"context"
 	"crypto/tls"
 	"fmt"
 	"io"
@@ -26,6 +27,7 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"time"
 
 	"golang.org/x/net/http/httpguts"
 )
@@ -210,12 +212,6 @@ type stringWriter interface {
 	WriteString(s string) (n int, err error)
 }
 
-// A gate lets two goroutines coordinate their activities.
-type gate chan struct{}
-
-func (g gate) Done() { g <- struct{}{} }
-func (g gate) Wait() { <-g }
-
 // A closeWaiter is like a sync.WaitGroup but only goes 1 to 0 (open to closed).
 type closeWaiter chan struct{}
 
@@ -383,3 +379,14 @@ func validPseudoPath(v string) bool {
 // makes that struct also non-comparable, and generally doesn't add
 // any size (as long as it's first).
 type incomparable [0]func()
+
+// synctestGroupInterface is the methods of synctestGroup used by Server and Transport.
+// It's defined as an interface here to let us keep synctestGroup entirely test-only
+// and not a part of non-test builds.
+type synctestGroupInterface interface {
+	Join()
+	Now() time.Time
+	NewTimer(d time.Duration) timer
+	AfterFunc(d time.Duration, f func()) timer
+	ContextWithTimeout(ctx context.Context, d time.Duration) (context.Context, context.CancelFunc)
+}
diff --git a/vendor/golang.org/x/net/http2/pipe.go b/vendor/golang.org/x/net/http2/pipe.go
index 684d984fd9..3b9f06b962 100644
--- a/vendor/golang.org/x/net/http2/pipe.go
+++ b/vendor/golang.org/x/net/http2/pipe.go
@@ -77,7 +77,10 @@ func (p *pipe) Read(d []byte) (n int, err error) {
 	}
 }
 
-var errClosedPipeWrite = errors.New("write on closed buffer")
+var (
+	errClosedPipeWrite        = errors.New("write on closed buffer")
+	errUninitializedPipeWrite = errors.New("write on uninitialized buffer")
+)
 
 // Write copies bytes from p into the buffer and wakes a reader.
 // It is an error to write more data than the buffer can hold.
@@ -91,6 +94,12 @@ func (p *pipe) Write(d []byte) (n int, err error) {
 	if p.err != nil || p.breakErr != nil {
 		return 0, errClosedPipeWrite
 	}
+	// pipe.setBuffer is never invoked, leaving the buffer uninitialized.
+	// We shouldn't try to write to an uninitialized pipe,
+	// but returning an error is better than panicking.
+	if p.b == nil {
+		return 0, errUninitializedPipeWrite
+	}
 	return p.b.Write(d)
 }
 
diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go
index ae94c6408d..6c349f3ec6 100644
--- a/vendor/golang.org/x/net/http2/server.go
+++ b/vendor/golang.org/x/net/http2/server.go
@@ -124,6 +124,7 @@ type Server struct {
 	// IdleTimeout specifies how long until idle clients should be
 	// closed with a GOAWAY frame. PING frames are not considered
 	// activity for the purposes of IdleTimeout.
+	// If zero or negative, there is no timeout.
 	IdleTimeout time.Duration
 
 	// MaxUploadBufferPerConnection is the size of the initial flow
@@ -153,6 +154,39 @@ type Server struct {
 	// so that we don't embed a Mutex in this struct, which will make the
 	// struct non-copyable, which might break some callers.
 	state *serverInternalState
+
+	// Synchronization group used for testing.
+	// Outside of tests, this is nil.
+	group synctestGroupInterface
+}
+
+func (s *Server) markNewGoroutine() {
+	if s.group != nil {
+		s.group.Join()
+	}
+}
+
+func (s *Server) now() time.Time {
+	if s.group != nil {
+		return s.group.Now()
+	}
+	return time.Now()
+}
+
+// newTimer creates a new time.Timer, or a synthetic timer in tests.
+func (s *Server) newTimer(d time.Duration) timer {
+	if s.group != nil {
+		return s.group.NewTimer(d)
+	}
+	return timeTimer{time.NewTimer(d)}
+}
+
+// afterFunc creates a new time.AfterFunc timer, or a synthetic timer in tests.
+func (s *Server) afterFunc(d time.Duration, f func()) timer {
+	if s.group != nil {
+		return s.group.AfterFunc(d, f)
+	}
+	return timeTimer{time.AfterFunc(d, f)}
 }
 
 func (s *Server) initialConnRecvWindowSize() int32 {
@@ -399,6 +433,10 @@ func (o *ServeConnOpts) handler() http.Handler {
 //
 // The opts parameter is optional. If nil, default values are used.
 func (s *Server) ServeConn(c net.Conn, opts *ServeConnOpts) {
+	s.serveConn(c, opts, nil)
+}
+
+func (s *Server) serveConn(c net.Conn, opts *ServeConnOpts, newf func(*serverConn)) {
 	baseCtx, cancel := serverConnBaseContext(c, opts)
 	defer cancel()
 
@@ -425,6 +463,9 @@ func (s *Server) ServeConn(c net.Conn, opts *ServeConnOpts) {
 		pushEnabled:                 true,
 		sawClientPreface:            opts.SawClientPreface,
 	}
+	if newf != nil {
+		newf(sc)
+	}
 
 	s.state.registerConn(sc)
 	defer s.state.unregisterConn(sc)
@@ -434,7 +475,7 @@ func (s *Server) ServeConn(c net.Conn, opts *ServeConnOpts) {
 	// passes the connection off to us with the deadline already set.
 	// Write deadlines are set per stream in serverConn.newStream.
 	// Disarm the net.Conn write deadline here.
-	if sc.hs.WriteTimeout != 0 {
+	if sc.hs.WriteTimeout > 0 {
 		sc.conn.SetWriteDeadline(time.Time{})
 	}
 
@@ -598,8 +639,8 @@ type serverConn struct {
 	inFrameScheduleLoop         bool              // whether we're in the scheduleFrameWrite loop
 	needToSendGoAway            bool              // we need to schedule a GOAWAY frame write
 	goAwayCode                  ErrCode
-	shutdownTimer               *time.Timer // nil until used
-	idleTimer                   *time.Timer // nil if unused
+	shutdownTimer               timer // nil until used
+	idleTimer                   timer // nil if unused
 
 	// Owned by the writeFrameAsync goroutine:
 	headerWriteBuf bytes.Buffer
@@ -648,12 +689,12 @@ type stream struct {
 	flow             outflow // limits writing from Handler to client
 	inflow           inflow  // what the client is allowed to POST/etc to us
 	state            streamState
-	resetQueued      bool        // RST_STREAM queued for write; set by sc.resetStream
-	gotTrailerHeader bool        // HEADER frame for trailers was seen
-	wroteHeaders     bool        // whether we wrote headers (not status 100)
-	readDeadline     *time.Timer // nil if unused
-	writeDeadline    *time.Timer // nil if unused
-	closeErr         error       // set before cw is closed
+	resetQueued      bool  // RST_STREAM queued for write; set by sc.resetStream
+	gotTrailerHeader bool  // HEADER frame for trailers was seen
+	wroteHeaders     bool  // whether we wrote headers (not status 100)
+	readDeadline     timer // nil if unused
+	writeDeadline    timer // nil if unused
+	closeErr         error // set before cw is closed
 
 	trailer    http.Header // accumulated trailers
 	reqTrailer http.Header // handler's Request.Trailer
@@ -731,11 +772,7 @@ func isClosedConnError(err error) bool {
 		return false
 	}
 
-	// TODO: remove this string search and be more like the Windows
-	// case below. That might involve modifying the standard library
-	// to return better error types.
-	str := err.Error()
-	if strings.Contains(str, "use of closed network connection") {
+	if errors.Is(err, net.ErrClosed) {
 		return true
 	}
 
@@ -814,8 +851,9 @@ type readFrameResult struct {
 // consumer is done with the frame.
 // It's run on its own goroutine.
 func (sc *serverConn) readFrames() {
-	gate := make(gate)
-	gateDone := gate.Done
+	sc.srv.markNewGoroutine()
+	gate := make(chan struct{})
+	gateDone := func() { gate <- struct{}{} }
 	for {
 		f, err := sc.framer.ReadFrame()
 		select {
@@ -846,6 +884,7 @@ type frameWriteResult struct {
 // At most one goroutine can be running writeFrameAsync at a time per
 // serverConn.
 func (sc *serverConn) writeFrameAsync(wr FrameWriteRequest, wd *writeData) {
+	sc.srv.markNewGoroutine()
 	var err error
 	if wd == nil {
 		err = wr.write.writeFrame(sc)
@@ -924,14 +963,14 @@ func (sc *serverConn) serve() {
 	sc.setConnState(http.StateActive)
 	sc.setConnState(http.StateIdle)
 
-	if sc.srv.IdleTimeout != 0 {
-		sc.idleTimer = time.AfterFunc(sc.srv.IdleTimeout, sc.onIdleTimer)
+	if sc.srv.IdleTimeout > 0 {
+		sc.idleTimer = sc.srv.afterFunc(sc.srv.IdleTimeout, sc.onIdleTimer)
 		defer sc.idleTimer.Stop()
 	}
 
 	go sc.readFrames() // closed by defer sc.conn.Close above
 
-	settingsTimer := time.AfterFunc(firstSettingsTimeout, sc.onSettingsTimer)
+	settingsTimer := sc.srv.afterFunc(firstSettingsTimeout, sc.onSettingsTimer)
 	defer settingsTimer.Stop()
 
 	loopNum := 0
@@ -1060,10 +1099,10 @@ func (sc *serverConn) readPreface() error {
 			errc <- nil
 		}
 	}()
-	timer := time.NewTimer(prefaceTimeout) // TODO: configurable on *Server?
+	timer := sc.srv.newTimer(prefaceTimeout) // TODO: configurable on *Server?
 	defer timer.Stop()
 	select {
-	case <-timer.C:
+	case <-timer.C():
 		return errPrefaceTimeout
 	case err := <-errc:
 		if err == nil {
@@ -1428,7 +1467,7 @@ func (sc *serverConn) goAway(code ErrCode) {
 
 func (sc *serverConn) shutDownIn(d time.Duration) {
 	sc.serveG.check()
-	sc.shutdownTimer = time.AfterFunc(d, sc.onShutdownTimer)
+	sc.shutdownTimer = sc.srv.afterFunc(d, sc.onShutdownTimer)
 }
 
 func (sc *serverConn) resetStream(se StreamError) {
@@ -1481,6 +1520,11 @@ func (sc *serverConn) processFrameFromReader(res readFrameResult) bool {
 		sc.goAway(ErrCodeFlowControl)
 		return true
 	case ConnectionError:
+		if res.f != nil {
+			if id := res.f.Header().StreamID; id > sc.maxClientStreamID {
+				sc.maxClientStreamID = id
+			}
+		}
 		sc.logf("http2: server connection error from %v: %v", sc.conn.RemoteAddr(), ev)
 		sc.goAway(ErrCode(ev))
 		return true // goAway will handle shutdown
@@ -1637,7 +1681,7 @@ func (sc *serverConn) closeStream(st *stream, err error) {
 	delete(sc.streams, st.id)
 	if len(sc.streams) == 0 {
 		sc.setConnState(http.StateIdle)
-		if sc.srv.IdleTimeout != 0 {
+		if sc.srv.IdleTimeout > 0 && sc.idleTimer != nil {
 			sc.idleTimer.Reset(sc.srv.IdleTimeout)
 		}
 		if h1ServerKeepAlivesDisabled(sc.hs) {
@@ -1659,6 +1703,7 @@ func (sc *serverConn) closeStream(st *stream, err error) {
 		}
 	}
 	st.closeErr = err
+	st.cancelCtx()
 	st.cw.Close() // signals Handler's CloseNotifier, unblocks writes, etc
 	sc.writeSched.CloseStream(st.id)
 }
@@ -2017,9 +2062,9 @@ func (sc *serverConn) processHeaders(f *MetaHeadersFrame) error {
 	// similar to how the http1 server works. Here it's
 	// technically more like the http1 Server's ReadHeaderTimeout
 	// (in Go 1.8), though. That's a more sane option anyway.
-	if sc.hs.ReadTimeout != 0 {
+	if sc.hs.ReadTimeout > 0 {
 		sc.conn.SetReadDeadline(time.Time{})
-		st.readDeadline = time.AfterFunc(sc.hs.ReadTimeout, st.onReadTimeout)
+		st.readDeadline = sc.srv.afterFunc(sc.hs.ReadTimeout, st.onReadTimeout)
 	}
 
 	return sc.scheduleHandler(id, rw, req, handler)
@@ -2038,7 +2083,7 @@ func (sc *serverConn) upgradeRequest(req *http.Request) {
 
 	// Disable any read deadline set by the net/http package
 	// prior to the upgrade.
-	if sc.hs.ReadTimeout != 0 {
+	if sc.hs.ReadTimeout > 0 {
 		sc.conn.SetReadDeadline(time.Time{})
 	}
 
@@ -2116,8 +2161,8 @@ func (sc *serverConn) newStream(id, pusherID uint32, state streamState) *stream
 	st.flow.conn = &sc.flow // link to conn-level counter
 	st.flow.add(sc.initialStreamSendWindowSize)
 	st.inflow.init(sc.srv.initialStreamRecvWindowSize())
-	if sc.hs.WriteTimeout != 0 {
-		st.writeDeadline = time.AfterFunc(sc.hs.WriteTimeout, st.onWriteTimeout)
+	if sc.hs.WriteTimeout > 0 {
+		st.writeDeadline = sc.srv.afterFunc(sc.hs.WriteTimeout, st.onWriteTimeout)
 	}
 
 	sc.streams[id] = st
@@ -2341,6 +2386,7 @@ func (sc *serverConn) handlerDone() {
 
 // Run on its own goroutine.
 func (sc *serverConn) runHandler(rw *responseWriter, req *http.Request, handler func(http.ResponseWriter, *http.Request)) {
+	sc.srv.markNewGoroutine()
 	defer sc.sendServeMsg(handlerDoneMsg)
 	didPanic := true
 	defer func() {
@@ -2637,7 +2683,7 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
 		var date string
 		if _, ok := rws.snapHeader["Date"]; !ok {
 			// TODO(bradfitz): be faster here, like net/http? measure.
-			date = time.Now().UTC().Format(http.TimeFormat)
+			date = rws.conn.srv.now().UTC().Format(http.TimeFormat)
 		}
 
 		for _, v := range rws.snapHeader["Trailer"] {
@@ -2759,7 +2805,7 @@ func (rws *responseWriterState) promoteUndeclaredTrailers() {
 
 func (w *responseWriter) SetReadDeadline(deadline time.Time) error {
 	st := w.rws.stream
-	if !deadline.IsZero() && deadline.Before(time.Now()) {
+	if !deadline.IsZero() && deadline.Before(w.rws.conn.srv.now()) {
 		// If we're setting a deadline in the past, reset the stream immediately
 		// so writes after SetWriteDeadline returns will fail.
 		st.onReadTimeout()
@@ -2775,9 +2821,9 @@ func (w *responseWriter) SetReadDeadline(deadline time.Time) error {
 		if deadline.IsZero() {
 			st.readDeadline = nil
 		} else if st.readDeadline == nil {
-			st.readDeadline = time.AfterFunc(deadline.Sub(time.Now()), st.onReadTimeout)
+			st.readDeadline = sc.srv.afterFunc(deadline.Sub(sc.srv.now()), st.onReadTimeout)
 		} else {
-			st.readDeadline.Reset(deadline.Sub(time.Now()))
+			st.readDeadline.Reset(deadline.Sub(sc.srv.now()))
 		}
 	})
 	return nil
@@ -2785,7 +2831,7 @@ func (w *responseWriter) SetReadDeadline(deadline time.Time) error {
 
 func (w *responseWriter) SetWriteDeadline(deadline time.Time) error {
 	st := w.rws.stream
-	if !deadline.IsZero() && deadline.Before(time.Now()) {
+	if !deadline.IsZero() && deadline.Before(w.rws.conn.srv.now()) {
 		// If we're setting a deadline in the past, reset the stream immediately
 		// so writes after SetWriteDeadline returns will fail.
 		st.onWriteTimeout()
@@ -2801,9 +2847,9 @@ func (w *responseWriter) SetWriteDeadline(deadline time.Time) error {
 		if deadline.IsZero() {
 			st.writeDeadline = nil
 		} else if st.writeDeadline == nil {
-			st.writeDeadline = time.AfterFunc(deadline.Sub(time.Now()), st.onWriteTimeout)
+			st.writeDeadline = sc.srv.afterFunc(deadline.Sub(sc.srv.now()), st.onWriteTimeout)
 		} else {
-			st.writeDeadline.Reset(deadline.Sub(time.Now()))
+			st.writeDeadline.Reset(deadline.Sub(sc.srv.now()))
 		}
 	})
 	return nil
diff --git a/vendor/golang.org/x/net/http2/timer.go b/vendor/golang.org/x/net/http2/timer.go
new file mode 100644
index 0000000000..0b1c17b812
--- /dev/null
+++ b/vendor/golang.org/x/net/http2/timer.go
@@ -0,0 +1,20 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+package http2
+
+import "time"
+
+// A timer is a time.Timer, as an interface which can be replaced in tests.
+type timer = interface {
+	C() <-chan time.Time
+	Reset(d time.Duration) bool
+	Stop() bool
+}
+
+// timeTimer adapts a time.Timer to the timer interface.
+type timeTimer struct {
+	*time.Timer
+}
+
+func (t timeTimer) C() <-chan time.Time { return t.Timer.C }
diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go
index df578b86c6..61f511f97a 100644
--- a/vendor/golang.org/x/net/http2/transport.go
+++ b/vendor/golang.org/x/net/http2/transport.go
@@ -147,6 +147,12 @@ type Transport struct {
 	// waiting for their turn.
 	StrictMaxConcurrentStreams bool
 
+	// IdleConnTimeout is the maximum amount of time an idle
+	// (keep-alive) connection will remain idle before closing
+	// itself.
+	// Zero means no limit.
+	IdleConnTimeout time.Duration
+
 	// ReadIdleTimeout is the timeout after which a health check using ping
 	// frame will be carried out if no frame is received on the connection.
 	// Note that a ping response will is considered a received frame, so if
@@ -178,6 +184,46 @@ type Transport struct {
 
 	connPoolOnce  sync.Once
 	connPoolOrDef ClientConnPool // non-nil version of ConnPool
+
+	*transportTestHooks
+}
+
+// Hook points used for testing.
+// Outside of tests, t.transportTestHooks is nil and these all have minimal implementations.
+// Inside tests, see the testSyncHooks function docs.
+
+type transportTestHooks struct {
+	newclientconn func(*ClientConn)
+	group         synctestGroupInterface
+}
+
+func (t *Transport) markNewGoroutine() {
+	if t != nil && t.transportTestHooks != nil {
+		t.transportTestHooks.group.Join()
+	}
+}
+
+// newTimer creates a new time.Timer, or a synthetic timer in tests.
+func (t *Transport) newTimer(d time.Duration) timer {
+	if t.transportTestHooks != nil {
+		return t.transportTestHooks.group.NewTimer(d)
+	}
+	return timeTimer{time.NewTimer(d)}
+}
+
+// afterFunc creates a new time.AfterFunc timer, or a synthetic timer in tests.
+func (t *Transport) afterFunc(d time.Duration, f func()) timer {
+	if t.transportTestHooks != nil {
+		return t.transportTestHooks.group.AfterFunc(d, f)
+	}
+	return timeTimer{time.AfterFunc(d, f)}
+}
+
+func (t *Transport) contextWithTimeout(ctx context.Context, d time.Duration) (context.Context, context.CancelFunc) {
+	if t.transportTestHooks != nil {
+		return t.transportTestHooks.group.ContextWithTimeout(ctx, d)
+	}
+	return context.WithTimeout(ctx, d)
 }
 
 func (t *Transport) maxHeaderListSize() uint32 {
@@ -302,7 +348,7 @@ type ClientConn struct {
 	readerErr  error         // set before readerDone is closed
 
 	idleTimeout time.Duration // or 0 for never
-	idleTimer   *time.Timer
+	idleTimer   timer
 
 	mu              sync.Mutex // guards following
 	cond            *sync.Cond // hold mu; broadcast on flow/closed changes
@@ -446,6 +492,7 @@ func (cs *clientStream) closeReqBodyLocked() {
 	cs.reqBodyClosed = make(chan struct{})
 	reqBodyClosed := cs.reqBodyClosed
 	go func() {
+		cs.cc.t.markNewGoroutine()
 		cs.reqBody.Close()
 		close(reqBodyClosed)
 	}()
@@ -537,15 +584,6 @@ func authorityAddr(scheme string, authority string) (addr string) {
 	return net.JoinHostPort(host, port)
 }
 
-var retryBackoffHook func(time.Duration) *time.Timer
-
-func backoffNewTimer(d time.Duration) *time.Timer {
-	if retryBackoffHook != nil {
-		return retryBackoffHook(d)
-	}
-	return time.NewTimer(d)
-}
-
 // RoundTripOpt is like RoundTrip, but takes options.
 func (t *Transport) RoundTripOpt(req *http.Request, opt RoundTripOpt) (*http.Response, error) {
 	if !(req.URL.Scheme == "https" || (req.URL.Scheme == "http" && t.AllowHTTP)) {
@@ -573,13 +611,13 @@ func (t *Transport) RoundTripOpt(req *http.Request, opt RoundTripOpt) (*http.Res
 				backoff := float64(uint(1) << (uint(retry) - 1))
 				backoff += backoff * (0.1 * mathrand.Float64())
 				d := time.Second * time.Duration(backoff)
-				timer := backoffNewTimer(d)
+				tm := t.newTimer(d)
 				select {
-				case <-timer.C:
+				case <-tm.C():
 					t.vlogf("RoundTrip retrying after failure: %v", roundTripErr)
 					continue
 				case <-req.Context().Done():
-					timer.Stop()
+					tm.Stop()
 					err = req.Context().Err()
 				}
 			}
@@ -658,6 +696,9 @@ func canRetryError(err error) bool {
 }
 
 func (t *Transport) dialClientConn(ctx context.Context, addr string, singleUse bool) (*ClientConn, error) {
+	if t.transportTestHooks != nil {
+		return t.newClientConn(nil, singleUse)
+	}
 	host, _, err := net.SplitHostPort(addr)
 	if err != nil {
 		return nil, err
@@ -751,9 +792,10 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro
 		pings:                 make(map[[8]byte]chan struct{}),
 		reqHeaderMu:           make(chan struct{}, 1),
 	}
-	if d := t.idleConnTimeout(); d != 0 {
-		cc.idleTimeout = d
-		cc.idleTimer = time.AfterFunc(d, cc.onIdleTimeout)
+	if t.transportTestHooks != nil {
+		t.markNewGoroutine()
+		t.transportTestHooks.newclientconn(cc)
+		c = cc.tconn
 	}
 	if VerboseLogs {
 		t.vlogf("http2: Transport creating client conn %p to %v", cc, c.RemoteAddr())
@@ -785,10 +827,6 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro
 	cc.henc.SetMaxDynamicTableSizeLimit(t.maxEncoderHeaderTableSize())
 	cc.peerMaxHeaderTableSize = initialHeaderTableSize
 
-	if t.AllowHTTP {
-		cc.nextStreamID = 3
-	}
-
 	if cs, ok := c.(connectionStater); ok {
 		state := cs.ConnectionState()
 		cc.tlsState = &state
@@ -818,6 +856,12 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro
 		return nil, cc.werr
 	}
 
+	// Start the idle timer after the connection is fully initialized.
+	if d := t.idleConnTimeout(); d != 0 {
+		cc.idleTimeout = d
+		cc.idleTimer = t.afterFunc(d, cc.onIdleTimeout)
+	}
+
 	go cc.readLoop()
 	return cc, nil
 }
@@ -826,7 +870,7 @@ func (cc *ClientConn) healthCheck() {
 	pingTimeout := cc.t.pingTimeout()
 	// We don't need to periodically ping in the health check, because the readLoop of ClientConn will
 	// trigger the healthCheck again if there is no frame received.
-	ctx, cancel := context.WithTimeout(context.Background(), pingTimeout)
+	ctx, cancel := cc.t.contextWithTimeout(context.Background(), pingTimeout)
 	defer cancel()
 	cc.vlogf("http2: Transport sending health check")
 	err := cc.Ping(ctx)
@@ -861,7 +905,20 @@ func (cc *ClientConn) setGoAway(f *GoAwayFrame) {
 	}
 	last := f.LastStreamID
 	for streamID, cs := range cc.streams {
-		if streamID > last {
+		if streamID <= last {
+			// The server's GOAWAY indicates that it received this stream.
+			// It will either finish processing it, or close the connection
+			// without doing so. Either way, leave the stream alone for now.
+			continue
+		}
+		if streamID == 1 && cc.goAway.ErrCode != ErrCodeNo {
+			// Don't retry the first stream on a connection if we get a non-NO error.
+			// If the server is sending an error on a new connection,
+			// retrying the request on a new one probably isn't going to work.
+			cs.abortStreamLocked(fmt.Errorf("http2: Transport received GOAWAY from server ErrCode:%v", cc.goAway.ErrCode))
+		} else {
+			// Aborting the stream with errClentConnGotGoAway indicates that
+			// the request should be retried on a new connection.
 			cs.abortStreamLocked(errClientConnGotGoAway)
 		}
 	}
@@ -1057,6 +1114,7 @@ func (cc *ClientConn) Shutdown(ctx context.Context) error {
 	done := make(chan struct{})
 	cancelled := false // guarded by cc.mu
 	go func() {
+		cc.t.markNewGoroutine()
 		cc.mu.Lock()
 		defer cc.mu.Unlock()
 		for {
@@ -1215,6 +1273,10 @@ func (cc *ClientConn) decrStreamReservationsLocked() {
 }
 
 func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) {
+	return cc.roundTrip(req, nil)
+}
+
+func (cc *ClientConn) roundTrip(req *http.Request, streamf func(*clientStream)) (*http.Response, error) {
 	ctx := req.Context()
 	cs := &clientStream{
 		cc:                   cc,
@@ -1229,7 +1291,28 @@ func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) {
 		respHeaderRecv:       make(chan struct{}),
 		donec:                make(chan struct{}),
 	}
-	go cs.doRequest(req)
+
+	// TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere?
+	if !cc.t.disableCompression() &&
+		req.Header.Get("Accept-Encoding") == "" &&
+		req.Header.Get("Range") == "" &&
+		!cs.isHead {
+		// Request gzip only, not deflate. Deflate is ambiguous and
+		// not as universally supported anyway.
+		// See: https://zlib.net/zlib_faq.html#faq39
+		//
+		// Note that we don't request this for HEAD requests,
+		// due to a bug in nginx:
+		//   http://trac.nginx.org/nginx/ticket/358
+		//   https://golang.org/issue/5522
+		//
+		// We don't request gzip if the request is for a range, since
+		// auto-decoding a portion of a gzipped document will just fail
+		// anyway. See https://golang.org/issue/8923
+		cs.requestedGzip = true
+	}
+
+	go cs.doRequest(req, streamf)
 
 	waitDone := func() error {
 		select {
@@ -1322,8 +1405,9 @@ func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) {
 // doRequest runs for the duration of the request lifetime.
 //
 // It sends the request and performs post-request cleanup (closing Request.Body, etc.).
-func (cs *clientStream) doRequest(req *http.Request) {
-	err := cs.writeRequest(req)
+func (cs *clientStream) doRequest(req *http.Request, streamf func(*clientStream)) {
+	cs.cc.t.markNewGoroutine()
+	err := cs.writeRequest(req, streamf)
 	cs.cleanupWriteRequest(err)
 }
 
@@ -1334,7 +1418,7 @@ func (cs *clientStream) doRequest(req *http.Request) {
 //
 // It returns non-nil if the request ends otherwise.
 // If the returned error is StreamError, the error Code may be used in resetting the stream.
-func (cs *clientStream) writeRequest(req *http.Request) (err error) {
+func (cs *clientStream) writeRequest(req *http.Request, streamf func(*clientStream)) (err error) {
 	cc := cs.cc
 	ctx := cs.ctx
 
@@ -1372,24 +1456,8 @@ func (cs *clientStream) writeRequest(req *http.Request) (err error) {
 	}
 	cc.mu.Unlock()
 
-	// TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere?
-	if !cc.t.disableCompression() &&
-		req.Header.Get("Accept-Encoding") == "" &&
-		req.Header.Get("Range") == "" &&
-		!cs.isHead {
-		// Request gzip only, not deflate. Deflate is ambiguous and
-		// not as universally supported anyway.
-		// See: https://zlib.net/zlib_faq.html#faq39
-		//
-		// Note that we don't request this for HEAD requests,
-		// due to a bug in nginx:
-		//   http://trac.nginx.org/nginx/ticket/358
-		//   https://golang.org/issue/5522
-		//
-		// We don't request gzip if the request is for a range, since
-		// auto-decoding a portion of a gzipped document will just fail
-		// anyway. See https://golang.org/issue/8923
-		cs.requestedGzip = true
+	if streamf != nil {
+		streamf(cs)
 	}
 
 	continueTimeout := cc.t.expectContinueTimeout()
@@ -1452,9 +1520,9 @@ func (cs *clientStream) writeRequest(req *http.Request) (err error) {
 	var respHeaderTimer <-chan time.Time
 	var respHeaderRecv chan struct{}
 	if d := cc.responseHeaderTimeout(); d != 0 {
-		timer := time.NewTimer(d)
+		timer := cc.t.newTimer(d)
 		defer timer.Stop()
-		respHeaderTimer = timer.C
+		respHeaderTimer = timer.C()
 		respHeaderRecv = cs.respHeaderRecv
 	}
 	// Wait until the peer half-closes its end of the stream,
@@ -1875,6 +1943,22 @@ func (cs *clientStream) awaitFlowControl(maxBytes int) (taken int32, err error)
 	}
 }
 
+func validateHeaders(hdrs http.Header) string {
+	for k, vv := range hdrs {
+		if !httpguts.ValidHeaderFieldName(k) {
+			return fmt.Sprintf("name %q", k)
+		}
+		for _, v := range vv {
+			if !httpguts.ValidHeaderFieldValue(v) {
+				// Don't include the value in the error,
+				// because it may be sensitive.
+				return fmt.Sprintf("value for header %q", k)
+			}
+		}
+	}
+	return ""
+}
+
 var errNilRequestURL = errors.New("http2: Request.URI is nil")
 
 // requires cc.wmu be held.
@@ -1912,19 +1996,14 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail
 		}
 	}
 
-	// Check for any invalid headers and return an error before we
+	// Check for any invalid headers+trailers and return an error before we
 	// potentially pollute our hpack state. (We want to be able to
 	// continue to reuse the hpack encoder for future requests)
-	for k, vv := range req.Header {
-		if !httpguts.ValidHeaderFieldName(k) {
-			return nil, fmt.Errorf("invalid HTTP header name %q", k)
-		}
-		for _, v := range vv {
-			if !httpguts.ValidHeaderFieldValue(v) {
-				// Don't include the value in the error, because it may be sensitive.
-				return nil, fmt.Errorf("invalid HTTP header value for header %q", k)
-			}
-		}
+	if err := validateHeaders(req.Header); err != "" {
+		return nil, fmt.Errorf("invalid HTTP header %s", err)
+	}
+	if err := validateHeaders(req.Trailer); err != "" {
+		return nil, fmt.Errorf("invalid HTTP trailer %s", err)
 	}
 
 	enumerateHeaders := func(f func(name, value string)) {
@@ -2165,6 +2244,7 @@ type clientConnReadLoop struct {
 
 // readLoop runs in its own goroutine and reads and dispatches frames.
 func (cc *ClientConn) readLoop() {
+	cc.t.markNewGoroutine()
 	rl := &clientConnReadLoop{cc: cc}
 	defer rl.cleanup()
 	cc.readerErr = rl.run()
@@ -2266,10 +2346,9 @@ func (rl *clientConnReadLoop) run() error {
 	cc := rl.cc
 	gotSettings := false
 	readIdleTimeout := cc.t.ReadIdleTimeout
-	var t *time.Timer
+	var t timer
 	if readIdleTimeout != 0 {
-		t = time.AfterFunc(readIdleTimeout, cc.healthCheck)
-		defer t.Stop()
+		t = cc.t.afterFunc(readIdleTimeout, cc.healthCheck)
 	}
 	for {
 		f, err := cc.fr.ReadFrame()
@@ -2684,7 +2763,7 @@ func (rl *clientConnReadLoop) processData(f *DataFrame) error {
 		})
 		return nil
 	}
-	if !cs.firstByte {
+	if !cs.pastHeaders {
 		cc.logf("protocol error: received DATA before a HEADERS frame")
 		rl.endStreamError(cs, StreamError{
 			StreamID: f.StreamID,
@@ -2911,6 +2990,15 @@ func (rl *clientConnReadLoop) processWindowUpdate(f *WindowUpdateFrame) error {
 		fl = &cs.flow
 	}
 	if !fl.add(int32(f.Increment)) {
+		// For stream, the sender sends RST_STREAM with an error code of FLOW_CONTROL_ERROR
+		if cs != nil {
+			rl.endStreamError(cs, StreamError{
+				StreamID: f.StreamID,
+				Code:     ErrCodeFlowControl,
+			})
+			return nil
+		}
+
 		return ConnectionError(ErrCodeFlowControl)
 	}
 	cc.cond.Broadcast()
@@ -2955,24 +3043,26 @@ func (cc *ClientConn) Ping(ctx context.Context) error {
 		}
 		cc.mu.Unlock()
 	}
-	errc := make(chan error, 1)
+	var pingError error
+	errc := make(chan struct{})
 	go func() {
+		cc.t.markNewGoroutine()
 		cc.wmu.Lock()
 		defer cc.wmu.Unlock()
-		if err := cc.fr.WritePing(false, p); err != nil {
-			errc <- err
+		if pingError = cc.fr.WritePing(false, p); pingError != nil {
+			close(errc)
 			return
 		}
-		if err := cc.bw.Flush(); err != nil {
-			errc <- err
+		if pingError = cc.bw.Flush(); pingError != nil {
+			close(errc)
 			return
 		}
 	}()
 	select {
 	case <-c:
 		return nil
-	case err := <-errc:
-		return err
+	case <-errc:
+		return pingError
 	case <-ctx.Done():
 		return ctx.Err()
 	case <-cc.readerDone:
@@ -3141,9 +3231,17 @@ func (rt noDialH2RoundTripper) RoundTrip(req *http.Request) (*http.Response, err
 }
 
 func (t *Transport) idleConnTimeout() time.Duration {
+	// to keep things backwards compatible, we use non-zero values of
+	// IdleConnTimeout, followed by using the IdleConnTimeout on the underlying
+	// http1 transport, followed by 0
+	if t.IdleConnTimeout != 0 {
+		return t.IdleConnTimeout
+	}
+
 	if t.t1 != nil {
 		return t.t1.IdleConnTimeout
 	}
+
 	return 0
 }
 
diff --git a/vendor/golang.org/x/net/http2/writesched_priority.go b/vendor/golang.org/x/net/http2/writesched_priority.go
index 0a242c669e..f6783339d1 100644
--- a/vendor/golang.org/x/net/http2/writesched_priority.go
+++ b/vendor/golang.org/x/net/http2/writesched_priority.go
@@ -443,8 +443,8 @@ func (ws *priorityWriteScheduler) addClosedOrIdleNode(list *[]*priorityNode, max
 }
 
 func (ws *priorityWriteScheduler) removeNode(n *priorityNode) {
-	for k := n.kids; k != nil; k = k.next {
-		k.setParent(n.parent)
+	for n.kids != nil {
+		n.kids.setParent(n.parent)
 	}
 	n.setParent(nil)
 	delete(ws.nodes, n.id)
diff --git a/vendor/golang.org/x/net/proxy/per_host.go b/vendor/golang.org/x/net/proxy/per_host.go
index 573fe79e86..d7d4b8b6e3 100644
--- a/vendor/golang.org/x/net/proxy/per_host.go
+++ b/vendor/golang.org/x/net/proxy/per_host.go
@@ -137,9 +137,7 @@ func (p *PerHost) AddNetwork(net *net.IPNet) {
 // AddZone specifies a DNS suffix that will use the bypass proxy. A zone of
 // "example.com" matches "example.com" and all of its subdomains.
 func (p *PerHost) AddZone(zone string) {
-	if strings.HasSuffix(zone, ".") {
-		zone = zone[:len(zone)-1]
-	}
+	zone = strings.TrimSuffix(zone, ".")
 	if !strings.HasPrefix(zone, ".") {
 		zone = "." + zone
 	}
@@ -148,8 +146,6 @@ func (p *PerHost) AddZone(zone string) {
 
 // AddHost specifies a host name that will use the bypass proxy.
 func (p *PerHost) AddHost(host string) {
-	if strings.HasSuffix(host, ".") {
-		host = host[:len(host)-1]
-	}
+	host = strings.TrimSuffix(host, ".")
 	p.bypassHosts = append(p.bypassHosts, host)
 }
diff --git a/vendor/golang.org/x/oauth2/internal/client_appengine.go b/vendor/golang.org/x/oauth2/internal/client_appengine.go
deleted file mode 100644
index d28140f789..0000000000
--- a/vendor/golang.org/x/oauth2/internal/client_appengine.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build appengine
-
-package internal
-
-import "google.golang.org/appengine/urlfetch"
-
-func init() {
-	appengineClientHook = urlfetch.Client
-}
diff --git a/vendor/golang.org/x/oauth2/internal/transport.go b/vendor/golang.org/x/oauth2/internal/transport.go
index 572074a637..b9db01ddfd 100644
--- a/vendor/golang.org/x/oauth2/internal/transport.go
+++ b/vendor/golang.org/x/oauth2/internal/transport.go
@@ -18,16 +18,11 @@ var HTTPClient ContextKey
 // because nobody else can create a ContextKey, being unexported.
 type ContextKey struct{}
 
-var appengineClientHook func(context.Context) *http.Client
-
 func ContextClient(ctx context.Context) *http.Client {
 	if ctx != nil {
 		if hc, ok := ctx.Value(HTTPClient).(*http.Client); ok {
 			return hc
 		}
 	}
-	if appengineClientHook != nil {
-		return appengineClientHook(ctx)
-	}
 	return http.DefaultClient
 }
diff --git a/vendor/golang.org/x/oauth2/oauth2.go b/vendor/golang.org/x/oauth2/oauth2.go
index 90a2c3d6dc..09f6a49b80 100644
--- a/vendor/golang.org/x/oauth2/oauth2.go
+++ b/vendor/golang.org/x/oauth2/oauth2.go
@@ -393,7 +393,7 @@ func ReuseTokenSource(t *Token, src TokenSource) TokenSource {
 	}
 }
 
-// ReuseTokenSource returns a TokenSource that acts in the same manner as the
+// ReuseTokenSourceWithExpiry returns a TokenSource that acts in the same manner as the
 // TokenSource returned by ReuseTokenSource, except the expiry buffer is
 // configurable. The expiration time of a token is calculated as
 // t.Expiry.Add(-earlyExpiry).
diff --git a/vendor/golang.org/x/sys/unix/aliases.go b/vendor/golang.org/x/sys/unix/aliases.go
index e7d3df4bd3..b0e4198575 100644
--- a/vendor/golang.org/x/sys/unix/aliases.go
+++ b/vendor/golang.org/x/sys/unix/aliases.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
index 2f67ba86d5..813dfad7d2 100644
--- a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
+++ b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
@@ -9,9 +9,11 @@
 #define PSALAA            1208(R0)
 #define GTAB64(x)           80(x)
 #define LCA64(x)            88(x)
+#define SAVSTACK_ASYNC(x)  336(x) // in the LCA
 #define CAA(x)               8(x)
-#define EDCHPXV(x)        1016(x)       // in the CAA
-#define SAVSTACK_ASYNC(x)  336(x)       // in the LCA
+#define CEECAATHDID(x)     976(x) // in the CAA
+#define EDCHPXV(x)        1016(x) // in the CAA
+#define GOCB(x)           1104(x) // in the CAA
 
 // SS_*, where x=SAVSTACK_ASYNC
 #define SS_LE(x)             0(x)
@@ -19,405 +21,362 @@
 #define SS_ERRNO(x)         16(x)
 #define SS_ERRNOJR(x)       20(x)
 
-#define LE_CALL BYTE $0x0D; BYTE $0x76; // BL R7, R6
+// Function Descriptor Offsets
+#define __errno  0x156*16
+#define __err2ad 0x16C*16
 
-TEXT ·clearErrno(SB),NOSPLIT,$0-0
-	BL	addrerrno<>(SB)
-	MOVD	$0, 0(R3)
+// Call Instructions
+#define LE_CALL    BYTE $0x0D; BYTE $0x76 // BL R7, R6
+#define SVC_LOAD   BYTE $0x0A; BYTE $0x08 // SVC 08 LOAD
+#define SVC_DELETE BYTE $0x0A; BYTE $0x09 // SVC 09 DELETE
+
+DATA zosLibVec<>(SB)/8, $0
+GLOBL zosLibVec<>(SB), NOPTR, $8
+
+TEXT ·initZosLibVec(SB), NOSPLIT|NOFRAME, $0-0
+	MOVW PSALAA, R8
+	MOVD LCA64(R8), R8
+	MOVD CAA(R8), R8
+	MOVD EDCHPXV(R8), R8
+	MOVD R8, zosLibVec<>(SB)
+	RET
+
+TEXT ·GetZosLibVec(SB), NOSPLIT|NOFRAME, $0-0
+	MOVD zosLibVec<>(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·clearErrno(SB), NOSPLIT, $0-0
+	BL   addrerrno<>(SB)
+	MOVD $0, 0(R3)
 	RET
 
 // Returns the address of errno in R3.
-TEXT addrerrno<>(SB),NOSPLIT|NOFRAME,$0-0
+TEXT addrerrno<>(SB), NOSPLIT|NOFRAME, $0-0
 	// Get library control area (LCA).
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
+	MOVW PSALAA, R8
+	MOVD LCA64(R8), R8
 
 	// Get __errno FuncDesc.
-	MOVD	CAA(R8), R9
-	MOVD	EDCHPXV(R9), R9
-	ADD	$(0x156*16), R9
-	LMG	0(R9), R5, R6
+	MOVD CAA(R8), R9
+	MOVD EDCHPXV(R9), R9
+	ADD  $(__errno), R9
+	LMG  0(R9), R5, R6
 
 	// Switch to saved LE stack.
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R4
-	MOVD	$0, 0(R9)
+	MOVD SAVSTACK_ASYNC(R8), R9
+	MOVD 0(R9), R4
+	MOVD $0, 0(R9)
 
 	// Call __errno function.
 	LE_CALL
 	NOPH
 
 	// Switch back to Go stack.
-	XOR	R0, R0      // Restore R0 to $0.
-	MOVD	R4, 0(R9)   // Save stack pointer.
+	XOR  R0, R0    // Restore R0 to $0.
+	MOVD R4, 0(R9) // Save stack pointer.
 	RET
 
-TEXT ·syscall_syscall(SB),NOSPLIT,$0-56
-	BL	runtime·entersyscall(SB)
-	MOVD	a1+8(FP), R1
-	MOVD	a2+16(FP), R2
-	MOVD	a3+24(FP), R3
+// func svcCall(fnptr unsafe.Pointer, argv *unsafe.Pointer, dsa *uint64)
+TEXT ·svcCall(SB), NOSPLIT, $0
+	BL   runtime·save_g(SB)     // Save g and stack pointer
+	MOVW PSALAA, R8
+	MOVD LCA64(R8), R8
+	MOVD SAVSTACK_ASYNC(R8), R9
+	MOVD R15, 0(R9)
 
-	// Get library control area (LCA).
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
+	MOVD argv+8(FP), R1   // Move function arguments into registers
+	MOVD dsa+16(FP), g
+	MOVD fnptr+0(FP), R15
 
-	// Get function.
-	MOVD	CAA(R8), R9
-	MOVD	EDCHPXV(R9), R9
-	MOVD	trap+0(FP), R5
-	SLD	$4, R5
-	ADD	R5, R9
-	LMG	0(R9), R5, R6
+	BYTE $0x0D // Branch to function
+	BYTE $0xEF
 
-	// Restore LE stack.
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R4
-	MOVD	$0, 0(R9)
+	BL   runtime·load_g(SB)     // Restore g and stack pointer
+	MOVW PSALAA, R8
+	MOVD LCA64(R8), R8
+	MOVD SAVSTACK_ASYNC(R8), R9
+	MOVD 0(R9), R15
 
-	// Call function.
-	LE_CALL
-	NOPH
-	XOR	R0, R0      // Restore R0 to $0.
-	MOVD	R4, 0(R9)   // Save stack pointer.
-
-	MOVD	R3, r1+32(FP)
-	MOVD	R0, r2+40(FP)
-	MOVD	R0, err+48(FP)
-	MOVW	R3, R4
-	CMP	R4, $-1
-	BNE	done
-	BL	addrerrno<>(SB)
-	MOVWZ	0(R3), R3
-	MOVD	R3, err+48(FP)
-done:
-	BL	runtime·exitsyscall(SB)
 	RET
 
-TEXT ·syscall_rawsyscall(SB),NOSPLIT,$0-56
-	MOVD	a1+8(FP), R1
-	MOVD	a2+16(FP), R2
-	MOVD	a3+24(FP), R3
-
-	// Get library control area (LCA).
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
-
-	// Get function.
-	MOVD	CAA(R8), R9
-	MOVD	EDCHPXV(R9), R9
-	MOVD	trap+0(FP), R5
-	SLD	$4, R5
-	ADD	R5, R9
-	LMG	0(R9), R5, R6
+// func svcLoad(name *byte) unsafe.Pointer
+TEXT ·svcLoad(SB), NOSPLIT, $0
+	MOVD R15, R2         // Save go stack pointer
+	MOVD name+0(FP), R0  // Move SVC args into registers
+	MOVD $0x80000000, R1
+	MOVD $0, R15
+	SVC_LOAD
+	MOVW R15, R3         // Save return code from SVC
+	MOVD R2, R15         // Restore go stack pointer
+	CMP  R3, $0          // Check SVC return code
+	BNE  error
+
+	MOVD $-2, R3       // Reset last bit of entry point to zero
+	AND  R0, R3
+	MOVD R3, ret+8(FP) // Return entry point returned by SVC
+	CMP  R0, R3        // Check if last bit of entry point was set
+	BNE  done
+
+	MOVD R15, R2 // Save go stack pointer
+	MOVD $0, R15 // Move SVC args into registers (entry point still in r0 from SVC 08)
+	SVC_DELETE
+	MOVD R2, R15 // Restore go stack pointer
 
-	// Restore LE stack.
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R4
-	MOVD	$0, 0(R9)
+error:
+	MOVD $0, ret+8(FP) // Return 0 on failure
 
-	// Call function.
-	LE_CALL
-	NOPH
-	XOR	R0, R0      // Restore R0 to $0.
-	MOVD	R4, 0(R9)   // Save stack pointer.
-
-	MOVD	R3, r1+32(FP)
-	MOVD	R0, r2+40(FP)
-	MOVD	R0, err+48(FP)
-	MOVW	R3, R4
-	CMP	R4, $-1
-	BNE	done
-	BL	addrerrno<>(SB)
-	MOVWZ	0(R3), R3
-	MOVD	R3, err+48(FP)
 done:
+	XOR R0, R0 // Reset r0 to 0
 	RET
 
-TEXT ·syscall_syscall6(SB),NOSPLIT,$0-80
-	BL	runtime·entersyscall(SB)
-	MOVD	a1+8(FP), R1
-	MOVD	a2+16(FP), R2
-	MOVD	a3+24(FP), R3
+// func svcUnload(name *byte, fnptr unsafe.Pointer) int64
+TEXT ·svcUnload(SB), NOSPLIT, $0
+	MOVD R15, R2          // Save go stack pointer
+	MOVD name+0(FP), R0   // Move SVC args into registers
+	MOVD fnptr+8(FP), R15
+	SVC_DELETE
+	XOR  R0, R0           // Reset r0 to 0
+	MOVD R15, R1          // Save SVC return code
+	MOVD R2, R15          // Restore go stack pointer
+	MOVD R1, ret+16(FP)   // Return SVC return code
+	RET
 
+// func gettid() uint64
+TEXT ·gettid(SB), NOSPLIT, $0
 	// Get library control area (LCA).
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
+	MOVW PSALAA, R8
+	MOVD LCA64(R8), R8
 
-	// Get function.
-	MOVD	CAA(R8), R9
-	MOVD	EDCHPXV(R9), R9
-	MOVD	trap+0(FP), R5
-	SLD	$4, R5
-	ADD	R5, R9
-	LMG	0(R9), R5, R6
+	// Get CEECAATHDID
+	MOVD CAA(R8), R9
+	MOVD CEECAATHDID(R9), R9
+	MOVD R9, ret+0(FP)
 
-	// Restore LE stack.
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R4
-	MOVD	$0, 0(R9)
-
-	// Fill in parameter list.
-	MOVD	a4+32(FP), R12
-	MOVD	R12, (2176+24)(R4)
-	MOVD	a5+40(FP), R12
-	MOVD	R12, (2176+32)(R4)
-	MOVD	a6+48(FP), R12
-	MOVD	R12, (2176+40)(R4)
-
-	// Call function.
-	LE_CALL
-	NOPH
-	XOR	R0, R0      // Restore R0 to $0.
-	MOVD	R4, 0(R9)   // Save stack pointer.
-
-	MOVD	R3, r1+56(FP)
-	MOVD	R0, r2+64(FP)
-	MOVD	R0, err+72(FP)
-	MOVW	R3, R4
-	CMP	R4, $-1
-	BNE	done
-	BL	addrerrno<>(SB)
-	MOVWZ	0(R3), R3
-	MOVD	R3, err+72(FP)
-done:
-	BL	runtime·exitsyscall(SB)
 	RET
 
-TEXT ·syscall_rawsyscall6(SB),NOSPLIT,$0-80
-	MOVD	a1+8(FP), R1
-	MOVD	a2+16(FP), R2
-	MOVD	a3+24(FP), R3
-
-	// Get library control area (LCA).
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
-
-	// Get function.
-	MOVD	CAA(R8), R9
-	MOVD	EDCHPXV(R9), R9
-	MOVD	trap+0(FP), R5
-	SLD	$4, R5
-	ADD	R5, R9
-	LMG	0(R9), R5, R6
+//
+// Call LE function, if the return is -1
+// errno and errno2 is retrieved
+//
+TEXT ·CallLeFuncWithErr(SB), NOSPLIT, $0
+	MOVW PSALAA, R8
+	MOVD LCA64(R8), R8
+	MOVD CAA(R8), R9
+	MOVD g, GOCB(R9)
 
 	// Restore LE stack.
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R4
-	MOVD	$0, 0(R9)
-
-	// Fill in parameter list.
-	MOVD	a4+32(FP), R12
-	MOVD	R12, (2176+24)(R4)
-	MOVD	a5+40(FP), R12
-	MOVD	R12, (2176+32)(R4)
-	MOVD	a6+48(FP), R12
-	MOVD	R12, (2176+40)(R4)
-
-	// Call function.
-	LE_CALL
+	MOVD SAVSTACK_ASYNC(R8), R9 // R9-> LE stack frame saving address
+	MOVD 0(R9), R4              // R4-> restore previously saved stack frame pointer
+
+	MOVD parms_base+8(FP), R7 // R7 -> argument array
+	MOVD parms_len+16(FP), R8 // R8 number of arguments
+
+	//  arg 1 ---> R1
+	CMP  R8, $0
+	BEQ  docall
+	SUB  $1, R8
+	MOVD 0(R7), R1
+
+	//  arg 2 ---> R2
+	CMP  R8, $0
+	BEQ  docall
+	SUB  $1, R8
+	ADD  $8, R7
+	MOVD 0(R7), R2
+
+	//  arg 3 --> R3
+	CMP  R8, $0
+	BEQ  docall
+	SUB  $1, R8
+	ADD  $8, R7
+	MOVD 0(R7), R3
+
+	CMP  R8, $0
+	BEQ  docall
+	MOVD $2176+16, R6 // starting LE stack address-8 to store 4th argument
+
+repeat:
+	ADD  $8, R7
+	MOVD 0(R7), R0      // advance arg pointer by 8 byte
+	ADD  $8, R6         // advance LE argument address by 8 byte
+	MOVD R0, (R4)(R6*1) // copy argument from go-slice to le-frame
+	SUB  $1, R8
+	CMP  R8, $0
+	BNE  repeat
+
+docall:
+	MOVD funcdesc+0(FP), R8 // R8-> function descriptor
+	LMG  0(R8), R5, R6
+	MOVD $0, 0(R9)          // R9 address of SAVSTACK_ASYNC
+	LE_CALL                 // balr R7, R6 (return #1)
+	NOPH
+	MOVD R3, ret+32(FP)
+	CMP  R3, $-1            // compare result to -1
+	BNE  done
+
+	// retrieve errno and errno2
+	MOVD  zosLibVec<>(SB), R8
+	ADD   $(__errno), R8
+	LMG   0(R8), R5, R6
+	LE_CALL                   // balr R7, R6 __errno (return #3)
 	NOPH
-	XOR	R0, R0      // Restore R0 to $0.
-	MOVD	R4, 0(R9)   // Save stack pointer.
-
-	MOVD	R3, r1+56(FP)
-	MOVD	R0, r2+64(FP)
-	MOVD	R0, err+72(FP)
-	MOVW	R3, R4
-	CMP	R4, $-1
-	BNE	done
-	BL	·rrno<>(SB)
-	MOVWZ	0(R3), R3
-	MOVD	R3, err+72(FP)
+	MOVWZ 0(R3), R3
+	MOVD  R3, err+48(FP)
+	MOVD  zosLibVec<>(SB), R8
+	ADD   $(__err2ad), R8
+	LMG   0(R8), R5, R6
+	LE_CALL                   // balr R7, R6 __err2ad (return #2)
+	NOPH
+	MOVW  (R3), R2            // retrieve errno2
+	MOVD  R2, errno2+40(FP)   // store in return area
+
 done:
+	MOVD R4, 0(R9)            // Save stack pointer.
 	RET
 
-TEXT ·syscall_syscall9(SB),NOSPLIT,$0
-	BL	runtime·entersyscall(SB)
-	MOVD	a1+8(FP), R1
-	MOVD	a2+16(FP), R2
-	MOVD	a3+24(FP), R3
-
-	// Get library control area (LCA).
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
-
-	// Get function.
-	MOVD	CAA(R8), R9
-	MOVD	EDCHPXV(R9), R9
-	MOVD	trap+0(FP), R5
-	SLD	$4, R5
-	ADD	R5, R9
-	LMG	0(R9), R5, R6
+//
+// Call LE function, if the return is 0
+// errno and errno2 is retrieved
+//
+TEXT ·CallLeFuncWithPtrReturn(SB), NOSPLIT, $0
+	MOVW PSALAA, R8
+	MOVD LCA64(R8), R8
+	MOVD CAA(R8), R9
+	MOVD g, GOCB(R9)
 
 	// Restore LE stack.
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R4
-	MOVD	$0, 0(R9)
-
-	// Fill in parameter list.
-	MOVD	a4+32(FP), R12
-	MOVD	R12, (2176+24)(R4)
-	MOVD	a5+40(FP), R12
-	MOVD	R12, (2176+32)(R4)
-	MOVD	a6+48(FP), R12
-	MOVD	R12, (2176+40)(R4)
-	MOVD	a7+56(FP), R12
-	MOVD	R12, (2176+48)(R4)
-	MOVD	a8+64(FP), R12
-	MOVD	R12, (2176+56)(R4)
-	MOVD	a9+72(FP), R12
-	MOVD	R12, (2176+64)(R4)
-
-	// Call function.
-	LE_CALL
+	MOVD SAVSTACK_ASYNC(R8), R9 // R9-> LE stack frame saving address
+	MOVD 0(R9), R4              // R4-> restore previously saved stack frame pointer
+
+	MOVD parms_base+8(FP), R7 // R7 -> argument array
+	MOVD parms_len+16(FP), R8 // R8 number of arguments
+
+	//  arg 1 ---> R1
+	CMP  R8, $0
+	BEQ  docall
+	SUB  $1, R8
+	MOVD 0(R7), R1
+
+	//  arg 2 ---> R2
+	CMP  R8, $0
+	BEQ  docall
+	SUB  $1, R8
+	ADD  $8, R7
+	MOVD 0(R7), R2
+
+	//  arg 3 --> R3
+	CMP  R8, $0
+	BEQ  docall
+	SUB  $1, R8
+	ADD  $8, R7
+	MOVD 0(R7), R3
+
+	CMP  R8, $0
+	BEQ  docall
+	MOVD $2176+16, R6 // starting LE stack address-8 to store 4th argument
+
+repeat:
+	ADD  $8, R7
+	MOVD 0(R7), R0      // advance arg pointer by 8 byte
+	ADD  $8, R6         // advance LE argument address by 8 byte
+	MOVD R0, (R4)(R6*1) // copy argument from go-slice to le-frame
+	SUB  $1, R8
+	CMP  R8, $0
+	BNE  repeat
+
+docall:
+	MOVD funcdesc+0(FP), R8 // R8-> function descriptor
+	LMG  0(R8), R5, R6
+	MOVD $0, 0(R9)          // R9 address of SAVSTACK_ASYNC
+	LE_CALL                 // balr R7, R6 (return #1)
 	NOPH
-	XOR	R0, R0      // Restore R0 to $0.
-	MOVD	R4, 0(R9)   // Save stack pointer.
-
-	MOVD	R3, r1+80(FP)
-	MOVD	R0, r2+88(FP)
-	MOVD	R0, err+96(FP)
-	MOVW	R3, R4
-	CMP	R4, $-1
-	BNE	done
-	BL	addrerrno<>(SB)
-	MOVWZ	0(R3), R3
-	MOVD	R3, err+96(FP)
-done:
-        BL	runtime·exitsyscall(SB)
-        RET
-
-TEXT ·syscall_rawsyscall9(SB),NOSPLIT,$0
-	MOVD	a1+8(FP), R1
-	MOVD	a2+16(FP), R2
-	MOVD	a3+24(FP), R3
-
-	// Get library control area (LCA).
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
-
-	// Get function.
-	MOVD	CAA(R8), R9
-	MOVD	EDCHPXV(R9), R9
-	MOVD	trap+0(FP), R5
-	SLD	$4, R5
-	ADD	R5, R9
-	LMG	0(R9), R5, R6
-
-	// Restore LE stack.
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R4
-	MOVD	$0, 0(R9)
-
-	// Fill in parameter list.
-	MOVD	a4+32(FP), R12
-	MOVD	R12, (2176+24)(R4)
-	MOVD	a5+40(FP), R12
-	MOVD	R12, (2176+32)(R4)
-	MOVD	a6+48(FP), R12
-	MOVD	R12, (2176+40)(R4)
-	MOVD	a7+56(FP), R12
-	MOVD	R12, (2176+48)(R4)
-	MOVD	a8+64(FP), R12
-	MOVD	R12, (2176+56)(R4)
-	MOVD	a9+72(FP), R12
-	MOVD	R12, (2176+64)(R4)
-
-	// Call function.
-	LE_CALL
+	MOVD R3, ret+32(FP)
+	CMP  R3, $0             // compare result to 0
+	BNE  done
+
+	// retrieve errno and errno2
+	MOVD  zosLibVec<>(SB), R8
+	ADD   $(__errno), R8
+	LMG   0(R8), R5, R6
+	LE_CALL                   // balr R7, R6 __errno (return #3)
 	NOPH
-	XOR	R0, R0      // Restore R0 to $0.
-	MOVD	R4, 0(R9)   // Save stack pointer.
-
-	MOVD	R3, r1+80(FP)
-	MOVD	R0, r2+88(FP)
-	MOVD	R0, err+96(FP)
-	MOVW	R3, R4
-	CMP	R4, $-1
-	BNE	done
-	BL	addrerrno<>(SB)
-	MOVWZ	0(R3), R3
-	MOVD	R3, err+96(FP)
-done:
-	RET
-
-// func svcCall(fnptr unsafe.Pointer, argv *unsafe.Pointer, dsa *uint64)
-TEXT ·svcCall(SB),NOSPLIT,$0
-	BL	runtime·save_g(SB)   // Save g and stack pointer
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	R15, 0(R9)
-
-	MOVD	argv+8(FP), R1       // Move function arguments into registers
-	MOVD	dsa+16(FP), g
-	MOVD	fnptr+0(FP), R15
-
-	BYTE	$0x0D                // Branch to function
-	BYTE	$0xEF
-
-	BL	runtime·load_g(SB)   // Restore g and stack pointer
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R15
-
-	RET
-
-// func svcLoad(name *byte) unsafe.Pointer
-TEXT ·svcLoad(SB),NOSPLIT,$0
-	MOVD	R15, R2          // Save go stack pointer
-	MOVD	name+0(FP), R0   // Move SVC args into registers
-	MOVD	$0x80000000, R1
-	MOVD	$0, R15
-	BYTE	$0x0A            // SVC 08 LOAD
-	BYTE	$0x08
-	MOVW	R15, R3          // Save return code from SVC
-	MOVD	R2, R15          // Restore go stack pointer
-	CMP	R3, $0           // Check SVC return code
-	BNE	error
-
-	MOVD	$-2, R3          // Reset last bit of entry point to zero
-	AND	R0, R3
-	MOVD	R3, addr+8(FP)   // Return entry point returned by SVC
-	CMP	R0, R3           // Check if last bit of entry point was set
-	BNE	done
-
-	MOVD	R15, R2          // Save go stack pointer
-	MOVD	$0, R15          // Move SVC args into registers (entry point still in r0 from SVC 08)
-	BYTE	$0x0A            // SVC 09 DELETE
-	BYTE	$0x09
-	MOVD	R2, R15          // Restore go stack pointer
+	MOVWZ 0(R3), R3
+	MOVD  R3, err+48(FP)
+	MOVD  zosLibVec<>(SB), R8
+	ADD   $(__err2ad), R8
+	LMG   0(R8), R5, R6
+	LE_CALL                   // balr R7, R6 __err2ad (return #2)
+	NOPH
+	MOVW  (R3), R2            // retrieve errno2
+	MOVD  R2, errno2+40(FP)   // store in return area
+	XOR   R2, R2
+	MOVWZ R2, (R3)            // clear errno2
 
-error:
-	MOVD	$0, addr+8(FP)   // Return 0 on failure
 done:
-	XOR	R0, R0           // Reset r0 to 0
+	MOVD R4, 0(R9)            // Save stack pointer.
 	RET
 
-// func svcUnload(name *byte, fnptr unsafe.Pointer) int64
-TEXT ·svcUnload(SB),NOSPLIT,$0
-	MOVD	R15, R2          // Save go stack pointer
-	MOVD	name+0(FP), R0   // Move SVC args into registers
-	MOVD	addr+8(FP), R15
-	BYTE	$0x0A            // SVC 09
-	BYTE	$0x09
-	XOR	R0, R0           // Reset r0 to 0
-	MOVD	R15, R1          // Save SVC return code
-	MOVD	R2, R15          // Restore go stack pointer
-	MOVD	R1, rc+0(FP)     // Return SVC return code
+//
+// function to test if a pointer can be safely dereferenced (content read)
+// return 0 for succces
+//
+TEXT ·ptrtest(SB), NOSPLIT, $0-16
+	MOVD arg+0(FP), R10 // test pointer in R10
+
+	// set up R2 to point to CEECAADMC
+	BYTE $0xE3; BYTE $0x20; BYTE $0x04; BYTE $0xB8; BYTE $0x00; BYTE $0x17 // llgt  2,1208
+	BYTE $0xB9; BYTE $0x17; BYTE $0x00; BYTE $0x22                         // llgtr 2,2
+	BYTE $0xA5; BYTE $0x26; BYTE $0x7F; BYTE $0xFF                         // nilh  2,32767
+	BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x58; BYTE $0x00; BYTE $0x04 // lg    2,88(2)
+	BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x08; BYTE $0x00; BYTE $0x04 // lg    2,8(2)
+	BYTE $0x41; BYTE $0x22; BYTE $0x03; BYTE $0x68                         // la    2,872(2)
+
+	// set up R5 to point to the "shunt" path which set 1 to R3 (failure)
+	BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x33 // xgr   3,3
+	BYTE $0xA7; BYTE $0x55; BYTE $0x00; BYTE $0x04 // bras  5,lbl1
+	BYTE $0xA7; BYTE $0x39; BYTE $0x00; BYTE $0x01 // lghi  3,1
+
+	// if r3 is not zero (failed) then branch to finish
+	BYTE $0xB9; BYTE $0x02; BYTE $0x00; BYTE $0x33 // lbl1     ltgr  3,3
+	BYTE $0xA7; BYTE $0x74; BYTE $0x00; BYTE $0x08 // brc   b'0111',lbl2
+
+	// stomic store shunt address in R5 into CEECAADMC
+	BYTE $0xE3; BYTE $0x52; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg   5,0(2)
+
+	// now try reading from the test pointer in R10, if it fails it branches to the "lghi" instruction above
+	BYTE $0xE3; BYTE $0x9A; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x04 // lg    9,0(10)
+
+	// finish here, restore 0 into CEECAADMC
+	BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x99                         // lbl2     xgr   9,9
+	BYTE $0xE3; BYTE $0x92; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg   9,0(2)
+	MOVD R3, ret+8(FP)                                                     // result in R3
 	RET
 
-// func gettid() uint64
-TEXT ·gettid(SB), NOSPLIT, $0
-	// Get library control area (LCA).
-	MOVW PSALAA, R8
-	MOVD LCA64(R8), R8
-
-	// Get CEECAATHDID
-	MOVD CAA(R8), R9
-	MOVD 0x3D0(R9), R9
-	MOVD R9, ret+0(FP)
-
+//
+// function to test if a untptr can be loaded from a pointer
+// return 1: the 8-byte content
+//        2: 0 for success, 1 for failure
+//
+// func safeload(ptr uintptr) ( value uintptr, error uintptr)
+TEXT ·safeload(SB), NOSPLIT, $0-24
+	MOVD ptr+0(FP), R10                                                    // test pointer in R10
+	MOVD $0x0, R6
+	BYTE $0xE3; BYTE $0x20; BYTE $0x04; BYTE $0xB8; BYTE $0x00; BYTE $0x17 // llgt  2,1208
+	BYTE $0xB9; BYTE $0x17; BYTE $0x00; BYTE $0x22                         // llgtr 2,2
+	BYTE $0xA5; BYTE $0x26; BYTE $0x7F; BYTE $0xFF                         // nilh  2,32767
+	BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x58; BYTE $0x00; BYTE $0x04 // lg    2,88(2)
+	BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x08; BYTE $0x00; BYTE $0x04 // lg    2,8(2)
+	BYTE $0x41; BYTE $0x22; BYTE $0x03; BYTE $0x68                         // la    2,872(2)
+	BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x33                         // xgr   3,3
+	BYTE $0xA7; BYTE $0x55; BYTE $0x00; BYTE $0x04                         // bras  5,lbl1
+	BYTE $0xA7; BYTE $0x39; BYTE $0x00; BYTE $0x01                         // lghi  3,1
+	BYTE $0xB9; BYTE $0x02; BYTE $0x00; BYTE $0x33                         // lbl1     ltgr  3,3
+	BYTE $0xA7; BYTE $0x74; BYTE $0x00; BYTE $0x08                         // brc   b'0111',lbl2
+	BYTE $0xE3; BYTE $0x52; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg 5,0(2)
+	BYTE $0xE3; BYTE $0x6A; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x04 // lg    6,0(10)
+	BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x99                         // lbl2     xgr   9,9
+	BYTE $0xE3; BYTE $0x92; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg   9,0(2)
+	MOVD R6, value+8(FP)                                                   // result in R6
+	MOVD R3, error+16(FP)                                                  // error in R3
 	RET
diff --git a/vendor/golang.org/x/sys/unix/bpxsvc_zos.go b/vendor/golang.org/x/sys/unix/bpxsvc_zos.go
new file mode 100644
index 0000000000..39d647d863
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/bpxsvc_zos.go
@@ -0,0 +1,657 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos
+
+package unix
+
+import (
+	"bytes"
+	"fmt"
+	"unsafe"
+)
+
+//go:noescape
+func bpxcall(plist []unsafe.Pointer, bpx_offset int64)
+
+//go:noescape
+func A2e([]byte)
+
+//go:noescape
+func E2a([]byte)
+
+const (
+	BPX4STA = 192  // stat
+	BPX4FST = 104  // fstat
+	BPX4LST = 132  // lstat
+	BPX4OPN = 156  // open
+	BPX4CLO = 72   // close
+	BPX4CHR = 500  // chattr
+	BPX4FCR = 504  // fchattr
+	BPX4LCR = 1180 // lchattr
+	BPX4CTW = 492  // cond_timed_wait
+	BPX4GTH = 1056 // __getthent
+	BPX4PTQ = 412  // pthread_quiesc
+	BPX4PTR = 320  // ptrace
+)
+
+const (
+	//options
+	//byte1
+	BPX_OPNFHIGH = 0x80
+	//byte2
+	BPX_OPNFEXEC = 0x80
+	//byte3
+	BPX_O_NOLARGEFILE = 0x08
+	BPX_O_LARGEFILE   = 0x04
+	BPX_O_ASYNCSIG    = 0x02
+	BPX_O_SYNC        = 0x01
+	//byte4
+	BPX_O_CREXCL   = 0xc0
+	BPX_O_CREAT    = 0x80
+	BPX_O_EXCL     = 0x40
+	BPX_O_NOCTTY   = 0x20
+	BPX_O_TRUNC    = 0x10
+	BPX_O_APPEND   = 0x08
+	BPX_O_NONBLOCK = 0x04
+	BPX_FNDELAY    = 0x04
+	BPX_O_RDWR     = 0x03
+	BPX_O_RDONLY   = 0x02
+	BPX_O_WRONLY   = 0x01
+	BPX_O_ACCMODE  = 0x03
+	BPX_O_GETFL    = 0x0f
+
+	//mode
+	// byte1 (file type)
+	BPX_FT_DIR      = 1
+	BPX_FT_CHARSPEC = 2
+	BPX_FT_REGFILE  = 3
+	BPX_FT_FIFO     = 4
+	BPX_FT_SYMLINK  = 5
+	BPX_FT_SOCKET   = 6
+	//byte3
+	BPX_S_ISUID  = 0x08
+	BPX_S_ISGID  = 0x04
+	BPX_S_ISVTX  = 0x02
+	BPX_S_IRWXU1 = 0x01
+	BPX_S_IRUSR  = 0x01
+	//byte4
+	BPX_S_IRWXU2 = 0xc0
+	BPX_S_IWUSR  = 0x80
+	BPX_S_IXUSR  = 0x40
+	BPX_S_IRWXG  = 0x38
+	BPX_S_IRGRP  = 0x20
+	BPX_S_IWGRP  = 0x10
+	BPX_S_IXGRP  = 0x08
+	BPX_S_IRWXOX = 0x07
+	BPX_S_IROTH  = 0x04
+	BPX_S_IWOTH  = 0x02
+	BPX_S_IXOTH  = 0x01
+
+	CW_INTRPT  = 1
+	CW_CONDVAR = 32
+	CW_TIMEOUT = 64
+
+	PGTHA_NEXT        = 2
+	PGTHA_CURRENT     = 1
+	PGTHA_FIRST       = 0
+	PGTHA_LAST        = 3
+	PGTHA_PROCESS     = 0x80
+	PGTHA_CONTTY      = 0x40
+	PGTHA_PATH        = 0x20
+	PGTHA_COMMAND     = 0x10
+	PGTHA_FILEDATA    = 0x08
+	PGTHA_THREAD      = 0x04
+	PGTHA_PTAG        = 0x02
+	PGTHA_COMMANDLONG = 0x01
+	PGTHA_THREADFAST  = 0x80
+	PGTHA_FILEPATH    = 0x40
+	PGTHA_THDSIGMASK  = 0x20
+	// thread quiece mode
+	QUIESCE_TERM       int32 = 1
+	QUIESCE_FORCE      int32 = 2
+	QUIESCE_QUERY      int32 = 3
+	QUIESCE_FREEZE     int32 = 4
+	QUIESCE_UNFREEZE   int32 = 5
+	FREEZE_THIS_THREAD int32 = 6
+	FREEZE_EXIT        int32 = 8
+	QUIESCE_SRB        int32 = 9
+)
+
+type Pgtha struct {
+	Pid        uint32 // 0
+	Tid0       uint32 // 4
+	Tid1       uint32
+	Accesspid  byte    // C
+	Accesstid  byte    // D
+	Accessasid uint16  // E
+	Loginname  [8]byte // 10
+	Flag1      byte    // 18
+	Flag1b2    byte    // 19
+}
+
+type Bpxystat_t struct { // DSECT BPXYSTAT
+	St_id           [4]uint8  // 0
+	St_length       uint16    // 0x4
+	St_version      uint16    // 0x6
+	St_mode         uint32    // 0x8
+	St_ino          uint32    // 0xc
+	St_dev          uint32    // 0x10
+	St_nlink        uint32    // 0x14
+	St_uid          uint32    // 0x18
+	St_gid          uint32    // 0x1c
+	St_size         uint64    // 0x20
+	St_atime        uint32    // 0x28
+	St_mtime        uint32    // 0x2c
+	St_ctime        uint32    // 0x30
+	St_rdev         uint32    // 0x34
+	St_auditoraudit uint32    // 0x38
+	St_useraudit    uint32    // 0x3c
+	St_blksize      uint32    // 0x40
+	St_createtime   uint32    // 0x44
+	St_auditid      [4]uint32 // 0x48
+	St_res01        uint32    // 0x58
+	Ft_ccsid        uint16    // 0x5c
+	Ft_flags        uint16    // 0x5e
+	St_res01a       [2]uint32 // 0x60
+	St_res02        uint32    // 0x68
+	St_blocks       uint32    // 0x6c
+	St_opaque       [3]uint8  // 0x70
+	St_visible      uint8     // 0x73
+	St_reftime      uint32    // 0x74
+	St_fid          uint64    // 0x78
+	St_filefmt      uint8     // 0x80
+	St_fspflag2     uint8     // 0x81
+	St_res03        [2]uint8  // 0x82
+	St_ctimemsec    uint32    // 0x84
+	St_seclabel     [8]uint8  // 0x88
+	St_res04        [4]uint8  // 0x90
+	// end of version 1
+	_               uint32    // 0x94
+	St_atime64      uint64    // 0x98
+	St_mtime64      uint64    // 0xa0
+	St_ctime64      uint64    // 0xa8
+	St_createtime64 uint64    // 0xb0
+	St_reftime64    uint64    // 0xb8
+	_               uint64    // 0xc0
+	St_res05        [16]uint8 // 0xc8
+	// end of version 2
+}
+
+type BpxFilestatus struct {
+	Oflag1 byte
+	Oflag2 byte
+	Oflag3 byte
+	Oflag4 byte
+}
+
+type BpxMode struct {
+	Ftype byte
+	Mode1 byte
+	Mode2 byte
+	Mode3 byte
+}
+
+// Thr attribute structure for extended attributes
+type Bpxyatt_t struct { // DSECT BPXYATT
+	Att_id           [4]uint8
+	Att_version      uint16
+	Att_res01        [2]uint8
+	Att_setflags1    uint8
+	Att_setflags2    uint8
+	Att_setflags3    uint8
+	Att_setflags4    uint8
+	Att_mode         uint32
+	Att_uid          uint32
+	Att_gid          uint32
+	Att_opaquemask   [3]uint8
+	Att_visblmaskres uint8
+	Att_opaque       [3]uint8
+	Att_visibleres   uint8
+	Att_size_h       uint32
+	Att_size_l       uint32
+	Att_atime        uint32
+	Att_mtime        uint32
+	Att_auditoraudit uint32
+	Att_useraudit    uint32
+	Att_ctime        uint32
+	Att_reftime      uint32
+	// end of version 1
+	Att_filefmt uint8
+	Att_res02   [3]uint8
+	Att_filetag uint32
+	Att_res03   [8]uint8
+	// end of version 2
+	Att_atime64   uint64
+	Att_mtime64   uint64
+	Att_ctime64   uint64
+	Att_reftime64 uint64
+	Att_seclabel  [8]uint8
+	Att_ver3res02 [8]uint8
+	// end of version 3
+}
+
+func BpxOpen(name string, options *BpxFilestatus, mode *BpxMode) (rv int32, rc int32, rn int32) {
+	if len(name) < 1024 {
+		var namebuf [1024]byte
+		sz := int32(copy(namebuf[:], name))
+		A2e(namebuf[:sz])
+		var parms [7]unsafe.Pointer
+		parms[0] = unsafe.Pointer(&sz)
+		parms[1] = unsafe.Pointer(&namebuf[0])
+		parms[2] = unsafe.Pointer(options)
+		parms[3] = unsafe.Pointer(mode)
+		parms[4] = unsafe.Pointer(&rv)
+		parms[5] = unsafe.Pointer(&rc)
+		parms[6] = unsafe.Pointer(&rn)
+		bpxcall(parms[:], BPX4OPN)
+		return rv, rc, rn
+	}
+	return -1, -1, -1
+}
+
+func BpxClose(fd int32) (rv int32, rc int32, rn int32) {
+	var parms [4]unsafe.Pointer
+	parms[0] = unsafe.Pointer(&fd)
+	parms[1] = unsafe.Pointer(&rv)
+	parms[2] = unsafe.Pointer(&rc)
+	parms[3] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4CLO)
+	return rv, rc, rn
+}
+
+func BpxFileFStat(fd int32, st *Bpxystat_t) (rv int32, rc int32, rn int32) {
+	st.St_id = [4]uint8{0xe2, 0xe3, 0xc1, 0xe3}
+	st.St_version = 2
+	stat_sz := uint32(unsafe.Sizeof(*st))
+	var parms [6]unsafe.Pointer
+	parms[0] = unsafe.Pointer(&fd)
+	parms[1] = unsafe.Pointer(&stat_sz)
+	parms[2] = unsafe.Pointer(st)
+	parms[3] = unsafe.Pointer(&rv)
+	parms[4] = unsafe.Pointer(&rc)
+	parms[5] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4FST)
+	return rv, rc, rn
+}
+
+func BpxFileStat(name string, st *Bpxystat_t) (rv int32, rc int32, rn int32) {
+	if len(name) < 1024 {
+		var namebuf [1024]byte
+		sz := int32(copy(namebuf[:], name))
+		A2e(namebuf[:sz])
+		st.St_id = [4]uint8{0xe2, 0xe3, 0xc1, 0xe3}
+		st.St_version = 2
+		stat_sz := uint32(unsafe.Sizeof(*st))
+		var parms [7]unsafe.Pointer
+		parms[0] = unsafe.Pointer(&sz)
+		parms[1] = unsafe.Pointer(&namebuf[0])
+		parms[2] = unsafe.Pointer(&stat_sz)
+		parms[3] = unsafe.Pointer(st)
+		parms[4] = unsafe.Pointer(&rv)
+		parms[5] = unsafe.Pointer(&rc)
+		parms[6] = unsafe.Pointer(&rn)
+		bpxcall(parms[:], BPX4STA)
+		return rv, rc, rn
+	}
+	return -1, -1, -1
+}
+
+func BpxFileLStat(name string, st *Bpxystat_t) (rv int32, rc int32, rn int32) {
+	if len(name) < 1024 {
+		var namebuf [1024]byte
+		sz := int32(copy(namebuf[:], name))
+		A2e(namebuf[:sz])
+		st.St_id = [4]uint8{0xe2, 0xe3, 0xc1, 0xe3}
+		st.St_version = 2
+		stat_sz := uint32(unsafe.Sizeof(*st))
+		var parms [7]unsafe.Pointer
+		parms[0] = unsafe.Pointer(&sz)
+		parms[1] = unsafe.Pointer(&namebuf[0])
+		parms[2] = unsafe.Pointer(&stat_sz)
+		parms[3] = unsafe.Pointer(st)
+		parms[4] = unsafe.Pointer(&rv)
+		parms[5] = unsafe.Pointer(&rc)
+		parms[6] = unsafe.Pointer(&rn)
+		bpxcall(parms[:], BPX4LST)
+		return rv, rc, rn
+	}
+	return -1, -1, -1
+}
+
+func BpxChattr(path string, attr *Bpxyatt_t) (rv int32, rc int32, rn int32) {
+	if len(path) >= 1024 {
+		return -1, -1, -1
+	}
+	var namebuf [1024]byte
+	sz := int32(copy(namebuf[:], path))
+	A2e(namebuf[:sz])
+	attr_sz := uint32(unsafe.Sizeof(*attr))
+	var parms [7]unsafe.Pointer
+	parms[0] = unsafe.Pointer(&sz)
+	parms[1] = unsafe.Pointer(&namebuf[0])
+	parms[2] = unsafe.Pointer(&attr_sz)
+	parms[3] = unsafe.Pointer(attr)
+	parms[4] = unsafe.Pointer(&rv)
+	parms[5] = unsafe.Pointer(&rc)
+	parms[6] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4CHR)
+	return rv, rc, rn
+}
+
+func BpxLchattr(path string, attr *Bpxyatt_t) (rv int32, rc int32, rn int32) {
+	if len(path) >= 1024 {
+		return -1, -1, -1
+	}
+	var namebuf [1024]byte
+	sz := int32(copy(namebuf[:], path))
+	A2e(namebuf[:sz])
+	attr_sz := uint32(unsafe.Sizeof(*attr))
+	var parms [7]unsafe.Pointer
+	parms[0] = unsafe.Pointer(&sz)
+	parms[1] = unsafe.Pointer(&namebuf[0])
+	parms[2] = unsafe.Pointer(&attr_sz)
+	parms[3] = unsafe.Pointer(attr)
+	parms[4] = unsafe.Pointer(&rv)
+	parms[5] = unsafe.Pointer(&rc)
+	parms[6] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4LCR)
+	return rv, rc, rn
+}
+
+func BpxFchattr(fd int32, attr *Bpxyatt_t) (rv int32, rc int32, rn int32) {
+	attr_sz := uint32(unsafe.Sizeof(*attr))
+	var parms [6]unsafe.Pointer
+	parms[0] = unsafe.Pointer(&fd)
+	parms[1] = unsafe.Pointer(&attr_sz)
+	parms[2] = unsafe.Pointer(attr)
+	parms[3] = unsafe.Pointer(&rv)
+	parms[4] = unsafe.Pointer(&rc)
+	parms[5] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4FCR)
+	return rv, rc, rn
+}
+
+func BpxCondTimedWait(sec uint32, nsec uint32, events uint32, secrem *uint32, nsecrem *uint32) (rv int32, rc int32, rn int32) {
+	var parms [8]unsafe.Pointer
+	parms[0] = unsafe.Pointer(&sec)
+	parms[1] = unsafe.Pointer(&nsec)
+	parms[2] = unsafe.Pointer(&events)
+	parms[3] = unsafe.Pointer(secrem)
+	parms[4] = unsafe.Pointer(nsecrem)
+	parms[5] = unsafe.Pointer(&rv)
+	parms[6] = unsafe.Pointer(&rc)
+	parms[7] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4CTW)
+	return rv, rc, rn
+}
+func BpxGetthent(in *Pgtha, outlen *uint32, out unsafe.Pointer) (rv int32, rc int32, rn int32) {
+	var parms [7]unsafe.Pointer
+	inlen := uint32(26) // nothing else will work. Go says Pgtha is 28-byte because of alignment, but Pgtha is "packed" and must be 26-byte
+	parms[0] = unsafe.Pointer(&inlen)
+	parms[1] = unsafe.Pointer(&in)
+	parms[2] = unsafe.Pointer(outlen)
+	parms[3] = unsafe.Pointer(&out)
+	parms[4] = unsafe.Pointer(&rv)
+	parms[5] = unsafe.Pointer(&rc)
+	parms[6] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4GTH)
+	return rv, rc, rn
+}
+func ZosJobname() (jobname string, err error) {
+	var pgtha Pgtha
+	pgtha.Pid = uint32(Getpid())
+	pgtha.Accesspid = PGTHA_CURRENT
+	pgtha.Flag1 = PGTHA_PROCESS
+	var out [256]byte
+	var outlen uint32
+	outlen = 256
+	rv, rc, rn := BpxGetthent(&pgtha, &outlen, unsafe.Pointer(&out[0]))
+	if rv == 0 {
+		gthc := []byte{0x87, 0xa3, 0x88, 0x83} // 'gthc' in ebcdic
+		ix := bytes.Index(out[:], gthc)
+		if ix == -1 {
+			err = fmt.Errorf("BPX4GTH: gthc return data not found")
+			return
+		}
+		jn := out[ix+80 : ix+88] // we didn't declare Pgthc, but jobname is 8-byte at offset 80
+		E2a(jn)
+		jobname = string(bytes.TrimRight(jn, " "))
+
+	} else {
+		err = fmt.Errorf("BPX4GTH: rc=%d errno=%d reason=code=0x%x", rv, rc, rn)
+	}
+	return
+}
+func Bpx4ptq(code int32, data string) (rv int32, rc int32, rn int32) {
+	var userdata [8]byte
+	var parms [5]unsafe.Pointer
+	copy(userdata[:], data+"        ")
+	A2e(userdata[:])
+	parms[0] = unsafe.Pointer(&code)
+	parms[1] = unsafe.Pointer(&userdata[0])
+	parms[2] = unsafe.Pointer(&rv)
+	parms[3] = unsafe.Pointer(&rc)
+	parms[4] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4PTQ)
+	return rv, rc, rn
+}
+
+const (
+	PT_TRACE_ME             = 0  // Debug this process
+	PT_READ_I               = 1  // Read a full word
+	PT_READ_D               = 2  // Read a full word
+	PT_READ_U               = 3  // Read control info
+	PT_WRITE_I              = 4  //Write a full word
+	PT_WRITE_D              = 5  //Write a full word
+	PT_CONTINUE             = 7  //Continue the process
+	PT_KILL                 = 8  //Terminate the process
+	PT_READ_GPR             = 11 // Read GPR, CR, PSW
+	PT_READ_FPR             = 12 // Read FPR
+	PT_READ_VR              = 13 // Read VR
+	PT_WRITE_GPR            = 14 // Write GPR, CR, PSW
+	PT_WRITE_FPR            = 15 // Write FPR
+	PT_WRITE_VR             = 16 // Write VR
+	PT_READ_BLOCK           = 17 // Read storage
+	PT_WRITE_BLOCK          = 19 // Write storage
+	PT_READ_GPRH            = 20 // Read GPRH
+	PT_WRITE_GPRH           = 21 // Write GPRH
+	PT_REGHSET              = 22 // Read all GPRHs
+	PT_ATTACH               = 30 // Attach to a process
+	PT_DETACH               = 31 // Detach from a process
+	PT_REGSET               = 32 // Read all GPRs
+	PT_REATTACH             = 33 // Reattach to a process
+	PT_LDINFO               = 34 // Read loader info
+	PT_MULTI                = 35 // Multi process mode
+	PT_LD64INFO             = 36 // RMODE64 Info Area
+	PT_BLOCKREQ             = 40 // Block request
+	PT_THREAD_INFO          = 60 // Read thread info
+	PT_THREAD_MODIFY        = 61
+	PT_THREAD_READ_FOCUS    = 62
+	PT_THREAD_WRITE_FOCUS   = 63
+	PT_THREAD_HOLD          = 64
+	PT_THREAD_SIGNAL        = 65
+	PT_EXPLAIN              = 66
+	PT_EVENTS               = 67
+	PT_THREAD_INFO_EXTENDED = 68
+	PT_REATTACH2            = 71
+	PT_CAPTURE              = 72
+	PT_UNCAPTURE            = 73
+	PT_GET_THREAD_TCB       = 74
+	PT_GET_ALET             = 75
+	PT_SWAPIN               = 76
+	PT_EXTENDED_EVENT       = 98
+	PT_RECOVER              = 99  // Debug a program check
+	PT_GPR0                 = 0   // General purpose register 0
+	PT_GPR1                 = 1   // General purpose register 1
+	PT_GPR2                 = 2   // General purpose register 2
+	PT_GPR3                 = 3   // General purpose register 3
+	PT_GPR4                 = 4   // General purpose register 4
+	PT_GPR5                 = 5   // General purpose register 5
+	PT_GPR6                 = 6   // General purpose register 6
+	PT_GPR7                 = 7   // General purpose register 7
+	PT_GPR8                 = 8   // General purpose register 8
+	PT_GPR9                 = 9   // General purpose register 9
+	PT_GPR10                = 10  // General purpose register 10
+	PT_GPR11                = 11  // General purpose register 11
+	PT_GPR12                = 12  // General purpose register 12
+	PT_GPR13                = 13  // General purpose register 13
+	PT_GPR14                = 14  // General purpose register 14
+	PT_GPR15                = 15  // General purpose register 15
+	PT_FPR0                 = 16  // Floating point register 0
+	PT_FPR1                 = 17  // Floating point register 1
+	PT_FPR2                 = 18  // Floating point register 2
+	PT_FPR3                 = 19  // Floating point register 3
+	PT_FPR4                 = 20  // Floating point register 4
+	PT_FPR5                 = 21  // Floating point register 5
+	PT_FPR6                 = 22  // Floating point register 6
+	PT_FPR7                 = 23  // Floating point register 7
+	PT_FPR8                 = 24  // Floating point register 8
+	PT_FPR9                 = 25  // Floating point register 9
+	PT_FPR10                = 26  // Floating point register 10
+	PT_FPR11                = 27  // Floating point register 11
+	PT_FPR12                = 28  // Floating point register 12
+	PT_FPR13                = 29  // Floating point register 13
+	PT_FPR14                = 30  // Floating point register 14
+	PT_FPR15                = 31  // Floating point register 15
+	PT_FPC                  = 32  // Floating point control register
+	PT_PSW                  = 40  // PSW
+	PT_PSW0                 = 40  // Left half of the PSW
+	PT_PSW1                 = 41  // Right half of the PSW
+	PT_CR0                  = 42  // Control register 0
+	PT_CR1                  = 43  // Control register 1
+	PT_CR2                  = 44  // Control register 2
+	PT_CR3                  = 45  // Control register 3
+	PT_CR4                  = 46  // Control register 4
+	PT_CR5                  = 47  // Control register 5
+	PT_CR6                  = 48  // Control register 6
+	PT_CR7                  = 49  // Control register 7
+	PT_CR8                  = 50  // Control register 8
+	PT_CR9                  = 51  // Control register 9
+	PT_CR10                 = 52  // Control register 10
+	PT_CR11                 = 53  // Control register 11
+	PT_CR12                 = 54  // Control register 12
+	PT_CR13                 = 55  // Control register 13
+	PT_CR14                 = 56  // Control register 14
+	PT_CR15                 = 57  // Control register 15
+	PT_GPRH0                = 58  // GP High register 0
+	PT_GPRH1                = 59  // GP High register 1
+	PT_GPRH2                = 60  // GP High register 2
+	PT_GPRH3                = 61  // GP High register 3
+	PT_GPRH4                = 62  // GP High register 4
+	PT_GPRH5                = 63  // GP High register 5
+	PT_GPRH6                = 64  // GP High register 6
+	PT_GPRH7                = 65  // GP High register 7
+	PT_GPRH8                = 66  // GP High register 8
+	PT_GPRH9                = 67  // GP High register 9
+	PT_GPRH10               = 68  // GP High register 10
+	PT_GPRH11               = 69  // GP High register 11
+	PT_GPRH12               = 70  // GP High register 12
+	PT_GPRH13               = 71  // GP High register 13
+	PT_GPRH14               = 72  // GP High register 14
+	PT_GPRH15               = 73  // GP High register 15
+	PT_VR0                  = 74  // Vector register 0
+	PT_VR1                  = 75  // Vector register 1
+	PT_VR2                  = 76  // Vector register 2
+	PT_VR3                  = 77  // Vector register 3
+	PT_VR4                  = 78  // Vector register 4
+	PT_VR5                  = 79  // Vector register 5
+	PT_VR6                  = 80  // Vector register 6
+	PT_VR7                  = 81  // Vector register 7
+	PT_VR8                  = 82  // Vector register 8
+	PT_VR9                  = 83  // Vector register 9
+	PT_VR10                 = 84  // Vector register 10
+	PT_VR11                 = 85  // Vector register 11
+	PT_VR12                 = 86  // Vector register 12
+	PT_VR13                 = 87  // Vector register 13
+	PT_VR14                 = 88  // Vector register 14
+	PT_VR15                 = 89  // Vector register 15
+	PT_VR16                 = 90  // Vector register 16
+	PT_VR17                 = 91  // Vector register 17
+	PT_VR18                 = 92  // Vector register 18
+	PT_VR19                 = 93  // Vector register 19
+	PT_VR20                 = 94  // Vector register 20
+	PT_VR21                 = 95  // Vector register 21
+	PT_VR22                 = 96  // Vector register 22
+	PT_VR23                 = 97  // Vector register 23
+	PT_VR24                 = 98  // Vector register 24
+	PT_VR25                 = 99  // Vector register 25
+	PT_VR26                 = 100 // Vector register 26
+	PT_VR27                 = 101 // Vector register 27
+	PT_VR28                 = 102 // Vector register 28
+	PT_VR29                 = 103 // Vector register 29
+	PT_VR30                 = 104 // Vector register 30
+	PT_VR31                 = 105 // Vector register 31
+	PT_PSWG                 = 106 // PSWG
+	PT_PSWG0                = 106 // Bytes 0-3
+	PT_PSWG1                = 107 // Bytes 4-7
+	PT_PSWG2                = 108 // Bytes 8-11 (IA high word)
+	PT_PSWG3                = 109 // Bytes 12-15 (IA low word)
+)
+
+func Bpx4ptr(request int32, pid int32, addr unsafe.Pointer, data unsafe.Pointer, buffer unsafe.Pointer) (rv int32, rc int32, rn int32) {
+	var parms [8]unsafe.Pointer
+	parms[0] = unsafe.Pointer(&request)
+	parms[1] = unsafe.Pointer(&pid)
+	parms[2] = unsafe.Pointer(&addr)
+	parms[3] = unsafe.Pointer(&data)
+	parms[4] = unsafe.Pointer(&buffer)
+	parms[5] = unsafe.Pointer(&rv)
+	parms[6] = unsafe.Pointer(&rc)
+	parms[7] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4PTR)
+	return rv, rc, rn
+}
+
+func copyU8(val uint8, dest []uint8) int {
+	if len(dest) < 1 {
+		return 0
+	}
+	dest[0] = val
+	return 1
+}
+
+func copyU8Arr(src, dest []uint8) int {
+	if len(dest) < len(src) {
+		return 0
+	}
+	for i, v := range src {
+		dest[i] = v
+	}
+	return len(src)
+}
+
+func copyU16(val uint16, dest []uint16) int {
+	if len(dest) < 1 {
+		return 0
+	}
+	dest[0] = val
+	return 1
+}
+
+func copyU32(val uint32, dest []uint32) int {
+	if len(dest) < 1 {
+		return 0
+	}
+	dest[0] = val
+	return 1
+}
+
+func copyU32Arr(src, dest []uint32) int {
+	if len(dest) < len(src) {
+		return 0
+	}
+	for i, v := range src {
+		dest[i] = v
+	}
+	return len(src)
+}
+
+func copyU64(val uint64, dest []uint64) int {
+	if len(dest) < 1 {
+		return 0
+	}
+	dest[0] = val
+	return 1
+}
diff --git a/vendor/golang.org/x/sys/unix/bpxsvc_zos.s b/vendor/golang.org/x/sys/unix/bpxsvc_zos.s
new file mode 100644
index 0000000000..4bd4a17982
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/bpxsvc_zos.s
@@ -0,0 +1,192 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "go_asm.h"
+#include "textflag.h"
+
+// function to call USS assembly language services
+//
+// doc: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_3.1.0/com.ibm.zos.v3r1.bpxb100/bit64env.htm
+//
+//   arg1 unsafe.Pointer array that ressembles an OS PLIST
+//
+//   arg2 function offset as in
+//       doc: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_3.1.0/com.ibm.zos.v3r1.bpxb100/bpx2cr_List_of_offsets.htm
+//
+// func bpxcall(plist []unsafe.Pointer, bpx_offset int64)
+
+TEXT ·bpxcall(SB), NOSPLIT|NOFRAME, $0
+	MOVD  plist_base+0(FP), R1  // r1 points to plist
+	MOVD  bpx_offset+24(FP), R2 // r2 offset to BPX vector table
+	MOVD  R14, R7               // save r14
+	MOVD  R15, R8               // save r15
+	MOVWZ 16(R0), R9
+	MOVWZ 544(R9), R9
+	MOVWZ 24(R9), R9            // call vector in r9
+	ADD   R2, R9                // add offset to vector table
+	MOVWZ (R9), R9              // r9 points to entry point
+	BYTE  $0x0D                 // BL R14,R9 --> basr r14,r9
+	BYTE  $0xE9                 // clobbers 0,1,14,15
+	MOVD  R8, R15               // restore 15
+	JMP   R7                    // return via saved return address
+
+//   func A2e(arr [] byte)
+//   code page conversion from  819 to 1047
+TEXT ·A2e(SB), NOSPLIT|NOFRAME, $0
+	MOVD arg_base+0(FP), R2                        // pointer to arry of characters
+	MOVD arg_len+8(FP), R3                         // count
+	XOR  R0, R0
+	XOR  R1, R1
+	BYTE $0xA7; BYTE $0x15; BYTE $0x00; BYTE $0x82 // BRAS 1,(2+(256/2))
+
+	// ASCII -> EBCDIC conversion table:
+	BYTE $0x00; BYTE $0x01; BYTE $0x02; BYTE $0x03
+	BYTE $0x37; BYTE $0x2d; BYTE $0x2e; BYTE $0x2f
+	BYTE $0x16; BYTE $0x05; BYTE $0x15; BYTE $0x0b
+	BYTE $0x0c; BYTE $0x0d; BYTE $0x0e; BYTE $0x0f
+	BYTE $0x10; BYTE $0x11; BYTE $0x12; BYTE $0x13
+	BYTE $0x3c; BYTE $0x3d; BYTE $0x32; BYTE $0x26
+	BYTE $0x18; BYTE $0x19; BYTE $0x3f; BYTE $0x27
+	BYTE $0x1c; BYTE $0x1d; BYTE $0x1e; BYTE $0x1f
+	BYTE $0x40; BYTE $0x5a; BYTE $0x7f; BYTE $0x7b
+	BYTE $0x5b; BYTE $0x6c; BYTE $0x50; BYTE $0x7d
+	BYTE $0x4d; BYTE $0x5d; BYTE $0x5c; BYTE $0x4e
+	BYTE $0x6b; BYTE $0x60; BYTE $0x4b; BYTE $0x61
+	BYTE $0xf0; BYTE $0xf1; BYTE $0xf2; BYTE $0xf3
+	BYTE $0xf4; BYTE $0xf5; BYTE $0xf6; BYTE $0xf7
+	BYTE $0xf8; BYTE $0xf9; BYTE $0x7a; BYTE $0x5e
+	BYTE $0x4c; BYTE $0x7e; BYTE $0x6e; BYTE $0x6f
+	BYTE $0x7c; BYTE $0xc1; BYTE $0xc2; BYTE $0xc3
+	BYTE $0xc4; BYTE $0xc5; BYTE $0xc6; BYTE $0xc7
+	BYTE $0xc8; BYTE $0xc9; BYTE $0xd1; BYTE $0xd2
+	BYTE $0xd3; BYTE $0xd4; BYTE $0xd5; BYTE $0xd6
+	BYTE $0xd7; BYTE $0xd8; BYTE $0xd9; BYTE $0xe2
+	BYTE $0xe3; BYTE $0xe4; BYTE $0xe5; BYTE $0xe6
+	BYTE $0xe7; BYTE $0xe8; BYTE $0xe9; BYTE $0xad
+	BYTE $0xe0; BYTE $0xbd; BYTE $0x5f; BYTE $0x6d
+	BYTE $0x79; BYTE $0x81; BYTE $0x82; BYTE $0x83
+	BYTE $0x84; BYTE $0x85; BYTE $0x86; BYTE $0x87
+	BYTE $0x88; BYTE $0x89; BYTE $0x91; BYTE $0x92
+	BYTE $0x93; BYTE $0x94; BYTE $0x95; BYTE $0x96
+	BYTE $0x97; BYTE $0x98; BYTE $0x99; BYTE $0xa2
+	BYTE $0xa3; BYTE $0xa4; BYTE $0xa5; BYTE $0xa6
+	BYTE $0xa7; BYTE $0xa8; BYTE $0xa9; BYTE $0xc0
+	BYTE $0x4f; BYTE $0xd0; BYTE $0xa1; BYTE $0x07
+	BYTE $0x20; BYTE $0x21; BYTE $0x22; BYTE $0x23
+	BYTE $0x24; BYTE $0x25; BYTE $0x06; BYTE $0x17
+	BYTE $0x28; BYTE $0x29; BYTE $0x2a; BYTE $0x2b
+	BYTE $0x2c; BYTE $0x09; BYTE $0x0a; BYTE $0x1b
+	BYTE $0x30; BYTE $0x31; BYTE $0x1a; BYTE $0x33
+	BYTE $0x34; BYTE $0x35; BYTE $0x36; BYTE $0x08
+	BYTE $0x38; BYTE $0x39; BYTE $0x3a; BYTE $0x3b
+	BYTE $0x04; BYTE $0x14; BYTE $0x3e; BYTE $0xff
+	BYTE $0x41; BYTE $0xaa; BYTE $0x4a; BYTE $0xb1
+	BYTE $0x9f; BYTE $0xb2; BYTE $0x6a; BYTE $0xb5
+	BYTE $0xbb; BYTE $0xb4; BYTE $0x9a; BYTE $0x8a
+	BYTE $0xb0; BYTE $0xca; BYTE $0xaf; BYTE $0xbc
+	BYTE $0x90; BYTE $0x8f; BYTE $0xea; BYTE $0xfa
+	BYTE $0xbe; BYTE $0xa0; BYTE $0xb6; BYTE $0xb3
+	BYTE $0x9d; BYTE $0xda; BYTE $0x9b; BYTE $0x8b
+	BYTE $0xb7; BYTE $0xb8; BYTE $0xb9; BYTE $0xab
+	BYTE $0x64; BYTE $0x65; BYTE $0x62; BYTE $0x66
+	BYTE $0x63; BYTE $0x67; BYTE $0x9e; BYTE $0x68
+	BYTE $0x74; BYTE $0x71; BYTE $0x72; BYTE $0x73
+	BYTE $0x78; BYTE $0x75; BYTE $0x76; BYTE $0x77
+	BYTE $0xac; BYTE $0x69; BYTE $0xed; BYTE $0xee
+	BYTE $0xeb; BYTE $0xef; BYTE $0xec; BYTE $0xbf
+	BYTE $0x80; BYTE $0xfd; BYTE $0xfe; BYTE $0xfb
+	BYTE $0xfc; BYTE $0xba; BYTE $0xae; BYTE $0x59
+	BYTE $0x44; BYTE $0x45; BYTE $0x42; BYTE $0x46
+	BYTE $0x43; BYTE $0x47; BYTE $0x9c; BYTE $0x48
+	BYTE $0x54; BYTE $0x51; BYTE $0x52; BYTE $0x53
+	BYTE $0x58; BYTE $0x55; BYTE $0x56; BYTE $0x57
+	BYTE $0x8c; BYTE $0x49; BYTE $0xcd; BYTE $0xce
+	BYTE $0xcb; BYTE $0xcf; BYTE $0xcc; BYTE $0xe1
+	BYTE $0x70; BYTE $0xdd; BYTE $0xde; BYTE $0xdb
+	BYTE $0xdc; BYTE $0x8d; BYTE $0x8e; BYTE $0xdf
+
+retry:
+	WORD $0xB9931022 // TROO 2,2,b'0001'
+	BVS  retry
+	RET
+
+//   func e2a(arr [] byte)
+//   code page conversion from  1047 to 819
+TEXT ·E2a(SB), NOSPLIT|NOFRAME, $0
+	MOVD arg_base+0(FP), R2                        // pointer to arry of characters
+	MOVD arg_len+8(FP), R3                         // count
+	XOR  R0, R0
+	XOR  R1, R1
+	BYTE $0xA7; BYTE $0x15; BYTE $0x00; BYTE $0x82 // BRAS 1,(2+(256/2))
+
+	// EBCDIC -> ASCII conversion table:
+	BYTE $0x00; BYTE $0x01; BYTE $0x02; BYTE $0x03
+	BYTE $0x9c; BYTE $0x09; BYTE $0x86; BYTE $0x7f
+	BYTE $0x97; BYTE $0x8d; BYTE $0x8e; BYTE $0x0b
+	BYTE $0x0c; BYTE $0x0d; BYTE $0x0e; BYTE $0x0f
+	BYTE $0x10; BYTE $0x11; BYTE $0x12; BYTE $0x13
+	BYTE $0x9d; BYTE $0x0a; BYTE $0x08; BYTE $0x87
+	BYTE $0x18; BYTE $0x19; BYTE $0x92; BYTE $0x8f
+	BYTE $0x1c; BYTE $0x1d; BYTE $0x1e; BYTE $0x1f
+	BYTE $0x80; BYTE $0x81; BYTE $0x82; BYTE $0x83
+	BYTE $0x84; BYTE $0x85; BYTE $0x17; BYTE $0x1b
+	BYTE $0x88; BYTE $0x89; BYTE $0x8a; BYTE $0x8b
+	BYTE $0x8c; BYTE $0x05; BYTE $0x06; BYTE $0x07
+	BYTE $0x90; BYTE $0x91; BYTE $0x16; BYTE $0x93
+	BYTE $0x94; BYTE $0x95; BYTE $0x96; BYTE $0x04
+	BYTE $0x98; BYTE $0x99; BYTE $0x9a; BYTE $0x9b
+	BYTE $0x14; BYTE $0x15; BYTE $0x9e; BYTE $0x1a
+	BYTE $0x20; BYTE $0xa0; BYTE $0xe2; BYTE $0xe4
+	BYTE $0xe0; BYTE $0xe1; BYTE $0xe3; BYTE $0xe5
+	BYTE $0xe7; BYTE $0xf1; BYTE $0xa2; BYTE $0x2e
+	BYTE $0x3c; BYTE $0x28; BYTE $0x2b; BYTE $0x7c
+	BYTE $0x26; BYTE $0xe9; BYTE $0xea; BYTE $0xeb
+	BYTE $0xe8; BYTE $0xed; BYTE $0xee; BYTE $0xef
+	BYTE $0xec; BYTE $0xdf; BYTE $0x21; BYTE $0x24
+	BYTE $0x2a; BYTE $0x29; BYTE $0x3b; BYTE $0x5e
+	BYTE $0x2d; BYTE $0x2f; BYTE $0xc2; BYTE $0xc4
+	BYTE $0xc0; BYTE $0xc1; BYTE $0xc3; BYTE $0xc5
+	BYTE $0xc7; BYTE $0xd1; BYTE $0xa6; BYTE $0x2c
+	BYTE $0x25; BYTE $0x5f; BYTE $0x3e; BYTE $0x3f
+	BYTE $0xf8; BYTE $0xc9; BYTE $0xca; BYTE $0xcb
+	BYTE $0xc8; BYTE $0xcd; BYTE $0xce; BYTE $0xcf
+	BYTE $0xcc; BYTE $0x60; BYTE $0x3a; BYTE $0x23
+	BYTE $0x40; BYTE $0x27; BYTE $0x3d; BYTE $0x22
+	BYTE $0xd8; BYTE $0x61; BYTE $0x62; BYTE $0x63
+	BYTE $0x64; BYTE $0x65; BYTE $0x66; BYTE $0x67
+	BYTE $0x68; BYTE $0x69; BYTE $0xab; BYTE $0xbb
+	BYTE $0xf0; BYTE $0xfd; BYTE $0xfe; BYTE $0xb1
+	BYTE $0xb0; BYTE $0x6a; BYTE $0x6b; BYTE $0x6c
+	BYTE $0x6d; BYTE $0x6e; BYTE $0x6f; BYTE $0x70
+	BYTE $0x71; BYTE $0x72; BYTE $0xaa; BYTE $0xba
+	BYTE $0xe6; BYTE $0xb8; BYTE $0xc6; BYTE $0xa4
+	BYTE $0xb5; BYTE $0x7e; BYTE $0x73; BYTE $0x74
+	BYTE $0x75; BYTE $0x76; BYTE $0x77; BYTE $0x78
+	BYTE $0x79; BYTE $0x7a; BYTE $0xa1; BYTE $0xbf
+	BYTE $0xd0; BYTE $0x5b; BYTE $0xde; BYTE $0xae
+	BYTE $0xac; BYTE $0xa3; BYTE $0xa5; BYTE $0xb7
+	BYTE $0xa9; BYTE $0xa7; BYTE $0xb6; BYTE $0xbc
+	BYTE $0xbd; BYTE $0xbe; BYTE $0xdd; BYTE $0xa8
+	BYTE $0xaf; BYTE $0x5d; BYTE $0xb4; BYTE $0xd7
+	BYTE $0x7b; BYTE $0x41; BYTE $0x42; BYTE $0x43
+	BYTE $0x44; BYTE $0x45; BYTE $0x46; BYTE $0x47
+	BYTE $0x48; BYTE $0x49; BYTE $0xad; BYTE $0xf4
+	BYTE $0xf6; BYTE $0xf2; BYTE $0xf3; BYTE $0xf5
+	BYTE $0x7d; BYTE $0x4a; BYTE $0x4b; BYTE $0x4c
+	BYTE $0x4d; BYTE $0x4e; BYTE $0x4f; BYTE $0x50
+	BYTE $0x51; BYTE $0x52; BYTE $0xb9; BYTE $0xfb
+	BYTE $0xfc; BYTE $0xf9; BYTE $0xfa; BYTE $0xff
+	BYTE $0x5c; BYTE $0xf7; BYTE $0x53; BYTE $0x54
+	BYTE $0x55; BYTE $0x56; BYTE $0x57; BYTE $0x58
+	BYTE $0x59; BYTE $0x5a; BYTE $0xb2; BYTE $0xd4
+	BYTE $0xd6; BYTE $0xd2; BYTE $0xd3; BYTE $0xd5
+	BYTE $0x30; BYTE $0x31; BYTE $0x32; BYTE $0x33
+	BYTE $0x34; BYTE $0x35; BYTE $0x36; BYTE $0x37
+	BYTE $0x38; BYTE $0x39; BYTE $0xb3; BYTE $0xdb
+	BYTE $0xdc; BYTE $0xd9; BYTE $0xda; BYTE $0x9f
+
+retry:
+	WORD $0xB9931022 // TROO 2,2,b'0001'
+	BVS  retry
+	RET
diff --git a/vendor/golang.org/x/sys/unix/epoll_zos.go b/vendor/golang.org/x/sys/unix/epoll_zos.go
deleted file mode 100644
index 7753fddea8..0000000000
--- a/vendor/golang.org/x/sys/unix/epoll_zos.go
+++ /dev/null
@@ -1,220 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build zos && s390x
-
-package unix
-
-import (
-	"sync"
-)
-
-// This file simulates epoll on z/OS using poll.
-
-// Analogous to epoll_event on Linux.
-// TODO(neeilan): Pad is because the Linux kernel expects a 96-bit struct. We never pass this to the kernel; remove?
-type EpollEvent struct {
-	Events uint32
-	Fd     int32
-	Pad    int32
-}
-
-const (
-	EPOLLERR      = 0x8
-	EPOLLHUP      = 0x10
-	EPOLLIN       = 0x1
-	EPOLLMSG      = 0x400
-	EPOLLOUT      = 0x4
-	EPOLLPRI      = 0x2
-	EPOLLRDBAND   = 0x80
-	EPOLLRDNORM   = 0x40
-	EPOLLWRBAND   = 0x200
-	EPOLLWRNORM   = 0x100
-	EPOLL_CTL_ADD = 0x1
-	EPOLL_CTL_DEL = 0x2
-	EPOLL_CTL_MOD = 0x3
-	// The following constants are part of the epoll API, but represent
-	// currently unsupported functionality on z/OS.
-	// EPOLL_CLOEXEC  = 0x80000
-	// EPOLLET        = 0x80000000
-	// EPOLLONESHOT   = 0x40000000
-	// EPOLLRDHUP     = 0x2000     // Typically used with edge-triggered notis
-	// EPOLLEXCLUSIVE = 0x10000000 // Exclusive wake-up mode
-	// EPOLLWAKEUP    = 0x20000000 // Relies on Linux's BLOCK_SUSPEND capability
-)
-
-// TODO(neeilan): We can eliminate these epToPoll / pToEpoll calls by using identical mask values for POLL/EPOLL
-// constants where possible The lower 16 bits of epoll events (uint32) can fit any system poll event (int16).
-
-// epToPollEvt converts epoll event field to poll equivalent.
-// In epoll, Events is a 32-bit field, while poll uses 16 bits.
-func epToPollEvt(events uint32) int16 {
-	var ep2p = map[uint32]int16{
-		EPOLLIN:  POLLIN,
-		EPOLLOUT: POLLOUT,
-		EPOLLHUP: POLLHUP,
-		EPOLLPRI: POLLPRI,
-		EPOLLERR: POLLERR,
-	}
-
-	var pollEvts int16 = 0
-	for epEvt, pEvt := range ep2p {
-		if (events & epEvt) != 0 {
-			pollEvts |= pEvt
-		}
-	}
-
-	return pollEvts
-}
-
-// pToEpollEvt converts 16 bit poll event bitfields to 32-bit epoll event fields.
-func pToEpollEvt(revents int16) uint32 {
-	var p2ep = map[int16]uint32{
-		POLLIN:  EPOLLIN,
-		POLLOUT: EPOLLOUT,
-		POLLHUP: EPOLLHUP,
-		POLLPRI: EPOLLPRI,
-		POLLERR: EPOLLERR,
-	}
-
-	var epollEvts uint32 = 0
-	for pEvt, epEvt := range p2ep {
-		if (revents & pEvt) != 0 {
-			epollEvts |= epEvt
-		}
-	}
-
-	return epollEvts
-}
-
-// Per-process epoll implementation.
-type epollImpl struct {
-	mu       sync.Mutex
-	epfd2ep  map[int]*eventPoll
-	nextEpfd int
-}
-
-// eventPoll holds a set of file descriptors being watched by the process. A process can have multiple epoll instances.
-// On Linux, this is an in-kernel data structure accessed through a fd.
-type eventPoll struct {
-	mu  sync.Mutex
-	fds map[int]*EpollEvent
-}
-
-// epoll impl for this process.
-var impl epollImpl = epollImpl{
-	epfd2ep:  make(map[int]*eventPoll),
-	nextEpfd: 0,
-}
-
-func (e *epollImpl) epollcreate(size int) (epfd int, err error) {
-	e.mu.Lock()
-	defer e.mu.Unlock()
-	epfd = e.nextEpfd
-	e.nextEpfd++
-
-	e.epfd2ep[epfd] = &eventPoll{
-		fds: make(map[int]*EpollEvent),
-	}
-	return epfd, nil
-}
-
-func (e *epollImpl) epollcreate1(flag int) (fd int, err error) {
-	return e.epollcreate(4)
-}
-
-func (e *epollImpl) epollctl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	e.mu.Lock()
-	defer e.mu.Unlock()
-
-	ep, ok := e.epfd2ep[epfd]
-	if !ok {
-
-		return EBADF
-	}
-
-	switch op {
-	case EPOLL_CTL_ADD:
-		// TODO(neeilan): When we make epfds and fds disjoint, detect epoll
-		// loops here (instances watching each other) and return ELOOP.
-		if _, ok := ep.fds[fd]; ok {
-			return EEXIST
-		}
-		ep.fds[fd] = event
-	case EPOLL_CTL_MOD:
-		if _, ok := ep.fds[fd]; !ok {
-			return ENOENT
-		}
-		ep.fds[fd] = event
-	case EPOLL_CTL_DEL:
-		if _, ok := ep.fds[fd]; !ok {
-			return ENOENT
-		}
-		delete(ep.fds, fd)
-
-	}
-	return nil
-}
-
-// Must be called while holding ep.mu
-func (ep *eventPoll) getFds() []int {
-	fds := make([]int, len(ep.fds))
-	for fd := range ep.fds {
-		fds = append(fds, fd)
-	}
-	return fds
-}
-
-func (e *epollImpl) epollwait(epfd int, events []EpollEvent, msec int) (n int, err error) {
-	e.mu.Lock() // in [rare] case of concurrent epollcreate + epollwait
-	ep, ok := e.epfd2ep[epfd]
-
-	if !ok {
-		e.mu.Unlock()
-		return 0, EBADF
-	}
-
-	pollfds := make([]PollFd, 4)
-	for fd, epollevt := range ep.fds {
-		pollfds = append(pollfds, PollFd{Fd: int32(fd), Events: epToPollEvt(epollevt.Events)})
-	}
-	e.mu.Unlock()
-
-	n, err = Poll(pollfds, msec)
-	if err != nil {
-		return n, err
-	}
-
-	i := 0
-	for _, pFd := range pollfds {
-		if pFd.Revents != 0 {
-			events[i] = EpollEvent{Fd: pFd.Fd, Events: pToEpollEvt(pFd.Revents)}
-			i++
-		}
-
-		if i == n {
-			break
-		}
-	}
-
-	return n, nil
-}
-
-func EpollCreate(size int) (fd int, err error) {
-	return impl.epollcreate(size)
-}
-
-func EpollCreate1(flag int) (fd int, err error) {
-	return impl.epollcreate1(flag)
-}
-
-func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	return impl.epollctl(epfd, op, fd, event)
-}
-
-// Because EpollWait mutates events, the caller is expected to coordinate
-// concurrent access if calling with the same epfd from multiple goroutines.
-func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
-	return impl.epollwait(epfd, events, msec)
-}
diff --git a/vendor/golang.org/x/sys/unix/fstatfs_zos.go b/vendor/golang.org/x/sys/unix/fstatfs_zos.go
deleted file mode 100644
index c8bde601e7..0000000000
--- a/vendor/golang.org/x/sys/unix/fstatfs_zos.go
+++ /dev/null
@@ -1,163 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build zos && s390x
-
-package unix
-
-import (
-	"unsafe"
-)
-
-// This file simulates fstatfs on z/OS using fstatvfs and w_getmntent.
-
-func Fstatfs(fd int, stat *Statfs_t) (err error) {
-	var stat_v Statvfs_t
-	err = Fstatvfs(fd, &stat_v)
-	if err == nil {
-		// populate stat
-		stat.Type = 0
-		stat.Bsize = stat_v.Bsize
-		stat.Blocks = stat_v.Blocks
-		stat.Bfree = stat_v.Bfree
-		stat.Bavail = stat_v.Bavail
-		stat.Files = stat_v.Files
-		stat.Ffree = stat_v.Ffree
-		stat.Fsid = stat_v.Fsid
-		stat.Namelen = stat_v.Namemax
-		stat.Frsize = stat_v.Frsize
-		stat.Flags = stat_v.Flag
-		for passn := 0; passn < 5; passn++ {
-			switch passn {
-			case 0:
-				err = tryGetmntent64(stat)
-				break
-			case 1:
-				err = tryGetmntent128(stat)
-				break
-			case 2:
-				err = tryGetmntent256(stat)
-				break
-			case 3:
-				err = tryGetmntent512(stat)
-				break
-			case 4:
-				err = tryGetmntent1024(stat)
-				break
-			default:
-				break
-			}
-			//proceed to return if: err is nil (found), err is nonnil but not ERANGE (another error occurred)
-			if err == nil || err != nil && err != ERANGE {
-				break
-			}
-		}
-	}
-	return err
-}
-
-func tryGetmntent64(stat *Statfs_t) (err error) {
-	var mnt_ent_buffer struct {
-		header       W_Mnth
-		filesys_info [64]W_Mntent
-	}
-	var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
-	fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
-	if err != nil {
-		return err
-	}
-	err = ERANGE //return ERANGE if no match is found in this batch
-	for i := 0; i < fs_count; i++ {
-		if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
-			stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
-			err = nil
-			break
-		}
-	}
-	return err
-}
-
-func tryGetmntent128(stat *Statfs_t) (err error) {
-	var mnt_ent_buffer struct {
-		header       W_Mnth
-		filesys_info [128]W_Mntent
-	}
-	var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
-	fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
-	if err != nil {
-		return err
-	}
-	err = ERANGE //return ERANGE if no match is found in this batch
-	for i := 0; i < fs_count; i++ {
-		if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
-			stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
-			err = nil
-			break
-		}
-	}
-	return err
-}
-
-func tryGetmntent256(stat *Statfs_t) (err error) {
-	var mnt_ent_buffer struct {
-		header       W_Mnth
-		filesys_info [256]W_Mntent
-	}
-	var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
-	fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
-	if err != nil {
-		return err
-	}
-	err = ERANGE //return ERANGE if no match is found in this batch
-	for i := 0; i < fs_count; i++ {
-		if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
-			stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
-			err = nil
-			break
-		}
-	}
-	return err
-}
-
-func tryGetmntent512(stat *Statfs_t) (err error) {
-	var mnt_ent_buffer struct {
-		header       W_Mnth
-		filesys_info [512]W_Mntent
-	}
-	var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
-	fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
-	if err != nil {
-		return err
-	}
-	err = ERANGE //return ERANGE if no match is found in this batch
-	for i := 0; i < fs_count; i++ {
-		if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
-			stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
-			err = nil
-			break
-		}
-	}
-	return err
-}
-
-func tryGetmntent1024(stat *Statfs_t) (err error) {
-	var mnt_ent_buffer struct {
-		header       W_Mnth
-		filesys_info [1024]W_Mntent
-	}
-	var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
-	fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
-	if err != nil {
-		return err
-	}
-	err = ERANGE //return ERANGE if no match is found in this batch
-	for i := 0; i < fs_count; i++ {
-		if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
-			stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
-			err = nil
-			break
-		}
-	}
-	return err
-}
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index c6492020ec..4ed2e488b6 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -263,6 +263,7 @@ struct ltchars {
 #include <linux/sched.h>
 #include <linux/seccomp.h>
 #include <linux/serial.h>
+#include <linux/sock_diag.h>
 #include <linux/sockios.h>
 #include <linux/taskstats.h>
 #include <linux/tipc.h>
@@ -549,6 +550,7 @@ ccflags="$@"
 		$2 !~ "NLA_TYPE_MASK" &&
 		$2 !~ /^RTC_VL_(ACCURACY|BACKUP|DATA)/ &&
 		$2 ~ /^(NETLINK|NLM|NLMSG|NLA|IFA|IFAN|RT|RTC|RTCF|RTN|RTPROT|RTNH|ARPHRD|ETH_P|NETNSA)_/ ||
+		$2 ~ /^SOCK_|SK_DIAG_|SKNLGRP_$/ ||
 		$2 ~ /^FIORDCHK$/ ||
 		$2 ~ /^SIOC/ ||
 		$2 ~ /^TIOC/ ||
@@ -584,7 +586,7 @@ ccflags="$@"
 		$2 ~ /^KEY_(SPEC|REQKEY_DEFL)_/ ||
 		$2 ~ /^KEYCTL_/ ||
 		$2 ~ /^PERF_/ ||
-		$2 ~ /^SECCOMP_MODE_/ ||
+		$2 ~ /^SECCOMP_/ ||
 		$2 ~ /^SEEK_/ ||
 		$2 ~ /^SCHED_/ ||
 		$2 ~ /^SPLICE_/ ||
diff --git a/vendor/golang.org/x/sys/unix/mmap_nomremap.go b/vendor/golang.org/x/sys/unix/mmap_nomremap.go
index 4b68e59780..7f602ffd26 100644
--- a/vendor/golang.org/x/sys/unix/mmap_nomremap.go
+++ b/vendor/golang.org/x/sys/unix/mmap_nomremap.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build aix || darwin || dragonfly || freebsd || openbsd || solaris
+//go:build aix || darwin || dragonfly || freebsd || openbsd || solaris || zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/mremap.go b/vendor/golang.org/x/sys/unix/mremap.go
index fd45fe529d..3a5e776f89 100644
--- a/vendor/golang.org/x/sys/unix/mremap.go
+++ b/vendor/golang.org/x/sys/unix/mremap.go
@@ -50,3 +50,8 @@ func (m *mremapMmapper) Mremap(oldData []byte, newLength int, flags int) (data [
 func Mremap(oldData []byte, newLength int, flags int) (data []byte, err error) {
 	return mapper.Mremap(oldData, newLength, flags)
 }
+
+func MremapPtr(oldAddr unsafe.Pointer, oldSize uintptr, newAddr unsafe.Pointer, newSize uintptr, flags int) (ret unsafe.Pointer, err error) {
+	xaddr, err := mapper.mremap(uintptr(oldAddr), oldSize, newSize, flags, uintptr(newAddr))
+	return unsafe.Pointer(xaddr), err
+}
diff --git a/vendor/golang.org/x/sys/unix/pagesize_unix.go b/vendor/golang.org/x/sys/unix/pagesize_unix.go
index 4d0a3430ed..0482408d7c 100644
--- a/vendor/golang.org/x/sys/unix/pagesize_unix.go
+++ b/vendor/golang.org/x/sys/unix/pagesize_unix.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
 
 // For Unix, get the pagesize from the runtime.
 
diff --git a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
index 130398b6b7..b903c00604 100644
--- a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
+++ b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build darwin
+//go:build darwin || zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_zos.go b/vendor/golang.org/x/sys/unix/sockcmsg_zos.go
new file mode 100644
index 0000000000..3e53dbc028
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_zos.go
@@ -0,0 +1,58 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Socket control messages
+
+package unix
+
+import "unsafe"
+
+// UnixCredentials encodes credentials into a socket control message
+// for sending to another process. This can be used for
+// authentication.
+func UnixCredentials(ucred *Ucred) []byte {
+	b := make([]byte, CmsgSpace(SizeofUcred))
+	h := (*Cmsghdr)(unsafe.Pointer(&b[0]))
+	h.Level = SOL_SOCKET
+	h.Type = SCM_CREDENTIALS
+	h.SetLen(CmsgLen(SizeofUcred))
+	*(*Ucred)(h.data(0)) = *ucred
+	return b
+}
+
+// ParseUnixCredentials decodes a socket control message that contains
+// credentials in a Ucred structure. To receive such a message, the
+// SO_PASSCRED option must be enabled on the socket.
+func ParseUnixCredentials(m *SocketControlMessage) (*Ucred, error) {
+	if m.Header.Level != SOL_SOCKET {
+		return nil, EINVAL
+	}
+	if m.Header.Type != SCM_CREDENTIALS {
+		return nil, EINVAL
+	}
+	ucred := *(*Ucred)(unsafe.Pointer(&m.Data[0]))
+	return &ucred, nil
+}
+
+// PktInfo4 encodes Inet4Pktinfo into a socket control message of type IP_PKTINFO.
+func PktInfo4(info *Inet4Pktinfo) []byte {
+	b := make([]byte, CmsgSpace(SizeofInet4Pktinfo))
+	h := (*Cmsghdr)(unsafe.Pointer(&b[0]))
+	h.Level = SOL_IP
+	h.Type = IP_PKTINFO
+	h.SetLen(CmsgLen(SizeofInet4Pktinfo))
+	*(*Inet4Pktinfo)(h.data(0)) = *info
+	return b
+}
+
+// PktInfo6 encodes Inet6Pktinfo into a socket control message of type IPV6_PKTINFO.
+func PktInfo6(info *Inet6Pktinfo) []byte {
+	b := make([]byte, CmsgSpace(SizeofInet6Pktinfo))
+	h := (*Cmsghdr)(unsafe.Pointer(&b[0]))
+	h.Level = SOL_IPV6
+	h.Type = IPV6_PKTINFO
+	h.SetLen(CmsgLen(SizeofInet6Pktinfo))
+	*(*Inet6Pktinfo)(h.data(0)) = *info
+	return b
+}
diff --git a/vendor/golang.org/x/sys/unix/symaddr_zos_s390x.s b/vendor/golang.org/x/sys/unix/symaddr_zos_s390x.s
new file mode 100644
index 0000000000..3c4f33cb6a
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/symaddr_zos_s390x.s
@@ -0,0 +1,75 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos && s390x && gc
+
+#include "textflag.h"
+
+//  provide the address of function variable to be fixed up.
+
+TEXT ·getPipe2Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Pipe2(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_FlockAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Flock(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_GetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Getxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_NanosleepAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Nanosleep(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_SetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Setxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_Wait4Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Wait4(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_MountAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Mount(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_UnmountAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Unmount(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_UtimesNanoAtAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·UtimesNanoAt(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_UtimesNanoAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·UtimesNano(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_MkfifoatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Mkfifoat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_ChtagAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Chtag(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_ReadlinkatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Readlinkat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+	
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go
index 59542a897d..4cc7b00596 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go
@@ -542,6 +542,18 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) {
 	}
 }
 
+//sys	pthread_chdir_np(path string) (err error)
+
+func PthreadChdir(path string) (err error) {
+	return pthread_chdir_np(path)
+}
+
+//sys	pthread_fchdir_np(fd int) (err error)
+
+func PthreadFchdir(fd int) (err error) {
+	return pthread_fchdir_np(fd)
+}
+
 //sys	sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error)
 
 //sys	shmat(id int, addr uintptr, flag int) (ret uintptr, err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
index 16dc699379..2f0fa76e4f 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build darwin && go1.12
+//go:build darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
index 64d1bb4dba..2b57e0f73b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
@@ -13,6 +13,7 @@
 package unix
 
 import (
+	"errors"
 	"sync"
 	"unsafe"
 )
@@ -169,25 +170,26 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
 func Uname(uname *Utsname) error {
 	mib := []_C_int{CTL_KERN, KERN_OSTYPE}
 	n := unsafe.Sizeof(uname.Sysname)
-	if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil {
+	// Suppress ENOMEM errors to be compatible with the C library __xuname() implementation.
+	if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) {
 		return err
 	}
 
 	mib = []_C_int{CTL_KERN, KERN_HOSTNAME}
 	n = unsafe.Sizeof(uname.Nodename)
-	if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil {
+	if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) {
 		return err
 	}
 
 	mib = []_C_int{CTL_KERN, KERN_OSRELEASE}
 	n = unsafe.Sizeof(uname.Release)
-	if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil {
+	if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) {
 		return err
 	}
 
 	mib = []_C_int{CTL_KERN, KERN_VERSION}
 	n = unsafe.Sizeof(uname.Version)
-	if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil {
+	if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) {
 		return err
 	}
 
@@ -205,7 +207,7 @@ func Uname(uname *Utsname) error {
 
 	mib = []_C_int{CTL_HW, HW_MACHINE}
 	n = unsafe.Sizeof(uname.Machine)
-	if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil {
+	if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) {
 		return err
 	}
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index 0f85e29e62..5682e2628a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -1849,6 +1849,105 @@ func Dup2(oldfd, newfd int) error {
 //sys	Fsmount(fd int, flags int, mountAttrs int) (fsfd int, err error)
 //sys	Fsopen(fsName string, flags int) (fd int, err error)
 //sys	Fspick(dirfd int, pathName string, flags int) (fd int, err error)
+
+//sys	fsconfig(fd int, cmd uint, key *byte, value *byte, aux int) (err error)
+
+func fsconfigCommon(fd int, cmd uint, key string, value *byte, aux int) (err error) {
+	var keyp *byte
+	if keyp, err = BytePtrFromString(key); err != nil {
+		return
+	}
+	return fsconfig(fd, cmd, keyp, value, aux)
+}
+
+// FsconfigSetFlag is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_FLAG.
+//
+// fd is the filesystem context to act upon.
+// key the parameter key to set.
+func FsconfigSetFlag(fd int, key string) (err error) {
+	return fsconfigCommon(fd, FSCONFIG_SET_FLAG, key, nil, 0)
+}
+
+// FsconfigSetString is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_STRING.
+//
+// fd is the filesystem context to act upon.
+// key the parameter key to set.
+// value is the parameter value to set.
+func FsconfigSetString(fd int, key string, value string) (err error) {
+	var valuep *byte
+	if valuep, err = BytePtrFromString(value); err != nil {
+		return
+	}
+	return fsconfigCommon(fd, FSCONFIG_SET_STRING, key, valuep, 0)
+}
+
+// FsconfigSetBinary is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_BINARY.
+//
+// fd is the filesystem context to act upon.
+// key the parameter key to set.
+// value is the parameter value to set.
+func FsconfigSetBinary(fd int, key string, value []byte) (err error) {
+	if len(value) == 0 {
+		return EINVAL
+	}
+	return fsconfigCommon(fd, FSCONFIG_SET_BINARY, key, &value[0], len(value))
+}
+
+// FsconfigSetPath is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_PATH.
+//
+// fd is the filesystem context to act upon.
+// key the parameter key to set.
+// path is a non-empty path for specified key.
+// atfd is a file descriptor at which to start lookup from or AT_FDCWD.
+func FsconfigSetPath(fd int, key string, path string, atfd int) (err error) {
+	var valuep *byte
+	if valuep, err = BytePtrFromString(path); err != nil {
+		return
+	}
+	return fsconfigCommon(fd, FSCONFIG_SET_PATH, key, valuep, atfd)
+}
+
+// FsconfigSetPathEmpty is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_PATH_EMPTY. The same as
+// FconfigSetPath but with AT_PATH_EMPTY implied.
+func FsconfigSetPathEmpty(fd int, key string, path string, atfd int) (err error) {
+	var valuep *byte
+	if valuep, err = BytePtrFromString(path); err != nil {
+		return
+	}
+	return fsconfigCommon(fd, FSCONFIG_SET_PATH_EMPTY, key, valuep, atfd)
+}
+
+// FsconfigSetFd is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_FD.
+//
+// fd is the filesystem context to act upon.
+// key the parameter key to set.
+// value is a file descriptor to be assigned to specified key.
+func FsconfigSetFd(fd int, key string, value int) (err error) {
+	return fsconfigCommon(fd, FSCONFIG_SET_FD, key, nil, value)
+}
+
+// FsconfigCreate is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_CMD_CREATE.
+//
+// fd is the filesystem context to act upon.
+func FsconfigCreate(fd int) (err error) {
+	return fsconfig(fd, FSCONFIG_CMD_CREATE, nil, nil, 0)
+}
+
+// FsconfigReconfigure is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_CMD_RECONFIGURE.
+//
+// fd is the filesystem context to act upon.
+func FsconfigReconfigure(fd int) (err error) {
+	return fsconfig(fd, FSCONFIG_CMD_RECONFIGURE, nil, nil, 0)
+}
+
 //sys	Getdents(fd int, buf []byte) (n int, err error) = SYS_GETDENTS64
 //sysnb	Getpgid(pid int) (pgid int, err error)
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go
index 77081de8c7..4e92e5aa40 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix.go
@@ -154,6 +154,15 @@ func Munmap(b []byte) (err error) {
 	return mapper.Munmap(b)
 }
 
+func MmapPtr(fd int, offset int64, addr unsafe.Pointer, length uintptr, prot int, flags int) (ret unsafe.Pointer, err error) {
+	xaddr, err := mapper.mmap(uintptr(addr), length, prot, flags, fd, offset)
+	return unsafe.Pointer(xaddr), err
+}
+
+func MunmapPtr(addr unsafe.Pointer, length uintptr) (err error) {
+	return mapper.munmap(uintptr(addr), length)
+}
+
 func Read(fd int, p []byte) (n int, err error) {
 	n, err = read(fd, p)
 	if raceenabled {
diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
index b473038c61..312ae6ac1d 100644
--- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
@@ -4,11 +4,21 @@
 
 //go:build zos && s390x
 
+// Many of the following syscalls are not available on all versions of z/OS.
+// Some missing calls have legacy implementations/simulations but others
+// will be missing completely. To achieve consistent failing behaviour on
+// legacy systems, we first test the function pointer via a safeloading
+// mechanism to see if the function exists on a given system. Then execution
+// is branched to either continue the function call, or return an error.
+
 package unix
 
 import (
 	"bytes"
 	"fmt"
+	"os"
+	"reflect"
+	"regexp"
 	"runtime"
 	"sort"
 	"strings"
@@ -17,17 +27,205 @@ import (
 	"unsafe"
 )
 
+//go:noescape
+func initZosLibVec()
+
+//go:noescape
+func GetZosLibVec() uintptr
+
+func init() {
+	initZosLibVec()
+	r0, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS_____GETENV_A<<4, uintptr(unsafe.Pointer(&([]byte("__ZOS_XSYSTRACE\x00"))[0])))
+	if r0 != 0 {
+		n, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___ATOI_A<<4, r0)
+		ZosTraceLevel = int(n)
+		r0, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS_____GETENV_A<<4, uintptr(unsafe.Pointer(&([]byte("__ZOS_XSYSTRACEFD\x00"))[0])))
+		if r0 != 0 {
+			fd, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___ATOI_A<<4, r0)
+			f := os.NewFile(fd, "zostracefile")
+			if f != nil {
+				ZosTracefile = f
+			}
+		}
+
+	}
+}
+
+//go:noescape
+func CallLeFuncWithErr(funcdesc uintptr, parms ...uintptr) (ret, errno2 uintptr, err Errno)
+
+//go:noescape
+func CallLeFuncWithPtrReturn(funcdesc uintptr, parms ...uintptr) (ret, errno2 uintptr, err Errno)
+
+// -------------------------------
+// pointer validity test
+// good pointer returns 0
+// bad pointer returns 1
+//
+//go:nosplit
+func ptrtest(uintptr) uint64
+
+// Load memory at ptr location with error handling if the location is invalid
+//
+//go:noescape
+func safeload(ptr uintptr) (value uintptr, error uintptr)
+
 const (
-	O_CLOEXEC = 0       // Dummy value (not supported).
-	AF_LOCAL  = AF_UNIX // AF_LOCAL is an alias for AF_UNIX
+	entrypointLocationOffset = 8 // From function descriptor
+
+	xplinkEyecatcher   = 0x00c300c500c500f1 // ".C.E.E.1"
+	eyecatcherOffset   = 16                 // From function entrypoint (negative)
+	ppa1LocationOffset = 8                  // From function entrypoint (negative)
+
+	nameLenOffset = 0x14 // From PPA1 start
+	nameOffset    = 0x16 // From PPA1 start
 )
 
-func syscall_syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
-func syscall_rawsyscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
-func syscall_syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
-func syscall_rawsyscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
-func syscall_syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno)
-func syscall_rawsyscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno)
+func getPpaOffset(funcptr uintptr) int64 {
+	entrypoint, err := safeload(funcptr + entrypointLocationOffset)
+	if err != 0 {
+		return -1
+	}
+
+	// XPLink functions have ".C.E.E.1" as the first 8 bytes (EBCDIC)
+	val, err := safeload(entrypoint - eyecatcherOffset)
+	if err != 0 {
+		return -1
+	}
+	if val != xplinkEyecatcher {
+		return -1
+	}
+
+	ppaoff, err := safeload(entrypoint - ppa1LocationOffset)
+	if err != 0 {
+		return -1
+	}
+
+	ppaoff >>= 32
+	return int64(ppaoff)
+}
+
+//-------------------------------
+// function descriptor pointer validity test
+// good pointer returns 0
+// bad pointer returns 1
+
+// TODO: currently mksyscall_zos_s390x.go generate empty string for funcName
+// have correct funcName pass to the funcptrtest function
+func funcptrtest(funcptr uintptr, funcName string) uint64 {
+	entrypoint, err := safeload(funcptr + entrypointLocationOffset)
+	if err != 0 {
+		return 1
+	}
+
+	ppaoff := getPpaOffset(funcptr)
+	if ppaoff == -1 {
+		return 1
+	}
+
+	// PPA1 offset value is from the start of the entire function block, not the entrypoint
+	ppa1 := (entrypoint - eyecatcherOffset) + uintptr(ppaoff)
+
+	nameLen, err := safeload(ppa1 + nameLenOffset)
+	if err != 0 {
+		return 1
+	}
+
+	nameLen >>= 48
+	if nameLen > 128 {
+		return 1
+	}
+
+	// no function name input to argument end here
+	if funcName == "" {
+		return 0
+	}
+
+	var funcname [128]byte
+	for i := 0; i < int(nameLen); i += 8 {
+		v, err := safeload(ppa1 + nameOffset + uintptr(i))
+		if err != 0 {
+			return 1
+		}
+		funcname[i] = byte(v >> 56)
+		funcname[i+1] = byte(v >> 48)
+		funcname[i+2] = byte(v >> 40)
+		funcname[i+3] = byte(v >> 32)
+		funcname[i+4] = byte(v >> 24)
+		funcname[i+5] = byte(v >> 16)
+		funcname[i+6] = byte(v >> 8)
+		funcname[i+7] = byte(v)
+	}
+
+	runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4, // __e2a_l
+		[]uintptr{uintptr(unsafe.Pointer(&funcname[0])), nameLen})
+
+	name := string(funcname[:nameLen])
+	if name != funcName {
+		return 1
+	}
+
+	return 0
+}
+
+// For detection of capabilities on a system.
+// Is function descriptor f a valid function?
+func isValidLeFunc(f uintptr) error {
+	ret := funcptrtest(f, "")
+	if ret != 0 {
+		return fmt.Errorf("Bad pointer, not an LE function ")
+	}
+	return nil
+}
+
+// Retrieve function name from descriptor
+func getLeFuncName(f uintptr) (string, error) {
+	// assume it has been checked, only check ppa1 validity here
+	entry := ((*[2]uintptr)(unsafe.Pointer(f)))[1]
+	preamp := ((*[4]uint32)(unsafe.Pointer(entry - eyecatcherOffset)))
+
+	offsetPpa1 := preamp[2]
+	if offsetPpa1 > 0x0ffff {
+		return "", fmt.Errorf("PPA1 offset seems too big 0x%x\n", offsetPpa1)
+	}
+
+	ppa1 := uintptr(unsafe.Pointer(preamp)) + uintptr(offsetPpa1)
+	res := ptrtest(ppa1)
+	if res != 0 {
+		return "", fmt.Errorf("PPA1 address not valid")
+	}
+
+	size := *(*uint16)(unsafe.Pointer(ppa1 + nameLenOffset))
+	if size > 128 {
+		return "", fmt.Errorf("Function name seems too long, length=%d\n", size)
+	}
+
+	var name [128]byte
+	funcname := (*[128]byte)(unsafe.Pointer(ppa1 + nameOffset))
+	copy(name[0:size], funcname[0:size])
+
+	runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4, // __e2a_l
+		[]uintptr{uintptr(unsafe.Pointer(&name[0])), uintptr(size)})
+
+	return string(name[:size]), nil
+}
+
+// Check z/OS version
+func zosLeVersion() (version, release uint32) {
+	p1 := (*(*uintptr)(unsafe.Pointer(uintptr(1208)))) >> 32
+	p1 = *(*uintptr)(unsafe.Pointer(uintptr(p1 + 88)))
+	p1 = *(*uintptr)(unsafe.Pointer(uintptr(p1 + 8)))
+	p1 = *(*uintptr)(unsafe.Pointer(uintptr(p1 + 984)))
+	vrm := *(*uint32)(unsafe.Pointer(p1 + 80))
+	version = (vrm & 0x00ff0000) >> 16
+	release = (vrm & 0x0000ff00) >> 8
+	return
+}
+
+// returns a zos C FILE * for stdio fd 0, 1, 2
+func ZosStdioFilep(fd int32) uintptr {
+	return uintptr(*(*uint64)(unsafe.Pointer(uintptr(*(*uint64)(unsafe.Pointer(uintptr(*(*uint64)(unsafe.Pointer(uintptr(uint64(*(*uint32)(unsafe.Pointer(uintptr(1208)))) + 80))) + uint64((fd+2)<<3))))))))
+}
 
 func copyStat(stat *Stat_t, statLE *Stat_LE_t) {
 	stat.Dev = uint64(statLE.Dev)
@@ -65,6 +263,21 @@ func (d *Dirent) NameString() string {
 	}
 }
 
+func DecodeData(dest []byte, sz int, val uint64) {
+	for i := 0; i < sz; i++ {
+		dest[sz-1-i] = byte((val >> (uint64(i * 8))) & 0xff)
+	}
+}
+
+func EncodeData(data []byte) uint64 {
+	var value uint64
+	sz := len(data)
+	for i := 0; i < sz; i++ {
+		value |= uint64(data[i]) << uint64(((sz - i - 1) * 8))
+	}
+	return value
+}
+
 func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if sa.Port < 0 || sa.Port > 0xFFFF {
 		return nil, 0, EINVAL
@@ -74,7 +287,9 @@ func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
 	p[0] = byte(sa.Port >> 8)
 	p[1] = byte(sa.Port)
-	sa.raw.Addr = sa.Addr
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
 	return unsafe.Pointer(&sa.raw), _Socklen(sa.raw.Len), nil
 }
 
@@ -88,7 +303,9 @@ func (sa *SockaddrInet6) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	p[0] = byte(sa.Port >> 8)
 	p[1] = byte(sa.Port)
 	sa.raw.Scope_id = sa.ZoneId
-	sa.raw.Addr = sa.Addr
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
 	return unsafe.Pointer(&sa.raw), _Socklen(sa.raw.Len), nil
 }
 
@@ -146,7 +363,9 @@ func anyToSockaddr(_ int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		sa := new(SockaddrInet4)
 		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
 		sa.Port = int(p[0])<<8 + int(p[1])
-		sa.Addr = pp.Addr
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
 		return sa, nil
 
 	case AF_INET6:
@@ -155,7 +374,9 @@ func anyToSockaddr(_ int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
 		sa.Port = int(p[0])<<8 + int(p[1])
 		sa.ZoneId = pp.Scope_id
-		sa.Addr = pp.Addr
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
 		return sa, nil
 	}
 	return nil, EAFNOSUPPORT
@@ -177,6 +398,43 @@ func Accept(fd int) (nfd int, sa Sockaddr, err error) {
 	return
 }
 
+func Accept4(fd int, flags int) (nfd int, sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	nfd, err = accept4(fd, &rsa, &len, flags)
+	if err != nil {
+		return
+	}
+	if len > SizeofSockaddrAny {
+		panic("RawSockaddrAny too small")
+	}
+	// TODO(neeilan): Remove 0 in call
+	sa, err = anyToSockaddr(0, &rsa)
+	if err != nil {
+		Close(nfd)
+		nfd = 0
+	}
+	return
+}
+
+func Ctermid() (tty string, err error) {
+	var termdev [1025]byte
+	runtime.EnterSyscall()
+	r0, err2, err1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___CTERMID_A<<4, uintptr(unsafe.Pointer(&termdev[0])))
+	runtime.ExitSyscall()
+	if r0 == 0 {
+		return "", fmt.Errorf("%s (errno2=0x%x)\n", err1.Error(), err2)
+	}
+	s := string(termdev[:])
+	idx := strings.Index(s, string(rune(0)))
+	if idx == -1 {
+		tty = s
+	} else {
+		tty = s[:idx]
+	}
+	return
+}
+
 func (iov *Iovec) SetLen(length int) {
 	iov.Len = uint64(length)
 }
@@ -190,10 +448,16 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 }
 
 //sys   fcntl(fd int, cmd int, arg int) (val int, err error)
+//sys   Flistxattr(fd int, dest []byte) (sz int, err error) = SYS___FLISTXATTR_A
+//sys   Fremovexattr(fd int, attr string) (err error) = SYS___FREMOVEXATTR_A
 //sys	read(fd int, p []byte) (n int, err error)
 //sys	write(fd int, p []byte) (n int, err error)
 
+//sys   Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) = SYS___FGETXATTR_A
+//sys   Fsetxattr(fd int, attr string, data []byte, flag int) (err error) = SYS___FSETXATTR_A
+
 //sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) = SYS___ACCEPT_A
+//sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) = SYS___ACCEPT4_A
 //sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) = SYS___BIND_A
 //sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) = SYS___CONNECT_A
 //sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
@@ -204,6 +468,7 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 //sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
 //sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) = SYS___GETPEERNAME_A
 //sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) = SYS___GETSOCKNAME_A
+//sys   Removexattr(path string, attr string) (err error) = SYS___REMOVEXATTR_A
 //sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) = SYS___RECVFROM_A
 //sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) = SYS___SENDTO_A
 //sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error) = SYS___RECVMSG_A
@@ -212,6 +477,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 //sys   munmap(addr uintptr, length uintptr) (err error) = SYS_MUNMAP
 //sys   ioctl(fd int, req int, arg uintptr) (err error) = SYS_IOCTL
 //sys   ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) = SYS_IOCTL
+//sys	shmat(id int, addr uintptr, flag int) (ret uintptr, err error) = SYS_SHMAT
+//sys	shmctl(id int, cmd int, buf *SysvShmDesc) (result int, err error) = SYS_SHMCTL64
+//sys	shmdt(addr uintptr) (err error) = SYS_SHMDT
+//sys	shmget(key int, size int, flag int) (id int, err error) = SYS_SHMGET
 
 //sys   Access(path string, mode uint32) (err error) = SYS___ACCESS_A
 //sys   Chdir(path string) (err error) = SYS___CHDIR_A
@@ -220,14 +489,31 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 //sys   Creat(path string, mode uint32) (fd int, err error) = SYS___CREAT_A
 //sys	Dup(oldfd int) (fd int, err error)
 //sys	Dup2(oldfd int, newfd int) (err error)
+//sys	Dup3(oldfd int, newfd int, flags int) (err error) = SYS_DUP3
+//sys	Dirfd(dirp uintptr) (fd int, err error) = SYS_DIRFD
+//sys	EpollCreate(size int) (fd int, err error) = SYS_EPOLL_CREATE
+//sys	EpollCreate1(flags int) (fd int, err error) = SYS_EPOLL_CREATE1
+//sys	EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) = SYS_EPOLL_CTL
+//sys	EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) = SYS_EPOLL_PWAIT
+//sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) = SYS_EPOLL_WAIT
 //sys	Errno2() (er2 int) = SYS___ERRNO2
-//sys	Err2ad() (eadd *int) = SYS___ERR2AD
+//sys	Eventfd(initval uint, flags int) (fd int, err error) = SYS_EVENTFD
 //sys	Exit(code int)
+//sys	Faccessat(dirfd int, path string, mode uint32, flags int) (err error) = SYS___FACCESSAT_A
+
+func Faccessat2(dirfd int, path string, mode uint32, flags int) (err error) {
+	return Faccessat(dirfd, path, mode, flags)
+}
+
 //sys	Fchdir(fd int) (err error)
 //sys	Fchmod(fd int, mode uint32) (err error)
+//sys	Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) = SYS___FCHMODAT_A
 //sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fchownat(fd int, path string, uid int, gid int, flags int) (err error) = SYS___FCHOWNAT_A
 //sys	FcntlInt(fd uintptr, cmd int, arg int) (retval int, err error) = SYS_FCNTL
+//sys	Fdatasync(fd int) (err error) = SYS_FDATASYNC
 //sys	fstat(fd int, stat *Stat_LE_t) (err error)
+//sys	fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) = SYS___FSTATAT_A
 
 func Fstat(fd int, stat *Stat_t) (err error) {
 	var statLE Stat_LE_t
@@ -236,28 +522,208 @@ func Fstat(fd int, stat *Stat_t) (err error) {
 	return
 }
 
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	var statLE Stat_LE_t
+	err = fstatat(dirfd, path, &statLE, flags)
+	copyStat(stat, &statLE)
+	return
+}
+
+func impl_Getxattr(path string, attr string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(dest) > 0 {
+		_p2 = unsafe.Pointer(&dest[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)))
+	sz = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_GetxattrAddr() *(func(path string, attr string, dest []byte) (sz int, err error))
+
+var Getxattr = enter_Getxattr
+
+func enter_Getxattr(path string, attr string, dest []byte) (sz int, err error) {
+	funcref := get_GetxattrAddr()
+	if validGetxattr() {
+		*funcref = impl_Getxattr
+	} else {
+		*funcref = error_Getxattr
+	}
+	return (*funcref)(path, attr, dest)
+}
+
+func error_Getxattr(path string, attr string, dest []byte) (sz int, err error) {
+	return -1, ENOSYS
+}
+
+func validGetxattr() bool {
+	if funcptrtest(GetZosLibVec()+SYS___GETXATTR_A<<4, "") == 0 {
+		if name, err := getLeFuncName(GetZosLibVec() + SYS___GETXATTR_A<<4); err == nil {
+			return name == "__getxattr_a"
+		}
+	}
+	return false
+}
+
+//sys   Lgetxattr(link string, attr string, dest []byte) (sz int, err error) = SYS___LGETXATTR_A
+//sys   Lsetxattr(path string, attr string, data []byte, flags int) (err error) = SYS___LSETXATTR_A
+
+func impl_Setxattr(path string, attr string, data []byte, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(data) > 0 {
+		_p2 = unsafe.Pointer(&data[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_SetxattrAddr() *(func(path string, attr string, data []byte, flags int) (err error))
+
+var Setxattr = enter_Setxattr
+
+func enter_Setxattr(path string, attr string, data []byte, flags int) (err error) {
+	funcref := get_SetxattrAddr()
+	if validSetxattr() {
+		*funcref = impl_Setxattr
+	} else {
+		*funcref = error_Setxattr
+	}
+	return (*funcref)(path, attr, data, flags)
+}
+
+func error_Setxattr(path string, attr string, data []byte, flags int) (err error) {
+	return ENOSYS
+}
+
+func validSetxattr() bool {
+	if funcptrtest(GetZosLibVec()+SYS___SETXATTR_A<<4, "") == 0 {
+		if name, err := getLeFuncName(GetZosLibVec() + SYS___SETXATTR_A<<4); err == nil {
+			return name == "__setxattr_a"
+		}
+	}
+	return false
+}
+
+//sys	Fstatfs(fd int, buf *Statfs_t) (err error) = SYS_FSTATFS
 //sys	Fstatvfs(fd int, stat *Statvfs_t) (err error) = SYS_FSTATVFS
 //sys	Fsync(fd int) (err error)
+//sys	Futimes(fd int, tv []Timeval) (err error) = SYS_FUTIMES
+//sys	Futimesat(dirfd int, path string, tv []Timeval) (err error) = SYS___FUTIMESAT_A
 //sys	Ftruncate(fd int, length int64) (err error)
-//sys   Getpagesize() (pgsize int) = SYS_GETPAGESIZE
+//sys	Getrandom(buf []byte, flags int) (n int, err error) = SYS_GETRANDOM
+//sys	InotifyInit() (fd int, err error) = SYS_INOTIFY_INIT
+//sys	InotifyInit1(flags int) (fd int, err error) = SYS_INOTIFY_INIT1
+//sys	InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) = SYS___INOTIFY_ADD_WATCH_A
+//sys	InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) = SYS_INOTIFY_RM_WATCH
+//sys   Listxattr(path string, dest []byte) (sz int, err error) = SYS___LISTXATTR_A
+//sys   Llistxattr(path string, dest []byte) (sz int, err error) = SYS___LLISTXATTR_A
+//sys   Lremovexattr(path string, attr string) (err error) = SYS___LREMOVEXATTR_A
+//sys	Lutimes(path string, tv []Timeval) (err error) = SYS___LUTIMES_A
 //sys   Mprotect(b []byte, prot int) (err error) = SYS_MPROTECT
 //sys   Msync(b []byte, flags int) (err error) = SYS_MSYNC
+//sys   Console2(cmsg *ConsMsg2, modstr *byte, concmd *uint32) (err error) = SYS___CONSOLE2
+
+// Pipe2 begin
+
+//go:nosplit
+func getPipe2Addr() *(func([]int, int) error)
+
+var Pipe2 = pipe2Enter
+
+func pipe2Enter(p []int, flags int) (err error) {
+	if funcptrtest(GetZosLibVec()+SYS_PIPE2<<4, "") == 0 {
+		*getPipe2Addr() = pipe2Impl
+	} else {
+		*getPipe2Addr() = pipe2Error
+	}
+	return (*getPipe2Addr())(p, flags)
+}
+
+func pipe2Impl(p []int, flags int) (err error) {
+	var pp [2]_C_int
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PIPE2<<4, uintptr(unsafe.Pointer(&pp[0])), uintptr(flags))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	} else {
+		p[0] = int(pp[0])
+		p[1] = int(pp[1])
+	}
+	return
+}
+func pipe2Error(p []int, flags int) (err error) {
+	return fmt.Errorf("Pipe2 is not available on this system")
+}
+
+// Pipe2 end
+
 //sys   Poll(fds []PollFd, timeout int) (n int, err error) = SYS_POLL
+
+func Readdir(dir uintptr) (dirent *Dirent, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___READDIR_A<<4, uintptr(dir))
+	runtime.ExitSyscall()
+	dirent = (*Dirent)(unsafe.Pointer(r0))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//sys	Readdir_r(dirp uintptr, entry *direntLE, result **direntLE) (err error) = SYS___READDIR_R_A
+//sys	Statfs(path string, buf *Statfs_t) (err error) = SYS___STATFS_A
+//sys	Syncfs(fd int) (err error) = SYS_SYNCFS
 //sys   Times(tms *Tms) (ticks uintptr, err error) = SYS_TIMES
 //sys   W_Getmntent(buff *byte, size int) (lastsys int, err error) = SYS_W_GETMNTENT
 //sys   W_Getmntent_A(buff *byte, size int) (lastsys int, err error) = SYS___W_GETMNTENT_A
 
 //sys   mount_LE(path string, filesystem string, fstype string, mtm uint32, parmlen int32, parm string) (err error) = SYS___MOUNT_A
-//sys   unmount(filesystem string, mtm int) (err error) = SYS___UMOUNT_A
+//sys   unmount_LE(filesystem string, mtm int) (err error) = SYS___UMOUNT_A
 //sys   Chroot(path string) (err error) = SYS___CHROOT_A
 //sys   Select(nmsgsfds int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (ret int, err error) = SYS_SELECT
-//sysnb Uname(buf *Utsname) (err error) = SYS___UNAME_A
+//sysnb Uname(buf *Utsname) (err error) = SYS_____OSNAME_A
+//sys   Unshare(flags int) (err error) = SYS_UNSHARE
 
 func Ptsname(fd int) (name string, err error) {
-	r0, _, e1 := syscall_syscall(SYS___PTSNAME_A, uintptr(fd), 0, 0)
-	name = u2s(unsafe.Pointer(r0))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___PTSNAME_A<<4, uintptr(fd))
+	runtime.ExitSyscall()
+	if r0 == 0 {
+		err = errnoErr2(e1, e2)
+	} else {
+		name = u2s(unsafe.Pointer(r0))
 	}
 	return
 }
@@ -272,13 +738,19 @@ func u2s(cstr unsafe.Pointer) string {
 }
 
 func Close(fd int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_CLOSE<<4, uintptr(fd))
+	runtime.ExitSyscall()
 	for i := 0; e1 == EAGAIN && i < 10; i++ {
-		_, _, _ = syscall_syscall(SYS_USLEEP, uintptr(10), 0, 0)
-		_, _, e1 = syscall_syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+		runtime.EnterSyscall()
+		CallLeFuncWithErr(GetZosLibVec()+SYS_USLEEP<<4, uintptr(10))
+		runtime.ExitSyscall()
+		runtime.EnterSyscall()
+		r0, e2, e1 = CallLeFuncWithErr(GetZosLibVec()+SYS_CLOSE<<4, uintptr(fd))
+		runtime.ExitSyscall()
 	}
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if r0 != 0 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -288,9 +760,15 @@ func Madvise(b []byte, advice int) (err error) {
 	return
 }
 
+func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) {
+	return mapper.Mmap(fd, offset, length, prot, flags)
+}
+
+func Munmap(b []byte) (err error) {
+	return mapper.Munmap(b)
+}
+
 //sys   Gethostname(buf []byte) (err error) = SYS___GETHOSTNAME_A
-//sysnb	Getegid() (egid int)
-//sysnb	Geteuid() (uid int)
 //sysnb	Getgid() (gid int)
 //sysnb	Getpid() (pid int)
 //sysnb	Getpgid(pid int) (pgid int, err error) = SYS_GETPGID
@@ -317,11 +795,14 @@ func Getrusage(who int, rusage *Rusage) (err error) {
 	return
 }
 
+//sys	Getegid() (egid int) = SYS_GETEGID
+//sys	Geteuid() (euid int) = SYS_GETEUID
 //sysnb Getsid(pid int) (sid int, err error) = SYS_GETSID
 //sysnb	Getuid() (uid int)
 //sysnb	Kill(pid int, sig Signal) (err error)
 //sys	Lchown(path string, uid int, gid int) (err error) = SYS___LCHOWN_A
 //sys	Link(path string, link string) (err error) = SYS___LINK_A
+//sys	Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) = SYS___LINKAT_A
 //sys	Listen(s int, n int) (err error)
 //sys	lstat(path string, stat *Stat_LE_t) (err error) = SYS___LSTAT_A
 
@@ -332,15 +813,150 @@ func Lstat(path string, stat *Stat_t) (err error) {
 	return
 }
 
+// for checking symlinks begins with $VERSION/ $SYSNAME/ $SYSSYMR/ $SYSSYMA/
+func isSpecialPath(path []byte) (v bool) {
+	var special = [4][8]byte{
+		[8]byte{'V', 'E', 'R', 'S', 'I', 'O', 'N', '/'},
+		[8]byte{'S', 'Y', 'S', 'N', 'A', 'M', 'E', '/'},
+		[8]byte{'S', 'Y', 'S', 'S', 'Y', 'M', 'R', '/'},
+		[8]byte{'S', 'Y', 'S', 'S', 'Y', 'M', 'A', '/'}}
+
+	var i, j int
+	for i = 0; i < len(special); i++ {
+		for j = 0; j < len(special[i]); j++ {
+			if path[j] != special[i][j] {
+				break
+			}
+		}
+		if j == len(special[i]) {
+			return true
+		}
+	}
+	return false
+}
+
+func realpath(srcpath string, abspath []byte) (pathlen int, errno int) {
+	var source [1024]byte
+	copy(source[:], srcpath)
+	source[len(srcpath)] = 0
+	ret := runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___REALPATH_A<<4, //__realpath_a()
+		[]uintptr{uintptr(unsafe.Pointer(&source[0])),
+			uintptr(unsafe.Pointer(&abspath[0]))})
+	if ret != 0 {
+		index := bytes.IndexByte(abspath[:], byte(0))
+		if index != -1 {
+			return index, 0
+		}
+	} else {
+		errptr := (*int)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4, []uintptr{}))) //__errno()
+		return 0, *errptr
+	}
+	return 0, 245 // EBADDATA   245
+}
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	n = int(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___READLINK_A<<4,
+		[]uintptr{uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))}))
+	runtime.KeepAlive(unsafe.Pointer(_p0))
+	if n == -1 {
+		value := *(*int32)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4, []uintptr{})))
+		err = errnoErr(Errno(value))
+	} else {
+		if buf[0] == '$' {
+			if isSpecialPath(buf[1:9]) {
+				cnt, err1 := realpath(path, buf)
+				if err1 == 0 {
+					n = cnt
+				}
+			}
+		}
+	}
+	return
+}
+
+func impl_Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___READLINKAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	runtime.ExitSyscall()
+	n = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+		return n, err
+	} else {
+		if buf[0] == '$' {
+			if isSpecialPath(buf[1:9]) {
+				cnt, err1 := realpath(path, buf)
+				if err1 == 0 {
+					n = cnt
+				}
+			}
+		}
+	}
+	return
+}
+
+//go:nosplit
+func get_ReadlinkatAddr() *(func(dirfd int, path string, buf []byte) (n int, err error))
+
+var Readlinkat = enter_Readlinkat
+
+func enter_Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	funcref := get_ReadlinkatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___READLINKAT_A<<4, "") == 0 {
+		*funcref = impl_Readlinkat
+	} else {
+		*funcref = error_Readlinkat
+	}
+	return (*funcref)(dirfd, path, buf)
+}
+
+func error_Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	n = -1
+	err = ENOSYS
+	return
+}
+
 //sys	Mkdir(path string, mode uint32) (err error) = SYS___MKDIR_A
+//sys	Mkdirat(dirfd int, path string, mode uint32) (err error) = SYS___MKDIRAT_A
 //sys   Mkfifo(path string, mode uint32) (err error) = SYS___MKFIFO_A
 //sys	Mknod(path string, mode uint32, dev int) (err error) = SYS___MKNOD_A
+//sys	Mknodat(dirfd int, path string, mode uint32, dev int) (err error) = SYS___MKNODAT_A
+//sys	PivotRoot(newroot string, oldroot string) (err error) = SYS___PIVOT_ROOT_A
 //sys	Pread(fd int, p []byte, offset int64) (n int, err error)
 //sys	Pwrite(fd int, p []byte, offset int64) (n int, err error)
-//sys	Readlink(path string, buf []byte) (n int, err error) = SYS___READLINK_A
+//sys	Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) = SYS___PRCTL_A
+//sysnb	Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) = SYS_PRLIMIT
 //sys	Rename(from string, to string) (err error) = SYS___RENAME_A
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) = SYS___RENAMEAT_A
+//sys	Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) = SYS___RENAMEAT2_A
 //sys	Rmdir(path string) (err error) = SYS___RMDIR_A
 //sys   Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
+//sys	Setegid(egid int) (err error) = SYS_SETEGID
+//sys	Seteuid(euid int) (err error) = SYS_SETEUID
+//sys	Sethostname(p []byte) (err error) = SYS___SETHOSTNAME_A
+//sys   Setns(fd int, nstype int) (err error) = SYS_SETNS
 //sys	Setpriority(which int, who int, prio int) (err error)
 //sysnb	Setpgid(pid int, pgid int) (err error) = SYS_SETPGID
 //sysnb	Setrlimit(resource int, lim *Rlimit) (err error)
@@ -360,32 +976,57 @@ func Stat(path string, sta *Stat_t) (err error) {
 }
 
 //sys	Symlink(path string, link string) (err error) = SYS___SYMLINK_A
+//sys	Symlinkat(oldPath string, dirfd int, newPath string) (err error) = SYS___SYMLINKAT_A
 //sys	Sync() = SYS_SYNC
 //sys	Truncate(path string, length int64) (err error) = SYS___TRUNCATE_A
 //sys	Tcgetattr(fildes int, termptr *Termios) (err error) = SYS_TCGETATTR
 //sys	Tcsetattr(fildes int, when int, termptr *Termios) (err error) = SYS_TCSETATTR
 //sys	Umask(mask int) (oldmask int)
 //sys	Unlink(path string) (err error) = SYS___UNLINK_A
+//sys	Unlinkat(dirfd int, path string, flags int) (err error) = SYS___UNLINKAT_A
 //sys	Utime(path string, utim *Utimbuf) (err error) = SYS___UTIME_A
 
 //sys	open(path string, mode int, perm uint32) (fd int, err error) = SYS___OPEN_A
 
 func Open(path string, mode int, perm uint32) (fd int, err error) {
+	if mode&O_ACCMODE == 0 {
+		mode |= O_RDONLY
+	}
 	return open(path, mode, perm)
 }
 
-func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
-	wd, err := Getwd()
-	if err != nil {
-		return err
+//sys	openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) = SYS___OPENAT_A
+
+func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	if flags&O_ACCMODE == 0 {
+		flags |= O_RDONLY
 	}
+	return openat(dirfd, path, flags, mode)
+}
 
-	if err := Fchdir(dirfd); err != nil {
-		return err
+//sys	openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) = SYS___OPENAT2_A
+
+func Openat2(dirfd int, path string, how *OpenHow) (fd int, err error) {
+	if how.Flags&O_ACCMODE == 0 {
+		how.Flags |= O_RDONLY
 	}
-	defer Chdir(wd)
+	return openat2(dirfd, path, how, SizeofOpenHow)
+}
 
-	return Mkfifo(path, mode)
+func ZosFdToPath(dirfd int) (path string, err error) {
+	var buffer [1024]byte
+	runtime.EnterSyscall()
+	ret, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_W_IOCTL<<4, uintptr(dirfd), 17, 1024, uintptr(unsafe.Pointer(&buffer[0])))
+	runtime.ExitSyscall()
+	if ret == 0 {
+		zb := bytes.IndexByte(buffer[:], 0)
+		if zb == -1 {
+			zb = len(buffer)
+		}
+		CallLeFuncWithErr(GetZosLibVec()+SYS___E2A_L<<4, uintptr(unsafe.Pointer(&buffer[0])), uintptr(zb))
+		return string(buffer[:zb]), nil
+	}
+	return "", errnoErr2(e1, e2)
 }
 
 //sys	remove(path string) (err error)
@@ -403,10 +1044,12 @@ func Getcwd(buf []byte) (n int, err error) {
 	} else {
 		p = unsafe.Pointer(&_zero)
 	}
-	_, _, e := syscall_syscall(SYS___GETCWD_A, uintptr(p), uintptr(len(buf)), 0)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___GETCWD_A<<4, uintptr(p), uintptr(len(buf)))
+	runtime.ExitSyscall()
 	n = clen(buf) + 1
-	if e != 0 {
-		err = errnoErr(e)
+	if r0 == 0 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -520,9 +1163,41 @@ func (w WaitStatus) StopSignal() Signal {
 
 func (w WaitStatus) TrapCause() int { return -1 }
 
+//sys	waitid(idType int, id int, info *Siginfo, options int) (err error)
+
+func Waitid(idType int, id int, info *Siginfo, options int, rusage *Rusage) (err error) {
+	return waitid(idType, id, info, options)
+}
+
 //sys	waitpid(pid int, wstatus *_C_int, options int) (wpid int, err error)
 
-func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
+func impl_Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WAIT4<<4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)))
+	runtime.ExitSyscall()
+	wpid = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_Wait4Addr() *(func(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error))
+
+var Wait4 = enter_Wait4
+
+func enter_Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
+	funcref := get_Wait4Addr()
+	if funcptrtest(GetZosLibVec()+SYS_WAIT4<<4, "") == 0 {
+		*funcref = impl_Wait4
+	} else {
+		*funcref = legacyWait4
+	}
+	return (*funcref)(pid, wstatus, options, rusage)
+}
+
+func legacyWait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
 	// TODO(mundaym): z/OS doesn't have wait4. I don't think getrusage does what we want.
 	// At the moment rusage will not be touched.
 	var status _C_int
@@ -571,23 +1246,62 @@ func Pipe(p []int) (err error) {
 	}
 	var pp [2]_C_int
 	err = pipe(&pp)
-	if err == nil {
-		p[0] = int(pp[0])
-		p[1] = int(pp[1])
-	}
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
 	return
 }
 
 //sys	utimes(path string, timeval *[2]Timeval) (err error) = SYS___UTIMES_A
 
 func Utimes(path string, tv []Timeval) (err error) {
+	if tv == nil {
+		return utimes(path, nil)
+	}
 	if len(tv) != 2 {
 		return EINVAL
 	}
 	return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
 }
 
-func UtimesNano(path string, ts []Timespec) error {
+//sys	utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) = SYS___UTIMENSAT_A
+
+func validUtimensat() bool {
+	if funcptrtest(GetZosLibVec()+SYS___UTIMENSAT_A<<4, "") == 0 {
+		if name, err := getLeFuncName(GetZosLibVec() + SYS___UTIMENSAT_A<<4); err == nil {
+			return name == "__utimensat_a"
+		}
+	}
+	return false
+}
+
+// Begin UtimesNano
+
+//go:nosplit
+func get_UtimesNanoAddr() *(func(path string, ts []Timespec) (err error))
+
+var UtimesNano = enter_UtimesNano
+
+func enter_UtimesNano(path string, ts []Timespec) (err error) {
+	funcref := get_UtimesNanoAddr()
+	if validUtimensat() {
+		*funcref = utimesNanoImpl
+	} else {
+		*funcref = legacyUtimesNano
+	}
+	return (*funcref)(path, ts)
+}
+
+func utimesNanoImpl(path string, ts []Timespec) (err error) {
+	if ts == nil {
+		return utimensat(AT_FDCWD, path, nil, 0)
+	}
+	if len(ts) != 2 {
+		return EINVAL
+	}
+	return utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
+}
+
+func legacyUtimesNano(path string, ts []Timespec) (err error) {
 	if len(ts) != 2 {
 		return EINVAL
 	}
@@ -600,6 +1314,70 @@ func UtimesNano(path string, ts []Timespec) error {
 	return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
 }
 
+// End UtimesNano
+
+// Begin UtimesNanoAt
+
+//go:nosplit
+func get_UtimesNanoAtAddr() *(func(dirfd int, path string, ts []Timespec, flags int) (err error))
+
+var UtimesNanoAt = enter_UtimesNanoAt
+
+func enter_UtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) (err error) {
+	funcref := get_UtimesNanoAtAddr()
+	if validUtimensat() {
+		*funcref = utimesNanoAtImpl
+	} else {
+		*funcref = legacyUtimesNanoAt
+	}
+	return (*funcref)(dirfd, path, ts, flags)
+}
+
+func utimesNanoAtImpl(dirfd int, path string, ts []Timespec, flags int) (err error) {
+	if ts == nil {
+		return utimensat(dirfd, path, nil, flags)
+	}
+	if len(ts) != 2 {
+		return EINVAL
+	}
+	return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), flags)
+}
+
+func legacyUtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) (err error) {
+	if path[0] != '/' {
+		dirPath, err := ZosFdToPath(dirfd)
+		if err != nil {
+			return err
+		}
+		path = dirPath + "/" + path
+	}
+	if flags == AT_SYMLINK_NOFOLLOW {
+		if len(ts) != 2 {
+			return EINVAL
+		}
+
+		if ts[0].Nsec >= 5e8 {
+			ts[0].Sec++
+		}
+		ts[0].Nsec = 0
+		if ts[1].Nsec >= 5e8 {
+			ts[1].Sec++
+		}
+		ts[1].Nsec = 0
+
+		// Not as efficient as it could be because Timespec and
+		// Timeval have different types in the different OSes
+		tv := []Timeval{
+			NsecToTimeval(TimespecToNsec(ts[0])),
+			NsecToTimeval(TimespecToNsec(ts[1])),
+		}
+		return Lutimes(path, tv)
+	}
+	return UtimesNano(path, ts)
+}
+
+// End UtimesNanoAt
+
 func Getsockname(fd int) (sa Sockaddr, err error) {
 	var rsa RawSockaddrAny
 	var len _Socklen = SizeofSockaddrAny
@@ -1186,67 +1964,46 @@ func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error)
 	return n, nil
 }
 
-func Opendir(name string) (uintptr, error) {
-	p, err := BytePtrFromString(name)
-	if err != nil {
-		return 0, err
-	}
-	dir, _, e := syscall_syscall(SYS___OPENDIR_A, uintptr(unsafe.Pointer(p)), 0, 0)
-	runtime.KeepAlive(unsafe.Pointer(p))
-	if e != 0 {
-		err = errnoErr(e)
-	}
-	return dir, err
-}
-
-// clearsyscall.Errno resets the errno value to 0.
-func clearErrno()
-
-func Readdir(dir uintptr) (*Dirent, error) {
-	var ent Dirent
-	var res uintptr
-	// __readdir_r_a returns errno at the end of the directory stream, rather than 0.
-	// Therefore to avoid false positives we clear errno before calling it.
-
-	// TODO(neeilan): Commented this out to get sys/unix compiling on z/OS. Uncomment and fix. Error: "undefined: clearsyscall"
-	//clearsyscall.Errno() // TODO(mundaym): check pre-emption rules.
-
-	e, _, _ := syscall_syscall(SYS___READDIR_R_A, dir, uintptr(unsafe.Pointer(&ent)), uintptr(unsafe.Pointer(&res)))
-	var err error
-	if e != 0 {
-		err = errnoErr(Errno(e))
-	}
-	if res == 0 {
-		return nil, err
-	}
-	return &ent, err
-}
-
-func readdir_r(dirp uintptr, entry *direntLE, result **direntLE) (err error) {
-	r0, _, e1 := syscall_syscall(SYS___READDIR_R_A, dirp, uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result)))
-	if int64(r0) == -1 {
-		err = errnoErr(Errno(e1))
+func Opendir(name string) (uintptr, error) {
+	p, err := BytePtrFromString(name)
+	if err != nil {
+		return 0, err
 	}
-	return
+	err = nil
+	runtime.EnterSyscall()
+	dir, e2, e1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___OPENDIR_A<<4, uintptr(unsafe.Pointer(p)))
+	runtime.ExitSyscall()
+	runtime.KeepAlive(unsafe.Pointer(p))
+	if dir == 0 {
+		err = errnoErr2(e1, e2)
+	}
+	return dir, err
 }
 
+// clearsyscall.Errno resets the errno value to 0.
+func clearErrno()
+
 func Closedir(dir uintptr) error {
-	_, _, e := syscall_syscall(SYS_CLOSEDIR, dir, 0, 0)
-	if e != 0 {
-		return errnoErr(e)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_CLOSEDIR<<4, dir)
+	runtime.ExitSyscall()
+	if r0 != 0 {
+		return errnoErr2(e1, e2)
 	}
 	return nil
 }
 
 func Seekdir(dir uintptr, pos int) {
-	_, _, _ = syscall_syscall(SYS_SEEKDIR, dir, uintptr(pos), 0)
+	runtime.EnterSyscall()
+	CallLeFuncWithErr(GetZosLibVec()+SYS_SEEKDIR<<4, dir, uintptr(pos))
+	runtime.ExitSyscall()
 }
 
 func Telldir(dir uintptr) (int, error) {
-	p, _, e := syscall_syscall(SYS_TELLDIR, dir, 0, 0)
+	p, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TELLDIR<<4, dir)
 	pos := int(p)
-	if pos == -1 {
-		return pos, errnoErr(e)
+	if int64(p) == -1 {
+		return pos, errnoErr2(e1, e2)
 	}
 	return pos, nil
 }
@@ -1261,19 +2018,55 @@ func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error {
 	*(*int64)(unsafe.Pointer(&flock[4])) = lk.Start
 	*(*int64)(unsafe.Pointer(&flock[12])) = lk.Len
 	*(*int32)(unsafe.Pointer(&flock[20])) = lk.Pid
-	_, _, errno := syscall_syscall(SYS_FCNTL, fd, uintptr(cmd), uintptr(unsafe.Pointer(&flock)))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, fd, uintptr(cmd), uintptr(unsafe.Pointer(&flock)))
+	runtime.ExitSyscall()
 	lk.Type = *(*int16)(unsafe.Pointer(&flock[0]))
 	lk.Whence = *(*int16)(unsafe.Pointer(&flock[2]))
 	lk.Start = *(*int64)(unsafe.Pointer(&flock[4]))
 	lk.Len = *(*int64)(unsafe.Pointer(&flock[12]))
 	lk.Pid = *(*int32)(unsafe.Pointer(&flock[20]))
-	if errno == 0 {
+	if r0 == 0 {
 		return nil
 	}
-	return errno
+	return errnoErr2(e1, e2)
+}
+
+func impl_Flock(fd int, how int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FLOCK<<4, uintptr(fd), uintptr(how))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FlockAddr() *(func(fd int, how int) (err error))
+
+var Flock = enter_Flock
+
+func validFlock(fp uintptr) bool {
+	if funcptrtest(GetZosLibVec()+SYS_FLOCK<<4, "") == 0 {
+		if name, err := getLeFuncName(GetZosLibVec() + SYS_FLOCK<<4); err == nil {
+			return name == "flock"
+		}
+	}
+	return false
+}
+
+func enter_Flock(fd int, how int) (err error) {
+	funcref := get_FlockAddr()
+	if validFlock(GetZosLibVec() + SYS_FLOCK<<4) {
+		*funcref = impl_Flock
+	} else {
+		*funcref = legacyFlock
+	}
+	return (*funcref)(fd, how)
 }
 
-func Flock(fd int, how int) error {
+func legacyFlock(fd int, how int) error {
 
 	var flock_type int16
 	var fcntl_cmd int
@@ -1307,41 +2100,51 @@ func Flock(fd int, how int) error {
 }
 
 func Mlock(b []byte) (err error) {
-	_, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_NONSWAP, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_NONSWAP)
+	runtime.ExitSyscall()
+	if r0 != 0 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 func Mlock2(b []byte, flags int) (err error) {
-	_, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_NONSWAP, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_NONSWAP)
+	runtime.ExitSyscall()
+	if r0 != 0 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 func Mlockall(flags int) (err error) {
-	_, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_NONSWAP, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_NONSWAP)
+	runtime.ExitSyscall()
+	if r0 != 0 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 func Munlock(b []byte) (err error) {
-	_, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_SWAP, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_SWAP)
+	runtime.ExitSyscall()
+	if r0 != 0 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 func Munlockall() (err error) {
-	_, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_SWAP, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_SWAP)
+	runtime.ExitSyscall()
+	if r0 != 0 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1372,15 +2175,104 @@ func ClockGettime(clockid int32, ts *Timespec) error {
 	return nil
 }
 
-func Statfs(path string, stat *Statfs_t) (err error) {
-	fd, err := open(path, O_RDONLY, 0)
-	defer Close(fd)
-	if err != nil {
-		return err
+// Chtag
+
+//go:nosplit
+func get_ChtagAddr() *(func(path string, ccsid uint64, textbit uint64) error)
+
+var Chtag = enter_Chtag
+
+func enter_Chtag(path string, ccsid uint64, textbit uint64) error {
+	funcref := get_ChtagAddr()
+	if validSetxattr() {
+		*funcref = impl_Chtag
+	} else {
+		*funcref = legacy_Chtag
+	}
+	return (*funcref)(path, ccsid, textbit)
+}
+
+func legacy_Chtag(path string, ccsid uint64, textbit uint64) error {
+	tag := ccsid<<16 | textbit<<15
+	var tag_buff [8]byte
+	DecodeData(tag_buff[:], 8, tag)
+	return Setxattr(path, "filetag", tag_buff[:], XATTR_REPLACE)
+}
+
+func impl_Chtag(path string, ccsid uint64, textbit uint64) error {
+	tag := ccsid<<16 | textbit<<15
+	var tag_buff [4]byte
+	DecodeData(tag_buff[:], 4, tag)
+	return Setxattr(path, "system.filetag", tag_buff[:], XATTR_REPLACE)
+}
+
+// End of Chtag
+
+// Nanosleep
+
+//go:nosplit
+func get_NanosleepAddr() *(func(time *Timespec, leftover *Timespec) error)
+
+var Nanosleep = enter_Nanosleep
+
+func enter_Nanosleep(time *Timespec, leftover *Timespec) error {
+	funcref := get_NanosleepAddr()
+	if funcptrtest(GetZosLibVec()+SYS_NANOSLEEP<<4, "") == 0 {
+		*funcref = impl_Nanosleep
+	} else {
+		*funcref = legacyNanosleep
+	}
+	return (*funcref)(time, leftover)
+}
+
+func impl_Nanosleep(time *Timespec, leftover *Timespec) error {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_NANOSLEEP<<4, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		return errnoErr2(e1, e2)
+	}
+	return nil
+}
+
+func legacyNanosleep(time *Timespec, leftover *Timespec) error {
+	t0 := runtime.Nanotime1()
+	var secrem uint32
+	var nsecrem uint32
+	total := time.Sec*1000000000 + time.Nsec
+	elapsed := runtime.Nanotime1() - t0
+	var rv int32
+	var rc int32
+	var err error
+	// repeatedly sleep for 1 second until less than 1 second left
+	for total-elapsed > 1000000000 {
+		rv, rc, _ = BpxCondTimedWait(uint32(1), uint32(0), uint32(CW_CONDVAR), &secrem, &nsecrem)
+		if rv != 0 && rc != 112 { // 112 is EAGAIN
+			if leftover != nil && rc == 120 { // 120 is EINTR
+				leftover.Sec = int64(secrem)
+				leftover.Nsec = int64(nsecrem)
+			}
+			err = Errno(rc)
+			return err
+		}
+		elapsed = runtime.Nanotime1() - t0
 	}
-	return Fstatfs(fd, stat)
+	// sleep the remainder
+	if total > elapsed {
+		rv, rc, _ = BpxCondTimedWait(uint32(0), uint32(total-elapsed), uint32(CW_CONDVAR), &secrem, &nsecrem)
+	}
+	if leftover != nil && rc == 120 {
+		leftover.Sec = int64(secrem)
+		leftover.Nsec = int64(nsecrem)
+	}
+	if rv != 0 && rc != 112 {
+		err = Errno(rc)
+	}
+	return err
 }
 
+// End of Nanosleep
+
 var (
 	Stdin  = 0
 	Stdout = 1
@@ -1395,6 +2287,9 @@ var (
 	errENOENT error = syscall.ENOENT
 )
 
+var ZosTraceLevel int
+var ZosTracefile *os.File
+
 var (
 	signalNameMapOnce sync.Once
 	signalNameMap     map[string]syscall.Signal
@@ -1416,6 +2311,56 @@ func errnoErr(e Errno) error {
 	return e
 }
 
+var reg *regexp.Regexp
+
+// enhanced with zos specific errno2
+func errnoErr2(e Errno, e2 uintptr) error {
+	switch e {
+	case 0:
+		return nil
+	case EAGAIN:
+		return errEAGAIN
+		/*
+			Allow the retrieval of errno2 for EINVAL and ENOENT on zos
+				case EINVAL:
+					return errEINVAL
+				case ENOENT:
+					return errENOENT
+		*/
+	}
+	if ZosTraceLevel > 0 {
+		var name string
+		if reg == nil {
+			reg = regexp.MustCompile("(^unix\\.[^/]+$|.*\\/unix\\.[^/]+$)")
+		}
+		i := 1
+		pc, file, line, ok := runtime.Caller(i)
+		if ok {
+			name = runtime.FuncForPC(pc).Name()
+		}
+		for ok && reg.MatchString(runtime.FuncForPC(pc).Name()) {
+			i += 1
+			pc, file, line, ok = runtime.Caller(i)
+		}
+		if ok {
+			if ZosTracefile == nil {
+				ZosConsolePrintf("From %s:%d\n", file, line)
+				ZosConsolePrintf("%s: %s (errno2=0x%x)\n", name, e.Error(), e2)
+			} else {
+				fmt.Fprintf(ZosTracefile, "From %s:%d\n", file, line)
+				fmt.Fprintf(ZosTracefile, "%s: %s (errno2=0x%x)\n", name, e.Error(), e2)
+			}
+		} else {
+			if ZosTracefile == nil {
+				ZosConsolePrintf("%s (errno2=0x%x)\n", e.Error(), e2)
+			} else {
+				fmt.Fprintf(ZosTracefile, "%s (errno2=0x%x)\n", e.Error(), e2)
+			}
+		}
+	}
+	return e
+}
+
 // ErrnoName returns the error name for error number e.
 func ErrnoName(e Errno) string {
 	i := sort.Search(len(errorList), func(i int) bool {
@@ -1474,6 +2419,9 @@ func (m *mmapper) Mmap(fd int, offset int64, length int, prot int, flags int) (d
 		return nil, EINVAL
 	}
 
+	// Set __MAP_64 by default
+	flags |= __MAP_64
+
 	// Map the requested memory.
 	addr, errno := m.mmap(0, uintptr(length), prot, flags, fd, offset)
 	if errno != nil {
@@ -1778,83 +2726,170 @@ func Exec(argv0 string, argv []string, envv []string) error {
 	return syscall.Exec(argv0, argv, envv)
 }
 
-func Mount(source string, target string, fstype string, flags uintptr, data string) (err error) {
+func Getag(path string) (ccsid uint16, flag uint16, err error) {
+	var val [8]byte
+	sz, err := Getxattr(path, "ccsid", val[:])
+	if err != nil {
+		return
+	}
+	ccsid = uint16(EncodeData(val[0:sz]))
+	sz, err = Getxattr(path, "flags", val[:])
+	if err != nil {
+		return
+	}
+	flag = uint16(EncodeData(val[0:sz]) >> 15)
+	return
+}
+
+// Mount begin
+func impl_Mount(source string, target string, fstype string, flags uintptr, data string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(source)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(target)
+	if err != nil {
+		return
+	}
+	var _p2 *byte
+	_p2, err = BytePtrFromString(fstype)
+	if err != nil {
+		return
+	}
+	var _p3 *byte
+	_p3, err = BytePtrFromString(data)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MOUNT1_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(_p3)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_MountAddr() *(func(source string, target string, fstype string, flags uintptr, data string) (err error))
+
+var Mount = enter_Mount
+
+func enter_Mount(source string, target string, fstype string, flags uintptr, data string) (err error) {
+	funcref := get_MountAddr()
+	if validMount() {
+		*funcref = impl_Mount
+	} else {
+		*funcref = legacyMount
+	}
+	return (*funcref)(source, target, fstype, flags, data)
+}
+
+func legacyMount(source string, target string, fstype string, flags uintptr, data string) (err error) {
 	if needspace := 8 - len(fstype); needspace <= 0 {
-		fstype = fstype[:8]
+		fstype = fstype[0:8]
 	} else {
-		fstype += "        "[:needspace]
+		fstype += "        "[0:needspace]
 	}
 	return mount_LE(target, source, fstype, uint32(flags), int32(len(data)), data)
 }
 
-func Unmount(name string, mtm int) (err error) {
+func validMount() bool {
+	if funcptrtest(GetZosLibVec()+SYS___MOUNT1_A<<4, "") == 0 {
+		if name, err := getLeFuncName(GetZosLibVec() + SYS___MOUNT1_A<<4); err == nil {
+			return name == "__mount1_a"
+		}
+	}
+	return false
+}
+
+// Mount end
+
+// Unmount begin
+func impl_Unmount(target string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(target)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UMOUNT2_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_UnmountAddr() *(func(target string, flags int) (err error))
+
+var Unmount = enter_Unmount
+
+func enter_Unmount(target string, flags int) (err error) {
+	funcref := get_UnmountAddr()
+	if funcptrtest(GetZosLibVec()+SYS___UMOUNT2_A<<4, "") == 0 {
+		*funcref = impl_Unmount
+	} else {
+		*funcref = legacyUnmount
+	}
+	return (*funcref)(target, flags)
+}
+
+func legacyUnmount(name string, mtm int) (err error) {
 	// mountpoint is always a full path and starts with a '/'
 	// check if input string is not a mountpoint but a filesystem name
 	if name[0] != '/' {
-		return unmount(name, mtm)
+		return unmount_LE(name, mtm)
 	}
 	// treat name as mountpoint
 	b2s := func(arr []byte) string {
-		nulli := bytes.IndexByte(arr, 0)
-		if nulli == -1 {
-			return string(arr)
-		} else {
-			return string(arr[:nulli])
+		var str string
+		for i := 0; i < len(arr); i++ {
+			if arr[i] == 0 {
+				str = string(arr[:i])
+				break
+			}
 		}
+		return str
 	}
 	var buffer struct {
 		header W_Mnth
 		fsinfo [64]W_Mntent
 	}
-	fsCount, err := W_Getmntent_A((*byte)(unsafe.Pointer(&buffer)), int(unsafe.Sizeof(buffer)))
-	if err != nil {
-		return err
-	}
-	if fsCount == 0 {
-		return EINVAL
-	}
-	for i := 0; i < fsCount; i++ {
-		if b2s(buffer.fsinfo[i].Mountpoint[:]) == name {
-			err = unmount(b2s(buffer.fsinfo[i].Fsname[:]), mtm)
-			break
+	fs_count, err := W_Getmntent_A((*byte)(unsafe.Pointer(&buffer)), int(unsafe.Sizeof(buffer)))
+	if err == nil {
+		err = EINVAL
+		for i := 0; i < fs_count; i++ {
+			if b2s(buffer.fsinfo[i].Mountpoint[:]) == name {
+				err = unmount_LE(b2s(buffer.fsinfo[i].Fsname[:]), mtm)
+				break
+			}
 		}
+	} else if fs_count == 0 {
+		err = EINVAL
 	}
 	return err
 }
 
-func fdToPath(dirfd int) (path string, err error) {
-	var buffer [1024]byte
-	// w_ctrl()
-	ret := runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_W_IOCTL<<4,
-		[]uintptr{uintptr(dirfd), 17, 1024, uintptr(unsafe.Pointer(&buffer[0]))})
-	if ret == 0 {
-		zb := bytes.IndexByte(buffer[:], 0)
-		if zb == -1 {
-			zb = len(buffer)
-		}
-		// __e2a_l()
-		runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4,
-			[]uintptr{uintptr(unsafe.Pointer(&buffer[0])), uintptr(zb)})
-		return string(buffer[:zb]), nil
-	}
-	// __errno()
-	errno := int(*(*int32)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4,
-		[]uintptr{}))))
-	// __errno2()
-	errno2 := int(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO2<<4,
-		[]uintptr{}))
-	// strerror_r()
-	ret = runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_STRERROR_R<<4,
-		[]uintptr{uintptr(errno), uintptr(unsafe.Pointer(&buffer[0])), 1024})
-	if ret == 0 {
-		zb := bytes.IndexByte(buffer[:], 0)
-		if zb == -1 {
-			zb = len(buffer)
-		}
-		return "", fmt.Errorf("%s (errno2=0x%x)", buffer[:zb], errno2)
-	} else {
-		return "", fmt.Errorf("fdToPath errno %d (errno2=0x%x)", errno, errno2)
+// Unmount end
+
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	reclen, ok := direntReclen(buf)
+	if !ok {
+		return 0, false
 	}
+	return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true
 }
 
 func direntLeToDirentUnix(dirent *direntLE, dir uintptr, path string) (Dirent, error) {
@@ -1896,7 +2931,7 @@ func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	}
 
 	// Get path from fd to avoid unavailable call (fdopendir)
-	path, err := fdToPath(fd)
+	path, err := ZosFdToPath(fd)
 	if err != nil {
 		return 0, err
 	}
@@ -1910,7 +2945,7 @@ func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	for {
 		var entryLE direntLE
 		var entrypLE *direntLE
-		e := readdir_r(d, &entryLE, &entrypLE)
+		e := Readdir_r(d, &entryLE, &entrypLE)
 		if e != nil {
 			return n, e
 		}
@@ -1956,23 +2991,127 @@ func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	return n, nil
 }
 
-func ReadDirent(fd int, buf []byte) (n int, err error) {
-	var base = (*uintptr)(unsafe.Pointer(new(uint64)))
-	return Getdirentries(fd, buf, base)
+func Err2ad() (eadd *int) {
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS___ERR2AD<<4)
+	eadd = (*int)(unsafe.Pointer(r0))
+	return
 }
 
-func direntIno(buf []byte) (uint64, bool) {
-	return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino))
+func ZosConsolePrintf(format string, v ...interface{}) (int, error) {
+	type __cmsg struct {
+		_            uint16
+		_            [2]uint8
+		__msg_length uint32
+		__msg        uintptr
+		_            [4]uint8
+	}
+	msg := fmt.Sprintf(format, v...)
+	strptr := unsafe.Pointer((*reflect.StringHeader)(unsafe.Pointer(&msg)).Data)
+	len := (*reflect.StringHeader)(unsafe.Pointer(&msg)).Len
+	cmsg := __cmsg{__msg_length: uint32(len), __msg: uintptr(strptr)}
+	cmd := uint32(0)
+	runtime.EnterSyscall()
+	rc, err2, err1 := CallLeFuncWithErr(GetZosLibVec()+SYS_____CONSOLE_A<<4, uintptr(unsafe.Pointer(&cmsg)), 0, uintptr(unsafe.Pointer(&cmd)))
+	runtime.ExitSyscall()
+	if rc != 0 {
+		return 0, fmt.Errorf("%s (errno2=0x%x)\n", err1.Error(), err2)
+	}
+	return 0, nil
+}
+func ZosStringToEbcdicBytes(str string, nullterm bool) (ebcdicBytes []byte) {
+	if nullterm {
+		ebcdicBytes = []byte(str + "\x00")
+	} else {
+		ebcdicBytes = []byte(str)
+	}
+	A2e(ebcdicBytes)
+	return
+}
+func ZosEbcdicBytesToString(b []byte, trimRight bool) (str string) {
+	res := make([]byte, len(b))
+	copy(res, b)
+	E2a(res)
+	if trimRight {
+		str = string(bytes.TrimRight(res, " \x00"))
+	} else {
+		str = string(res)
+	}
+	return
 }
 
-func direntReclen(buf []byte) (uint64, bool) {
-	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+func fdToPath(dirfd int) (path string, err error) {
+	var buffer [1024]byte
+	// w_ctrl()
+	ret := runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_W_IOCTL<<4,
+		[]uintptr{uintptr(dirfd), 17, 1024, uintptr(unsafe.Pointer(&buffer[0]))})
+	if ret == 0 {
+		zb := bytes.IndexByte(buffer[:], 0)
+		if zb == -1 {
+			zb = len(buffer)
+		}
+		// __e2a_l()
+		runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4,
+			[]uintptr{uintptr(unsafe.Pointer(&buffer[0])), uintptr(zb)})
+		return string(buffer[:zb]), nil
+	}
+	// __errno()
+	errno := int(*(*int32)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4,
+		[]uintptr{}))))
+	// __errno2()
+	errno2 := int(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO2<<4,
+		[]uintptr{}))
+	// strerror_r()
+	ret = runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_STRERROR_R<<4,
+		[]uintptr{uintptr(errno), uintptr(unsafe.Pointer(&buffer[0])), 1024})
+	if ret == 0 {
+		zb := bytes.IndexByte(buffer[:], 0)
+		if zb == -1 {
+			zb = len(buffer)
+		}
+		return "", fmt.Errorf("%s (errno2=0x%x)", buffer[:zb], errno2)
+	} else {
+		return "", fmt.Errorf("fdToPath errno %d (errno2=0x%x)", errno, errno2)
+	}
 }
 
-func direntNamlen(buf []byte) (uint64, bool) {
-	reclen, ok := direntReclen(buf)
-	if !ok {
-		return 0, false
+func impl_Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
 	}
-	return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKFIFOAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_MkfifoatAddr() *(func(dirfd int, path string, mode uint32) (err error))
+
+var Mkfifoat = enter_Mkfifoat
+
+func enter_Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	funcref := get_MkfifoatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___MKFIFOAT_A<<4, "") == 0 {
+		*funcref = impl_Mkfifoat
+	} else {
+		*funcref = legacy_Mkfifoat
+	}
+	return (*funcref)(dirfd, path, mode)
+}
+
+func legacy_Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	dirname, err := ZosFdToPath(dirfd)
+	if err != nil {
+		return err
+	}
+	return Mkfifo(dirname+"/"+path, mode)
 }
+
+//sys	Posix_openpt(oflag int) (fd int, err error) = SYS_POSIX_OPENPT
+//sys	Grantpt(fildes int) (rc int, err error) = SYS_GRANTPT
+//sys	Unlockpt(fildes int) (rc int, err error) = SYS_UNLOCKPT
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
index 79a84f18b4..672d6b0a88 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_unix.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build (darwin && !ios) || linux
+//go:build (darwin && !ios) || linux || zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
index 9eb0db664c..8b7977a28c 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build darwin && !ios
+//go:build (darwin && !ios) || zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index a5d3ff8df9..877a62b479 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -491,6 +491,7 @@ const (
 	BPF_F_REPLACE                               = 0x4
 	BPF_F_SLEEPABLE                             = 0x10
 	BPF_F_STRICT_ALIGNMENT                      = 0x1
+	BPF_F_TEST_REG_INVARIANTS                   = 0x80
 	BPF_F_TEST_RND_HI32                         = 0x4
 	BPF_F_TEST_RUN_ON_CPU                       = 0x1
 	BPF_F_TEST_STATE_FREQ                       = 0x8
@@ -501,6 +502,7 @@ const (
 	BPF_IMM                                     = 0x0
 	BPF_IND                                     = 0x40
 	BPF_JA                                      = 0x0
+	BPF_JCOND                                   = 0xe0
 	BPF_JEQ                                     = 0x10
 	BPF_JGE                                     = 0x30
 	BPF_JGT                                     = 0x20
@@ -656,6 +658,9 @@ const (
 	CAN_NPROTO                                  = 0x8
 	CAN_RAW                                     = 0x1
 	CAN_RAW_FILTER_MAX                          = 0x200
+	CAN_RAW_XL_VCID_RX_FILTER                   = 0x4
+	CAN_RAW_XL_VCID_TX_PASS                     = 0x2
+	CAN_RAW_XL_VCID_TX_SET                      = 0x1
 	CAN_RTR_FLAG                                = 0x40000000
 	CAN_SFF_ID_BITS                             = 0xb
 	CAN_SFF_MASK                                = 0x7ff
@@ -1338,6 +1343,7 @@ const (
 	F_OFD_SETLK                                 = 0x25
 	F_OFD_SETLKW                                = 0x26
 	F_OK                                        = 0x0
+	F_SEAL_EXEC                                 = 0x20
 	F_SEAL_FUTURE_WRITE                         = 0x10
 	F_SEAL_GROW                                 = 0x4
 	F_SEAL_SEAL                                 = 0x1
@@ -1626,6 +1632,7 @@ const (
 	IP_FREEBIND                                 = 0xf
 	IP_HDRINCL                                  = 0x3
 	IP_IPSEC_POLICY                             = 0x10
+	IP_LOCAL_PORT_RANGE                         = 0x33
 	IP_MAXPACKET                                = 0xffff
 	IP_MAX_MEMBERSHIPS                          = 0x14
 	IP_MF                                       = 0x2000
@@ -1652,6 +1659,7 @@ const (
 	IP_PMTUDISC_OMIT                            = 0x5
 	IP_PMTUDISC_PROBE                           = 0x3
 	IP_PMTUDISC_WANT                            = 0x1
+	IP_PROTOCOL                                 = 0x34
 	IP_RECVERR                                  = 0xb
 	IP_RECVERR_RFC4884                          = 0x1a
 	IP_RECVFRAGSIZE                             = 0x19
@@ -1697,6 +1705,7 @@ const (
 	KEXEC_ARCH_S390                             = 0x160000
 	KEXEC_ARCH_SH                               = 0x2a0000
 	KEXEC_ARCH_X86_64                           = 0x3e0000
+	KEXEC_FILE_DEBUG                            = 0x8
 	KEXEC_FILE_NO_INITRAMFS                     = 0x4
 	KEXEC_FILE_ON_CRASH                         = 0x2
 	KEXEC_FILE_UNLOAD                           = 0x1
@@ -1785,6 +1794,8 @@ const (
 	LANDLOCK_ACCESS_FS_REMOVE_FILE              = 0x20
 	LANDLOCK_ACCESS_FS_TRUNCATE                 = 0x4000
 	LANDLOCK_ACCESS_FS_WRITE_FILE               = 0x2
+	LANDLOCK_ACCESS_NET_BIND_TCP                = 0x1
+	LANDLOCK_ACCESS_NET_CONNECT_TCP             = 0x2
 	LANDLOCK_CREATE_RULESET_VERSION             = 0x1
 	LINUX_REBOOT_CMD_CAD_OFF                    = 0x0
 	LINUX_REBOOT_CMD_CAD_ON                     = 0x89abcdef
@@ -1896,6 +1907,7 @@ const (
 	MNT_DETACH                                  = 0x2
 	MNT_EXPIRE                                  = 0x4
 	MNT_FORCE                                   = 0x1
+	MNT_ID_REQ_SIZE_VER0                        = 0x18
 	MODULE_INIT_COMPRESSED_FILE                 = 0x4
 	MODULE_INIT_IGNORE_MODVERSIONS              = 0x1
 	MODULE_INIT_IGNORE_VERMAGIC                 = 0x2
@@ -2164,7 +2176,7 @@ const (
 	NFT_SECMARK_CTX_MAXLEN                      = 0x100
 	NFT_SET_MAXNAMELEN                          = 0x100
 	NFT_SOCKET_MAX                              = 0x3
-	NFT_TABLE_F_MASK                            = 0x3
+	NFT_TABLE_F_MASK                            = 0x7
 	NFT_TABLE_MAXNAMELEN                        = 0x100
 	NFT_TRACETYPE_MAX                           = 0x3
 	NFT_TUNNEL_F_MASK                           = 0x7
@@ -2300,6 +2312,7 @@ const (
 	PERF_AUX_FLAG_PARTIAL                       = 0x4
 	PERF_AUX_FLAG_PMU_FORMAT_TYPE_MASK          = 0xff00
 	PERF_AUX_FLAG_TRUNCATED                     = 0x1
+	PERF_BRANCH_ENTRY_INFO_BITS_MAX             = 0x21
 	PERF_BR_ARM64_DEBUG_DATA                    = 0x7
 	PERF_BR_ARM64_DEBUG_EXIT                    = 0x5
 	PERF_BR_ARM64_DEBUG_HALT                    = 0x4
@@ -2397,6 +2410,7 @@ const (
 	PERF_RECORD_MISC_USER                       = 0x2
 	PERF_SAMPLE_BRANCH_PLM_ALL                  = 0x7
 	PERF_SAMPLE_WEIGHT_TYPE                     = 0x1004000
+	PID_FS_MAGIC                                = 0x50494446
 	PIPEFS_MAGIC                                = 0x50495045
 	PPPIOCGNPMODE                               = 0xc008744c
 	PPPIOCNEWUNIT                               = 0xc004743e
@@ -2465,6 +2479,7 @@ const (
 	PR_MCE_KILL_GET                             = 0x22
 	PR_MCE_KILL_LATE                            = 0x0
 	PR_MCE_KILL_SET                             = 0x1
+	PR_MDWE_NO_INHERIT                          = 0x2
 	PR_MDWE_REFUSE_EXEC_GAIN                    = 0x1
 	PR_MPX_DISABLE_MANAGEMENT                   = 0x2c
 	PR_MPX_ENABLE_MANAGEMENT                    = 0x2b
@@ -2669,8 +2684,9 @@ const (
 	RTAX_FEATURES                               = 0xc
 	RTAX_FEATURE_ALLFRAG                        = 0x8
 	RTAX_FEATURE_ECN                            = 0x1
-	RTAX_FEATURE_MASK                           = 0xf
+	RTAX_FEATURE_MASK                           = 0x1f
 	RTAX_FEATURE_SACK                           = 0x2
+	RTAX_FEATURE_TCP_USEC_TS                    = 0x10
 	RTAX_FEATURE_TIMESTAMP                      = 0x4
 	RTAX_HOPLIMIT                               = 0xa
 	RTAX_INITCWND                               = 0xb
@@ -2888,8 +2904,9 @@ const (
 	RWF_APPEND                                  = 0x10
 	RWF_DSYNC                                   = 0x2
 	RWF_HIPRI                                   = 0x1
+	RWF_NOAPPEND                                = 0x20
 	RWF_NOWAIT                                  = 0x8
-	RWF_SUPPORTED                               = 0x1f
+	RWF_SUPPORTED                               = 0x3f
 	RWF_SYNC                                    = 0x4
 	RWF_WRITE_LIFE_NOT_SET                      = 0x0
 	SCHED_BATCH                                 = 0x3
@@ -2910,12 +2927,43 @@ const (
 	SCHED_RESET_ON_FORK                         = 0x40000000
 	SCHED_RR                                    = 0x2
 	SCM_CREDENTIALS                             = 0x2
+	SCM_PIDFD                                   = 0x4
 	SCM_RIGHTS                                  = 0x1
+	SCM_SECURITY                                = 0x3
 	SCM_TIMESTAMP                               = 0x1d
 	SC_LOG_FLUSH                                = 0x100000
+	SECCOMP_ADDFD_FLAG_SEND                     = 0x2
+	SECCOMP_ADDFD_FLAG_SETFD                    = 0x1
+	SECCOMP_FILTER_FLAG_LOG                     = 0x2
+	SECCOMP_FILTER_FLAG_NEW_LISTENER            = 0x8
+	SECCOMP_FILTER_FLAG_SPEC_ALLOW              = 0x4
+	SECCOMP_FILTER_FLAG_TSYNC                   = 0x1
+	SECCOMP_FILTER_FLAG_TSYNC_ESRCH             = 0x10
+	SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV      = 0x20
+	SECCOMP_GET_ACTION_AVAIL                    = 0x2
+	SECCOMP_GET_NOTIF_SIZES                     = 0x3
+	SECCOMP_IOCTL_NOTIF_RECV                    = 0xc0502100
+	SECCOMP_IOCTL_NOTIF_SEND                    = 0xc0182101
+	SECCOMP_IOC_MAGIC                           = '!'
 	SECCOMP_MODE_DISABLED                       = 0x0
 	SECCOMP_MODE_FILTER                         = 0x2
 	SECCOMP_MODE_STRICT                         = 0x1
+	SECCOMP_RET_ACTION                          = 0x7fff0000
+	SECCOMP_RET_ACTION_FULL                     = 0xffff0000
+	SECCOMP_RET_ALLOW                           = 0x7fff0000
+	SECCOMP_RET_DATA                            = 0xffff
+	SECCOMP_RET_ERRNO                           = 0x50000
+	SECCOMP_RET_KILL                            = 0x0
+	SECCOMP_RET_KILL_PROCESS                    = 0x80000000
+	SECCOMP_RET_KILL_THREAD                     = 0x0
+	SECCOMP_RET_LOG                             = 0x7ffc0000
+	SECCOMP_RET_TRACE                           = 0x7ff00000
+	SECCOMP_RET_TRAP                            = 0x30000
+	SECCOMP_RET_USER_NOTIF                      = 0x7fc00000
+	SECCOMP_SET_MODE_FILTER                     = 0x1
+	SECCOMP_SET_MODE_STRICT                     = 0x0
+	SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP          = 0x1
+	SECCOMP_USER_NOTIF_FLAG_CONTINUE            = 0x1
 	SECRETMEM_MAGIC                             = 0x5345434d
 	SECURITYFS_MAGIC                            = 0x73636673
 	SEEK_CUR                                    = 0x1
@@ -3014,6 +3062,8 @@ const (
 	SIOCSMIIREG                                 = 0x8949
 	SIOCSRARP                                   = 0x8962
 	SIOCWANDEV                                  = 0x894a
+	SK_DIAG_BPF_STORAGE_MAX                     = 0x3
+	SK_DIAG_BPF_STORAGE_REQ_MAX                 = 0x1
 	SMACK_MAGIC                                 = 0x43415d53
 	SMART_AUTOSAVE                              = 0xd2
 	SMART_AUTO_OFFLINE                          = 0xdb
@@ -3034,6 +3084,8 @@ const (
 	SOCKFS_MAGIC                                = 0x534f434b
 	SOCK_BUF_LOCK_MASK                          = 0x3
 	SOCK_DCCP                                   = 0x6
+	SOCK_DESTROY                                = 0x15
+	SOCK_DIAG_BY_FAMILY                         = 0x14
 	SOCK_IOC_TYPE                               = 0x89
 	SOCK_PACKET                                 = 0xa
 	SOCK_RAW                                    = 0x3
@@ -3075,6 +3127,7 @@ const (
 	SOL_TIPC                                    = 0x10f
 	SOL_TLS                                     = 0x11a
 	SOL_UDP                                     = 0x11
+	SOL_VSOCK                                   = 0x11f
 	SOL_X25                                     = 0x106
 	SOL_XDP                                     = 0x11b
 	SOMAXCONN                                   = 0x1000
@@ -3134,6 +3187,7 @@ const (
 	STATX_GID                                   = 0x10
 	STATX_INO                                   = 0x100
 	STATX_MNT_ID                                = 0x1000
+	STATX_MNT_ID_UNIQUE                         = 0x4000
 	STATX_MODE                                  = 0x2
 	STATX_MTIME                                 = 0x40
 	STATX_NLINK                                 = 0x4
@@ -3221,6 +3275,7 @@ const (
 	TCP_MAX_WINSHIFT                            = 0xe
 	TCP_MD5SIG                                  = 0xe
 	TCP_MD5SIG_EXT                              = 0x20
+	TCP_MD5SIG_FLAG_IFINDEX                     = 0x2
 	TCP_MD5SIG_FLAG_PREFIX                      = 0x1
 	TCP_MD5SIG_MAXKEYLEN                        = 0x50
 	TCP_MSS                                     = 0x200
@@ -3528,12 +3583,16 @@ const (
 	XDP_RX_RING                                 = 0x2
 	XDP_SHARED_UMEM                             = 0x1
 	XDP_STATISTICS                              = 0x7
+	XDP_TXMD_FLAGS_CHECKSUM                     = 0x2
+	XDP_TXMD_FLAGS_TIMESTAMP                    = 0x1
+	XDP_TX_METADATA                             = 0x2
 	XDP_TX_RING                                 = 0x3
 	XDP_UMEM_COMPLETION_RING                    = 0x6
 	XDP_UMEM_FILL_RING                          = 0x5
 	XDP_UMEM_PGOFF_COMPLETION_RING              = 0x180000000
 	XDP_UMEM_PGOFF_FILL_RING                    = 0x100000000
 	XDP_UMEM_REG                                = 0x4
+	XDP_UMEM_TX_SW_CSUM                         = 0x2
 	XDP_UMEM_UNALIGNED_CHUNK_FLAG               = 0x1
 	XDP_USE_NEED_WAKEUP                         = 0x8
 	XDP_USE_SG                                  = 0x10
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index 4920821cf3..e4bc0bd57c 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -118,6 +118,7 @@ const (
 	IXOFF                            = 0x1000
 	IXON                             = 0x400
 	MAP_32BIT                        = 0x40
+	MAP_ABOVE4G                      = 0x80
 	MAP_ANON                         = 0x20
 	MAP_ANONYMOUS                    = 0x20
 	MAP_DENYWRITE                    = 0x800
@@ -281,6 +282,9 @@ const (
 	SCM_TIMESTAMPNS                  = 0x23
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x40182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x40082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x40082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index a0c1e41127..689317afdb 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -118,6 +118,7 @@ const (
 	IXOFF                            = 0x1000
 	IXON                             = 0x400
 	MAP_32BIT                        = 0x40
+	MAP_ABOVE4G                      = 0x80
 	MAP_ANON                         = 0x20
 	MAP_ANONYMOUS                    = 0x20
 	MAP_DENYWRITE                    = 0x800
@@ -282,6 +283,9 @@ const (
 	SCM_TIMESTAMPNS                  = 0x23
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x40182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x40082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x40082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index c63985560f..5cca668ac3 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -288,6 +288,9 @@ const (
 	SCM_TIMESTAMPNS                  = 0x23
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x40182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x40082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x40082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index 47cc62e25c..14270508b0 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -87,6 +87,7 @@ const (
 	FICLONE                          = 0x40049409
 	FICLONERANGE                     = 0x4020940d
 	FLUSHO                           = 0x1000
+	FPMR_MAGIC                       = 0x46504d52
 	FPSIMD_MAGIC                     = 0x46508001
 	FS_IOC_ENABLE_VERITY             = 0x40806685
 	FS_IOC_GETFLAGS                  = 0x80086601
@@ -278,6 +279,9 @@ const (
 	SCM_TIMESTAMPNS                  = 0x23
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x40182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x40082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x40082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
index 27ac4a09e2..28e39afdcb 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
@@ -275,6 +275,9 @@ const (
 	SCM_TIMESTAMPNS                  = 0x23
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x40182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x40082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x40082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index 54694642a5..cd66e92cb4 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -281,6 +281,9 @@ const (
 	SCM_TIMESTAMPNS                  = 0x23
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x80
 	SIOCATMARK                       = 0x40047307
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index 3adb81d758..c1595eba78 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -281,6 +281,9 @@ const (
 	SCM_TIMESTAMPNS                  = 0x23
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x80
 	SIOCATMARK                       = 0x40047307
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index 2dfe98f0d1..ee9456b0da 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -281,6 +281,9 @@ const (
 	SCM_TIMESTAMPNS                  = 0x23
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x80
 	SIOCATMARK                       = 0x40047307
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index f5398f84f0..8cfca81e1b 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -281,6 +281,9 @@ const (
 	SCM_TIMESTAMPNS                  = 0x23
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x80
 	SIOCATMARK                       = 0x40047307
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
index c54f152d68..60b0deb3af 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
@@ -336,6 +336,9 @@ const (
 	SCM_TIMESTAMPNS                  = 0x23
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index 76057dc72f..f90aa7281b 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -340,6 +340,9 @@ const (
 	SCM_TIMESTAMPNS                  = 0x23
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index e0c3725e2b..ba9e015033 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -340,6 +340,9 @@ const (
 	SCM_TIMESTAMPNS                  = 0x23
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
index 18f2813ed5..07cdfd6e9f 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -272,6 +272,9 @@ const (
 	SCM_TIMESTAMPNS                  = 0x23
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x40182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x40082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x40082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index 11619d4ec8..2f1dd214a7 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -344,6 +344,9 @@ const (
 	SCM_TIMESTAMPNS                  = 0x23
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x40182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x40082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x40082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index 396d994da7..f40519d901 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -335,6 +335,9 @@ const (
 	SCM_TIMESTAMPNS                  = 0x21
 	SCM_TXTIME                       = 0x3f
 	SCM_WIFI_STATUS                  = 0x25
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x400000
 	SFD_NONBLOCK                     = 0x4000
 	SF_FP                            = 0x38
diff --git a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
index 4dfd2e051d..da08b2ab3d 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
@@ -10,41 +10,99 @@
 package unix
 
 const (
-	BRKINT                          = 0x0001
-	CLOCK_MONOTONIC                 = 0x1
-	CLOCK_PROCESS_CPUTIME_ID        = 0x2
-	CLOCK_REALTIME                  = 0x0
-	CLOCK_THREAD_CPUTIME_ID         = 0x3
-	CS8                             = 0x0030
-	CSIZE                           = 0x0030
-	ECHO                            = 0x00000008
-	ECHONL                          = 0x00000001
-	FD_CLOEXEC                      = 0x01
-	FD_CLOFORK                      = 0x02
-	FNDELAY                         = 0x04
-	F_CLOSFD                        = 9
-	F_CONTROL_CVT                   = 13
-	F_DUPFD                         = 0
-	F_DUPFD2                        = 8
-	F_GETFD                         = 1
-	F_GETFL                         = 259
-	F_GETLK                         = 5
-	F_GETOWN                        = 10
-	F_OK                            = 0x0
-	F_RDLCK                         = 1
-	F_SETFD                         = 2
-	F_SETFL                         = 4
-	F_SETLK                         = 6
-	F_SETLKW                        = 7
-	F_SETOWN                        = 11
-	F_SETTAG                        = 12
-	F_UNLCK                         = 3
-	F_WRLCK                         = 2
-	FSTYPE_ZFS                      = 0xe9 //"Z"
-	FSTYPE_HFS                      = 0xc8 //"H"
-	FSTYPE_NFS                      = 0xd5 //"N"
-	FSTYPE_TFS                      = 0xe3 //"T"
-	FSTYPE_AUTOMOUNT                = 0xc1 //"A"
+	BRKINT                   = 0x0001
+	CLOCAL                   = 0x1
+	CLOCK_MONOTONIC          = 0x1
+	CLOCK_PROCESS_CPUTIME_ID = 0x2
+	CLOCK_REALTIME           = 0x0
+	CLOCK_THREAD_CPUTIME_ID  = 0x3
+	CLONE_NEWIPC             = 0x08000000
+	CLONE_NEWNET             = 0x40000000
+	CLONE_NEWNS              = 0x00020000
+	CLONE_NEWPID             = 0x20000000
+	CLONE_NEWUTS             = 0x04000000
+	CLONE_PARENT             = 0x00008000
+	CS8                      = 0x0030
+	CSIZE                    = 0x0030
+	ECHO                     = 0x00000008
+	ECHONL                   = 0x00000001
+	EFD_SEMAPHORE            = 0x00002000
+	EFD_CLOEXEC              = 0x00001000
+	EFD_NONBLOCK             = 0x00000004
+	EPOLL_CLOEXEC            = 0x00001000
+	EPOLL_CTL_ADD            = 0
+	EPOLL_CTL_MOD            = 1
+	EPOLL_CTL_DEL            = 2
+	EPOLLRDNORM              = 0x0001
+	EPOLLRDBAND              = 0x0002
+	EPOLLIN                  = 0x0003
+	EPOLLOUT                 = 0x0004
+	EPOLLWRBAND              = 0x0008
+	EPOLLPRI                 = 0x0010
+	EPOLLERR                 = 0x0020
+	EPOLLHUP                 = 0x0040
+	EPOLLEXCLUSIVE           = 0x20000000
+	EPOLLONESHOT             = 0x40000000
+	FD_CLOEXEC               = 0x01
+	FD_CLOFORK               = 0x02
+	FD_SETSIZE               = 0x800
+	FNDELAY                  = 0x04
+	F_CLOSFD                 = 9
+	F_CONTROL_CVT            = 13
+	F_DUPFD                  = 0
+	F_DUPFD2                 = 8
+	F_GETFD                  = 1
+	F_GETFL                  = 259
+	F_GETLK                  = 5
+	F_GETOWN                 = 10
+	F_OK                     = 0x0
+	F_RDLCK                  = 1
+	F_SETFD                  = 2
+	F_SETFL                  = 4
+	F_SETLK                  = 6
+	F_SETLKW                 = 7
+	F_SETOWN                 = 11
+	F_SETTAG                 = 12
+	F_UNLCK                  = 3
+	F_WRLCK                  = 2
+	FSTYPE_ZFS               = 0xe9 //"Z"
+	FSTYPE_HFS               = 0xc8 //"H"
+	FSTYPE_NFS               = 0xd5 //"N"
+	FSTYPE_TFS               = 0xe3 //"T"
+	FSTYPE_AUTOMOUNT         = 0xc1 //"A"
+	GRND_NONBLOCK            = 1
+	GRND_RANDOM              = 2
+	HUPCL                    = 0x0100 // Hang up on last close
+	IN_CLOEXEC               = 0x00001000
+	IN_NONBLOCK              = 0x00000004
+	IN_ACCESS                = 0x00000001
+	IN_MODIFY                = 0x00000002
+	IN_ATTRIB                = 0x00000004
+	IN_CLOSE_WRITE           = 0x00000008
+	IN_CLOSE_NOWRITE         = 0x00000010
+	IN_OPEN                  = 0x00000020
+	IN_MOVED_FROM            = 0x00000040
+	IN_MOVED_TO              = 0x00000080
+	IN_CREATE                = 0x00000100
+	IN_DELETE                = 0x00000200
+	IN_DELETE_SELF           = 0x00000400
+	IN_MOVE_SELF             = 0x00000800
+	IN_UNMOUNT               = 0x00002000
+	IN_Q_OVERFLOW            = 0x00004000
+	IN_IGNORED               = 0x00008000
+	IN_CLOSE                 = (IN_CLOSE_WRITE | IN_CLOSE_NOWRITE)
+	IN_MOVE                  = (IN_MOVED_FROM | IN_MOVED_TO)
+	IN_ALL_EVENTS            = (IN_ACCESS | IN_MODIFY | IN_ATTRIB |
+		IN_CLOSE | IN_OPEN | IN_MOVE |
+		IN_CREATE | IN_DELETE | IN_DELETE_SELF |
+		IN_MOVE_SELF)
+	IN_ONLYDIR                      = 0x01000000
+	IN_DONT_FOLLOW                  = 0x02000000
+	IN_EXCL_UNLINK                  = 0x04000000
+	IN_MASK_CREATE                  = 0x10000000
+	IN_MASK_ADD                     = 0x20000000
+	IN_ISDIR                        = 0x40000000
+	IN_ONESHOT                      = 0x80000000
 	IP6F_MORE_FRAG                  = 0x0001
 	IP6F_OFF_MASK                   = 0xfff8
 	IP6F_RESERVED_MASK              = 0x0006
@@ -152,10 +210,18 @@ const (
 	IP_PKTINFO                      = 101
 	IP_RECVPKTINFO                  = 102
 	IP_TOS                          = 2
-	IP_TTL                          = 3
+	IP_TTL                          = 14
 	IP_UNBLOCK_SOURCE               = 11
+	ICMP6_FILTER                    = 1
+	MCAST_INCLUDE                   = 0
+	MCAST_EXCLUDE                   = 1
+	MCAST_JOIN_GROUP                = 40
+	MCAST_LEAVE_GROUP               = 41
+	MCAST_JOIN_SOURCE_GROUP         = 42
+	MCAST_LEAVE_SOURCE_GROUP        = 43
+	MCAST_BLOCK_SOURCE              = 44
+	MCAST_UNBLOCK_SOURCE            = 46
 	ICANON                          = 0x0010
-	ICMP6_FILTER                    = 0x26
 	ICRNL                           = 0x0002
 	IEXTEN                          = 0x0020
 	IGNBRK                          = 0x0004
@@ -165,10 +231,10 @@ const (
 	ISTRIP                          = 0x0080
 	IXON                            = 0x0200
 	IXOFF                           = 0x0100
-	LOCK_SH                         = 0x1 // Not exist on zOS
-	LOCK_EX                         = 0x2 // Not exist on zOS
-	LOCK_NB                         = 0x4 // Not exist on zOS
-	LOCK_UN                         = 0x8 // Not exist on zOS
+	LOCK_SH                         = 0x1
+	LOCK_EX                         = 0x2
+	LOCK_NB                         = 0x4
+	LOCK_UN                         = 0x8
 	POLLIN                          = 0x0003
 	POLLOUT                         = 0x0004
 	POLLPRI                         = 0x0010
@@ -182,15 +248,29 @@ const (
 	MAP_PRIVATE                     = 0x1 // changes are private
 	MAP_SHARED                      = 0x2 // changes are shared
 	MAP_FIXED                       = 0x4 // place exactly
-	MCAST_JOIN_GROUP                = 40
-	MCAST_LEAVE_GROUP               = 41
-	MCAST_JOIN_SOURCE_GROUP         = 42
-	MCAST_LEAVE_SOURCE_GROUP        = 43
-	MCAST_BLOCK_SOURCE              = 44
-	MCAST_UNBLOCK_SOURCE            = 45
+	__MAP_MEGA                      = 0x8
+	__MAP_64                        = 0x10
+	MAP_ANON                        = 0x20
+	MAP_ANONYMOUS                   = 0x20
 	MS_SYNC                         = 0x1 // msync - synchronous writes
 	MS_ASYNC                        = 0x2 // asynchronous writes
 	MS_INVALIDATE                   = 0x4 // invalidate mappings
+	MS_BIND                         = 0x00001000
+	MS_MOVE                         = 0x00002000
+	MS_NOSUID                       = 0x00000002
+	MS_PRIVATE                      = 0x00040000
+	MS_REC                          = 0x00004000
+	MS_REMOUNT                      = 0x00008000
+	MS_RDONLY                       = 0x00000001
+	MS_UNBINDABLE                   = 0x00020000
+	MNT_DETACH                      = 0x00000004
+	ZOSDSFS_SUPER_MAGIC             = 0x44534653 // zOS DSFS
+	NFS_SUPER_MAGIC                 = 0x6969     // NFS
+	NSFS_MAGIC                      = 0x6e736673 // PROCNS
+	PROC_SUPER_MAGIC                = 0x9fa0     // proc FS
+	ZOSTFS_SUPER_MAGIC              = 0x544653   // zOS TFS
+	ZOSUFS_SUPER_MAGIC              = 0x554653   // zOS UFS
+	ZOSZFS_SUPER_MAGIC              = 0x5A4653   // zOS ZFS
 	MTM_RDONLY                      = 0x80000000
 	MTM_RDWR                        = 0x40000000
 	MTM_UMOUNT                      = 0x10000000
@@ -205,13 +285,20 @@ const (
 	MTM_REMOUNT                     = 0x00000100
 	MTM_NOSECURITY                  = 0x00000080
 	NFDBITS                         = 0x20
+	ONLRET                          = 0x0020 // NL performs CR function
 	O_ACCMODE                       = 0x03
 	O_APPEND                        = 0x08
 	O_ASYNCSIG                      = 0x0200
 	O_CREAT                         = 0x80
+	O_DIRECT                        = 0x00002000
+	O_NOFOLLOW                      = 0x00004000
+	O_DIRECTORY                     = 0x00008000
+	O_PATH                          = 0x00080000
+	O_CLOEXEC                       = 0x00001000
 	O_EXCL                          = 0x40
 	O_GETFL                         = 0x0F
 	O_LARGEFILE                     = 0x0400
+	O_NDELAY                        = 0x4
 	O_NONBLOCK                      = 0x04
 	O_RDONLY                        = 0x02
 	O_RDWR                          = 0x03
@@ -248,6 +335,7 @@ const (
 	AF_IUCV                         = 17
 	AF_LAT                          = 14
 	AF_LINK                         = 18
+	AF_LOCAL                        = AF_UNIX // AF_LOCAL is an alias for AF_UNIX
 	AF_MAX                          = 30
 	AF_NBS                          = 7
 	AF_NDD                          = 23
@@ -285,15 +373,33 @@ const (
 	RLIMIT_AS                       = 5
 	RLIMIT_NOFILE                   = 6
 	RLIMIT_MEMLIMIT                 = 7
+	RLIMIT_MEMLOCK                  = 0x8
 	RLIM_INFINITY                   = 2147483647
+	SCHED_FIFO                      = 0x2
+	SCM_CREDENTIALS                 = 0x2
 	SCM_RIGHTS                      = 0x01
 	SF_CLOSE                        = 0x00000002
 	SF_REUSE                        = 0x00000001
+	SHM_RND                         = 0x2
+	SHM_RDONLY                      = 0x1
+	SHMLBA                          = 0x1000
+	IPC_STAT                        = 0x3
+	IPC_SET                         = 0x2
+	IPC_RMID                        = 0x1
+	IPC_PRIVATE                     = 0x0
+	IPC_CREAT                       = 0x1000000
+	__IPC_MEGA                      = 0x4000000
+	__IPC_SHAREAS                   = 0x20000000
+	__IPC_BELOWBAR                  = 0x10000000
+	IPC_EXCL                        = 0x2000000
+	__IPC_GIGA                      = 0x8000000
 	SHUT_RD                         = 0
 	SHUT_RDWR                       = 2
 	SHUT_WR                         = 1
+	SOCK_CLOEXEC                    = 0x00001000
 	SOCK_CONN_DGRAM                 = 6
 	SOCK_DGRAM                      = 2
+	SOCK_NONBLOCK                   = 0x800
 	SOCK_RAW                        = 3
 	SOCK_RDM                        = 4
 	SOCK_SEQPACKET                  = 5
@@ -378,8 +484,6 @@ const (
 	S_IFMST                         = 0x00FF0000
 	TCP_KEEPALIVE                   = 0x8
 	TCP_NODELAY                     = 0x1
-	TCP_INFO                        = 0xb
-	TCP_USER_TIMEOUT                = 0x1
 	TIOCGWINSZ                      = 0x4008a368
 	TIOCSWINSZ                      = 0x8008a367
 	TIOCSBRK                        = 0x2000a77b
@@ -427,7 +531,10 @@ const (
 	VSUSP                           = 9
 	VTIME                           = 10
 	WCONTINUED                      = 0x4
+	WEXITED                         = 0x8
 	WNOHANG                         = 0x1
+	WNOWAIT                         = 0x20
+	WSTOPPED                        = 0x10
 	WUNTRACED                       = 0x2
 	_BPX_SWAP                       = 1
 	_BPX_NONSWAP                    = 2
@@ -452,8 +559,28 @@ const (
 	MADV_FREE                       = 15 // for Linux compatibility -- no zos semantics
 	MADV_WIPEONFORK                 = 16 // for Linux compatibility -- no zos semantics
 	MADV_KEEPONFORK                 = 17 // for Linux compatibility -- no zos semantics
-	AT_SYMLINK_NOFOLLOW             = 1  // for Unix  compatibility -- no zos semantics
-	AT_FDCWD                        = 2  // for Unix  compatibility -- no zos semantics
+	AT_SYMLINK_FOLLOW               = 0x400
+	AT_SYMLINK_NOFOLLOW             = 0x100
+	XATTR_CREATE                    = 0x1
+	XATTR_REPLACE                   = 0x2
+	P_PID                           = 0
+	P_PGID                          = 1
+	P_ALL                           = 2
+	PR_SET_NAME                     = 15
+	PR_GET_NAME                     = 16
+	PR_SET_NO_NEW_PRIVS             = 38
+	PR_GET_NO_NEW_PRIVS             = 39
+	PR_SET_DUMPABLE                 = 4
+	PR_GET_DUMPABLE                 = 3
+	PR_SET_PDEATHSIG                = 1
+	PR_GET_PDEATHSIG                = 2
+	PR_SET_CHILD_SUBREAPER          = 36
+	PR_GET_CHILD_SUBREAPER          = 37
+	AT_FDCWD                        = -100
+	AT_EACCESS                      = 0x200
+	AT_EMPTY_PATH                   = 0x1000
+	AT_REMOVEDIR                    = 0x200
+	RENAME_NOREPLACE                = 1 << 0
 )
 
 const (
@@ -476,6 +603,7 @@ const (
 	EMLINK             = Errno(125)
 	ENAMETOOLONG       = Errno(126)
 	ENFILE             = Errno(127)
+	ENOATTR            = Errno(265)
 	ENODEV             = Errno(128)
 	ENOENT             = Errno(129)
 	ENOEXEC            = Errno(130)
@@ -700,7 +828,7 @@ var errorList = [...]struct {
 	{145, "EDC5145I", "The parameter list is too long, or the message to receive was too large for the buffer."},
 	{146, "EDC5146I", "Too many levels of symbolic links."},
 	{147, "EDC5147I", "Illegal byte sequence."},
-	{148, "", ""},
+	{148, "EDC5148I", "The named attribute or data not available."},
 	{149, "EDC5149I", "Value Overflow Error."},
 	{150, "EDC5150I", "UNIX System Services is not active."},
 	{151, "EDC5151I", "Dynamic allocation error."},
@@ -743,6 +871,7 @@ var errorList = [...]struct {
 	{259, "EDC5259I", "A CUN_RS_NO_CONVERSION error was issued by Unicode Services."},
 	{260, "EDC5260I", "A CUN_RS_TABLE_NOT_ALIGNED error was issued by Unicode Services."},
 	{262, "EDC5262I", "An iconv() function encountered an unexpected error while using Unicode Services."},
+	{265, "EDC5265I", "The named attribute not available."},
 	{1000, "EDC8000I", "A bad socket-call constant was found in the IUCV header."},
 	{1001, "EDC8001I", "An error was found in the IUCV header."},
 	{1002, "EDC8002I", "A socket descriptor is out of range."},
diff --git a/vendor/golang.org/x/sys/unix/zsymaddr_zos_s390x.s b/vendor/golang.org/x/sys/unix/zsymaddr_zos_s390x.s
new file mode 100644
index 0000000000..b77ff5db90
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsymaddr_zos_s390x.s
@@ -0,0 +1,364 @@
+// go run mksyscall_zos_s390x.go -o_sysnum zsysnum_zos_s390x.go -o_syscall zsyscall_zos_s390x.go -i_syscall syscall_zos_s390x.go -o_asm zsymaddr_zos_s390x.s
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build zos && s390x
+#include "textflag.h"
+
+//  provide the address of function variable to be fixed up.
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FlistxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Flistxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FremovexattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Fremovexattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FgetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Fgetxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FsetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Fsetxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_accept4Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·accept4(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_RemovexattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Removexattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_Dup3Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Dup3(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_DirfdAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Dirfd(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EpollCreateAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·EpollCreate(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EpollCreate1Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·EpollCreate1(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EpollCtlAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·EpollCtl(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EpollPwaitAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·EpollPwait(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EpollWaitAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·EpollWait(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EventfdAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Eventfd(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FaccessatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Faccessat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FchmodatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Fchmodat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FchownatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Fchownat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FdatasyncAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Fdatasync(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_fstatatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·fstatat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LgetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Lgetxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LsetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Lsetxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FstatfsAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Fstatfs(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FutimesAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Futimes(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FutimesatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Futimesat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_GetrandomAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Getrandom(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_InotifyInitAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·InotifyInit(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_InotifyInit1Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·InotifyInit1(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_InotifyAddWatchAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·InotifyAddWatch(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_InotifyRmWatchAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·InotifyRmWatch(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_ListxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Listxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LlistxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Llistxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LremovexattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Lremovexattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LutimesAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Lutimes(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_StatfsAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Statfs(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_SyncfsAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Syncfs(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_UnshareAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Unshare(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LinkatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Linkat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_MkdiratAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Mkdirat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_MknodatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Mknodat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_PivotRootAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·PivotRoot(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_PrctlAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Prctl(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_PrlimitAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Prlimit(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_RenameatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Renameat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_Renameat2Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Renameat2(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_SethostnameAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Sethostname(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_SetnsAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Setns(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_SymlinkatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Symlinkat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_UnlinkatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Unlinkat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_openatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·openat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_openat2Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·openat2(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_utimensatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·utimensat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
index ccb02f240a..07642c308d 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
@@ -760,6 +760,39 @@ var libc_sysctl_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func pthread_chdir_np(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_pthread_chdir_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pthread_chdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_chdir_np pthread_chdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pthread_fchdir_np(fd int) (err error) {
+	_, _, e1 := syscall_syscall(libc_pthread_fchdir_np_trampoline_addr, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pthread_fchdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_fchdir_np pthread_fchdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) {
 	_, _, e1 := syscall_syscall6(libc_sendfile_trampoline_addr, uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags))
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
index 8b8bb28402..923e08cb79 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
@@ -228,6 +228,16 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
 DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
 
+TEXT libc_pthread_chdir_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pthread_chdir_np(SB)
+GLOBL	·libc_pthread_chdir_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pthread_chdir_np_trampoline_addr(SB)/8, $libc_pthread_chdir_np_trampoline<>(SB)
+
+TEXT libc_pthread_fchdir_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pthread_fchdir_np(SB)
+GLOBL	·libc_pthread_fchdir_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pthread_fchdir_np_trampoline_addr(SB)/8, $libc_pthread_fchdir_np_trampoline<>(SB)
+
 TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_sendfile(SB)
 GLOBL	·libc_sendfile_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
index 1b40b997b5..7d73dda647 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
@@ -760,6 +760,39 @@ var libc_sysctl_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func pthread_chdir_np(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_pthread_chdir_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pthread_chdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_chdir_np pthread_chdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pthread_fchdir_np(fd int) (err error) {
+	_, _, e1 := syscall_syscall(libc_pthread_fchdir_np_trampoline_addr, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pthread_fchdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_fchdir_np pthread_fchdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) {
 	_, _, e1 := syscall_syscall6(libc_sendfile_trampoline_addr, uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags))
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
index 08362c1ab7..057700111e 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
@@ -228,6 +228,16 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
 DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
 
+TEXT libc_pthread_chdir_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pthread_chdir_np(SB)
+GLOBL	·libc_pthread_chdir_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pthread_chdir_np_trampoline_addr(SB)/8, $libc_pthread_chdir_np_trampoline<>(SB)
+
+TEXT libc_pthread_fchdir_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pthread_fchdir_np(SB)
+GLOBL	·libc_pthread_fchdir_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pthread_fchdir_np_trampoline_addr(SB)/8, $libc_pthread_fchdir_np_trampoline<>(SB)
+
 TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_sendfile(SB)
 GLOBL	·libc_sendfile_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index 1488d27128..87d8612a1d 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -906,6 +906,16 @@ func Fspick(dirfd int, pathName string, flags int) (fd int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func fsconfig(fd int, cmd uint, key *byte, value *byte, aux int) (err error) {
+	_, _, e1 := Syscall6(SYS_FSCONFIG, uintptr(fd), uintptr(cmd), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(value)), uintptr(aux), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getdents(fd int, buf []byte) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
index 94f0112383..7ccf66b7ee 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -tags zos,s390x syscall_zos_s390x.go
+// go run mksyscall_zos_s390x.go -o_sysnum zsysnum_zos_s390x.go -o_syscall zsyscall_zos_s390x.go -i_syscall syscall_zos_s390x.go -o_asm zsymaddr_zos_s390x.s
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build zos && s390x
@@ -6,17 +6,100 @@
 package unix
 
 import (
+	"runtime"
+	"syscall"
 	"unsafe"
 )
 
+var _ syscall.Errno
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := syscall_syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, uintptr(fd), uintptr(cmd), uintptr(arg))
+	runtime.ExitSyscall()
 	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Flistxattr(fd int, dest []byte) (sz int, err error) {
+	var _p0 unsafe.Pointer
+	if len(dest) > 0 {
+		_p0 = unsafe.Pointer(&dest[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FLISTXATTR_A<<4, uintptr(fd), uintptr(_p0), uintptr(len(dest)))
+	runtime.ExitSyscall()
+	sz = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FlistxattrAddr() *(func(fd int, dest []byte) (sz int, err error))
+
+var Flistxattr = enter_Flistxattr
+
+func enter_Flistxattr(fd int, dest []byte) (sz int, err error) {
+	funcref := get_FlistxattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FLISTXATTR_A<<4, "") == 0 {
+		*funcref = impl_Flistxattr
+	} else {
+		*funcref = error_Flistxattr
+	}
+	return (*funcref)(fd, dest)
+}
+
+func error_Flistxattr(fd int, dest []byte) (sz int, err error) {
+	sz = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Fremovexattr(fd int, attr string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FREMOVEXATTR_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FremovexattrAddr() *(func(fd int, attr string) (err error))
+
+var Fremovexattr = enter_Fremovexattr
+
+func enter_Fremovexattr(fd int, attr string) (err error) {
+	funcref := get_FremovexattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FREMOVEXATTR_A<<4, "") == 0 {
+		*funcref = impl_Fremovexattr
+	} else {
+		*funcref = error_Fremovexattr
 	}
+	return (*funcref)(fd, attr)
+}
+
+func error_Fremovexattr(fd int, attr string) (err error) {
+	err = ENOSYS
 	return
 }
 
@@ -29,10 +112,12 @@ func read(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := syscall_syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_READ<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	runtime.ExitSyscall()
 	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -46,31 +131,159 @@ func write(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := syscall_syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WRITE<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	runtime.ExitSyscall()
 	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(dest) > 0 {
+		_p1 = unsafe.Pointer(&dest[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FGETXATTR_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
+	runtime.ExitSyscall()
+	sz = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FgetxattrAddr() *(func(fd int, attr string, dest []byte) (sz int, err error))
+
+var Fgetxattr = enter_Fgetxattr
+
+func enter_Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
+	funcref := get_FgetxattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FGETXATTR_A<<4, "") == 0 {
+		*funcref = impl_Fgetxattr
+	} else {
+		*funcref = error_Fgetxattr
+	}
+	return (*funcref)(fd, attr, dest)
+}
+
+func error_Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
+	sz = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Fsetxattr(fd int, attr string, data []byte, flag int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(data) > 0 {
+		_p1 = unsafe.Pointer(&data[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FSETXATTR_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(data)), uintptr(flag))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FsetxattrAddr() *(func(fd int, attr string, data []byte, flag int) (err error))
+
+var Fsetxattr = enter_Fsetxattr
+
+func enter_Fsetxattr(fd int, attr string, data []byte, flag int) (err error) {
+	funcref := get_FsetxattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FSETXATTR_A<<4, "") == 0 {
+		*funcref = impl_Fsetxattr
+	} else {
+		*funcref = error_Fsetxattr
 	}
+	return (*funcref)(fd, attr, data, flag)
+}
+
+func error_Fsetxattr(fd int, attr string, data []byte, flag int) (err error) {
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := syscall_syscall(SYS___ACCEPT_A, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___ACCEPT_A<<4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___ACCEPT4_A<<4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags))
+	runtime.ExitSyscall()
 	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_accept4Addr() *(func(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error))
+
+var accept4 = enter_accept4
+
+func enter_accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	funcref := get_accept4Addr()
+	if funcptrtest(GetZosLibVec()+SYS___ACCEPT4_A<<4, "") == 0 {
+		*funcref = impl_accept4
+	} else {
+		*funcref = error_accept4
 	}
+	return (*funcref)(s, rsa, addrlen, flags)
+}
+
+func error_accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := syscall_syscall(SYS___BIND_A, uintptr(s), uintptr(addr), uintptr(addrlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___BIND_A<<4, uintptr(s), uintptr(addr), uintptr(addrlen))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -78,9 +291,11 @@ func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := syscall_syscall(SYS___CONNECT_A, uintptr(s), uintptr(addr), uintptr(addrlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CONNECT_A<<4, uintptr(s), uintptr(addr), uintptr(addrlen))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -88,10 +303,10 @@ func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getgroups(n int, list *_Gid_t) (nn int, err error) {
-	r0, _, e1 := syscall_rawsyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETGROUPS<<4, uintptr(n), uintptr(unsafe.Pointer(list)))
 	nn = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -99,9 +314,9 @@ func getgroups(n int, list *_Gid_t) (nn int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setgroups(n int, list *_Gid_t) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETGROUPS<<4, uintptr(n), uintptr(unsafe.Pointer(list)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -109,9 +324,11 @@ func setgroups(n int, list *_Gid_t) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
-	_, _, e1 := syscall_syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETSOCKOPT<<4, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -119,9 +336,11 @@ func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
-	_, _, e1 := syscall_syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETSOCKOPT<<4, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -129,10 +348,10 @@ func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr)
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socket(domain int, typ int, proto int) (fd int, err error) {
-	r0, _, e1 := syscall_rawsyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SOCKET<<4, uintptr(domain), uintptr(typ), uintptr(proto))
 	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -140,9 +359,9 @@ func socket(domain int, typ int, proto int) (fd int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
-	_, _, e1 := syscall_rawsyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SOCKETPAIR<<4, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -150,9 +369,9 @@ func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS___GETPEERNAME_A, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETPEERNAME_A<<4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -160,10 +379,52 @@ func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS___GETSOCKNAME_A, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETSOCKNAME_A<<4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Removexattr(path string, attr string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___REMOVEXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_RemovexattrAddr() *(func(path string, attr string) (err error))
+
+var Removexattr = enter_Removexattr
+
+func enter_Removexattr(path string, attr string) (err error) {
+	funcref := get_RemovexattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___REMOVEXATTR_A<<4, "") == 0 {
+		*funcref = impl_Removexattr
+	} else {
+		*funcref = error_Removexattr
 	}
+	return (*funcref)(path, attr)
+}
+
+func error_Removexattr(path string, attr string) (err error) {
+	err = ENOSYS
 	return
 }
 
@@ -176,10 +437,12 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := syscall_syscall6(SYS___RECVFROM_A, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RECVFROM_A<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	runtime.ExitSyscall()
 	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -193,9 +456,11 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := syscall_syscall6(SYS___SENDTO_A, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SENDTO_A<<4, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -203,10 +468,12 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := syscall_syscall(SYS___RECVMSG_A, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RECVMSG_A<<4, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	runtime.ExitSyscall()
 	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -214,10 +481,12 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := syscall_syscall(SYS___SENDMSG_A, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SENDMSG_A<<4, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	runtime.ExitSyscall()
 	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -225,10 +494,12 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
-	r0, _, e1 := syscall_syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MMAP<<4, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
+	runtime.ExitSyscall()
 	ret = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -236,9 +507,11 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := syscall_syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MUNMAP<<4, uintptr(addr), uintptr(length))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -246,9 +519,11 @@ func munmap(addr uintptr, length uintptr) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func ioctl(fd int, req int, arg uintptr) (err error) {
-	_, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_IOCTL<<4, uintptr(fd), uintptr(req), uintptr(arg))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -256,9 +531,62 @@ func ioctl(fd int, req int, arg uintptr) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) {
-	_, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_IOCTL<<4, uintptr(fd), uintptr(req), uintptr(arg))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmat(id int, addr uintptr, flag int) (ret uintptr, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMAT<<4, uintptr(id), uintptr(addr), uintptr(flag))
+	runtime.ExitSyscall()
+	ret = uintptr(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmctl(id int, cmd int, buf *SysvShmDesc) (result int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMCTL64<<4, uintptr(id), uintptr(cmd), uintptr(unsafe.Pointer(buf)))
+	runtime.ExitSyscall()
+	result = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmdt(addr uintptr) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMDT<<4, uintptr(addr))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmget(key int, size int, flag int) (id int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMGET<<4, uintptr(key), uintptr(size), uintptr(flag))
+	runtime.ExitSyscall()
+	id = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -271,9 +599,11 @@ func Access(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___ACCESS_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___ACCESS_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -286,9 +616,11 @@ func Chdir(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___CHDIR_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHDIR_A<<4, uintptr(unsafe.Pointer(_p0)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -301,9 +633,11 @@ func Chown(path string, uid int, gid int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___CHOWN_A, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHOWN_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -316,9 +650,11 @@ func Chmod(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___CHMOD_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHMOD_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -331,10 +667,12 @@ func Creat(path string, mode uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := syscall_syscall(SYS___CREAT_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CREAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	runtime.ExitSyscall()
 	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -342,10 +680,12 @@ func Creat(path string, mode uint32) (fd int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup(oldfd int) (fd int, err error) {
-	r0, _, e1 := syscall_syscall(SYS_DUP, uintptr(oldfd), 0, 0)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DUP<<4, uintptr(oldfd))
+	runtime.ExitSyscall()
 	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -353,617 +693,2216 @@ func Dup(oldfd int) (fd int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup2(oldfd int, newfd int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DUP2<<4, uintptr(oldfd), uintptr(newfd))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Errno2() (er2 int) {
-	uer2, _, _ := syscall_syscall(SYS___ERRNO2, 0, 0, 0)
-	er2 = int(uer2)
+func impl_Dup3(oldfd int, newfd int, flags int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DUP3<<4, uintptr(oldfd), uintptr(newfd), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_Dup3Addr() *(func(oldfd int, newfd int, flags int) (err error))
 
-func Err2ad() (eadd *int) {
-	ueadd, _, _ := syscall_syscall(SYS___ERR2AD, 0, 0, 0)
-	eadd = (*int)(unsafe.Pointer(ueadd))
-	return
-}
+var Dup3 = enter_Dup3
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func enter_Dup3(oldfd int, newfd int, flags int) (err error) {
+	funcref := get_Dup3Addr()
+	if funcptrtest(GetZosLibVec()+SYS_DUP3<<4, "") == 0 {
+		*funcref = impl_Dup3
+	} else {
+		*funcref = error_Dup3
+	}
+	return (*funcref)(oldfd, newfd, flags)
+}
 
-func Exit(code int) {
-	syscall_syscall(SYS_EXIT, uintptr(code), 0, 0)
+func error_Dup3(oldfd int, newfd int, flags int) (err error) {
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fchdir(fd int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+func impl_Dirfd(dirp uintptr) (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DIRFD<<4, uintptr(dirp))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_DirfdAddr() *(func(dirp uintptr) (fd int, err error))
 
-func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := syscall_syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+var Dirfd = enter_Dirfd
+
+func enter_Dirfd(dirp uintptr) (fd int, err error) {
+	funcref := get_DirfdAddr()
+	if funcptrtest(GetZosLibVec()+SYS_DIRFD<<4, "") == 0 {
+		*funcref = impl_Dirfd
+	} else {
+		*funcref = error_Dirfd
 	}
+	return (*funcref)(dirp)
+}
+
+func error_Dirfd(dirp uintptr) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fchown(fd int, uid int, gid int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
-	if e1 != 0 {
-		err = errnoErr(e1)
+func impl_EpollCreate(size int) (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_CREATE<<4, uintptr(size))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_EpollCreateAddr() *(func(size int) (fd int, err error))
 
-func FcntlInt(fd uintptr, cmd int, arg int) (retval int, err error) {
-	r0, _, e1 := syscall_syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
-	retval = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+var EpollCreate = enter_EpollCreate
+
+func enter_EpollCreate(size int) (fd int, err error) {
+	funcref := get_EpollCreateAddr()
+	if funcptrtest(GetZosLibVec()+SYS_EPOLL_CREATE<<4, "") == 0 {
+		*funcref = impl_EpollCreate
+	} else {
+		*funcref = error_EpollCreate
 	}
+	return (*funcref)(size)
+}
+
+func error_EpollCreate(size int) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func fstat(fd int, stat *Stat_LE_t) (err error) {
-	_, _, e1 := syscall_syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+func impl_EpollCreate1(flags int) (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_CREATE1<<4, uintptr(flags))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_EpollCreate1Addr() *(func(flags int) (fd int, err error))
 
-func Fstatvfs(fd int, stat *Statvfs_t) (err error) {
-	_, _, e1 := syscall_syscall(SYS_FSTATVFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+var EpollCreate1 = enter_EpollCreate1
+
+func enter_EpollCreate1(flags int) (fd int, err error) {
+	funcref := get_EpollCreate1Addr()
+	if funcptrtest(GetZosLibVec()+SYS_EPOLL_CREATE1<<4, "") == 0 {
+		*funcref = impl_EpollCreate1
+	} else {
+		*funcref = error_EpollCreate1
 	}
+	return (*funcref)(flags)
+}
+
+func error_EpollCreate1(flags int) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Fsync(fd int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+func impl_EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_CTL<<4, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_EpollCtlAddr() *(func(epfd int, op int, fd int, event *EpollEvent) (err error))
 
-func Ftruncate(fd int, length int64) (err error) {
-	_, _, e1 := syscall_syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+var EpollCtl = enter_EpollCtl
+
+func enter_EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
+	funcref := get_EpollCtlAddr()
+	if funcptrtest(GetZosLibVec()+SYS_EPOLL_CTL<<4, "") == 0 {
+		*funcref = impl_EpollCtl
+	} else {
+		*funcref = error_EpollCtl
 	}
-	return
+	return (*funcref)(epfd, op, fd, event)
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpagesize() (pgsize int) {
-	r0, _, _ := syscall_syscall(SYS_GETPAGESIZE, 0, 0, 0)
-	pgsize = int(r0)
+func error_EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Mprotect(b []byte, prot int) (err error) {
+func impl_EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) {
 	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := syscall_syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_PWAIT<<4, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), uintptr(unsafe.Pointer(sigmask)))
+	runtime.ExitSyscall()
+	n = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_EpollPwaitAddr() *(func(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error))
 
-func Msync(b []byte, flags int) (err error) {
-	var _p0 unsafe.Pointer
-	if len(b) > 0 {
-		_p0 = unsafe.Pointer(&b[0])
+var EpollPwait = enter_EpollPwait
+
+func enter_EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) {
+	funcref := get_EpollPwaitAddr()
+	if funcptrtest(GetZosLibVec()+SYS_EPOLL_PWAIT<<4, "") == 0 {
+		*funcref = impl_EpollPwait
 	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := syscall_syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
+		*funcref = error_EpollPwait
 	}
+	return (*funcref)(epfd, events, msec, sigmask)
+}
+
+func error_EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) {
+	n = -1
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Poll(fds []PollFd, timeout int) (n int, err error) {
+func impl_EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
 	var _p0 unsafe.Pointer
-	if len(fds) > 0 {
-		_p0 = unsafe.Pointer(&fds[0])
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := syscall_syscall(SYS_POLL, uintptr(_p0), uintptr(len(fds)), uintptr(timeout))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_WAIT<<4, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec))
+	runtime.ExitSyscall()
 	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_EpollWaitAddr() *(func(epfd int, events []EpollEvent, msec int) (n int, err error))
 
-func Times(tms *Tms) (ticks uintptr, err error) {
-	r0, _, e1 := syscall_syscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
-	ticks = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+var EpollWait = enter_EpollWait
+
+func enter_EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	funcref := get_EpollWaitAddr()
+	if funcptrtest(GetZosLibVec()+SYS_EPOLL_WAIT<<4, "") == 0 {
+		*funcref = impl_EpollWait
+	} else {
+		*funcref = error_EpollWait
 	}
+	return (*funcref)(epfd, events, msec)
+}
+
+func error_EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	n = -1
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func W_Getmntent(buff *byte, size int) (lastsys int, err error) {
-	r0, _, e1 := syscall_syscall(SYS_W_GETMNTENT, uintptr(unsafe.Pointer(buff)), uintptr(size), 0)
-	lastsys = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
+func Errno2() (er2 int) {
+	runtime.EnterSyscall()
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS___ERRNO2<<4)
+	runtime.ExitSyscall()
+	er2 = int(r0)
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func W_Getmntent_A(buff *byte, size int) (lastsys int, err error) {
-	r0, _, e1 := syscall_syscall(SYS___W_GETMNTENT_A, uintptr(unsafe.Pointer(buff)), uintptr(size), 0)
-	lastsys = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+func impl_Eventfd(initval uint, flags int) (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EVENTFD<<4, uintptr(initval), uintptr(flags))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
+//go:nosplit
+func get_EventfdAddr() *(func(initval uint, flags int) (fd int, err error))
+
+var Eventfd = enter_Eventfd
+
+func enter_Eventfd(initval uint, flags int) (fd int, err error) {
+	funcref := get_EventfdAddr()
+	if funcptrtest(GetZosLibVec()+SYS_EVENTFD<<4, "") == 0 {
+		*funcref = impl_Eventfd
+	} else {
+		*funcref = error_Eventfd
+	}
+	return (*funcref)(initval, flags)
+}
+
+func error_Eventfd(initval uint, flags int) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
+	return
+}
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func mount_LE(path string, filesystem string, fstype string, mtm uint32, parmlen int32, parm string) (err error) {
+func Exit(code int) {
+	runtime.EnterSyscall()
+	CallLeFuncWithErr(GetZosLibVec()+SYS_EXIT<<4, uintptr(code))
+	runtime.ExitSyscall()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
 		return
 	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(filesystem)
-	if err != nil {
-		return
-	}
-	var _p2 *byte
-	_p2, err = BytePtrFromString(fstype)
-	if err != nil {
-		return
-	}
-	var _p3 *byte
-	_p3, err = BytePtrFromString(parm)
-	if err != nil {
-		return
-	}
-	_, _, e1 := syscall_syscall6(SYS___MOUNT_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(mtm), uintptr(parmlen), uintptr(unsafe.Pointer(_p3)))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FACCESSAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_FaccessatAddr() *(func(dirfd int, path string, mode uint32, flags int) (err error))
 
-func unmount(filesystem string, mtm int) (err error) {
+var Faccessat = enter_Faccessat
+
+func enter_Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	funcref := get_FaccessatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FACCESSAT_A<<4, "") == 0 {
+		*funcref = impl_Faccessat
+	} else {
+		*funcref = error_Faccessat
+	}
+	return (*funcref)(dirfd, path, mode, flags)
+}
+
+func error_Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCHDIR<<4, uintptr(fd))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCHMOD<<4, uintptr(fd), uintptr(mode))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
 	var _p0 *byte
-	_p0, err = BytePtrFromString(filesystem)
+	_p0, err = BytePtrFromString(path)
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___UMOUNT_A, uintptr(unsafe.Pointer(_p0)), uintptr(mtm), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FCHMODAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FchmodatAddr() *(func(dirfd int, path string, mode uint32, flags int) (err error))
+
+var Fchmodat = enter_Fchmodat
+
+func enter_Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	funcref := get_FchmodatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FCHMODAT_A<<4, "") == 0 {
+		*funcref = impl_Fchmodat
+	} else {
+		*funcref = error_Fchmodat
+	}
+	return (*funcref)(dirfd, path, mode, flags)
+}
+
+func error_Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCHOWN<<4, uintptr(fd), uintptr(uid), uintptr(gid))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Chroot(path string) (err error) {
+func impl_Fchownat(fd int, path string, uid int, gid int, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___CHROOT_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FCHOWNAT_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FchownatAddr() *(func(fd int, path string, uid int, gid int, flags int) (err error))
+
+var Fchownat = enter_Fchownat
+
+func enter_Fchownat(fd int, path string, uid int, gid int, flags int) (err error) {
+	funcref := get_FchownatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FCHOWNAT_A<<4, "") == 0 {
+		*funcref = impl_Fchownat
+	} else {
+		*funcref = error_Fchownat
 	}
+	return (*funcref)(fd, path, uid, gid, flags)
+}
+
+func error_Fchownat(fd int, path string, uid int, gid int, flags int) (err error) {
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Uname(buf *Utsname) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS___UNAME_A, uintptr(unsafe.Pointer(buf)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+func FcntlInt(fd uintptr, cmd int, arg int) (retval int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, uintptr(fd), uintptr(cmd), uintptr(arg))
+	runtime.ExitSyscall()
+	retval = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Gethostname(buf []byte) (err error) {
+func impl_Fdatasync(fd int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FDATASYNC<<4, uintptr(fd))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FdatasyncAddr() *(func(fd int) (err error))
+
+var Fdatasync = enter_Fdatasync
+
+func enter_Fdatasync(fd int) (err error) {
+	funcref := get_FdatasyncAddr()
+	if funcptrtest(GetZosLibVec()+SYS_FDATASYNC<<4, "") == 0 {
+		*funcref = impl_Fdatasync
+	} else {
+		*funcref = error_Fdatasync
+	}
+	return (*funcref)(fd)
+}
+
+func error_Fdatasync(fd int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat(fd int, stat *Stat_LE_t) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSTAT<<4, uintptr(fd), uintptr(unsafe.Pointer(stat)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FSTATAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_fstatatAddr() *(func(dirfd int, path string, stat *Stat_LE_t, flags int) (err error))
+
+var fstatat = enter_fstatat
+
+func enter_fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) {
+	funcref := get_fstatatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FSTATAT_A<<4, "") == 0 {
+		*funcref = impl_fstatat
+	} else {
+		*funcref = error_fstatat
+	}
+	return (*funcref)(dirfd, path, stat, flags)
+}
+
+func error_fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Lgetxattr(link string, attr string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(dest) > 0 {
+		_p2 = unsafe.Pointer(&dest[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LGETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)))
+	runtime.ExitSyscall()
+	sz = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_LgetxattrAddr() *(func(link string, attr string, dest []byte) (sz int, err error))
+
+var Lgetxattr = enter_Lgetxattr
+
+func enter_Lgetxattr(link string, attr string, dest []byte) (sz int, err error) {
+	funcref := get_LgetxattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___LGETXATTR_A<<4, "") == 0 {
+		*funcref = impl_Lgetxattr
+	} else {
+		*funcref = error_Lgetxattr
+	}
+	return (*funcref)(link, attr, dest)
+}
+
+func error_Lgetxattr(link string, attr string, dest []byte) (sz int, err error) {
+	sz = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(data) > 0 {
+		_p2 = unsafe.Pointer(&data[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LSETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_LsetxattrAddr() *(func(path string, attr string, data []byte, flags int) (err error))
+
+var Lsetxattr = enter_Lsetxattr
+
+func enter_Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
+	funcref := get_LsetxattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___LSETXATTR_A<<4, "") == 0 {
+		*funcref = impl_Lsetxattr
+	} else {
+		*funcref = error_Lsetxattr
+	}
+	return (*funcref)(path, attr, data, flags)
+}
+
+func error_Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Fstatfs(fd int, buf *Statfs_t) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSTATFS<<4, uintptr(fd), uintptr(unsafe.Pointer(buf)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FstatfsAddr() *(func(fd int, buf *Statfs_t) (err error))
+
+var Fstatfs = enter_Fstatfs
+
+func enter_Fstatfs(fd int, buf *Statfs_t) (err error) {
+	funcref := get_FstatfsAddr()
+	if funcptrtest(GetZosLibVec()+SYS_FSTATFS<<4, "") == 0 {
+		*funcref = impl_Fstatfs
+	} else {
+		*funcref = error_Fstatfs
+	}
+	return (*funcref)(fd, buf)
+}
+
+func error_Fstatfs(fd int, buf *Statfs_t) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatvfs(fd int, stat *Statvfs_t) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSTATVFS<<4, uintptr(fd), uintptr(unsafe.Pointer(stat)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSYNC<<4, uintptr(fd))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Futimes(fd int, tv []Timeval) (err error) {
 	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
+	if len(tv) > 0 {
+		_p0 = unsafe.Pointer(&tv[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := syscall_syscall(SYS___GETHOSTNAME_A, uintptr(_p0), uintptr(len(buf)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FUTIMES<<4, uintptr(fd), uintptr(_p0), uintptr(len(tv)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_FutimesAddr() *(func(fd int, tv []Timeval) (err error))
 
-func Getegid() (egid int) {
-	r0, _, _ := syscall_rawsyscall(SYS_GETEGID, 0, 0, 0)
-	egid = int(r0)
+var Futimes = enter_Futimes
+
+func enter_Futimes(fd int, tv []Timeval) (err error) {
+	funcref := get_FutimesAddr()
+	if funcptrtest(GetZosLibVec()+SYS_FUTIMES<<4, "") == 0 {
+		*funcref = impl_Futimes
+	} else {
+		*funcref = error_Futimes
+	}
+	return (*funcref)(fd, tv)
+}
+
+func error_Futimes(fd int, tv []Timeval) (err error) {
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Geteuid() (uid int) {
-	r0, _, _ := syscall_rawsyscall(SYS_GETEUID, 0, 0, 0)
-	uid = int(r0)
+func impl_Futimesat(dirfd int, path string, tv []Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(tv) > 0 {
+		_p1 = unsafe.Pointer(&tv[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FUTIMESAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(tv)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FutimesatAddr() *(func(dirfd int, path string, tv []Timeval) (err error))
+
+var Futimesat = enter_Futimesat
+
+func enter_Futimesat(dirfd int, path string, tv []Timeval) (err error) {
+	funcref := get_FutimesatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FUTIMESAT_A<<4, "") == 0 {
+		*funcref = impl_Futimesat
+	} else {
+		*funcref = error_Futimesat
+	}
+	return (*funcref)(dirfd, path, tv)
+}
+
+func error_Futimesat(dirfd int, path string, tv []Timeval) (err error) {
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getgid() (gid int) {
-	r0, _, _ := syscall_rawsyscall(SYS_GETGID, 0, 0, 0)
-	gid = int(r0)
+func Ftruncate(fd int, length int64) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FTRUNCATE<<4, uintptr(fd), uintptr(length))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getpid() (pid int) {
-	r0, _, _ := syscall_rawsyscall(SYS_GETPID, 0, 0, 0)
-	pid = int(r0)
+func impl_Getrandom(buf []byte, flags int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETRANDOM<<4, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
+	runtime.ExitSyscall()
+	n = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_GetrandomAddr() *(func(buf []byte, flags int) (n int, err error))
+
+var Getrandom = enter_Getrandom
+
+func enter_Getrandom(buf []byte, flags int) (n int, err error) {
+	funcref := get_GetrandomAddr()
+	if funcptrtest(GetZosLibVec()+SYS_GETRANDOM<<4, "") == 0 {
+		*funcref = impl_Getrandom
+	} else {
+		*funcref = error_Getrandom
+	}
+	return (*funcref)(buf, flags)
+}
+
+func error_Getrandom(buf []byte, flags int) (n int, err error) {
+	n = -1
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := syscall_rawsyscall(SYS_GETPGID, uintptr(pid), 0, 0)
-	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+func impl_InotifyInit() (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec() + SYS_INOTIFY_INIT<<4)
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_InotifyInitAddr() *(func() (fd int, err error))
+
+var InotifyInit = enter_InotifyInit
+
+func enter_InotifyInit() (fd int, err error) {
+	funcref := get_InotifyInitAddr()
+	if funcptrtest(GetZosLibVec()+SYS_INOTIFY_INIT<<4, "") == 0 {
+		*funcref = impl_InotifyInit
+	} else {
+		*funcref = error_InotifyInit
 	}
+	return (*funcref)()
+}
+
+func error_InotifyInit() (fd int, err error) {
+	fd = -1
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getppid() (pid int) {
-	r0, _, _ := syscall_rawsyscall(SYS_GETPPID, 0, 0, 0)
-	pid = int(r0)
+func impl_InotifyInit1(flags int) (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_INOTIFY_INIT1<<4, uintptr(flags))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_InotifyInit1Addr() *(func(flags int) (fd int, err error))
+
+var InotifyInit1 = enter_InotifyInit1
+
+func enter_InotifyInit1(flags int) (fd int, err error) {
+	funcref := get_InotifyInit1Addr()
+	if funcptrtest(GetZosLibVec()+SYS_INOTIFY_INIT1<<4, "") == 0 {
+		*funcref = impl_InotifyInit1
+	} else {
+		*funcref = error_InotifyInit1
+	}
+	return (*funcref)(flags)
+}
+
+func error_InotifyInit1(flags int) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(pathname)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___INOTIFY_ADD_WATCH_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
+	runtime.ExitSyscall()
+	watchdesc = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_InotifyAddWatchAddr() *(func(fd int, pathname string, mask uint32) (watchdesc int, err error))
+
+var InotifyAddWatch = enter_InotifyAddWatch
+
+func enter_InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
+	funcref := get_InotifyAddWatchAddr()
+	if funcptrtest(GetZosLibVec()+SYS___INOTIFY_ADD_WATCH_A<<4, "") == 0 {
+		*funcref = impl_InotifyAddWatch
+	} else {
+		*funcref = error_InotifyAddWatch
+	}
+	return (*funcref)(fd, pathname, mask)
+}
+
+func error_InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
+	watchdesc = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_INOTIFY_RM_WATCH<<4, uintptr(fd), uintptr(watchdesc))
+	runtime.ExitSyscall()
+	success = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_InotifyRmWatchAddr() *(func(fd int, watchdesc uint32) (success int, err error))
+
+var InotifyRmWatch = enter_InotifyRmWatch
+
+func enter_InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
+	funcref := get_InotifyRmWatchAddr()
+	if funcptrtest(GetZosLibVec()+SYS_INOTIFY_RM_WATCH<<4, "") == 0 {
+		*funcref = impl_InotifyRmWatch
+	} else {
+		*funcref = error_InotifyRmWatch
+	}
+	return (*funcref)(fd, watchdesc)
+}
+
+func error_InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
+	success = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Listxattr(path string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(dest) > 0 {
+		_p1 = unsafe.Pointer(&dest[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LISTXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
+	runtime.ExitSyscall()
+	sz = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_ListxattrAddr() *(func(path string, dest []byte) (sz int, err error))
+
+var Listxattr = enter_Listxattr
+
+func enter_Listxattr(path string, dest []byte) (sz int, err error) {
+	funcref := get_ListxattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___LISTXATTR_A<<4, "") == 0 {
+		*funcref = impl_Listxattr
+	} else {
+		*funcref = error_Listxattr
+	}
+	return (*funcref)(path, dest)
+}
+
+func error_Listxattr(path string, dest []byte) (sz int, err error) {
+	sz = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Llistxattr(path string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(dest) > 0 {
+		_p1 = unsafe.Pointer(&dest[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LLISTXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
+	runtime.ExitSyscall()
+	sz = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_LlistxattrAddr() *(func(path string, dest []byte) (sz int, err error))
+
+var Llistxattr = enter_Llistxattr
+
+func enter_Llistxattr(path string, dest []byte) (sz int, err error) {
+	funcref := get_LlistxattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___LLISTXATTR_A<<4, "") == 0 {
+		*funcref = impl_Llistxattr
+	} else {
+		*funcref = error_Llistxattr
+	}
+	return (*funcref)(path, dest)
+}
+
+func error_Llistxattr(path string, dest []byte) (sz int, err error) {
+	sz = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Lremovexattr(path string, attr string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LREMOVEXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_LremovexattrAddr() *(func(path string, attr string) (err error))
+
+var Lremovexattr = enter_Lremovexattr
+
+func enter_Lremovexattr(path string, attr string) (err error) {
+	funcref := get_LremovexattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___LREMOVEXATTR_A<<4, "") == 0 {
+		*funcref = impl_Lremovexattr
+	} else {
+		*funcref = error_Lremovexattr
+	}
+	return (*funcref)(path, attr)
+}
+
+func error_Lremovexattr(path string, attr string) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Lutimes(path string, tv []Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(tv) > 0 {
+		_p1 = unsafe.Pointer(&tv[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LUTIMES_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(tv)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_LutimesAddr() *(func(path string, tv []Timeval) (err error))
+
+var Lutimes = enter_Lutimes
+
+func enter_Lutimes(path string, tv []Timeval) (err error) {
+	funcref := get_LutimesAddr()
+	if funcptrtest(GetZosLibVec()+SYS___LUTIMES_A<<4, "") == 0 {
+		*funcref = impl_Lutimes
+	} else {
+		*funcref = error_Lutimes
+	}
+	return (*funcref)(path, tv)
+}
+
+func error_Lutimes(path string, tv []Timeval) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MPROTECT<<4, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MSYNC<<4, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Console2(cmsg *ConsMsg2, modstr *byte, concmd *uint32) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CONSOLE2<<4, uintptr(unsafe.Pointer(cmsg)), uintptr(unsafe.Pointer(modstr)), uintptr(unsafe.Pointer(concmd)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(fds) > 0 {
+		_p0 = unsafe.Pointer(&fds[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_POLL<<4, uintptr(_p0), uintptr(len(fds)), uintptr(timeout))
+	runtime.ExitSyscall()
+	n = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readdir_r(dirp uintptr, entry *direntLE, result **direntLE) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___READDIR_R_A<<4, uintptr(dirp), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Statfs(path string, buf *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___STATFS_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_StatfsAddr() *(func(path string, buf *Statfs_t) (err error))
+
+var Statfs = enter_Statfs
+
+func enter_Statfs(path string, buf *Statfs_t) (err error) {
+	funcref := get_StatfsAddr()
+	if funcptrtest(GetZosLibVec()+SYS___STATFS_A<<4, "") == 0 {
+		*funcref = impl_Statfs
+	} else {
+		*funcref = error_Statfs
+	}
+	return (*funcref)(path, buf)
+}
+
+func error_Statfs(path string, buf *Statfs_t) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Syncfs(fd int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SYNCFS<<4, uintptr(fd))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_SyncfsAddr() *(func(fd int) (err error))
+
+var Syncfs = enter_Syncfs
+
+func enter_Syncfs(fd int) (err error) {
+	funcref := get_SyncfsAddr()
+	if funcptrtest(GetZosLibVec()+SYS_SYNCFS<<4, "") == 0 {
+		*funcref = impl_Syncfs
+	} else {
+		*funcref = error_Syncfs
+	}
+	return (*funcref)(fd)
+}
+
+func error_Syncfs(fd int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Times(tms *Tms) (ticks uintptr, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TIMES<<4, uintptr(unsafe.Pointer(tms)))
+	runtime.ExitSyscall()
+	ticks = uintptr(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func W_Getmntent(buff *byte, size int) (lastsys int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_W_GETMNTENT<<4, uintptr(unsafe.Pointer(buff)), uintptr(size))
+	runtime.ExitSyscall()
+	lastsys = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func W_Getmntent_A(buff *byte, size int) (lastsys int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___W_GETMNTENT_A<<4, uintptr(unsafe.Pointer(buff)), uintptr(size))
+	runtime.ExitSyscall()
+	lastsys = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mount_LE(path string, filesystem string, fstype string, mtm uint32, parmlen int32, parm string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(filesystem)
+	if err != nil {
+		return
+	}
+	var _p2 *byte
+	_p2, err = BytePtrFromString(fstype)
+	if err != nil {
+		return
+	}
+	var _p3 *byte
+	_p3, err = BytePtrFromString(parm)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MOUNT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(mtm), uintptr(parmlen), uintptr(unsafe.Pointer(_p3)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unmount_LE(filesystem string, mtm int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(filesystem)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UMOUNT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mtm))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHROOT_A<<4, uintptr(unsafe.Pointer(_p0)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nmsgsfds int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (ret int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SELECT<<4, uintptr(nmsgsfds), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)))
+	runtime.ExitSyscall()
+	ret = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Uname(buf *Utsname) (err error) {
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_____OSNAME_A<<4, uintptr(unsafe.Pointer(buf)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Unshare(flags int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_UNSHARE<<4, uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_UnshareAddr() *(func(flags int) (err error))
+
+var Unshare = enter_Unshare
+
+func enter_Unshare(flags int) (err error) {
+	funcref := get_UnshareAddr()
+	if funcptrtest(GetZosLibVec()+SYS_UNSHARE<<4, "") == 0 {
+		*funcref = impl_Unshare
+	} else {
+		*funcref = error_Unshare
+	}
+	return (*funcref)(flags)
+}
+
+func error_Unshare(flags int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gethostname(buf []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETHOSTNAME_A<<4, uintptr(_p0), uintptr(len(buf)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETGID<<4)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETPID<<4)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETPGID<<4, uintptr(pid))
+	pgid = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (pid int) {
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETPPID<<4)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETPRIORITY<<4, uintptr(which), uintptr(who))
+	runtime.ExitSyscall()
+	prio = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETRLIMIT<<4, uintptr(resource), uintptr(unsafe.Pointer(rlim)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getrusage(who int, rusage *rusage_zos) (err error) {
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETRUSAGE<<4, uintptr(who), uintptr(unsafe.Pointer(rusage)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	runtime.EnterSyscall()
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETEGID<<4)
+	runtime.ExitSyscall()
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	runtime.EnterSyscall()
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETEUID<<4)
+	runtime.ExitSyscall()
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETSID<<4, uintptr(pid))
+	sid = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETUID<<4)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, sig Signal) (err error) {
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_KILL<<4, uintptr(pid), uintptr(sig))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LCHOWN_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LINK_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldPath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newPath)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LINKAT_A<<4, uintptr(oldDirFd), uintptr(unsafe.Pointer(_p0)), uintptr(newDirFd), uintptr(unsafe.Pointer(_p1)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_LinkatAddr() *(func(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error))
+
+var Linkat = enter_Linkat
+
+func enter_Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) {
+	funcref := get_LinkatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___LINKAT_A<<4, "") == 0 {
+		*funcref = impl_Linkat
+	} else {
+		*funcref = error_Linkat
+	}
+	return (*funcref)(oldDirFd, oldPath, newDirFd, newPath, flags)
+}
+
+func error_Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_LISTEN<<4, uintptr(s), uintptr(n))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func lstat(path string, stat *Stat_LE_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LSTAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKDIR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKDIRAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_MkdiratAddr() *(func(dirfd int, path string, mode uint32) (err error))
+
+var Mkdirat = enter_Mkdirat
+
+func enter_Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	funcref := get_MkdiratAddr()
+	if funcptrtest(GetZosLibVec()+SYS___MKDIRAT_A<<4, "") == 0 {
+		*funcref = impl_Mkdirat
+	} else {
+		*funcref = error_Mkdirat
+	}
+	return (*funcref)(dirfd, path, mode)
+}
+
+func error_Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKFIFO_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKNOD_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKNODAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_MknodatAddr() *(func(dirfd int, path string, mode uint32, dev int) (err error))
+
+var Mknodat = enter_Mknodat
+
+func enter_Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	funcref := get_MknodatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___MKNODAT_A<<4, "") == 0 {
+		*funcref = impl_Mknodat
+	} else {
+		*funcref = error_Mknodat
+	}
+	return (*funcref)(dirfd, path, mode, dev)
+}
+
+func error_Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_PivotRoot(newroot string, oldroot string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(newroot)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(oldroot)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___PIVOT_ROOT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_PivotRootAddr() *(func(newroot string, oldroot string) (err error))
+
+var PivotRoot = enter_PivotRoot
+
+func enter_PivotRoot(newroot string, oldroot string) (err error) {
+	funcref := get_PivotRootAddr()
+	if funcptrtest(GetZosLibVec()+SYS___PIVOT_ROOT_A<<4, "") == 0 {
+		*funcref = impl_PivotRoot
+	} else {
+		*funcref = error_PivotRoot
+	}
+	return (*funcref)(newroot, oldroot)
+}
+
+func error_PivotRoot(newroot string, oldroot string) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PREAD<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset))
+	runtime.ExitSyscall()
+	n = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := syscall_syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
-	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PWRITE<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset))
+	runtime.ExitSyscall()
+	n = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getrlimit(resource int, rlim *Rlimit) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+func impl_Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___PRCTL_A<<4, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_PrctlAddr() *(func(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error))
 
-func getrusage(who int, rusage *rusage_zos) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+var Prctl = enter_Prctl
+
+func enter_Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
+	funcref := get_PrctlAddr()
+	if funcptrtest(GetZosLibVec()+SYS___PRCTL_A<<4, "") == 0 {
+		*funcref = impl_Prctl
+	} else {
+		*funcref = error_Prctl
 	}
-	return
+	return (*funcref)(option, arg2, arg3, arg4, arg5)
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := syscall_rawsyscall(SYS_GETSID, uintptr(pid), 0, 0)
-	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
+func error_Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getuid() (uid int) {
-	r0, _, _ := syscall_rawsyscall(SYS_GETUID, 0, 0, 0)
-	uid = int(r0)
+func impl_Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PRLIMIT<<4, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_PrlimitAddr() *(func(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error))
 
-func Kill(pid int, sig Signal) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+var Prlimit = enter_Prlimit
+
+func enter_Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
+	funcref := get_PrlimitAddr()
+	if funcptrtest(GetZosLibVec()+SYS_PRLIMIT<<4, "") == 0 {
+		*funcref = impl_Prlimit
+	} else {
+		*funcref = error_Prlimit
 	}
+	return (*funcref)(pid, resource, newlimit, old)
+}
+
+func error_Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Lchown(path string, uid int, gid int) (err error) {
+func Rename(from string, to string) (err error) {
 	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___LCHOWN_A, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RENAME_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Link(path string, link string) (err error) {
+func impl_Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
 	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
+	_p0, err = BytePtrFromString(oldpath)
 	if err != nil {
 		return
 	}
 	var _p1 *byte
-	_p1, err = BytePtrFromString(link)
+	_p1, err = BytePtrFromString(newpath)
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___LINK_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RENAMEAT_A<<4, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_RenameatAddr() *(func(olddirfd int, oldpath string, newdirfd int, newpath string) (err error))
 
-func Listen(s int, n int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+var Renameat = enter_Renameat
+
+func enter_Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	funcref := get_RenameatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___RENAMEAT_A<<4, "") == 0 {
+		*funcref = impl_Renameat
+	} else {
+		*funcref = error_Renameat
 	}
+	return (*funcref)(olddirfd, oldpath, newdirfd, newpath)
+}
+
+func error_Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func lstat(path string, stat *Stat_LE_t) (err error) {
+func impl_Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) {
 	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___LSTAT_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RENAMEAT2_A<<4, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_Renameat2Addr() *(func(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error))
 
-func Mkdir(path string, mode uint32) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := syscall_syscall(SYS___MKDIR_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+var Renameat2 = enter_Renameat2
+
+func enter_Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) {
+	funcref := get_Renameat2Addr()
+	if funcptrtest(GetZosLibVec()+SYS___RENAMEAT2_A<<4, "") == 0 {
+		*funcref = impl_Renameat2
+	} else {
+		*funcref = error_Renameat2
 	}
+	return (*funcref)(olddirfd, oldpath, newdirfd, newpath, flags)
+}
+
+func error_Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) {
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Mkfifo(path string, mode uint32) (err error) {
+func Rmdir(path string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___MKFIFO_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RMDIR_A<<4, uintptr(unsafe.Pointer(_p0)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Mknod(path string, mode uint32, dev int) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := syscall_syscall(SYS___MKNOD_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
-	if e1 != 0 {
-		err = errnoErr(e1)
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_LSEEK<<4, uintptr(fd), uintptr(offset), uintptr(whence))
+	runtime.ExitSyscall()
+	off = int64(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Pread(fd int, p []byte, offset int64) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(p) > 0 {
-		_p0 = unsafe.Pointer(&p[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
+func Setegid(egid int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETEGID<<4, uintptr(egid))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
-	r0, _, e1 := syscall_syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETEUID<<4, uintptr(euid))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+func impl_Sethostname(p []byte) (err error) {
 	var _p0 unsafe.Pointer
 	if len(p) > 0 {
 		_p0 = unsafe.Pointer(&p[0])
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := syscall_syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SETHOSTNAME_A<<4, uintptr(_p0), uintptr(len(p)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_SethostnameAddr() *(func(p []byte) (err error))
 
-func Readlink(path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
+var Sethostname = enter_Sethostname
+
+func enter_Sethostname(p []byte) (err error) {
+	funcref := get_SethostnameAddr()
+	if funcptrtest(GetZosLibVec()+SYS___SETHOSTNAME_A<<4, "") == 0 {
+		*funcref = impl_Sethostname
 	} else {
-		_p1 = unsafe.Pointer(&_zero)
+		*funcref = error_Sethostname
 	}
-	r0, _, e1 := syscall_syscall(SYS___READLINK_A, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
+	return (*funcref)(p)
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Rename(from string, to string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(from)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = BytePtrFromString(to)
-	if err != nil {
-		return
-	}
-	_, _, e1 := syscall_syscall(SYS___RENAME_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
+func error_Sethostname(p []byte) (err error) {
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Rmdir(path string) (err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := syscall_syscall(SYS___RMDIR_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+func impl_Setns(fd int, nstype int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETNS<<4, uintptr(fd), uintptr(nstype))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_SetnsAddr() *(func(fd int, nstype int) (err error))
 
-func Seek(fd int, offset int64, whence int) (off int64, err error) {
-	r0, _, e1 := syscall_syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
-	off = int64(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+var Setns = enter_Setns
+
+func enter_Setns(fd int, nstype int) (err error) {
+	funcref := get_SetnsAddr()
+	if funcptrtest(GetZosLibVec()+SYS_SETNS<<4, "") == 0 {
+		*funcref = impl_Setns
+	} else {
+		*funcref = error_Setns
 	}
+	return (*funcref)(fd, nstype)
+}
+
+func error_Setns(fd int, nstype int) (err error) {
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETPRIORITY<<4, uintptr(which), uintptr(who), uintptr(prio))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -971,9 +2910,9 @@ func Setpriority(which int, who int, prio int) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETPGID<<4, uintptr(pid), uintptr(pgid))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -981,9 +2920,9 @@ func Setpgid(pid int, pgid int) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setrlimit(resource int, lim *Rlimit) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(lim)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETRLIMIT<<4, uintptr(resource), uintptr(unsafe.Pointer(lim)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -991,9 +2930,9 @@ func Setrlimit(resource int, lim *Rlimit) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETREGID<<4, uintptr(rgid), uintptr(egid))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1001,9 +2940,9 @@ func Setregid(rgid int, egid int) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETREUID<<4, uintptr(ruid), uintptr(euid))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1011,10 +2950,10 @@ func Setreuid(ruid int, euid int) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setsid() (pid int, err error) {
-	r0, _, e1 := syscall_rawsyscall(SYS_SETSID, 0, 0, 0)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec() + SYS_SETSID<<4)
 	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1022,9 +2961,11 @@ func Setsid() (pid int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setuid(uid int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_SETUID, uintptr(uid), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETUID<<4, uintptr(uid))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1032,9 +2973,11 @@ func Setuid(uid int) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setgid(uid int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_SETGID, uintptr(uid), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETGID<<4, uintptr(uid))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1042,9 +2985,11 @@ func Setgid(uid int) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Shutdown(fd int, how int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHUTDOWN<<4, uintptr(fd), uintptr(how))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1057,9 +3002,11 @@ func stat(path string, statLE *Stat_LE_t) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___STAT_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(statLE)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___STAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(statLE)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1077,17 +3024,63 @@ func Symlink(path string, link string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___SYMLINK_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SYMLINK_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Symlinkat(oldPath string, dirfd int, newPath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldPath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newPath)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SYMLINKAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(dirfd), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
+//go:nosplit
+func get_SymlinkatAddr() *(func(oldPath string, dirfd int, newPath string) (err error))
+
+var Symlinkat = enter_Symlinkat
+
+func enter_Symlinkat(oldPath string, dirfd int, newPath string) (err error) {
+	funcref := get_SymlinkatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___SYMLINKAT_A<<4, "") == 0 {
+		*funcref = impl_Symlinkat
+	} else {
+		*funcref = error_Symlinkat
+	}
+	return (*funcref)(oldPath, dirfd, newPath)
+}
+
+func error_Symlinkat(oldPath string, dirfd int, newPath string) (err error) {
+	err = ENOSYS
+	return
+}
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Sync() {
-	syscall_syscall(SYS_SYNC, 0, 0, 0)
+	runtime.EnterSyscall()
+	CallLeFuncWithErr(GetZosLibVec() + SYS_SYNC<<4)
+	runtime.ExitSyscall()
 	return
 }
 
@@ -1099,9 +3092,11 @@ func Truncate(path string, length int64) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___TRUNCATE_A, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___TRUNCATE_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(length))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1109,9 +3104,11 @@ func Truncate(path string, length int64) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Tcgetattr(fildes int, termptr *Termios) (err error) {
-	_, _, e1 := syscall_syscall(SYS_TCGETATTR, uintptr(fildes), uintptr(unsafe.Pointer(termptr)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TCGETATTR<<4, uintptr(fildes), uintptr(unsafe.Pointer(termptr)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1119,9 +3116,11 @@ func Tcgetattr(fildes int, termptr *Termios) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Tcsetattr(fildes int, when int, termptr *Termios) (err error) {
-	_, _, e1 := syscall_syscall(SYS_TCSETATTR, uintptr(fildes), uintptr(when), uintptr(unsafe.Pointer(termptr)))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TCSETATTR<<4, uintptr(fildes), uintptr(when), uintptr(unsafe.Pointer(termptr)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1129,7 +3128,9 @@ func Tcsetattr(fildes int, when int, termptr *Termios) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Umask(mask int) (oldmask int) {
-	r0, _, _ := syscall_syscall(SYS_UMASK, uintptr(mask), 0, 0)
+	runtime.EnterSyscall()
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec()+SYS_UMASK<<4, uintptr(mask))
+	runtime.ExitSyscall()
 	oldmask = int(r0)
 	return
 }
@@ -1142,10 +3143,49 @@ func Unlink(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___UNLINK_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UNLINK_A<<4, uintptr(unsafe.Pointer(_p0)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UNLINKAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_UnlinkatAddr() *(func(dirfd int, path string, flags int) (err error))
+
+var Unlinkat = enter_Unlinkat
+
+func enter_Unlinkat(dirfd int, path string, flags int) (err error) {
+	funcref := get_UnlinkatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___UNLINKAT_A<<4, "") == 0 {
+		*funcref = impl_Unlinkat
+	} else {
+		*funcref = error_Unlinkat
 	}
+	return (*funcref)(dirfd, path, flags)
+}
+
+func error_Unlinkat(dirfd int, path string, flags int) (err error) {
+	err = ENOSYS
 	return
 }
 
@@ -1157,9 +3197,11 @@ func Utime(path string, utim *Utimbuf) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___UTIME_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(utim)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UTIME_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(utim)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1172,11 +3214,91 @@ func open(path string, mode int, perm uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := syscall_syscall(SYS___OPEN_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___OPEN_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___OPENAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_openatAddr() *(func(dirfd int, path string, flags int, mode uint32) (fd int, err error))
+
+var openat = enter_openat
+
+func enter_openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	funcref := get_openatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___OPENAT_A<<4, "") == 0 {
+		*funcref = impl_openat
+	} else {
+		*funcref = error_openat
+	}
+	return (*funcref)(dirfd, path, flags, mode)
+}
+
+func error_openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___OPENAT2_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(open_how)), uintptr(size))
+	runtime.ExitSyscall()
 	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_openat2Addr() *(func(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error))
+
+var openat2 = enter_openat2
+
+func enter_openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) {
+	funcref := get_openat2Addr()
+	if funcptrtest(GetZosLibVec()+SYS___OPENAT2_A<<4, "") == 0 {
+		*funcref = impl_openat2
+	} else {
+		*funcref = error_openat2
 	}
+	return (*funcref)(dirfd, path, open_how, size)
+}
+
+func error_openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
 	return
 }
 
@@ -1188,9 +3310,23 @@ func remove(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS_REMOVE, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_REMOVE<<4, uintptr(unsafe.Pointer(_p0)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func waitid(idType int, id int, info *Siginfo, options int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WAITID<<4, uintptr(idType), uintptr(id), uintptr(unsafe.Pointer(info)), uintptr(options))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1198,10 +3334,12 @@ func remove(path string) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func waitpid(pid int, wstatus *_C_int, options int) (wpid int, err error) {
-	r0, _, e1 := syscall_syscall(SYS_WAITPID, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WAITPID<<4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options))
+	runtime.ExitSyscall()
 	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1209,9 +3347,9 @@ func waitpid(pid int, wstatus *_C_int, options int) (wpid int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func gettimeofday(tv *timeval_zos) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETTIMEOFDAY<<4, uintptr(unsafe.Pointer(tv)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1219,9 +3357,9 @@ func gettimeofday(tv *timeval_zos) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func pipe(p *[2]_C_int) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PIPE<<4, uintptr(unsafe.Pointer(p)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1234,20 +3372,87 @@ func utimes(path string, timeval *[2]Timeval) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___UTIMES_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UTIMES_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(nmsgsfds int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (ret int, err error) {
-	r0, _, e1 := syscall_syscall6(SYS_SELECT, uintptr(nmsgsfds), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+func impl_utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UTIMENSAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(ts)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_utimensatAddr() *(func(dirfd int, path string, ts *[2]Timespec, flags int) (err error))
+
+var utimensat = enter_utimensat
+
+func enter_utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) {
+	funcref := get_utimensatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___UTIMENSAT_A<<4, "") == 0 {
+		*funcref = impl_utimensat
+	} else {
+		*funcref = error_utimensat
+	}
+	return (*funcref)(dirfd, path, ts, flags)
+}
+
+func error_utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Posix_openpt(oflag int) (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_POSIX_OPENPT<<4, uintptr(oflag))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Grantpt(fildes int) (rc int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GRANTPT<<4, uintptr(fildes))
+	runtime.ExitSyscall()
+	rc = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlockpt(fildes int) (rc int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_UNLOCKPT<<4, uintptr(fildes))
+	runtime.ExitSyscall()
+	rc = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
index fcf3ecbdde..53aef5dc58 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
@@ -448,4 +448,13 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
 	SYS_FCHMODAT2                    = 452
+	SYS_MAP_SHADOW_STACK             = 453
+	SYS_FUTEX_WAKE                   = 454
+	SYS_FUTEX_WAIT                   = 455
+	SYS_FUTEX_REQUEUE                = 456
+	SYS_STATMOUNT                    = 457
+	SYS_LISTMOUNT                    = 458
+	SYS_LSM_GET_SELF_ATTR            = 459
+	SYS_LSM_SET_SELF_ATTR            = 460
+	SYS_LSM_LIST_MODULES             = 461
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
index f56dc2504a..71d524763d 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -371,4 +371,12 @@ const (
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
 	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
index 974bf24676..c747706131 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
@@ -412,4 +412,13 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
 	SYS_FCHMODAT2                    = 452
+	SYS_MAP_SHADOW_STACK             = 453
+	SYS_FUTEX_WAKE                   = 454
+	SYS_FUTEX_WAIT                   = 455
+	SYS_FUTEX_REQUEUE                = 456
+	SYS_STATMOUNT                    = 457
+	SYS_LISTMOUNT                    = 458
+	SYS_LSM_GET_SELF_ATTR            = 459
+	SYS_LSM_SET_SELF_ATTR            = 460
+	SYS_LSM_LIST_MODULES             = 461
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
index 39a2739e23..f96e214f6d 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -315,4 +315,13 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
index cf9c9d77e1..28425346cf 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
@@ -309,4 +309,13 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
index 10b7362ef4..d0953018da 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
@@ -432,4 +432,13 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
 	SYS_CACHESTAT                    = 4451
 	SYS_FCHMODAT2                    = 4452
+	SYS_MAP_SHADOW_STACK             = 4453
+	SYS_FUTEX_WAKE                   = 4454
+	SYS_FUTEX_WAIT                   = 4455
+	SYS_FUTEX_REQUEUE                = 4456
+	SYS_STATMOUNT                    = 4457
+	SYS_LISTMOUNT                    = 4458
+	SYS_LSM_GET_SELF_ATTR            = 4459
+	SYS_LSM_SET_SELF_ATTR            = 4460
+	SYS_LSM_LIST_MODULES             = 4461
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
index cd4d8b4fd3..295c7f4b81 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
@@ -362,4 +362,13 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
 	SYS_CACHESTAT               = 5451
 	SYS_FCHMODAT2               = 5452
+	SYS_MAP_SHADOW_STACK        = 5453
+	SYS_FUTEX_WAKE              = 5454
+	SYS_FUTEX_WAIT              = 5455
+	SYS_FUTEX_REQUEUE           = 5456
+	SYS_STATMOUNT               = 5457
+	SYS_LISTMOUNT               = 5458
+	SYS_LSM_GET_SELF_ATTR       = 5459
+	SYS_LSM_SET_SELF_ATTR       = 5460
+	SYS_LSM_LIST_MODULES        = 5461
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
index 2c0efca818..d1a9eaca7a 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
@@ -362,4 +362,13 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
 	SYS_CACHESTAT               = 5451
 	SYS_FCHMODAT2               = 5452
+	SYS_MAP_SHADOW_STACK        = 5453
+	SYS_FUTEX_WAKE              = 5454
+	SYS_FUTEX_WAIT              = 5455
+	SYS_FUTEX_REQUEUE           = 5456
+	SYS_STATMOUNT               = 5457
+	SYS_LISTMOUNT               = 5458
+	SYS_LSM_GET_SELF_ATTR       = 5459
+	SYS_LSM_SET_SELF_ATTR       = 5460
+	SYS_LSM_LIST_MODULES        = 5461
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
index a72e31d391..bec157c39f 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
@@ -432,4 +432,13 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
 	SYS_CACHESTAT                    = 4451
 	SYS_FCHMODAT2                    = 4452
+	SYS_MAP_SHADOW_STACK             = 4453
+	SYS_FUTEX_WAKE                   = 4454
+	SYS_FUTEX_WAIT                   = 4455
+	SYS_FUTEX_REQUEUE                = 4456
+	SYS_STATMOUNT                    = 4457
+	SYS_LISTMOUNT                    = 4458
+	SYS_LSM_GET_SELF_ATTR            = 4459
+	SYS_LSM_SET_SELF_ATTR            = 4460
+	SYS_LSM_LIST_MODULES             = 4461
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
index c7d1e37471..7ee7bdc435 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
@@ -439,4 +439,13 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
 	SYS_FCHMODAT2                    = 452
+	SYS_MAP_SHADOW_STACK             = 453
+	SYS_FUTEX_WAKE                   = 454
+	SYS_FUTEX_WAIT                   = 455
+	SYS_FUTEX_REQUEUE                = 456
+	SYS_STATMOUNT                    = 457
+	SYS_LISTMOUNT                    = 458
+	SYS_LSM_GET_SELF_ATTR            = 459
+	SYS_LSM_SET_SELF_ATTR            = 460
+	SYS_LSM_LIST_MODULES             = 461
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
index f4d4838c87..fad1f25b44 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
@@ -411,4 +411,13 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
index b64f0e5911..7d3e16357d 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
@@ -411,4 +411,13 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
index 95711195a0..0ed53ad9f7 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -316,4 +316,13 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
index f94e943bc4..2fba04ad50 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
@@ -377,4 +377,13 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
index ba0c2bc515..621d00d741 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
@@ -390,4 +390,13 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
index b2e3085819..5e8c263ca9 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
@@ -1,2669 +1,2852 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
+// go run mksyscall_zos_s390x.go -o_sysnum zsysnum_zos_s390x.go -o_syscall zsyscall_zos_s390x.go -i_syscall syscall_zos_s390x.go -o_asm zsymaddr_zos_s390x.s
+// Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build zos && s390x
 
 package unix
 
-// TODO: auto-generate.
-
 const (
-	SYS_ACOSD128                        = 0xB80
-	SYS_ACOSD32                         = 0xB7E
-	SYS_ACOSD64                         = 0xB7F
-	SYS_ACOSHD128                       = 0xB83
-	SYS_ACOSHD32                        = 0xB81
-	SYS_ACOSHD64                        = 0xB82
-	SYS_AIO_FSYNC                       = 0xC69
-	SYS_ASCTIME                         = 0x0AE
-	SYS_ASCTIME64                       = 0xCD7
-	SYS_ASCTIME64_R                     = 0xCD8
-	SYS_ASIND128                        = 0xB86
-	SYS_ASIND32                         = 0xB84
-	SYS_ASIND64                         = 0xB85
-	SYS_ASINHD128                       = 0xB89
-	SYS_ASINHD32                        = 0xB87
-	SYS_ASINHD64                        = 0xB88
-	SYS_ATAN2D128                       = 0xB8F
-	SYS_ATAN2D32                        = 0xB8D
-	SYS_ATAN2D64                        = 0xB8E
-	SYS_ATAND128                        = 0xB8C
-	SYS_ATAND32                         = 0xB8A
-	SYS_ATAND64                         = 0xB8B
-	SYS_ATANHD128                       = 0xB92
-	SYS_ATANHD32                        = 0xB90
-	SYS_ATANHD64                        = 0xB91
-	SYS_BIND2ADDRSEL                    = 0xD59
-	SYS_C16RTOMB                        = 0xD40
-	SYS_C32RTOMB                        = 0xD41
-	SYS_CBRTD128                        = 0xB95
-	SYS_CBRTD32                         = 0xB93
-	SYS_CBRTD64                         = 0xB94
-	SYS_CEILD128                        = 0xB98
-	SYS_CEILD32                         = 0xB96
-	SYS_CEILD64                         = 0xB97
-	SYS_CLEARENV                        = 0x0C9
-	SYS_CLEARERR_UNLOCKED               = 0xCA1
-	SYS_CLOCK                           = 0x0AA
-	SYS_CLOGL                           = 0xA00
-	SYS_CLRMEMF                         = 0x0BD
-	SYS_CONJ                            = 0xA03
-	SYS_CONJF                           = 0xA06
-	SYS_CONJL                           = 0xA09
-	SYS_COPYSIGND128                    = 0xB9E
-	SYS_COPYSIGND32                     = 0xB9C
-	SYS_COPYSIGND64                     = 0xB9D
-	SYS_COSD128                         = 0xBA1
-	SYS_COSD32                          = 0xB9F
-	SYS_COSD64                          = 0xBA0
-	SYS_COSHD128                        = 0xBA4
-	SYS_COSHD32                         = 0xBA2
-	SYS_COSHD64                         = 0xBA3
-	SYS_CPOW                            = 0xA0C
-	SYS_CPOWF                           = 0xA0F
-	SYS_CPOWL                           = 0xA12
-	SYS_CPROJ                           = 0xA15
-	SYS_CPROJF                          = 0xA18
-	SYS_CPROJL                          = 0xA1B
-	SYS_CREAL                           = 0xA1E
-	SYS_CREALF                          = 0xA21
-	SYS_CREALL                          = 0xA24
-	SYS_CSIN                            = 0xA27
-	SYS_CSINF                           = 0xA2A
-	SYS_CSINH                           = 0xA30
-	SYS_CSINHF                          = 0xA33
-	SYS_CSINHL                          = 0xA36
-	SYS_CSINL                           = 0xA2D
-	SYS_CSNAP                           = 0x0C5
-	SYS_CSQRT                           = 0xA39
-	SYS_CSQRTF                          = 0xA3C
-	SYS_CSQRTL                          = 0xA3F
-	SYS_CTAN                            = 0xA42
-	SYS_CTANF                           = 0xA45
-	SYS_CTANH                           = 0xA4B
-	SYS_CTANHF                          = 0xA4E
-	SYS_CTANHL                          = 0xA51
-	SYS_CTANL                           = 0xA48
-	SYS_CTIME                           = 0x0AB
-	SYS_CTIME64                         = 0xCD9
-	SYS_CTIME64_R                       = 0xCDA
-	SYS_CTRACE                          = 0x0C6
-	SYS_DIFFTIME                        = 0x0A7
-	SYS_DIFFTIME64                      = 0xCDB
-	SYS_DLADDR                          = 0xC82
-	SYS_DYNALLOC                        = 0x0C3
-	SYS_DYNFREE                         = 0x0C2
-	SYS_ERFCD128                        = 0xBAA
-	SYS_ERFCD32                         = 0xBA8
-	SYS_ERFCD64                         = 0xBA9
-	SYS_ERFD128                         = 0xBA7
-	SYS_ERFD32                          = 0xBA5
-	SYS_ERFD64                          = 0xBA6
-	SYS_EXP2D128                        = 0xBB0
-	SYS_EXP2D32                         = 0xBAE
-	SYS_EXP2D64                         = 0xBAF
-	SYS_EXPD128                         = 0xBAD
-	SYS_EXPD32                          = 0xBAB
-	SYS_EXPD64                          = 0xBAC
-	SYS_EXPM1D128                       = 0xBB3
-	SYS_EXPM1D32                        = 0xBB1
-	SYS_EXPM1D64                        = 0xBB2
-	SYS_FABSD128                        = 0xBB6
-	SYS_FABSD32                         = 0xBB4
-	SYS_FABSD64                         = 0xBB5
-	SYS_FDELREC_UNLOCKED                = 0xCA2
-	SYS_FDIMD128                        = 0xBB9
-	SYS_FDIMD32                         = 0xBB7
-	SYS_FDIMD64                         = 0xBB8
-	SYS_FDOPEN_UNLOCKED                 = 0xCFC
-	SYS_FECLEAREXCEPT                   = 0xAEA
-	SYS_FEGETENV                        = 0xAEB
-	SYS_FEGETEXCEPTFLAG                 = 0xAEC
-	SYS_FEGETROUND                      = 0xAED
-	SYS_FEHOLDEXCEPT                    = 0xAEE
-	SYS_FEOF_UNLOCKED                   = 0xCA3
-	SYS_FERAISEEXCEPT                   = 0xAEF
-	SYS_FERROR_UNLOCKED                 = 0xCA4
-	SYS_FESETENV                        = 0xAF0
-	SYS_FESETEXCEPTFLAG                 = 0xAF1
-	SYS_FESETROUND                      = 0xAF2
-	SYS_FETCHEP                         = 0x0BF
-	SYS_FETESTEXCEPT                    = 0xAF3
-	SYS_FEUPDATEENV                     = 0xAF4
-	SYS_FE_DEC_GETROUND                 = 0xBBA
-	SYS_FE_DEC_SETROUND                 = 0xBBB
-	SYS_FFLUSH_UNLOCKED                 = 0xCA5
-	SYS_FGETC_UNLOCKED                  = 0xC80
-	SYS_FGETPOS64                       = 0xCEE
-	SYS_FGETPOS64_UNLOCKED              = 0xCF4
-	SYS_FGETPOS_UNLOCKED                = 0xCA6
-	SYS_FGETS_UNLOCKED                  = 0xC7C
-	SYS_FGETWC_UNLOCKED                 = 0xCA7
-	SYS_FGETWS_UNLOCKED                 = 0xCA8
-	SYS_FILENO_UNLOCKED                 = 0xCA9
-	SYS_FLDATA                          = 0x0C1
-	SYS_FLDATA_UNLOCKED                 = 0xCAA
-	SYS_FLOCATE_UNLOCKED                = 0xCAB
-	SYS_FLOORD128                       = 0xBBE
-	SYS_FLOORD32                        = 0xBBC
-	SYS_FLOORD64                        = 0xBBD
-	SYS_FMA                             = 0xA63
-	SYS_FMAD128                         = 0xBC1
-	SYS_FMAD32                          = 0xBBF
-	SYS_FMAD64                          = 0xBC0
-	SYS_FMAF                            = 0xA66
-	SYS_FMAL                            = 0xA69
-	SYS_FMAX                            = 0xA6C
-	SYS_FMAXD128                        = 0xBC4
-	SYS_FMAXD32                         = 0xBC2
-	SYS_FMAXD64                         = 0xBC3
-	SYS_FMAXF                           = 0xA6F
-	SYS_FMAXL                           = 0xA72
-	SYS_FMIN                            = 0xA75
-	SYS_FMIND128                        = 0xBC7
-	SYS_FMIND32                         = 0xBC5
-	SYS_FMIND64                         = 0xBC6
-	SYS_FMINF                           = 0xA78
-	SYS_FMINL                           = 0xA7B
-	SYS_FMODD128                        = 0xBCA
-	SYS_FMODD32                         = 0xBC8
-	SYS_FMODD64                         = 0xBC9
-	SYS_FOPEN64                         = 0xD49
-	SYS_FOPEN64_UNLOCKED                = 0xD4A
-	SYS_FOPEN_UNLOCKED                  = 0xCFA
-	SYS_FPRINTF_UNLOCKED                = 0xCAC
-	SYS_FPUTC_UNLOCKED                  = 0xC81
-	SYS_FPUTS_UNLOCKED                  = 0xC7E
-	SYS_FPUTWC_UNLOCKED                 = 0xCAD
-	SYS_FPUTWS_UNLOCKED                 = 0xCAE
-	SYS_FREAD_NOUPDATE                  = 0xCEC
-	SYS_FREAD_NOUPDATE_UNLOCKED         = 0xCED
-	SYS_FREAD_UNLOCKED                  = 0xC7B
-	SYS_FREEIFADDRS                     = 0xCE6
-	SYS_FREOPEN64                       = 0xD4B
-	SYS_FREOPEN64_UNLOCKED              = 0xD4C
-	SYS_FREOPEN_UNLOCKED                = 0xCFB
-	SYS_FREXPD128                       = 0xBCE
-	SYS_FREXPD32                        = 0xBCC
-	SYS_FREXPD64                        = 0xBCD
-	SYS_FSCANF_UNLOCKED                 = 0xCAF
-	SYS_FSEEK64                         = 0xCEF
-	SYS_FSEEK64_UNLOCKED                = 0xCF5
-	SYS_FSEEKO64                        = 0xCF0
-	SYS_FSEEKO64_UNLOCKED               = 0xCF6
-	SYS_FSEEKO_UNLOCKED                 = 0xCB1
-	SYS_FSEEK_UNLOCKED                  = 0xCB0
-	SYS_FSETPOS64                       = 0xCF1
-	SYS_FSETPOS64_UNLOCKED              = 0xCF7
-	SYS_FSETPOS_UNLOCKED                = 0xCB3
-	SYS_FTELL64                         = 0xCF2
-	SYS_FTELL64_UNLOCKED                = 0xCF8
-	SYS_FTELLO64                        = 0xCF3
-	SYS_FTELLO64_UNLOCKED               = 0xCF9
-	SYS_FTELLO_UNLOCKED                 = 0xCB5
-	SYS_FTELL_UNLOCKED                  = 0xCB4
-	SYS_FUPDATE                         = 0x0B5
-	SYS_FUPDATE_UNLOCKED                = 0xCB7
-	SYS_FWIDE_UNLOCKED                  = 0xCB8
-	SYS_FWPRINTF_UNLOCKED               = 0xCB9
-	SYS_FWRITE_UNLOCKED                 = 0xC7A
-	SYS_FWSCANF_UNLOCKED                = 0xCBA
-	SYS_GETDATE64                       = 0xD4F
-	SYS_GETIFADDRS                      = 0xCE7
-	SYS_GETIPV4SOURCEFILTER             = 0xC77
-	SYS_GETSOURCEFILTER                 = 0xC79
-	SYS_GETSYNTX                        = 0x0FD
-	SYS_GETS_UNLOCKED                   = 0xC7D
-	SYS_GETTIMEOFDAY64                  = 0xD50
-	SYS_GETWCHAR_UNLOCKED               = 0xCBC
-	SYS_GETWC_UNLOCKED                  = 0xCBB
-	SYS_GMTIME                          = 0x0B0
-	SYS_GMTIME64                        = 0xCDC
-	SYS_GMTIME64_R                      = 0xCDD
-	SYS_HYPOTD128                       = 0xBD1
-	SYS_HYPOTD32                        = 0xBCF
-	SYS_HYPOTD64                        = 0xBD0
-	SYS_ILOGBD128                       = 0xBD4
-	SYS_ILOGBD32                        = 0xBD2
-	SYS_ILOGBD64                        = 0xBD3
-	SYS_ILOGBF                          = 0xA7E
-	SYS_ILOGBL                          = 0xA81
-	SYS_INET6_IS_SRCADDR                = 0xD5A
-	SYS_ISBLANK                         = 0x0FE
-	SYS_ISWALNUM                        = 0x0FF
-	SYS_LDEXPD128                       = 0xBD7
-	SYS_LDEXPD32                        = 0xBD5
-	SYS_LDEXPD64                        = 0xBD6
-	SYS_LGAMMAD128                      = 0xBDA
-	SYS_LGAMMAD32                       = 0xBD8
-	SYS_LGAMMAD64                       = 0xBD9
-	SYS_LIO_LISTIO                      = 0xC6A
-	SYS_LLRINT                          = 0xA84
-	SYS_LLRINTD128                      = 0xBDD
-	SYS_LLRINTD32                       = 0xBDB
-	SYS_LLRINTD64                       = 0xBDC
-	SYS_LLRINTF                         = 0xA87
-	SYS_LLRINTL                         = 0xA8A
-	SYS_LLROUND                         = 0xA8D
-	SYS_LLROUNDD128                     = 0xBE0
-	SYS_LLROUNDD32                      = 0xBDE
-	SYS_LLROUNDD64                      = 0xBDF
-	SYS_LLROUNDF                        = 0xA90
-	SYS_LLROUNDL                        = 0xA93
-	SYS_LOCALTIM                        = 0x0B1
-	SYS_LOCALTIME                       = 0x0B1
-	SYS_LOCALTIME64                     = 0xCDE
-	SYS_LOCALTIME64_R                   = 0xCDF
-	SYS_LOG10D128                       = 0xBE6
-	SYS_LOG10D32                        = 0xBE4
-	SYS_LOG10D64                        = 0xBE5
-	SYS_LOG1PD128                       = 0xBE9
-	SYS_LOG1PD32                        = 0xBE7
-	SYS_LOG1PD64                        = 0xBE8
-	SYS_LOG2D128                        = 0xBEC
-	SYS_LOG2D32                         = 0xBEA
-	SYS_LOG2D64                         = 0xBEB
-	SYS_LOGBD128                        = 0xBEF
-	SYS_LOGBD32                         = 0xBED
-	SYS_LOGBD64                         = 0xBEE
-	SYS_LOGBF                           = 0xA96
-	SYS_LOGBL                           = 0xA99
-	SYS_LOGD128                         = 0xBE3
-	SYS_LOGD32                          = 0xBE1
-	SYS_LOGD64                          = 0xBE2
-	SYS_LRINT                           = 0xA9C
-	SYS_LRINTD128                       = 0xBF2
-	SYS_LRINTD32                        = 0xBF0
-	SYS_LRINTD64                        = 0xBF1
-	SYS_LRINTF                          = 0xA9F
-	SYS_LRINTL                          = 0xAA2
-	SYS_LROUNDD128                      = 0xBF5
-	SYS_LROUNDD32                       = 0xBF3
-	SYS_LROUNDD64                       = 0xBF4
-	SYS_LROUNDL                         = 0xAA5
-	SYS_MBLEN                           = 0x0AF
-	SYS_MBRTOC16                        = 0xD42
-	SYS_MBRTOC32                        = 0xD43
-	SYS_MEMSET                          = 0x0A3
-	SYS_MKTIME                          = 0x0AC
-	SYS_MKTIME64                        = 0xCE0
-	SYS_MODFD128                        = 0xBF8
-	SYS_MODFD32                         = 0xBF6
-	SYS_MODFD64                         = 0xBF7
-	SYS_NAN                             = 0xAA8
-	SYS_NAND128                         = 0xBFB
-	SYS_NAND32                          = 0xBF9
-	SYS_NAND64                          = 0xBFA
-	SYS_NANF                            = 0xAAA
-	SYS_NANL                            = 0xAAC
-	SYS_NEARBYINT                       = 0xAAE
-	SYS_NEARBYINTD128                   = 0xBFE
-	SYS_NEARBYINTD32                    = 0xBFC
-	SYS_NEARBYINTD64                    = 0xBFD
-	SYS_NEARBYINTF                      = 0xAB1
-	SYS_NEARBYINTL                      = 0xAB4
-	SYS_NEXTAFTERD128                   = 0xC01
-	SYS_NEXTAFTERD32                    = 0xBFF
-	SYS_NEXTAFTERD64                    = 0xC00
-	SYS_NEXTAFTERF                      = 0xAB7
-	SYS_NEXTAFTERL                      = 0xABA
-	SYS_NEXTTOWARD                      = 0xABD
-	SYS_NEXTTOWARDD128                  = 0xC04
-	SYS_NEXTTOWARDD32                   = 0xC02
-	SYS_NEXTTOWARDD64                   = 0xC03
-	SYS_NEXTTOWARDF                     = 0xAC0
-	SYS_NEXTTOWARDL                     = 0xAC3
-	SYS_NL_LANGINFO                     = 0x0FC
-	SYS_PERROR_UNLOCKED                 = 0xCBD
-	SYS_POSIX_FALLOCATE                 = 0xCE8
-	SYS_POSIX_MEMALIGN                  = 0xCE9
-	SYS_POSIX_OPENPT                    = 0xC66
-	SYS_POWD128                         = 0xC07
-	SYS_POWD32                          = 0xC05
-	SYS_POWD64                          = 0xC06
-	SYS_PRINTF_UNLOCKED                 = 0xCBE
-	SYS_PSELECT                         = 0xC67
-	SYS_PTHREAD_ATTR_GETSTACK           = 0xB3E
-	SYS_PTHREAD_ATTR_SETSTACK           = 0xB3F
-	SYS_PTHREAD_SECURITY_APPLID_NP      = 0xCE4
-	SYS_PUTS_UNLOCKED                   = 0xC7F
-	SYS_PUTWCHAR_UNLOCKED               = 0xCC0
-	SYS_PUTWC_UNLOCKED                  = 0xCBF
-	SYS_QUANTEXPD128                    = 0xD46
-	SYS_QUANTEXPD32                     = 0xD44
-	SYS_QUANTEXPD64                     = 0xD45
-	SYS_QUANTIZED128                    = 0xC0A
-	SYS_QUANTIZED32                     = 0xC08
-	SYS_QUANTIZED64                     = 0xC09
-	SYS_REMAINDERD128                   = 0xC0D
-	SYS_REMAINDERD32                    = 0xC0B
-	SYS_REMAINDERD64                    = 0xC0C
-	SYS_RESIZE_ALLOC                    = 0xCEB
-	SYS_REWIND_UNLOCKED                 = 0xCC1
-	SYS_RINTD128                        = 0xC13
-	SYS_RINTD32                         = 0xC11
-	SYS_RINTD64                         = 0xC12
-	SYS_RINTF                           = 0xACB
-	SYS_RINTL                           = 0xACD
-	SYS_ROUND                           = 0xACF
-	SYS_ROUNDD128                       = 0xC16
-	SYS_ROUNDD32                        = 0xC14
-	SYS_ROUNDD64                        = 0xC15
-	SYS_ROUNDF                          = 0xAD2
-	SYS_ROUNDL                          = 0xAD5
-	SYS_SAMEQUANTUMD128                 = 0xC19
-	SYS_SAMEQUANTUMD32                  = 0xC17
-	SYS_SAMEQUANTUMD64                  = 0xC18
-	SYS_SCALBLN                         = 0xAD8
-	SYS_SCALBLND128                     = 0xC1C
-	SYS_SCALBLND32                      = 0xC1A
-	SYS_SCALBLND64                      = 0xC1B
-	SYS_SCALBLNF                        = 0xADB
-	SYS_SCALBLNL                        = 0xADE
-	SYS_SCALBND128                      = 0xC1F
-	SYS_SCALBND32                       = 0xC1D
-	SYS_SCALBND64                       = 0xC1E
-	SYS_SCALBNF                         = 0xAE3
-	SYS_SCALBNL                         = 0xAE6
-	SYS_SCANF_UNLOCKED                  = 0xCC2
-	SYS_SCHED_YIELD                     = 0xB32
-	SYS_SETENV                          = 0x0C8
-	SYS_SETIPV4SOURCEFILTER             = 0xC76
-	SYS_SETSOURCEFILTER                 = 0xC78
-	SYS_SHM_OPEN                        = 0xC8C
-	SYS_SHM_UNLINK                      = 0xC8D
-	SYS_SIND128                         = 0xC22
-	SYS_SIND32                          = 0xC20
-	SYS_SIND64                          = 0xC21
-	SYS_SINHD128                        = 0xC25
-	SYS_SINHD32                         = 0xC23
-	SYS_SINHD64                         = 0xC24
-	SYS_SIZEOF_ALLOC                    = 0xCEA
-	SYS_SOCKATMARK                      = 0xC68
-	SYS_SQRTD128                        = 0xC28
-	SYS_SQRTD32                         = 0xC26
-	SYS_SQRTD64                         = 0xC27
-	SYS_STRCHR                          = 0x0A0
-	SYS_STRCSPN                         = 0x0A1
-	SYS_STRERROR                        = 0x0A8
-	SYS_STRERROR_R                      = 0xB33
-	SYS_STRFTIME                        = 0x0B2
-	SYS_STRLEN                          = 0x0A9
-	SYS_STRPBRK                         = 0x0A2
-	SYS_STRSPN                          = 0x0A4
-	SYS_STRSTR                          = 0x0A5
-	SYS_STRTOD128                       = 0xC2B
-	SYS_STRTOD32                        = 0xC29
-	SYS_STRTOD64                        = 0xC2A
-	SYS_STRTOK                          = 0x0A6
-	SYS_TAND128                         = 0xC2E
-	SYS_TAND32                          = 0xC2C
-	SYS_TAND64                          = 0xC2D
-	SYS_TANHD128                        = 0xC31
-	SYS_TANHD32                         = 0xC2F
-	SYS_TANHD64                         = 0xC30
-	SYS_TGAMMAD128                      = 0xC34
-	SYS_TGAMMAD32                       = 0xC32
-	SYS_TGAMMAD64                       = 0xC33
-	SYS_TIME                            = 0x0AD
-	SYS_TIME64                          = 0xCE1
-	SYS_TMPFILE64                       = 0xD4D
-	SYS_TMPFILE64_UNLOCKED              = 0xD4E
-	SYS_TMPFILE_UNLOCKED                = 0xCFD
-	SYS_TRUNCD128                       = 0xC40
-	SYS_TRUNCD32                        = 0xC3E
-	SYS_TRUNCD64                        = 0xC3F
-	SYS_UNGETC_UNLOCKED                 = 0xCC3
-	SYS_UNGETWC_UNLOCKED                = 0xCC4
-	SYS_UNSETENV                        = 0xB34
-	SYS_VFPRINTF_UNLOCKED               = 0xCC5
-	SYS_VFSCANF_UNLOCKED                = 0xCC7
-	SYS_VFWPRINTF_UNLOCKED              = 0xCC9
-	SYS_VFWSCANF_UNLOCKED               = 0xCCB
-	SYS_VPRINTF_UNLOCKED                = 0xCCD
-	SYS_VSCANF_UNLOCKED                 = 0xCCF
-	SYS_VWPRINTF_UNLOCKED               = 0xCD1
-	SYS_VWSCANF_UNLOCKED                = 0xCD3
-	SYS_WCSTOD128                       = 0xC43
-	SYS_WCSTOD32                        = 0xC41
-	SYS_WCSTOD64                        = 0xC42
-	SYS_WPRINTF_UNLOCKED                = 0xCD5
-	SYS_WSCANF_UNLOCKED                 = 0xCD6
-	SYS__FLUSHLBF                       = 0xD68
-	SYS__FLUSHLBF_UNLOCKED              = 0xD6F
-	SYS___ACOSHF_H                      = 0xA54
-	SYS___ACOSHL_H                      = 0xA55
-	SYS___ASINHF_H                      = 0xA56
-	SYS___ASINHL_H                      = 0xA57
-	SYS___ATANPID128                    = 0xC6D
-	SYS___ATANPID32                     = 0xC6B
-	SYS___ATANPID64                     = 0xC6C
-	SYS___CBRTF_H                       = 0xA58
-	SYS___CBRTL_H                       = 0xA59
-	SYS___CDUMP                         = 0x0C4
-	SYS___CLASS                         = 0xAFA
-	SYS___CLASS2                        = 0xB99
-	SYS___CLASS2D128                    = 0xC99
-	SYS___CLASS2D32                     = 0xC97
-	SYS___CLASS2D64                     = 0xC98
-	SYS___CLASS2F                       = 0xC91
-	SYS___CLASS2F_B                     = 0xC93
-	SYS___CLASS2F_H                     = 0xC94
-	SYS___CLASS2L                       = 0xC92
-	SYS___CLASS2L_B                     = 0xC95
-	SYS___CLASS2L_H                     = 0xC96
-	SYS___CLASS2_B                      = 0xB9A
-	SYS___CLASS2_H                      = 0xB9B
-	SYS___CLASS_B                       = 0xAFB
-	SYS___CLASS_H                       = 0xAFC
-	SYS___CLOGL_B                       = 0xA01
-	SYS___CLOGL_H                       = 0xA02
-	SYS___CLRENV                        = 0x0C9
-	SYS___CLRMF                         = 0x0BD
-	SYS___CODEPAGE_INFO                 = 0xC64
-	SYS___CONJF_B                       = 0xA07
-	SYS___CONJF_H                       = 0xA08
-	SYS___CONJL_B                       = 0xA0A
-	SYS___CONJL_H                       = 0xA0B
-	SYS___CONJ_B                        = 0xA04
-	SYS___CONJ_H                        = 0xA05
-	SYS___COPYSIGN_B                    = 0xA5A
-	SYS___COPYSIGN_H                    = 0xAF5
-	SYS___COSPID128                     = 0xC70
-	SYS___COSPID32                      = 0xC6E
-	SYS___COSPID64                      = 0xC6F
-	SYS___CPOWF_B                       = 0xA10
-	SYS___CPOWF_H                       = 0xA11
-	SYS___CPOWL_B                       = 0xA13
-	SYS___CPOWL_H                       = 0xA14
-	SYS___CPOW_B                        = 0xA0D
-	SYS___CPOW_H                        = 0xA0E
-	SYS___CPROJF_B                      = 0xA19
-	SYS___CPROJF_H                      = 0xA1A
-	SYS___CPROJL_B                      = 0xA1C
-	SYS___CPROJL_H                      = 0xA1D
-	SYS___CPROJ_B                       = 0xA16
-	SYS___CPROJ_H                       = 0xA17
-	SYS___CREALF_B                      = 0xA22
-	SYS___CREALF_H                      = 0xA23
-	SYS___CREALL_B                      = 0xA25
-	SYS___CREALL_H                      = 0xA26
-	SYS___CREAL_B                       = 0xA1F
-	SYS___CREAL_H                       = 0xA20
-	SYS___CSINF_B                       = 0xA2B
-	SYS___CSINF_H                       = 0xA2C
-	SYS___CSINHF_B                      = 0xA34
-	SYS___CSINHF_H                      = 0xA35
-	SYS___CSINHL_B                      = 0xA37
-	SYS___CSINHL_H                      = 0xA38
-	SYS___CSINH_B                       = 0xA31
-	SYS___CSINH_H                       = 0xA32
-	SYS___CSINL_B                       = 0xA2E
-	SYS___CSINL_H                       = 0xA2F
-	SYS___CSIN_B                        = 0xA28
-	SYS___CSIN_H                        = 0xA29
-	SYS___CSNAP                         = 0x0C5
-	SYS___CSQRTF_B                      = 0xA3D
-	SYS___CSQRTF_H                      = 0xA3E
-	SYS___CSQRTL_B                      = 0xA40
-	SYS___CSQRTL_H                      = 0xA41
-	SYS___CSQRT_B                       = 0xA3A
-	SYS___CSQRT_H                       = 0xA3B
-	SYS___CTANF_B                       = 0xA46
-	SYS___CTANF_H                       = 0xA47
-	SYS___CTANHF_B                      = 0xA4F
-	SYS___CTANHF_H                      = 0xA50
-	SYS___CTANHL_B                      = 0xA52
-	SYS___CTANHL_H                      = 0xA53
-	SYS___CTANH_B                       = 0xA4C
-	SYS___CTANH_H                       = 0xA4D
-	SYS___CTANL_B                       = 0xA49
-	SYS___CTANL_H                       = 0xA4A
-	SYS___CTAN_B                        = 0xA43
-	SYS___CTAN_H                        = 0xA44
-	SYS___CTEST                         = 0x0C7
-	SYS___CTRACE                        = 0x0C6
-	SYS___D1TOP                         = 0xC9B
-	SYS___D2TOP                         = 0xC9C
-	SYS___D4TOP                         = 0xC9D
-	SYS___DYNALL                        = 0x0C3
-	SYS___DYNFRE                        = 0x0C2
-	SYS___EXP2F_H                       = 0xA5E
-	SYS___EXP2L_H                       = 0xA5F
-	SYS___EXP2_H                        = 0xA5D
-	SYS___EXPM1F_H                      = 0xA5B
-	SYS___EXPM1L_H                      = 0xA5C
-	SYS___FBUFSIZE                      = 0xD60
-	SYS___FLBF                          = 0xD62
-	SYS___FLDATA                        = 0x0C1
-	SYS___FMAF_B                        = 0xA67
-	SYS___FMAF_H                        = 0xA68
-	SYS___FMAL_B                        = 0xA6A
-	SYS___FMAL_H                        = 0xA6B
-	SYS___FMAXF_B                       = 0xA70
-	SYS___FMAXF_H                       = 0xA71
-	SYS___FMAXL_B                       = 0xA73
-	SYS___FMAXL_H                       = 0xA74
-	SYS___FMAX_B                        = 0xA6D
-	SYS___FMAX_H                        = 0xA6E
-	SYS___FMA_B                         = 0xA64
-	SYS___FMA_H                         = 0xA65
-	SYS___FMINF_B                       = 0xA79
-	SYS___FMINF_H                       = 0xA7A
-	SYS___FMINL_B                       = 0xA7C
-	SYS___FMINL_H                       = 0xA7D
-	SYS___FMIN_B                        = 0xA76
-	SYS___FMIN_H                        = 0xA77
-	SYS___FPENDING                      = 0xD61
-	SYS___FPENDING_UNLOCKED             = 0xD6C
-	SYS___FPURGE                        = 0xD69
-	SYS___FPURGE_UNLOCKED               = 0xD70
-	SYS___FP_CAST_D                     = 0xBCB
-	SYS___FREADABLE                     = 0xD63
-	SYS___FREADAHEAD                    = 0xD6A
-	SYS___FREADAHEAD_UNLOCKED           = 0xD71
-	SYS___FREADING                      = 0xD65
-	SYS___FREADING_UNLOCKED             = 0xD6D
-	SYS___FSEEK2                        = 0xB3C
-	SYS___FSETERR                       = 0xD6B
-	SYS___FSETLOCKING                   = 0xD67
-	SYS___FTCHEP                        = 0x0BF
-	SYS___FTELL2                        = 0xB3B
-	SYS___FUPDT                         = 0x0B5
-	SYS___FWRITABLE                     = 0xD64
-	SYS___FWRITING                      = 0xD66
-	SYS___FWRITING_UNLOCKED             = 0xD6E
-	SYS___GETCB                         = 0x0B4
-	SYS___GETGRGID1                     = 0xD5B
-	SYS___GETGRNAM1                     = 0xD5C
-	SYS___GETTHENT                      = 0xCE5
-	SYS___GETTOD                        = 0xD3E
-	SYS___HYPOTF_H                      = 0xAF6
-	SYS___HYPOTL_H                      = 0xAF7
-	SYS___ILOGBF_B                      = 0xA7F
-	SYS___ILOGBF_H                      = 0xA80
-	SYS___ILOGBL_B                      = 0xA82
-	SYS___ILOGBL_H                      = 0xA83
-	SYS___ISBLANK_A                     = 0xB2E
-	SYS___ISBLNK                        = 0x0FE
-	SYS___ISWBLANK_A                    = 0xB2F
-	SYS___LE_CEEGTJS                    = 0xD72
-	SYS___LE_TRACEBACK                  = 0xB7A
-	SYS___LGAMMAL_H                     = 0xA62
-	SYS___LGAMMA_B_C99                  = 0xB39
-	SYS___LGAMMA_H_C99                  = 0xB38
-	SYS___LGAMMA_R_C99                  = 0xB3A
-	SYS___LLRINTF_B                     = 0xA88
-	SYS___LLRINTF_H                     = 0xA89
-	SYS___LLRINTL_B                     = 0xA8B
-	SYS___LLRINTL_H                     = 0xA8C
-	SYS___LLRINT_B                      = 0xA85
-	SYS___LLRINT_H                      = 0xA86
-	SYS___LLROUNDF_B                    = 0xA91
-	SYS___LLROUNDF_H                    = 0xA92
-	SYS___LLROUNDL_B                    = 0xA94
-	SYS___LLROUNDL_H                    = 0xA95
-	SYS___LLROUND_B                     = 0xA8E
-	SYS___LLROUND_H                     = 0xA8F
-	SYS___LOCALE_CTL                    = 0xD47
-	SYS___LOG1PF_H                      = 0xA60
-	SYS___LOG1PL_H                      = 0xA61
-	SYS___LOGBF_B                       = 0xA97
-	SYS___LOGBF_H                       = 0xA98
-	SYS___LOGBL_B                       = 0xA9A
-	SYS___LOGBL_H                       = 0xA9B
-	SYS___LOGIN_APPLID                  = 0xCE2
-	SYS___LRINTF_B                      = 0xAA0
-	SYS___LRINTF_H                      = 0xAA1
-	SYS___LRINTL_B                      = 0xAA3
-	SYS___LRINTL_H                      = 0xAA4
-	SYS___LRINT_B                       = 0xA9D
-	SYS___LRINT_H                       = 0xA9E
-	SYS___LROUNDF_FIXUP                 = 0xB31
-	SYS___LROUNDL_B                     = 0xAA6
-	SYS___LROUNDL_H                     = 0xAA7
-	SYS___LROUND_FIXUP                  = 0xB30
-	SYS___MOSERVICES                    = 0xD3D
-	SYS___MUST_STAY_CLEAN               = 0xB7C
-	SYS___NANF_B                        = 0xAAB
-	SYS___NANL_B                        = 0xAAD
-	SYS___NAN_B                         = 0xAA9
-	SYS___NEARBYINTF_B                  = 0xAB2
-	SYS___NEARBYINTF_H                  = 0xAB3
-	SYS___NEARBYINTL_B                  = 0xAB5
-	SYS___NEARBYINTL_H                  = 0xAB6
-	SYS___NEARBYINT_B                   = 0xAAF
-	SYS___NEARBYINT_H                   = 0xAB0
-	SYS___NEXTAFTERF_B                  = 0xAB8
-	SYS___NEXTAFTERF_H                  = 0xAB9
-	SYS___NEXTAFTERL_B                  = 0xABB
-	SYS___NEXTAFTERL_H                  = 0xABC
-	SYS___NEXTTOWARDF_B                 = 0xAC1
-	SYS___NEXTTOWARDF_H                 = 0xAC2
-	SYS___NEXTTOWARDL_B                 = 0xAC4
-	SYS___NEXTTOWARDL_H                 = 0xAC5
-	SYS___NEXTTOWARD_B                  = 0xABE
-	SYS___NEXTTOWARD_H                  = 0xABF
-	SYS___O_ENV                         = 0xB7D
-	SYS___PASSWD_APPLID                 = 0xCE3
-	SYS___PTOD1                         = 0xC9E
-	SYS___PTOD2                         = 0xC9F
-	SYS___PTOD4                         = 0xCA0
-	SYS___REGCOMP_STD                   = 0x0EA
-	SYS___REMAINDERF_H                  = 0xAC6
-	SYS___REMAINDERL_H                  = 0xAC7
-	SYS___REMQUOD128                    = 0xC10
-	SYS___REMQUOD32                     = 0xC0E
-	SYS___REMQUOD64                     = 0xC0F
-	SYS___REMQUOF_H                     = 0xAC9
-	SYS___REMQUOL_H                     = 0xACA
-	SYS___REMQUO_H                      = 0xAC8
-	SYS___RINTF_B                       = 0xACC
-	SYS___RINTL_B                       = 0xACE
-	SYS___ROUNDF_B                      = 0xAD3
-	SYS___ROUNDF_H                      = 0xAD4
-	SYS___ROUNDL_B                      = 0xAD6
-	SYS___ROUNDL_H                      = 0xAD7
-	SYS___ROUND_B                       = 0xAD0
-	SYS___ROUND_H                       = 0xAD1
-	SYS___SCALBLNF_B                    = 0xADC
-	SYS___SCALBLNF_H                    = 0xADD
-	SYS___SCALBLNL_B                    = 0xADF
-	SYS___SCALBLNL_H                    = 0xAE0
-	SYS___SCALBLN_B                     = 0xAD9
-	SYS___SCALBLN_H                     = 0xADA
-	SYS___SCALBNF_B                     = 0xAE4
-	SYS___SCALBNF_H                     = 0xAE5
-	SYS___SCALBNL_B                     = 0xAE7
-	SYS___SCALBNL_H                     = 0xAE8
-	SYS___SCALBN_B                      = 0xAE1
-	SYS___SCALBN_H                      = 0xAE2
-	SYS___SETENV                        = 0x0C8
-	SYS___SINPID128                     = 0xC73
-	SYS___SINPID32                      = 0xC71
-	SYS___SINPID64                      = 0xC72
-	SYS___SMF_RECORD2                   = 0xD48
-	SYS___STATIC_REINIT                 = 0xB3D
-	SYS___TGAMMAF_H_C99                 = 0xB79
-	SYS___TGAMMAL_H                     = 0xAE9
-	SYS___TGAMMA_H_C99                  = 0xB78
-	SYS___TOCSNAME2                     = 0xC9A
-	SYS_CEIL                            = 0x01F
-	SYS_CHAUDIT                         = 0x1E0
-	SYS_EXP                             = 0x01A
-	SYS_FCHAUDIT                        = 0x1E1
-	SYS_FREXP                           = 0x01D
-	SYS_GETGROUPSBYNAME                 = 0x1E2
-	SYS_GETPWUID                        = 0x1A0
-	SYS_GETUID                          = 0x1A1
-	SYS_ISATTY                          = 0x1A3
-	SYS_KILL                            = 0x1A4
-	SYS_LDEXP                           = 0x01E
-	SYS_LINK                            = 0x1A5
-	SYS_LOG10                           = 0x01C
-	SYS_LSEEK                           = 0x1A6
-	SYS_LSTAT                           = 0x1A7
-	SYS_MKDIR                           = 0x1A8
-	SYS_MKFIFO                          = 0x1A9
-	SYS_MKNOD                           = 0x1AA
-	SYS_MODF                            = 0x01B
-	SYS_MOUNT                           = 0x1AB
-	SYS_OPEN                            = 0x1AC
-	SYS_OPENDIR                         = 0x1AD
-	SYS_PATHCONF                        = 0x1AE
-	SYS_PAUSE                           = 0x1AF
-	SYS_PIPE                            = 0x1B0
-	SYS_PTHREAD_ATTR_DESTROY            = 0x1E7
-	SYS_PTHREAD_ATTR_GETDETACHSTATE     = 0x1EB
-	SYS_PTHREAD_ATTR_GETSTACKSIZE       = 0x1E9
-	SYS_PTHREAD_ATTR_GETWEIGHT_NP       = 0x1ED
-	SYS_PTHREAD_ATTR_INIT               = 0x1E6
-	SYS_PTHREAD_ATTR_SETDETACHSTATE     = 0x1EA
-	SYS_PTHREAD_ATTR_SETSTACKSIZE       = 0x1E8
-	SYS_PTHREAD_ATTR_SETWEIGHT_NP       = 0x1EC
-	SYS_PTHREAD_CANCEL                  = 0x1EE
-	SYS_PTHREAD_CLEANUP_POP             = 0x1F0
-	SYS_PTHREAD_CLEANUP_PUSH            = 0x1EF
-	SYS_PTHREAD_CONDATTR_DESTROY        = 0x1F2
-	SYS_PTHREAD_CONDATTR_INIT           = 0x1F1
-	SYS_PTHREAD_COND_BROADCAST          = 0x1F6
-	SYS_PTHREAD_COND_DESTROY            = 0x1F4
-	SYS_PTHREAD_COND_INIT               = 0x1F3
-	SYS_PTHREAD_COND_SIGNAL             = 0x1F5
-	SYS_PTHREAD_COND_TIMEDWAIT          = 0x1F8
-	SYS_PTHREAD_COND_WAIT               = 0x1F7
-	SYS_PTHREAD_CREATE                  = 0x1F9
-	SYS_PTHREAD_DETACH                  = 0x1FA
-	SYS_PTHREAD_EQUAL                   = 0x1FB
-	SYS_PTHREAD_EXIT                    = 0x1E4
-	SYS_PTHREAD_GETSPECIFIC             = 0x1FC
-	SYS_PTHREAD_JOIN                    = 0x1FD
-	SYS_PTHREAD_KEY_CREATE              = 0x1FE
-	SYS_PTHREAD_KILL                    = 0x1E5
-	SYS_PTHREAD_MUTEXATTR_INIT          = 0x1FF
-	SYS_READ                            = 0x1B2
-	SYS_READDIR                         = 0x1B3
-	SYS_READLINK                        = 0x1B4
-	SYS_REWINDDIR                       = 0x1B5
-	SYS_RMDIR                           = 0x1B6
-	SYS_SETEGID                         = 0x1B7
-	SYS_SETEUID                         = 0x1B8
-	SYS_SETGID                          = 0x1B9
-	SYS_SETPGID                         = 0x1BA
-	SYS_SETSID                          = 0x1BB
-	SYS_SETUID                          = 0x1BC
-	SYS_SIGACTION                       = 0x1BD
-	SYS_SIGADDSET                       = 0x1BE
-	SYS_SIGDELSET                       = 0x1BF
-	SYS_SIGEMPTYSET                     = 0x1C0
-	SYS_SIGFILLSET                      = 0x1C1
-	SYS_SIGISMEMBER                     = 0x1C2
-	SYS_SIGLONGJMP                      = 0x1C3
-	SYS_SIGPENDING                      = 0x1C4
-	SYS_SIGPROCMASK                     = 0x1C5
-	SYS_SIGSETJMP                       = 0x1C6
-	SYS_SIGSUSPEND                      = 0x1C7
-	SYS_SIGWAIT                         = 0x1E3
-	SYS_SLEEP                           = 0x1C8
-	SYS_STAT                            = 0x1C9
-	SYS_SYMLINK                         = 0x1CB
-	SYS_SYSCONF                         = 0x1CC
-	SYS_TCDRAIN                         = 0x1CD
-	SYS_TCFLOW                          = 0x1CE
-	SYS_TCFLUSH                         = 0x1CF
-	SYS_TCGETATTR                       = 0x1D0
-	SYS_TCGETPGRP                       = 0x1D1
-	SYS_TCSENDBREAK                     = 0x1D2
-	SYS_TCSETATTR                       = 0x1D3
-	SYS_TCSETPGRP                       = 0x1D4
-	SYS_TIMES                           = 0x1D5
-	SYS_TTYNAME                         = 0x1D6
-	SYS_TZSET                           = 0x1D7
-	SYS_UMASK                           = 0x1D8
-	SYS_UMOUNT                          = 0x1D9
-	SYS_UNAME                           = 0x1DA
-	SYS_UNLINK                          = 0x1DB
-	SYS_UTIME                           = 0x1DC
-	SYS_WAIT                            = 0x1DD
-	SYS_WAITPID                         = 0x1DE
-	SYS_WRITE                           = 0x1DF
-	SYS_W_GETPSENT                      = 0x1B1
-	SYS_W_IOCTL                         = 0x1A2
-	SYS_W_STATFS                        = 0x1CA
-	SYS_A64L                            = 0x2EF
-	SYS_BCMP                            = 0x2B9
-	SYS_BCOPY                           = 0x2BA
-	SYS_BZERO                           = 0x2BB
-	SYS_CATCLOSE                        = 0x2B6
-	SYS_CATGETS                         = 0x2B7
-	SYS_CATOPEN                         = 0x2B8
-	SYS_CRYPT                           = 0x2AC
-	SYS_DBM_CLEARERR                    = 0x2F7
-	SYS_DBM_CLOSE                       = 0x2F8
-	SYS_DBM_DELETE                      = 0x2F9
-	SYS_DBM_ERROR                       = 0x2FA
-	SYS_DBM_FETCH                       = 0x2FB
-	SYS_DBM_FIRSTKEY                    = 0x2FC
-	SYS_DBM_NEXTKEY                     = 0x2FD
-	SYS_DBM_OPEN                        = 0x2FE
-	SYS_DBM_STORE                       = 0x2FF
-	SYS_DRAND48                         = 0x2B2
-	SYS_ENCRYPT                         = 0x2AD
-	SYS_ENDUTXENT                       = 0x2E1
-	SYS_ERAND48                         = 0x2B3
-	SYS_ERF                             = 0x02C
-	SYS_ERFC                            = 0x02D
-	SYS_FCHDIR                          = 0x2D9
-	SYS_FFS                             = 0x2BC
-	SYS_FMTMSG                          = 0x2E5
-	SYS_FSTATVFS                        = 0x2B4
-	SYS_FTIME                           = 0x2F5
-	SYS_GAMMA                           = 0x02E
-	SYS_GETDATE                         = 0x2A6
-	SYS_GETPAGESIZE                     = 0x2D8
-	SYS_GETTIMEOFDAY                    = 0x2F6
-	SYS_GETUTXENT                       = 0x2E0
-	SYS_GETUTXID                        = 0x2E2
-	SYS_GETUTXLINE                      = 0x2E3
-	SYS_HCREATE                         = 0x2C6
-	SYS_HDESTROY                        = 0x2C7
-	SYS_HSEARCH                         = 0x2C8
-	SYS_HYPOT                           = 0x02B
-	SYS_INDEX                           = 0x2BD
-	SYS_INITSTATE                       = 0x2C2
-	SYS_INSQUE                          = 0x2CF
-	SYS_ISASCII                         = 0x2ED
-	SYS_JRAND48                         = 0x2E6
-	SYS_L64A                            = 0x2F0
-	SYS_LCONG48                         = 0x2EA
-	SYS_LFIND                           = 0x2C9
-	SYS_LRAND48                         = 0x2E7
-	SYS_LSEARCH                         = 0x2CA
-	SYS_MEMCCPY                         = 0x2D4
-	SYS_MRAND48                         = 0x2E8
-	SYS_NRAND48                         = 0x2E9
-	SYS_PCLOSE                          = 0x2D2
-	SYS_POPEN                           = 0x2D1
-	SYS_PUTUTXLINE                      = 0x2E4
-	SYS_RANDOM                          = 0x2C4
-	SYS_REMQUE                          = 0x2D0
-	SYS_RINDEX                          = 0x2BE
-	SYS_SEED48                          = 0x2EC
-	SYS_SETKEY                          = 0x2AE
-	SYS_SETSTATE                        = 0x2C3
-	SYS_SETUTXENT                       = 0x2DF
-	SYS_SRAND48                         = 0x2EB
-	SYS_SRANDOM                         = 0x2C5
-	SYS_STATVFS                         = 0x2B5
-	SYS_STRCASECMP                      = 0x2BF
-	SYS_STRDUP                          = 0x2C0
-	SYS_STRNCASECMP                     = 0x2C1
-	SYS_SWAB                            = 0x2D3
-	SYS_TDELETE                         = 0x2CB
-	SYS_TFIND                           = 0x2CC
-	SYS_TOASCII                         = 0x2EE
-	SYS_TSEARCH                         = 0x2CD
-	SYS_TWALK                           = 0x2CE
-	SYS_UALARM                          = 0x2F1
-	SYS_USLEEP                          = 0x2F2
-	SYS_WAIT3                           = 0x2A7
-	SYS_WAITID                          = 0x2A8
-	SYS_Y1                              = 0x02A
-	SYS___ATOE                          = 0x2DB
-	SYS___ATOE_L                        = 0x2DC
-	SYS___CATTRM                        = 0x2A9
-	SYS___CNVBLK                        = 0x2AF
-	SYS___CRYTRM                        = 0x2B0
-	SYS___DLGHT                         = 0x2A1
-	SYS___ECRTRM                        = 0x2B1
-	SYS___ETOA                          = 0x2DD
-	SYS___ETOA_L                        = 0x2DE
-	SYS___GDTRM                         = 0x2AA
-	SYS___OCLCK                         = 0x2DA
-	SYS___OPARGF                        = 0x2A2
-	SYS___OPERRF                        = 0x2A5
-	SYS___OPINDF                        = 0x2A4
-	SYS___OPOPTF                        = 0x2A3
-	SYS___RNDTRM                        = 0x2AB
-	SYS___SRCTRM                        = 0x2F4
-	SYS___TZONE                         = 0x2A0
-	SYS___UTXTRM                        = 0x2F3
-	SYS_ASIN                            = 0x03E
-	SYS_ISXDIGIT                        = 0x03B
-	SYS_SETLOCAL                        = 0x03A
-	SYS_SETLOCALE                       = 0x03A
-	SYS_SIN                             = 0x03F
-	SYS_TOLOWER                         = 0x03C
-	SYS_TOUPPER                         = 0x03D
-	SYS_ACCEPT_AND_RECV                 = 0x4F7
-	SYS_ATOL                            = 0x04E
-	SYS_CHECKSCH                        = 0x4BC
-	SYS_CHECKSCHENV                     = 0x4BC
-	SYS_CLEARERR                        = 0x04C
-	SYS_CONNECTS                        = 0x4B5
-	SYS_CONNECTSERVER                   = 0x4B5
-	SYS_CONNECTW                        = 0x4B4
-	SYS_CONNECTWORKMGR                  = 0x4B4
-	SYS_CONTINUE                        = 0x4B3
-	SYS_CONTINUEWORKUNIT                = 0x4B3
-	SYS_COPYSIGN                        = 0x4C2
-	SYS_CREATEWO                        = 0x4B2
-	SYS_CREATEWORKUNIT                  = 0x4B2
-	SYS_DELETEWO                        = 0x4B9
-	SYS_DELETEWORKUNIT                  = 0x4B9
-	SYS_DISCONNE                        = 0x4B6
-	SYS_DISCONNECTSERVER                = 0x4B6
-	SYS_FEOF                            = 0x04D
-	SYS_FERROR                          = 0x04A
-	SYS_FINITE                          = 0x4C8
-	SYS_GAMMA_R                         = 0x4E2
-	SYS_JOINWORK                        = 0x4B7
-	SYS_JOINWORKUNIT                    = 0x4B7
-	SYS_LEAVEWOR                        = 0x4B8
-	SYS_LEAVEWORKUNIT                   = 0x4B8
-	SYS_LGAMMA_R                        = 0x4EB
-	SYS_MATHERR                         = 0x4D0
-	SYS_PERROR                          = 0x04F
-	SYS_QUERYMET                        = 0x4BA
-	SYS_QUERYMETRICS                    = 0x4BA
-	SYS_QUERYSCH                        = 0x4BB
-	SYS_QUERYSCHENV                     = 0x4BB
-	SYS_REWIND                          = 0x04B
-	SYS_SCALBN                          = 0x4D4
-	SYS_SIGNIFIC                        = 0x4D5
-	SYS_SIGNIFICAND                     = 0x4D5
-	SYS___ACOSH_B                       = 0x4DA
-	SYS___ACOS_B                        = 0x4D9
-	SYS___ASINH_B                       = 0x4BE
-	SYS___ASIN_B                        = 0x4DB
-	SYS___ATAN2_B                       = 0x4DC
-	SYS___ATANH_B                       = 0x4DD
-	SYS___ATAN_B                        = 0x4BF
-	SYS___CBRT_B                        = 0x4C0
-	SYS___CEIL_B                        = 0x4C1
-	SYS___COSH_B                        = 0x4DE
-	SYS___COS_B                         = 0x4C3
-	SYS___DGHT                          = 0x4A8
-	SYS___ENVN                          = 0x4B0
-	SYS___ERFC_B                        = 0x4C5
-	SYS___ERF_B                         = 0x4C4
-	SYS___EXPM1_B                       = 0x4C6
-	SYS___EXP_B                         = 0x4DF
-	SYS___FABS_B                        = 0x4C7
-	SYS___FLOOR_B                       = 0x4C9
-	SYS___FMOD_B                        = 0x4E0
-	SYS___FP_SETMODE                    = 0x4F8
-	SYS___FREXP_B                       = 0x4CA
-	SYS___GAMMA_B                       = 0x4E1
-	SYS___GDRR                          = 0x4A1
-	SYS___HRRNO                         = 0x4A2
-	SYS___HYPOT_B                       = 0x4E3
-	SYS___ILOGB_B                       = 0x4CB
-	SYS___ISNAN_B                       = 0x4CC
-	SYS___J0_B                          = 0x4E4
-	SYS___J1_B                          = 0x4E6
-	SYS___JN_B                          = 0x4E8
-	SYS___LDEXP_B                       = 0x4CD
-	SYS___LGAMMA_B                      = 0x4EA
-	SYS___LOG10_B                       = 0x4ED
-	SYS___LOG1P_B                       = 0x4CE
-	SYS___LOGB_B                        = 0x4CF
-	SYS___LOGIN                         = 0x4F5
-	SYS___LOG_B                         = 0x4EC
-	SYS___MLOCKALL                      = 0x4B1
-	SYS___MODF_B                        = 0x4D1
-	SYS___NEXTAFTER_B                   = 0x4D2
-	SYS___OPENDIR2                      = 0x4F3
-	SYS___OPEN_STAT                     = 0x4F6
-	SYS___OPND                          = 0x4A5
-	SYS___OPPT                          = 0x4A6
-	SYS___OPRG                          = 0x4A3
-	SYS___OPRR                          = 0x4A4
-	SYS___PID_AFFINITY                  = 0x4BD
-	SYS___POW_B                         = 0x4EE
-	SYS___READDIR2                      = 0x4F4
-	SYS___REMAINDER_B                   = 0x4EF
-	SYS___RINT_B                        = 0x4D3
-	SYS___SCALB_B                       = 0x4F0
-	SYS___SIGACTIONSET                  = 0x4FB
-	SYS___SIGGM                         = 0x4A7
-	SYS___SINH_B                        = 0x4F1
-	SYS___SIN_B                         = 0x4D6
-	SYS___SQRT_B                        = 0x4F2
-	SYS___TANH_B                        = 0x4D8
-	SYS___TAN_B                         = 0x4D7
-	SYS___TRRNO                         = 0x4AF
-	SYS___TZNE                          = 0x4A9
-	SYS___TZZN                          = 0x4AA
-	SYS___UCREATE                       = 0x4FC
-	SYS___UFREE                         = 0x4FE
-	SYS___UHEAPREPORT                   = 0x4FF
-	SYS___UMALLOC                       = 0x4FD
-	SYS___Y0_B                          = 0x4E5
-	SYS___Y1_B                          = 0x4E7
-	SYS___YN_B                          = 0x4E9
-	SYS_ABORT                           = 0x05C
-	SYS_ASCTIME_R                       = 0x5E0
-	SYS_ATEXIT                          = 0x05D
-	SYS_CONNECTE                        = 0x5AE
-	SYS_CONNECTEXPORTIMPORT             = 0x5AE
-	SYS_CTIME_R                         = 0x5E1
-	SYS_DN_COMP                         = 0x5DF
-	SYS_DN_EXPAND                       = 0x5DD
-	SYS_DN_SKIPNAME                     = 0x5DE
-	SYS_EXIT                            = 0x05A
-	SYS_EXPORTWO                        = 0x5A1
-	SYS_EXPORTWORKUNIT                  = 0x5A1
-	SYS_EXTRACTW                        = 0x5A5
-	SYS_EXTRACTWORKUNIT                 = 0x5A5
-	SYS_FSEEKO                          = 0x5C9
-	SYS_FTELLO                          = 0x5C8
-	SYS_GETGRGID_R                      = 0x5E7
-	SYS_GETGRNAM_R                      = 0x5E8
-	SYS_GETLOGIN_R                      = 0x5E9
-	SYS_GETPWNAM_R                      = 0x5EA
-	SYS_GETPWUID_R                      = 0x5EB
-	SYS_GMTIME_R                        = 0x5E2
-	SYS_IMPORTWO                        = 0x5A3
-	SYS_IMPORTWORKUNIT                  = 0x5A3
-	SYS_INET_NTOP                       = 0x5D3
-	SYS_INET_PTON                       = 0x5D4
-	SYS_LLABS                           = 0x5CE
-	SYS_LLDIV                           = 0x5CB
-	SYS_LOCALTIME_R                     = 0x5E3
-	SYS_PTHREAD_ATFORK                  = 0x5ED
-	SYS_PTHREAD_ATTR_GETDETACHSTATE_U98 = 0x5FB
-	SYS_PTHREAD_ATTR_GETGUARDSIZE       = 0x5EE
-	SYS_PTHREAD_ATTR_GETSCHEDPARAM      = 0x5F9
-	SYS_PTHREAD_ATTR_GETSTACKADDR       = 0x5EF
-	SYS_PTHREAD_ATTR_SETDETACHSTATE_U98 = 0x5FC
-	SYS_PTHREAD_ATTR_SETGUARDSIZE       = 0x5F0
-	SYS_PTHREAD_ATTR_SETSCHEDPARAM      = 0x5FA
-	SYS_PTHREAD_ATTR_SETSTACKADDR       = 0x5F1
-	SYS_PTHREAD_CONDATTR_GETPSHARED     = 0x5F2
-	SYS_PTHREAD_CONDATTR_SETPSHARED     = 0x5F3
-	SYS_PTHREAD_DETACH_U98              = 0x5FD
-	SYS_PTHREAD_GETCONCURRENCY          = 0x5F4
-	SYS_PTHREAD_GETSPECIFIC_U98         = 0x5FE
-	SYS_PTHREAD_KEY_DELETE              = 0x5F5
-	SYS_PTHREAD_SETCANCELSTATE          = 0x5FF
-	SYS_PTHREAD_SETCONCURRENCY          = 0x5F6
-	SYS_PTHREAD_SIGMASK                 = 0x5F7
-	SYS_QUERYENC                        = 0x5AD
-	SYS_QUERYWORKUNITCLASSIFICATION     = 0x5AD
-	SYS_RAISE                           = 0x05E
-	SYS_RAND_R                          = 0x5E4
-	SYS_READDIR_R                       = 0x5E6
-	SYS_REALLOC                         = 0x05B
-	SYS_RES_INIT                        = 0x5D8
-	SYS_RES_MKQUERY                     = 0x5D7
-	SYS_RES_QUERY                       = 0x5D9
-	SYS_RES_QUERYDOMAIN                 = 0x5DC
-	SYS_RES_SEARCH                      = 0x5DA
-	SYS_RES_SEND                        = 0x5DB
-	SYS_SETJMP                          = 0x05F
-	SYS_SIGQUEUE                        = 0x5A9
-	SYS_STRTOK_R                        = 0x5E5
-	SYS_STRTOLL                         = 0x5B0
-	SYS_STRTOULL                        = 0x5B1
-	SYS_TTYNAME_R                       = 0x5EC
-	SYS_UNDOEXPO                        = 0x5A2
-	SYS_UNDOEXPORTWORKUNIT              = 0x5A2
-	SYS_UNDOIMPO                        = 0x5A4
-	SYS_UNDOIMPORTWORKUNIT              = 0x5A4
-	SYS_WCSTOLL                         = 0x5CC
-	SYS_WCSTOULL                        = 0x5CD
-	SYS___ABORT                         = 0x05C
-	SYS___CONSOLE2                      = 0x5D2
-	SYS___CPL                           = 0x5A6
-	SYS___DISCARDDATA                   = 0x5F8
-	SYS___DSA_PREV                      = 0x5B2
-	SYS___EP_FIND                       = 0x5B3
-	SYS___FP_SWAPMODE                   = 0x5AF
-	SYS___GETUSERID                     = 0x5AB
-	SYS___GET_CPUID                     = 0x5B9
-	SYS___GET_SYSTEM_SETTINGS           = 0x5BA
-	SYS___IPDOMAINNAME                  = 0x5AC
-	SYS___MAP_INIT                      = 0x5A7
-	SYS___MAP_SERVICE                   = 0x5A8
-	SYS___MOUNT                         = 0x5AA
-	SYS___MSGRCV_TIMED                  = 0x5B7
-	SYS___RES                           = 0x5D6
-	SYS___SEMOP_TIMED                   = 0x5B8
-	SYS___SERVER_THREADS_QUERY          = 0x5B4
-	SYS_FPRINTF                         = 0x06D
-	SYS_FSCANF                          = 0x06A
-	SYS_PRINTF                          = 0x06F
-	SYS_SETBUF                          = 0x06B
-	SYS_SETVBUF                         = 0x06C
-	SYS_SSCANF                          = 0x06E
-	SYS___CATGETS_A                     = 0x6C0
-	SYS___CHAUDIT_A                     = 0x6F4
-	SYS___CHMOD_A                       = 0x6E8
-	SYS___COLLATE_INIT_A                = 0x6AC
-	SYS___CREAT_A                       = 0x6F6
-	SYS___CTYPE_INIT_A                  = 0x6AF
-	SYS___DLLLOAD_A                     = 0x6DF
-	SYS___DLLQUERYFN_A                  = 0x6E0
-	SYS___DLLQUERYVAR_A                 = 0x6E1
-	SYS___E2A_L                         = 0x6E3
-	SYS___EXECLE_A                      = 0x6A0
-	SYS___EXECLP_A                      = 0x6A4
-	SYS___EXECVE_A                      = 0x6C1
-	SYS___EXECVP_A                      = 0x6C2
-	SYS___EXECV_A                       = 0x6B1
-	SYS___FPRINTF_A                     = 0x6FA
-	SYS___GETADDRINFO_A                 = 0x6BF
-	SYS___GETNAMEINFO_A                 = 0x6C4
-	SYS___GET_WCTYPE_STD_A              = 0x6AE
-	SYS___ICONV_OPEN_A                  = 0x6DE
-	SYS___IF_INDEXTONAME_A              = 0x6DC
-	SYS___IF_NAMETOINDEX_A              = 0x6DB
-	SYS___ISWCTYPE_A                    = 0x6B0
-	SYS___IS_WCTYPE_STD_A               = 0x6B2
-	SYS___LOCALECONV_A                  = 0x6B8
-	SYS___LOCALECONV_STD_A              = 0x6B9
-	SYS___LOCALE_INIT_A                 = 0x6B7
-	SYS___LSTAT_A                       = 0x6EE
-	SYS___LSTAT_O_A                     = 0x6EF
-	SYS___MKDIR_A                       = 0x6E9
-	SYS___MKFIFO_A                      = 0x6EC
-	SYS___MKNOD_A                       = 0x6F0
-	SYS___MONETARY_INIT_A               = 0x6BC
-	SYS___MOUNT_A                       = 0x6F1
-	SYS___NL_CSINFO_A                   = 0x6D6
-	SYS___NL_LANGINFO_A                 = 0x6BA
-	SYS___NL_LNAGINFO_STD_A             = 0x6BB
-	SYS___NL_MONINFO_A                  = 0x6D7
-	SYS___NL_NUMINFO_A                  = 0x6D8
-	SYS___NL_RESPINFO_A                 = 0x6D9
-	SYS___NL_TIMINFO_A                  = 0x6DA
-	SYS___NUMERIC_INIT_A                = 0x6C6
-	SYS___OPEN_A                        = 0x6F7
-	SYS___PRINTF_A                      = 0x6DD
-	SYS___RESP_INIT_A                   = 0x6C7
-	SYS___RPMATCH_A                     = 0x6C8
-	SYS___RPMATCH_C_A                   = 0x6C9
-	SYS___RPMATCH_STD_A                 = 0x6CA
-	SYS___SETLOCALE_A                   = 0x6F9
-	SYS___SPAWNP_A                      = 0x6C5
-	SYS___SPAWN_A                       = 0x6C3
-	SYS___SPRINTF_A                     = 0x6FB
-	SYS___STAT_A                        = 0x6EA
-	SYS___STAT_O_A                      = 0x6EB
-	SYS___STRCOLL_STD_A                 = 0x6A1
-	SYS___STRFMON_A                     = 0x6BD
-	SYS___STRFMON_STD_A                 = 0x6BE
-	SYS___STRFTIME_A                    = 0x6CC
-	SYS___STRFTIME_STD_A                = 0x6CD
-	SYS___STRPTIME_A                    = 0x6CE
-	SYS___STRPTIME_STD_A                = 0x6CF
-	SYS___STRXFRM_A                     = 0x6A2
-	SYS___STRXFRM_C_A                   = 0x6A3
-	SYS___STRXFRM_STD_A                 = 0x6A5
-	SYS___SYNTAX_INIT_A                 = 0x6D4
-	SYS___TIME_INIT_A                   = 0x6CB
-	SYS___TOD_INIT_A                    = 0x6D5
-	SYS___TOWLOWER_A                    = 0x6B3
-	SYS___TOWLOWER_STD_A                = 0x6B4
-	SYS___TOWUPPER_A                    = 0x6B5
-	SYS___TOWUPPER_STD_A                = 0x6B6
-	SYS___UMOUNT_A                      = 0x6F2
-	SYS___VFPRINTF_A                    = 0x6FC
-	SYS___VPRINTF_A                     = 0x6FD
-	SYS___VSPRINTF_A                    = 0x6FE
-	SYS___VSWPRINTF_A                   = 0x6FF
-	SYS___WCSCOLL_A                     = 0x6A6
-	SYS___WCSCOLL_C_A                   = 0x6A7
-	SYS___WCSCOLL_STD_A                 = 0x6A8
-	SYS___WCSFTIME_A                    = 0x6D0
-	SYS___WCSFTIME_STD_A                = 0x6D1
-	SYS___WCSXFRM_A                     = 0x6A9
-	SYS___WCSXFRM_C_A                   = 0x6AA
-	SYS___WCSXFRM_STD_A                 = 0x6AB
-	SYS___WCTYPE_A                      = 0x6AD
-	SYS___W_GETMNTENT_A                 = 0x6F5
-	SYS_____CCSIDTYPE_A                 = 0x6E6
-	SYS_____CHATTR_A                    = 0x6E2
-	SYS_____CSNAMETYPE_A                = 0x6E7
-	SYS_____OPEN_STAT_A                 = 0x6ED
-	SYS_____SPAWN2_A                    = 0x6D2
-	SYS_____SPAWNP2_A                   = 0x6D3
-	SYS_____TOCCSID_A                   = 0x6E4
-	SYS_____TOCSNAME_A                  = 0x6E5
-	SYS_ACL_FREE                        = 0x7FF
-	SYS_ACL_INIT                        = 0x7FE
-	SYS_FWIDE                           = 0x7DF
-	SYS_FWPRINTF                        = 0x7D1
-	SYS_FWRITE                          = 0x07E
-	SYS_FWSCANF                         = 0x7D5
-	SYS_GETCHAR                         = 0x07B
-	SYS_GETS                            = 0x07C
-	SYS_M_CREATE_LAYOUT                 = 0x7C9
-	SYS_M_DESTROY_LAYOUT                = 0x7CA
-	SYS_M_GETVALUES_LAYOUT              = 0x7CB
-	SYS_M_SETVALUES_LAYOUT              = 0x7CC
-	SYS_M_TRANSFORM_LAYOUT              = 0x7CD
-	SYS_M_WTRANSFORM_LAYOUT             = 0x7CE
-	SYS_PREAD                           = 0x7C7
-	SYS_PUTC                            = 0x07D
-	SYS_PUTCHAR                         = 0x07A
-	SYS_PUTS                            = 0x07F
-	SYS_PWRITE                          = 0x7C8
-	SYS_TOWCTRAN                        = 0x7D8
-	SYS_TOWCTRANS                       = 0x7D8
-	SYS_UNATEXIT                        = 0x7B5
-	SYS_VFWPRINT                        = 0x7D3
-	SYS_VFWPRINTF                       = 0x7D3
-	SYS_VWPRINTF                        = 0x7D4
-	SYS_WCTRANS                         = 0x7D7
-	SYS_WPRINTF                         = 0x7D2
-	SYS_WSCANF                          = 0x7D6
-	SYS___ASCTIME_R_A                   = 0x7A1
-	SYS___BASENAME_A                    = 0x7DC
-	SYS___BTOWC_A                       = 0x7E4
-	SYS___CDUMP_A                       = 0x7B7
-	SYS___CEE3DMP_A                     = 0x7B6
-	SYS___CEILF_H                       = 0x7F4
-	SYS___CEILL_H                       = 0x7F5
-	SYS___CEIL_H                        = 0x7EA
-	SYS___CRYPT_A                       = 0x7BE
-	SYS___CSNAP_A                       = 0x7B8
-	SYS___CTEST_A                       = 0x7B9
-	SYS___CTIME_R_A                     = 0x7A2
-	SYS___CTRACE_A                      = 0x7BA
-	SYS___DBM_OPEN_A                    = 0x7E6
-	SYS___DIRNAME_A                     = 0x7DD
-	SYS___FABSF_H                       = 0x7FA
-	SYS___FABSL_H                       = 0x7FB
-	SYS___FABS_H                        = 0x7ED
-	SYS___FGETWC_A                      = 0x7AA
-	SYS___FGETWS_A                      = 0x7AD
-	SYS___FLOORF_H                      = 0x7F6
-	SYS___FLOORL_H                      = 0x7F7
-	SYS___FLOOR_H                       = 0x7EB
-	SYS___FPUTWC_A                      = 0x7A5
-	SYS___FPUTWS_A                      = 0x7A8
-	SYS___GETTIMEOFDAY_A                = 0x7AE
-	SYS___GETWCHAR_A                    = 0x7AC
-	SYS___GETWC_A                       = 0x7AB
-	SYS___GLOB_A                        = 0x7DE
-	SYS___GMTIME_A                      = 0x7AF
-	SYS___GMTIME_R_A                    = 0x7B0
-	SYS___INET_PTON_A                   = 0x7BC
-	SYS___J0_H                          = 0x7EE
-	SYS___J1_H                          = 0x7EF
-	SYS___JN_H                          = 0x7F0
-	SYS___LOCALTIME_A                   = 0x7B1
-	SYS___LOCALTIME_R_A                 = 0x7B2
-	SYS___MALLOC24                      = 0x7FC
-	SYS___MALLOC31                      = 0x7FD
-	SYS___MKTIME_A                      = 0x7B3
-	SYS___MODFF_H                       = 0x7F8
-	SYS___MODFL_H                       = 0x7F9
-	SYS___MODF_H                        = 0x7EC
-	SYS___OPENDIR_A                     = 0x7C2
-	SYS___OSNAME                        = 0x7E0
-	SYS___PUTWCHAR_A                    = 0x7A7
-	SYS___PUTWC_A                       = 0x7A6
-	SYS___READDIR_A                     = 0x7C3
-	SYS___STRTOLL_A                     = 0x7A3
-	SYS___STRTOULL_A                    = 0x7A4
-	SYS___SYSLOG_A                      = 0x7BD
-	SYS___TZZNA                         = 0x7B4
-	SYS___UNGETWC_A                     = 0x7A9
-	SYS___UTIME_A                       = 0x7A0
-	SYS___VFPRINTF2_A                   = 0x7E7
-	SYS___VPRINTF2_A                    = 0x7E8
-	SYS___VSPRINTF2_A                   = 0x7E9
-	SYS___VSWPRNTF2_A                   = 0x7BB
-	SYS___WCSTOD_A                      = 0x7D9
-	SYS___WCSTOL_A                      = 0x7DA
-	SYS___WCSTOUL_A                     = 0x7DB
-	SYS___WCTOB_A                       = 0x7E5
-	SYS___Y0_H                          = 0x7F1
-	SYS___Y1_H                          = 0x7F2
-	SYS___YN_H                          = 0x7F3
-	SYS_____OPENDIR2_A                  = 0x7BF
-	SYS_____OSNAME_A                    = 0x7E1
-	SYS_____READDIR2_A                  = 0x7C0
-	SYS_DLCLOSE                         = 0x8DF
-	SYS_DLERROR                         = 0x8E0
-	SYS_DLOPEN                          = 0x8DD
-	SYS_DLSYM                           = 0x8DE
-	SYS_FLOCKFILE                       = 0x8D3
-	SYS_FTRYLOCKFILE                    = 0x8D4
-	SYS_FUNLOCKFILE                     = 0x8D5
-	SYS_GETCHAR_UNLOCKED                = 0x8D7
-	SYS_GETC_UNLOCKED                   = 0x8D6
-	SYS_PUTCHAR_UNLOCKED                = 0x8D9
-	SYS_PUTC_UNLOCKED                   = 0x8D8
-	SYS_SNPRINTF                        = 0x8DA
-	SYS_VSNPRINTF                       = 0x8DB
-	SYS_WCSCSPN                         = 0x08B
-	SYS_WCSLEN                          = 0x08C
-	SYS_WCSNCAT                         = 0x08D
-	SYS_WCSNCMP                         = 0x08A
-	SYS_WCSNCPY                         = 0x08F
-	SYS_WCSSPN                          = 0x08E
-	SYS___ABSF_H                        = 0x8E7
-	SYS___ABSL_H                        = 0x8E8
-	SYS___ABS_H                         = 0x8E6
-	SYS___ACOSF_H                       = 0x8EA
-	SYS___ACOSH_H                       = 0x8EC
-	SYS___ACOSL_H                       = 0x8EB
-	SYS___ACOS_H                        = 0x8E9
-	SYS___ASINF_H                       = 0x8EE
-	SYS___ASINH_H                       = 0x8F0
-	SYS___ASINL_H                       = 0x8EF
-	SYS___ASIN_H                        = 0x8ED
-	SYS___ATAN2F_H                      = 0x8F8
-	SYS___ATAN2L_H                      = 0x8F9
-	SYS___ATAN2_H                       = 0x8F7
-	SYS___ATANF_H                       = 0x8F2
-	SYS___ATANHF_H                      = 0x8F5
-	SYS___ATANHL_H                      = 0x8F6
-	SYS___ATANH_H                       = 0x8F4
-	SYS___ATANL_H                       = 0x8F3
-	SYS___ATAN_H                        = 0x8F1
-	SYS___CBRT_H                        = 0x8FA
-	SYS___COPYSIGNF_H                   = 0x8FB
-	SYS___COPYSIGNL_H                   = 0x8FC
-	SYS___COSF_H                        = 0x8FE
-	SYS___COSL_H                        = 0x8FF
-	SYS___COS_H                         = 0x8FD
-	SYS___DLERROR_A                     = 0x8D2
-	SYS___DLOPEN_A                      = 0x8D0
-	SYS___DLSYM_A                       = 0x8D1
-	SYS___GETUTXENT_A                   = 0x8C6
-	SYS___GETUTXID_A                    = 0x8C7
-	SYS___GETUTXLINE_A                  = 0x8C8
-	SYS___ITOA                          = 0x8AA
-	SYS___ITOA_A                        = 0x8B0
-	SYS___LE_CONDITION_TOKEN_BUILD      = 0x8A5
-	SYS___LE_MSG_ADD_INSERT             = 0x8A6
-	SYS___LE_MSG_GET                    = 0x8A7
-	SYS___LE_MSG_GET_AND_WRITE          = 0x8A8
-	SYS___LE_MSG_WRITE                  = 0x8A9
-	SYS___LLTOA                         = 0x8AE
-	SYS___LLTOA_A                       = 0x8B4
-	SYS___LTOA                          = 0x8AC
-	SYS___LTOA_A                        = 0x8B2
-	SYS___PUTCHAR_UNLOCKED_A            = 0x8CC
-	SYS___PUTC_UNLOCKED_A               = 0x8CB
-	SYS___PUTUTXLINE_A                  = 0x8C9
-	SYS___RESET_EXCEPTION_HANDLER       = 0x8E3
-	SYS___REXEC_A                       = 0x8C4
-	SYS___REXEC_AF_A                    = 0x8C5
-	SYS___SET_EXCEPTION_HANDLER         = 0x8E2
-	SYS___SNPRINTF_A                    = 0x8CD
-	SYS___SUPERKILL                     = 0x8A4
-	SYS___TCGETATTR_A                   = 0x8A1
-	SYS___TCSETATTR_A                   = 0x8A2
-	SYS___ULLTOA                        = 0x8AF
-	SYS___ULLTOA_A                      = 0x8B5
-	SYS___ULTOA                         = 0x8AD
-	SYS___ULTOA_A                       = 0x8B3
-	SYS___UTOA                          = 0x8AB
-	SYS___UTOA_A                        = 0x8B1
-	SYS___VHM_EVENT                     = 0x8E4
-	SYS___VSNPRINTF_A                   = 0x8CE
-	SYS_____GETENV_A                    = 0x8C3
-	SYS_____UTMPXNAME_A                 = 0x8CA
-	SYS_CACOSH                          = 0x9A0
-	SYS_CACOSHF                         = 0x9A3
-	SYS_CACOSHL                         = 0x9A6
-	SYS_CARG                            = 0x9A9
-	SYS_CARGF                           = 0x9AC
-	SYS_CARGL                           = 0x9AF
-	SYS_CASIN                           = 0x9B2
-	SYS_CASINF                          = 0x9B5
-	SYS_CASINH                          = 0x9BB
-	SYS_CASINHF                         = 0x9BE
-	SYS_CASINHL                         = 0x9C1
-	SYS_CASINL                          = 0x9B8
-	SYS_CATAN                           = 0x9C4
-	SYS_CATANF                          = 0x9C7
-	SYS_CATANH                          = 0x9CD
-	SYS_CATANHF                         = 0x9D0
-	SYS_CATANHL                         = 0x9D3
-	SYS_CATANL                          = 0x9CA
-	SYS_CCOS                            = 0x9D6
-	SYS_CCOSF                           = 0x9D9
-	SYS_CCOSH                           = 0x9DF
-	SYS_CCOSHF                          = 0x9E2
-	SYS_CCOSHL                          = 0x9E5
-	SYS_CCOSL                           = 0x9DC
-	SYS_CEXP                            = 0x9E8
-	SYS_CEXPF                           = 0x9EB
-	SYS_CEXPL                           = 0x9EE
-	SYS_CIMAG                           = 0x9F1
-	SYS_CIMAGF                          = 0x9F4
-	SYS_CIMAGL                          = 0x9F7
-	SYS_CLOGF                           = 0x9FD
-	SYS_MEMCHR                          = 0x09B
-	SYS_MEMCMP                          = 0x09A
-	SYS_STRCOLL                         = 0x09C
-	SYS_STRNCMP                         = 0x09D
-	SYS_STRRCHR                         = 0x09F
-	SYS_STRXFRM                         = 0x09E
-	SYS___CACOSHF_B                     = 0x9A4
-	SYS___CACOSHF_H                     = 0x9A5
-	SYS___CACOSHL_B                     = 0x9A7
-	SYS___CACOSHL_H                     = 0x9A8
-	SYS___CACOSH_B                      = 0x9A1
-	SYS___CACOSH_H                      = 0x9A2
-	SYS___CARGF_B                       = 0x9AD
-	SYS___CARGF_H                       = 0x9AE
-	SYS___CARGL_B                       = 0x9B0
-	SYS___CARGL_H                       = 0x9B1
-	SYS___CARG_B                        = 0x9AA
-	SYS___CARG_H                        = 0x9AB
-	SYS___CASINF_B                      = 0x9B6
-	SYS___CASINF_H                      = 0x9B7
-	SYS___CASINHF_B                     = 0x9BF
-	SYS___CASINHF_H                     = 0x9C0
-	SYS___CASINHL_B                     = 0x9C2
-	SYS___CASINHL_H                     = 0x9C3
-	SYS___CASINH_B                      = 0x9BC
-	SYS___CASINH_H                      = 0x9BD
-	SYS___CASINL_B                      = 0x9B9
-	SYS___CASINL_H                      = 0x9BA
-	SYS___CASIN_B                       = 0x9B3
-	SYS___CASIN_H                       = 0x9B4
-	SYS___CATANF_B                      = 0x9C8
-	SYS___CATANF_H                      = 0x9C9
-	SYS___CATANHF_B                     = 0x9D1
-	SYS___CATANHF_H                     = 0x9D2
-	SYS___CATANHL_B                     = 0x9D4
-	SYS___CATANHL_H                     = 0x9D5
-	SYS___CATANH_B                      = 0x9CE
-	SYS___CATANH_H                      = 0x9CF
-	SYS___CATANL_B                      = 0x9CB
-	SYS___CATANL_H                      = 0x9CC
-	SYS___CATAN_B                       = 0x9C5
-	SYS___CATAN_H                       = 0x9C6
-	SYS___CCOSF_B                       = 0x9DA
-	SYS___CCOSF_H                       = 0x9DB
-	SYS___CCOSHF_B                      = 0x9E3
-	SYS___CCOSHF_H                      = 0x9E4
-	SYS___CCOSHL_B                      = 0x9E6
-	SYS___CCOSHL_H                      = 0x9E7
-	SYS___CCOSH_B                       = 0x9E0
-	SYS___CCOSH_H                       = 0x9E1
-	SYS___CCOSL_B                       = 0x9DD
-	SYS___CCOSL_H                       = 0x9DE
-	SYS___CCOS_B                        = 0x9D7
-	SYS___CCOS_H                        = 0x9D8
-	SYS___CEXPF_B                       = 0x9EC
-	SYS___CEXPF_H                       = 0x9ED
-	SYS___CEXPL_B                       = 0x9EF
-	SYS___CEXPL_H                       = 0x9F0
-	SYS___CEXP_B                        = 0x9E9
-	SYS___CEXP_H                        = 0x9EA
-	SYS___CIMAGF_B                      = 0x9F5
-	SYS___CIMAGF_H                      = 0x9F6
-	SYS___CIMAGL_B                      = 0x9F8
-	SYS___CIMAGL_H                      = 0x9F9
-	SYS___CIMAG_B                       = 0x9F2
-	SYS___CIMAG_H                       = 0x9F3
-	SYS___CLOG                          = 0x9FA
-	SYS___CLOGF_B                       = 0x9FE
-	SYS___CLOGF_H                       = 0x9FF
-	SYS___CLOG_B                        = 0x9FB
-	SYS___CLOG_H                        = 0x9FC
-	SYS_ISWCTYPE                        = 0x10C
-	SYS_ISWXDIGI                        = 0x10A
-	SYS_ISWXDIGIT                       = 0x10A
-	SYS_MBSINIT                         = 0x10F
-	SYS_TOWLOWER                        = 0x10D
-	SYS_TOWUPPER                        = 0x10E
-	SYS_WCTYPE                          = 0x10B
-	SYS_WCSSTR                          = 0x11B
-	SYS___RPMTCH                        = 0x11A
-	SYS_WCSTOD                          = 0x12E
-	SYS_WCSTOK                          = 0x12C
-	SYS_WCSTOL                          = 0x12D
-	SYS_WCSTOUL                         = 0x12F
-	SYS_FGETWC                          = 0x13C
-	SYS_FGETWS                          = 0x13D
-	SYS_FPUTWC                          = 0x13E
-	SYS_FPUTWS                          = 0x13F
-	SYS_REGERROR                        = 0x13B
-	SYS_REGFREE                         = 0x13A
-	SYS_COLLEQUIV                       = 0x14F
-	SYS_COLLTOSTR                       = 0x14E
-	SYS_ISMCCOLLEL                      = 0x14C
-	SYS_STRTOCOLL                       = 0x14D
-	SYS_DLLFREE                         = 0x16F
-	SYS_DLLQUERYFN                      = 0x16D
-	SYS_DLLQUERYVAR                     = 0x16E
-	SYS_GETMCCOLL                       = 0x16A
-	SYS_GETWMCCOLL                      = 0x16B
-	SYS___ERR2AD                        = 0x16C
-	SYS_CFSETOSPEED                     = 0x17A
-	SYS_CHDIR                           = 0x17B
-	SYS_CHMOD                           = 0x17C
-	SYS_CHOWN                           = 0x17D
-	SYS_CLOSE                           = 0x17E
-	SYS_CLOSEDIR                        = 0x17F
-	SYS_LOG                             = 0x017
-	SYS_COSH                            = 0x018
-	SYS_FCHMOD                          = 0x18A
-	SYS_FCHOWN                          = 0x18B
-	SYS_FCNTL                           = 0x18C
-	SYS_FILENO                          = 0x18D
-	SYS_FORK                            = 0x18E
-	SYS_FPATHCONF                       = 0x18F
-	SYS_GETLOGIN                        = 0x19A
-	SYS_GETPGRP                         = 0x19C
-	SYS_GETPID                          = 0x19D
-	SYS_GETPPID                         = 0x19E
-	SYS_GETPWNAM                        = 0x19F
-	SYS_TANH                            = 0x019
-	SYS_W_GETMNTENT                     = 0x19B
-	SYS_POW                             = 0x020
-	SYS_PTHREAD_SELF                    = 0x20A
-	SYS_PTHREAD_SETINTR                 = 0x20B
-	SYS_PTHREAD_SETINTRTYPE             = 0x20C
-	SYS_PTHREAD_SETSPECIFIC             = 0x20D
-	SYS_PTHREAD_TESTINTR                = 0x20E
-	SYS_PTHREAD_YIELD                   = 0x20F
-	SYS_SQRT                            = 0x021
-	SYS_FLOOR                           = 0x022
-	SYS_J1                              = 0x023
-	SYS_WCSPBRK                         = 0x23F
-	SYS_BSEARCH                         = 0x24C
-	SYS_FABS                            = 0x024
-	SYS_GETENV                          = 0x24A
-	SYS_LDIV                            = 0x24D
-	SYS_SYSTEM                          = 0x24B
-	SYS_FMOD                            = 0x025
-	SYS___RETHROW                       = 0x25F
-	SYS___THROW                         = 0x25E
-	SYS_J0                              = 0x026
-	SYS_PUTENV                          = 0x26A
-	SYS___GETENV                        = 0x26F
-	SYS_SEMCTL                          = 0x27A
-	SYS_SEMGET                          = 0x27B
-	SYS_SEMOP                           = 0x27C
-	SYS_SHMAT                           = 0x27D
-	SYS_SHMCTL                          = 0x27E
-	SYS_SHMDT                           = 0x27F
-	SYS_YN                              = 0x027
-	SYS_JN                              = 0x028
-	SYS_SIGALTSTACK                     = 0x28A
-	SYS_SIGHOLD                         = 0x28B
-	SYS_SIGIGNORE                       = 0x28C
-	SYS_SIGINTERRUPT                    = 0x28D
-	SYS_SIGPAUSE                        = 0x28E
-	SYS_SIGRELSE                        = 0x28F
-	SYS_GETOPT                          = 0x29A
-	SYS_GETSUBOPT                       = 0x29D
-	SYS_LCHOWN                          = 0x29B
-	SYS_SETPGRP                         = 0x29E
-	SYS_TRUNCATE                        = 0x29C
-	SYS_Y0                              = 0x029
-	SYS___GDERR                         = 0x29F
-	SYS_ISALPHA                         = 0x030
-	SYS_VFORK                           = 0x30F
-	SYS__LONGJMP                        = 0x30D
-	SYS__SETJMP                         = 0x30E
-	SYS_GLOB                            = 0x31A
-	SYS_GLOBFREE                        = 0x31B
-	SYS_ISALNUM                         = 0x031
-	SYS_PUTW                            = 0x31C
-	SYS_SEEKDIR                         = 0x31D
-	SYS_TELLDIR                         = 0x31E
-	SYS_TEMPNAM                         = 0x31F
-	SYS_GETTIMEOFDAY_R                  = 0x32E
-	SYS_ISLOWER                         = 0x032
-	SYS_LGAMMA                          = 0x32C
-	SYS_REMAINDER                       = 0x32A
-	SYS_SCALB                           = 0x32B
-	SYS_SYNC                            = 0x32F
-	SYS_TTYSLOT                         = 0x32D
-	SYS_ENDPROTOENT                     = 0x33A
-	SYS_ENDSERVENT                      = 0x33B
-	SYS_GETHOSTBYADDR                   = 0x33D
-	SYS_GETHOSTBYADDR_R                 = 0x33C
-	SYS_GETHOSTBYNAME                   = 0x33F
-	SYS_GETHOSTBYNAME_R                 = 0x33E
-	SYS_ISCNTRL                         = 0x033
-	SYS_GETSERVBYNAME                   = 0x34A
-	SYS_GETSERVBYPORT                   = 0x34B
-	SYS_GETSERVENT                      = 0x34C
-	SYS_GETSOCKNAME                     = 0x34D
-	SYS_GETSOCKOPT                      = 0x34E
-	SYS_INET_ADDR                       = 0x34F
-	SYS_ISDIGIT                         = 0x034
-	SYS_ISGRAPH                         = 0x035
-	SYS_SELECT                          = 0x35B
-	SYS_SELECTEX                        = 0x35C
-	SYS_SEND                            = 0x35D
-	SYS_SENDTO                          = 0x35F
-	SYS_CHROOT                          = 0x36A
-	SYS_ISNAN                           = 0x36D
-	SYS_ISUPPER                         = 0x036
-	SYS_ULIMIT                          = 0x36C
-	SYS_UTIMES                          = 0x36E
-	SYS_W_STATVFS                       = 0x36B
-	SYS___H_ERRNO                       = 0x36F
-	SYS_GRANTPT                         = 0x37A
-	SYS_ISPRINT                         = 0x037
-	SYS_TCGETSID                        = 0x37C
-	SYS_UNLOCKPT                        = 0x37B
-	SYS___TCGETCP                       = 0x37D
-	SYS___TCSETCP                       = 0x37E
-	SYS___TCSETTABLES                   = 0x37F
-	SYS_ISPUNCT                         = 0x038
-	SYS_NLIST                           = 0x38C
-	SYS___IPDBCS                        = 0x38D
-	SYS___IPDSPX                        = 0x38E
-	SYS___IPMSGC                        = 0x38F
-	SYS___STHOSTENT                     = 0x38B
-	SYS___STSERVENT                     = 0x38A
-	SYS_ISSPACE                         = 0x039
-	SYS_COS                             = 0x040
-	SYS_T_ALLOC                         = 0x40A
-	SYS_T_BIND                          = 0x40B
-	SYS_T_CLOSE                         = 0x40C
-	SYS_T_CONNECT                       = 0x40D
-	SYS_T_ERROR                         = 0x40E
-	SYS_T_FREE                          = 0x40F
-	SYS_TAN                             = 0x041
-	SYS_T_RCVREL                        = 0x41A
-	SYS_T_RCVUDATA                      = 0x41B
-	SYS_T_RCVUDERR                      = 0x41C
-	SYS_T_SND                           = 0x41D
-	SYS_T_SNDDIS                        = 0x41E
-	SYS_T_SNDREL                        = 0x41F
-	SYS_GETPMSG                         = 0x42A
-	SYS_ISASTREAM                       = 0x42B
-	SYS_PUTMSG                          = 0x42C
-	SYS_PUTPMSG                         = 0x42D
-	SYS_SINH                            = 0x042
-	SYS___ISPOSIXON                     = 0x42E
-	SYS___OPENMVSREL                    = 0x42F
-	SYS_ACOS                            = 0x043
-	SYS_ATAN                            = 0x044
-	SYS_ATAN2                           = 0x045
-	SYS_FTELL                           = 0x046
-	SYS_FGETPOS                         = 0x047
-	SYS_SOCK_DEBUG                      = 0x47A
-	SYS_SOCK_DO_TESTSTOR                = 0x47D
-	SYS_TAKESOCKET                      = 0x47E
-	SYS___SERVER_INIT                   = 0x47F
-	SYS_FSEEK                           = 0x048
-	SYS___IPHOST                        = 0x48B
-	SYS___IPNODE                        = 0x48C
-	SYS___SERVER_CLASSIFY_CREATE        = 0x48D
-	SYS___SERVER_CLASSIFY_DESTROY       = 0x48E
-	SYS___SERVER_CLASSIFY_RESET         = 0x48F
-	SYS___SMF_RECORD                    = 0x48A
-	SYS_FSETPOS                         = 0x049
-	SYS___FNWSA                         = 0x49B
-	SYS___SPAWN2                        = 0x49D
-	SYS___SPAWNP2                       = 0x49E
-	SYS_ATOF                            = 0x050
-	SYS_PTHREAD_MUTEXATTR_GETPSHARED    = 0x50A
-	SYS_PTHREAD_MUTEXATTR_SETPSHARED    = 0x50B
-	SYS_PTHREAD_RWLOCK_DESTROY          = 0x50C
-	SYS_PTHREAD_RWLOCK_INIT             = 0x50D
-	SYS_PTHREAD_RWLOCK_RDLOCK           = 0x50E
-	SYS_PTHREAD_RWLOCK_TRYRDLOCK        = 0x50F
-	SYS_ATOI                            = 0x051
-	SYS___FP_CLASS                      = 0x51D
-	SYS___FP_CLR_FLAG                   = 0x51A
-	SYS___FP_FINITE                     = 0x51E
-	SYS___FP_ISNAN                      = 0x51F
-	SYS___FP_RAISE_XCP                  = 0x51C
-	SYS___FP_READ_FLAG                  = 0x51B
-	SYS_RAND                            = 0x052
-	SYS_SIGTIMEDWAIT                    = 0x52D
-	SYS_SIGWAITINFO                     = 0x52E
-	SYS___CHKBFP                        = 0x52F
-	SYS___FPC_RS                        = 0x52C
-	SYS___FPC_RW                        = 0x52A
-	SYS___FPC_SM                        = 0x52B
-	SYS_STRTOD                          = 0x053
-	SYS_STRTOL                          = 0x054
-	SYS_STRTOUL                         = 0x055
-	SYS_MALLOC                          = 0x056
-	SYS_SRAND                           = 0x057
-	SYS_CALLOC                          = 0x058
-	SYS_FREE                            = 0x059
-	SYS___OSENV                         = 0x59F
-	SYS___W_PIOCTL                      = 0x59E
-	SYS_LONGJMP                         = 0x060
-	SYS___FLOORF_B                      = 0x60A
-	SYS___FLOORL_B                      = 0x60B
-	SYS___FREXPF_B                      = 0x60C
-	SYS___FREXPL_B                      = 0x60D
-	SYS___LDEXPF_B                      = 0x60E
-	SYS___LDEXPL_B                      = 0x60F
-	SYS_SIGNAL                          = 0x061
-	SYS___ATAN2F_B                      = 0x61A
-	SYS___ATAN2L_B                      = 0x61B
-	SYS___COSHF_B                       = 0x61C
-	SYS___COSHL_B                       = 0x61D
-	SYS___EXPF_B                        = 0x61E
-	SYS___EXPL_B                        = 0x61F
-	SYS_TMPNAM                          = 0x062
-	SYS___ABSF_B                        = 0x62A
-	SYS___ABSL_B                        = 0x62C
-	SYS___ABS_B                         = 0x62B
-	SYS___FMODF_B                       = 0x62D
-	SYS___FMODL_B                       = 0x62E
-	SYS___MODFF_B                       = 0x62F
-	SYS_ATANL                           = 0x63A
-	SYS_CEILF                           = 0x63B
-	SYS_CEILL                           = 0x63C
-	SYS_COSF                            = 0x63D
-	SYS_COSHF                           = 0x63F
-	SYS_COSL                            = 0x63E
-	SYS_REMOVE                          = 0x063
-	SYS_POWL                            = 0x64A
-	SYS_RENAME                          = 0x064
-	SYS_SINF                            = 0x64B
-	SYS_SINHF                           = 0x64F
-	SYS_SINL                            = 0x64C
-	SYS_SQRTF                           = 0x64D
-	SYS_SQRTL                           = 0x64E
-	SYS_BTOWC                           = 0x65F
-	SYS_FREXPL                          = 0x65A
-	SYS_LDEXPF                          = 0x65B
-	SYS_LDEXPL                          = 0x65C
-	SYS_MODFF                           = 0x65D
-	SYS_MODFL                           = 0x65E
-	SYS_TMPFILE                         = 0x065
-	SYS_FREOPEN                         = 0x066
-	SYS___CHARMAP_INIT_A                = 0x66E
-	SYS___GETHOSTBYADDR_R_A             = 0x66C
-	SYS___GETHOSTBYNAME_A               = 0x66A
-	SYS___GETHOSTBYNAME_R_A             = 0x66D
-	SYS___MBLEN_A                       = 0x66F
-	SYS___RES_INIT_A                    = 0x66B
-	SYS_FCLOSE                          = 0x067
-	SYS___GETGRGID_R_A                  = 0x67D
-	SYS___WCSTOMBS_A                    = 0x67A
-	SYS___WCSTOMBS_STD_A                = 0x67B
-	SYS___WCSWIDTH_A                    = 0x67C
-	SYS___WCSWIDTH_ASIA                 = 0x67F
-	SYS___WCSWIDTH_STD_A                = 0x67E
-	SYS_FFLUSH                          = 0x068
-	SYS___GETLOGIN_R_A                  = 0x68E
-	SYS___GETPWNAM_R_A                  = 0x68C
-	SYS___GETPWUID_R_A                  = 0x68D
-	SYS___TTYNAME_R_A                   = 0x68F
-	SYS___WCWIDTH_ASIA                  = 0x68B
-	SYS___WCWIDTH_STD_A                 = 0x68A
-	SYS_FOPEN                           = 0x069
-	SYS___REGEXEC_A                     = 0x69A
-	SYS___REGEXEC_STD_A                 = 0x69B
-	SYS___REGFREE_A                     = 0x69C
-	SYS___REGFREE_STD_A                 = 0x69D
-	SYS___STRCOLL_A                     = 0x69E
-	SYS___STRCOLL_C_A                   = 0x69F
-	SYS_SCANF                           = 0x070
-	SYS___A64L_A                        = 0x70C
-	SYS___ECVT_A                        = 0x70D
-	SYS___FCVT_A                        = 0x70E
-	SYS___GCVT_A                        = 0x70F
-	SYS___STRTOUL_A                     = 0x70A
-	SYS_____AE_CORRESTBL_QUERY_A        = 0x70B
-	SYS_SPRINTF                         = 0x071
-	SYS___ACCESS_A                      = 0x71F
-	SYS___CATOPEN_A                     = 0x71E
-	SYS___GETOPT_A                      = 0x71D
-	SYS___REALPATH_A                    = 0x71A
-	SYS___SETENV_A                      = 0x71B
-	SYS___SYSTEM_A                      = 0x71C
-	SYS_FGETC                           = 0x072
-	SYS___GAI_STRERROR_A                = 0x72F
-	SYS___RMDIR_A                       = 0x72A
-	SYS___STATVFS_A                     = 0x72B
-	SYS___SYMLINK_A                     = 0x72C
-	SYS___TRUNCATE_A                    = 0x72D
-	SYS___UNLINK_A                      = 0x72E
-	SYS_VFPRINTF                        = 0x073
-	SYS___ISSPACE_A                     = 0x73A
-	SYS___ISUPPER_A                     = 0x73B
-	SYS___ISWALNUM_A                    = 0x73F
-	SYS___ISXDIGIT_A                    = 0x73C
-	SYS___TOLOWER_A                     = 0x73D
-	SYS___TOUPPER_A                     = 0x73E
-	SYS_VPRINTF                         = 0x074
-	SYS___CONFSTR_A                     = 0x74B
-	SYS___FDOPEN_A                      = 0x74E
-	SYS___FLDATA_A                      = 0x74F
-	SYS___FTOK_A                        = 0x74C
-	SYS___ISWXDIGIT_A                   = 0x74A
-	SYS___MKTEMP_A                      = 0x74D
-	SYS_VSPRINTF                        = 0x075
-	SYS___GETGRGID_A                    = 0x75A
-	SYS___GETGRNAM_A                    = 0x75B
-	SYS___GETGROUPSBYNAME_A             = 0x75C
-	SYS___GETHOSTENT_A                  = 0x75D
-	SYS___GETHOSTNAME_A                 = 0x75E
-	SYS___GETLOGIN_A                    = 0x75F
-	SYS_GETC                            = 0x076
-	SYS___CREATEWORKUNIT_A              = 0x76A
-	SYS___CTERMID_A                     = 0x76B
-	SYS___FMTMSG_A                      = 0x76C
-	SYS___INITGROUPS_A                  = 0x76D
-	SYS___MSGRCV_A                      = 0x76F
-	SYS_____LOGIN_A                     = 0x76E
-	SYS_FGETS                           = 0x077
-	SYS___STRCASECMP_A                  = 0x77B
-	SYS___STRNCASECMP_A                 = 0x77C
-	SYS___TTYNAME_A                     = 0x77D
-	SYS___UNAME_A                       = 0x77E
-	SYS___UTIMES_A                      = 0x77F
-	SYS_____SERVER_PWU_A                = 0x77A
-	SYS_FPUTC                           = 0x078
-	SYS___CREAT_O_A                     = 0x78E
-	SYS___ENVNA                         = 0x78F
-	SYS___FREAD_A                       = 0x78A
-	SYS___FWRITE_A                      = 0x78B
-	SYS___ISASCII                       = 0x78D
-	SYS___OPEN_O_A                      = 0x78C
-	SYS_FPUTS                           = 0x079
-	SYS___ASCTIME_A                     = 0x79C
-	SYS___CTIME_A                       = 0x79D
-	SYS___GETDATE_A                     = 0x79E
-	SYS___GETSERVBYPORT_A               = 0x79A
-	SYS___GETSERVENT_A                  = 0x79B
-	SYS___TZSET_A                       = 0x79F
-	SYS_ACL_FROM_TEXT                   = 0x80C
-	SYS_ACL_SET_FD                      = 0x80A
-	SYS_ACL_SET_FILE                    = 0x80B
-	SYS_ACL_SORT                        = 0x80E
-	SYS_ACL_TO_TEXT                     = 0x80D
-	SYS_UNGETC                          = 0x080
-	SYS___SHUTDOWN_REGISTRATION         = 0x80F
-	SYS_FREAD                           = 0x081
-	SYS_FREEADDRINFO                    = 0x81A
-	SYS_GAI_STRERROR                    = 0x81B
-	SYS_REXEC_AF                        = 0x81C
-	SYS___DYNALLOC_A                    = 0x81F
-	SYS___POE                           = 0x81D
-	SYS_WCSTOMBS                        = 0x082
-	SYS___INET_ADDR_A                   = 0x82F
-	SYS___NLIST_A                       = 0x82A
-	SYS_____TCGETCP_A                   = 0x82B
-	SYS_____TCSETCP_A                   = 0x82C
-	SYS_____W_PIOCTL_A                  = 0x82E
-	SYS_MBTOWC                          = 0x083
-	SYS___CABEND                        = 0x83D
-	SYS___LE_CIB_GET                    = 0x83E
-	SYS___RECVMSG_A                     = 0x83B
-	SYS___SENDMSG_A                     = 0x83A
-	SYS___SET_LAA_FOR_JIT               = 0x83F
-	SYS_____LCHATTR_A                   = 0x83C
-	SYS_WCTOMB                          = 0x084
-	SYS___CBRTL_B                       = 0x84A
-	SYS___COPYSIGNF_B                   = 0x84B
-	SYS___COPYSIGNL_B                   = 0x84C
-	SYS___COTANF_B                      = 0x84D
-	SYS___COTANL_B                      = 0x84F
-	SYS___COTAN_B                       = 0x84E
-	SYS_MBSTOWCS                        = 0x085
-	SYS___LOG1PL_B                      = 0x85A
-	SYS___LOG2F_B                       = 0x85B
-	SYS___LOG2L_B                       = 0x85D
-	SYS___LOG2_B                        = 0x85C
-	SYS___REMAINDERF_B                  = 0x85E
-	SYS___REMAINDERL_B                  = 0x85F
-	SYS_ACOSHF                          = 0x86E
-	SYS_ACOSHL                          = 0x86F
-	SYS_WCSCPY                          = 0x086
-	SYS___ERFCF_B                       = 0x86D
-	SYS___ERFF_B                        = 0x86C
-	SYS___LROUNDF_B                     = 0x86A
-	SYS___LROUND_B                      = 0x86B
-	SYS_COTANL                          = 0x87A
-	SYS_EXP2F                           = 0x87B
-	SYS_EXP2L                           = 0x87C
-	SYS_EXPM1F                          = 0x87D
-	SYS_EXPM1L                          = 0x87E
-	SYS_FDIMF                           = 0x87F
-	SYS_WCSCAT                          = 0x087
-	SYS___COTANL                        = 0x87A
-	SYS_REMAINDERF                      = 0x88A
-	SYS_REMAINDERL                      = 0x88B
-	SYS_REMAINDF                        = 0x88A
-	SYS_REMAINDL                        = 0x88B
-	SYS_REMQUO                          = 0x88D
-	SYS_REMQUOF                         = 0x88C
-	SYS_REMQUOL                         = 0x88E
-	SYS_TGAMMAF                         = 0x88F
-	SYS_WCSCHR                          = 0x088
-	SYS_ERFCF                           = 0x89B
-	SYS_ERFCL                           = 0x89C
-	SYS_ERFL                            = 0x89A
-	SYS_EXP2                            = 0x89E
-	SYS_WCSCMP                          = 0x089
-	SYS___EXP2_B                        = 0x89D
-	SYS___FAR_JUMP                      = 0x89F
-	SYS_ABS                             = 0x090
-	SYS___ERFCL_H                       = 0x90A
-	SYS___EXPF_H                        = 0x90C
-	SYS___EXPL_H                        = 0x90D
-	SYS___EXPM1_H                       = 0x90E
-	SYS___EXP_H                         = 0x90B
-	SYS___FDIM_H                        = 0x90F
-	SYS_DIV                             = 0x091
-	SYS___LOG2F_H                       = 0x91F
-	SYS___LOG2_H                        = 0x91E
-	SYS___LOGB_H                        = 0x91D
-	SYS___LOGF_H                        = 0x91B
-	SYS___LOGL_H                        = 0x91C
-	SYS___LOG_H                         = 0x91A
-	SYS_LABS                            = 0x092
-	SYS___POWL_H                        = 0x92A
-	SYS___REMAINDER_H                   = 0x92B
-	SYS___RINT_H                        = 0x92C
-	SYS___SCALB_H                       = 0x92D
-	SYS___SINF_H                        = 0x92F
-	SYS___SIN_H                         = 0x92E
-	SYS_STRNCPY                         = 0x093
-	SYS___TANHF_H                       = 0x93B
-	SYS___TANHL_H                       = 0x93C
-	SYS___TANH_H                        = 0x93A
-	SYS___TGAMMAF_H                     = 0x93E
-	SYS___TGAMMA_H                      = 0x93D
-	SYS___TRUNC_H                       = 0x93F
-	SYS_MEMCPY                          = 0x094
-	SYS_VFWSCANF                        = 0x94A
-	SYS_VSWSCANF                        = 0x94E
-	SYS_VWSCANF                         = 0x94C
-	SYS_INET6_RTH_ADD                   = 0x95D
-	SYS_INET6_RTH_INIT                  = 0x95C
-	SYS_INET6_RTH_REVERSE               = 0x95E
-	SYS_INET6_RTH_SEGMENTS              = 0x95F
-	SYS_INET6_RTH_SPACE                 = 0x95B
-	SYS_MEMMOVE                         = 0x095
-	SYS_WCSTOLD                         = 0x95A
-	SYS_STRCPY                          = 0x096
-	SYS_STRCMP                          = 0x097
-	SYS_CABS                            = 0x98E
-	SYS_STRCAT                          = 0x098
-	SYS___CABS_B                        = 0x98F
-	SYS___POW_II                        = 0x98A
-	SYS___POW_II_B                      = 0x98B
-	SYS___POW_II_H                      = 0x98C
-	SYS_CACOSF                          = 0x99A
-	SYS_CACOSL                          = 0x99D
-	SYS_STRNCAT                         = 0x099
-	SYS___CACOSF_B                      = 0x99B
-	SYS___CACOSF_H                      = 0x99C
-	SYS___CACOSL_B                      = 0x99E
-	SYS___CACOSL_H                      = 0x99F
-	SYS_ISWALPHA                        = 0x100
-	SYS_ISWBLANK                        = 0x101
-	SYS___ISWBLK                        = 0x101
-	SYS_ISWCNTRL                        = 0x102
-	SYS_ISWDIGIT                        = 0x103
-	SYS_ISWGRAPH                        = 0x104
-	SYS_ISWLOWER                        = 0x105
-	SYS_ISWPRINT                        = 0x106
-	SYS_ISWPUNCT                        = 0x107
-	SYS_ISWSPACE                        = 0x108
-	SYS_ISWUPPER                        = 0x109
-	SYS_WCTOB                           = 0x110
-	SYS_MBRLEN                          = 0x111
-	SYS_MBRTOWC                         = 0x112
-	SYS_MBSRTOWC                        = 0x113
-	SYS_MBSRTOWCS                       = 0x113
-	SYS_WCRTOMB                         = 0x114
-	SYS_WCSRTOMB                        = 0x115
-	SYS_WCSRTOMBS                       = 0x115
-	SYS___CSID                          = 0x116
-	SYS___WCSID                         = 0x117
-	SYS_STRPTIME                        = 0x118
-	SYS___STRPTM                        = 0x118
-	SYS_STRFMON                         = 0x119
-	SYS_WCSCOLL                         = 0x130
-	SYS_WCSXFRM                         = 0x131
-	SYS_WCSWIDTH                        = 0x132
-	SYS_WCWIDTH                         = 0x133
-	SYS_WCSFTIME                        = 0x134
-	SYS_SWPRINTF                        = 0x135
-	SYS_VSWPRINT                        = 0x136
-	SYS_VSWPRINTF                       = 0x136
-	SYS_SWSCANF                         = 0x137
-	SYS_REGCOMP                         = 0x138
-	SYS_REGEXEC                         = 0x139
-	SYS_GETWC                           = 0x140
-	SYS_GETWCHAR                        = 0x141
-	SYS_PUTWC                           = 0x142
-	SYS_PUTWCHAR                        = 0x143
-	SYS_UNGETWC                         = 0x144
-	SYS_ICONV_OPEN                      = 0x145
-	SYS_ICONV                           = 0x146
-	SYS_ICONV_CLOSE                     = 0x147
-	SYS_COLLRANGE                       = 0x150
-	SYS_CCLASS                          = 0x151
-	SYS_COLLORDER                       = 0x152
-	SYS___DEMANGLE                      = 0x154
-	SYS_FDOPEN                          = 0x155
-	SYS___ERRNO                         = 0x156
-	SYS___ERRNO2                        = 0x157
-	SYS___TERROR                        = 0x158
-	SYS_MAXCOLL                         = 0x169
-	SYS_DLLLOAD                         = 0x170
-	SYS__EXIT                           = 0x174
-	SYS_ACCESS                          = 0x175
-	SYS_ALARM                           = 0x176
-	SYS_CFGETISPEED                     = 0x177
-	SYS_CFGETOSPEED                     = 0x178
-	SYS_CFSETISPEED                     = 0x179
-	SYS_CREAT                           = 0x180
-	SYS_CTERMID                         = 0x181
-	SYS_DUP                             = 0x182
-	SYS_DUP2                            = 0x183
-	SYS_EXECL                           = 0x184
-	SYS_EXECLE                          = 0x185
-	SYS_EXECLP                          = 0x186
-	SYS_EXECV                           = 0x187
-	SYS_EXECVE                          = 0x188
-	SYS_EXECVP                          = 0x189
-	SYS_FSTAT                           = 0x190
-	SYS_FSYNC                           = 0x191
-	SYS_FTRUNCATE                       = 0x192
-	SYS_GETCWD                          = 0x193
-	SYS_GETEGID                         = 0x194
-	SYS_GETEUID                         = 0x195
-	SYS_GETGID                          = 0x196
-	SYS_GETGRGID                        = 0x197
-	SYS_GETGRNAM                        = 0x198
-	SYS_GETGROUPS                       = 0x199
-	SYS_PTHREAD_MUTEXATTR_DESTROY       = 0x200
-	SYS_PTHREAD_MUTEXATTR_SETKIND_NP    = 0x201
-	SYS_PTHREAD_MUTEXATTR_GETKIND_NP    = 0x202
-	SYS_PTHREAD_MUTEX_INIT              = 0x203
-	SYS_PTHREAD_MUTEX_DESTROY           = 0x204
-	SYS_PTHREAD_MUTEX_LOCK              = 0x205
-	SYS_PTHREAD_MUTEX_TRYLOCK           = 0x206
-	SYS_PTHREAD_MUTEX_UNLOCK            = 0x207
-	SYS_PTHREAD_ONCE                    = 0x209
-	SYS_TW_OPEN                         = 0x210
-	SYS_TW_FCNTL                        = 0x211
-	SYS_PTHREAD_JOIN_D4_NP              = 0x212
-	SYS_PTHREAD_CONDATTR_SETKIND_NP     = 0x213
-	SYS_PTHREAD_CONDATTR_GETKIND_NP     = 0x214
-	SYS_EXTLINK_NP                      = 0x215
-	SYS___PASSWD                        = 0x216
-	SYS_SETGROUPS                       = 0x217
-	SYS_INITGROUPS                      = 0x218
-	SYS_WCSRCHR                         = 0x240
-	SYS_SVC99                           = 0x241
-	SYS___SVC99                         = 0x241
-	SYS_WCSWCS                          = 0x242
-	SYS_LOCALECO                        = 0x243
-	SYS_LOCALECONV                      = 0x243
-	SYS___LIBREL                        = 0x244
-	SYS_RELEASE                         = 0x245
-	SYS___RLSE                          = 0x245
-	SYS_FLOCATE                         = 0x246
-	SYS___FLOCT                         = 0x246
-	SYS_FDELREC                         = 0x247
-	SYS___FDLREC                        = 0x247
-	SYS_FETCH                           = 0x248
-	SYS___FETCH                         = 0x248
-	SYS_QSORT                           = 0x249
-	SYS___CLEANUPCATCH                  = 0x260
-	SYS___CATCHMATCH                    = 0x261
-	SYS___CLEAN2UPCATCH                 = 0x262
-	SYS_GETPRIORITY                     = 0x270
-	SYS_NICE                            = 0x271
-	SYS_SETPRIORITY                     = 0x272
-	SYS_GETITIMER                       = 0x273
-	SYS_SETITIMER                       = 0x274
-	SYS_MSGCTL                          = 0x275
-	SYS_MSGGET                          = 0x276
-	SYS_MSGRCV                          = 0x277
-	SYS_MSGSND                          = 0x278
-	SYS_MSGXRCV                         = 0x279
-	SYS___MSGXR                         = 0x279
-	SYS_SHMGET                          = 0x280
-	SYS___GETIPC                        = 0x281
-	SYS_SETGRENT                        = 0x282
-	SYS_GETGRENT                        = 0x283
-	SYS_ENDGRENT                        = 0x284
-	SYS_SETPWENT                        = 0x285
-	SYS_GETPWENT                        = 0x286
-	SYS_ENDPWENT                        = 0x287
-	SYS_BSD_SIGNAL                      = 0x288
-	SYS_KILLPG                          = 0x289
-	SYS_SIGSET                          = 0x290
-	SYS_SIGSTACK                        = 0x291
-	SYS_GETRLIMIT                       = 0x292
-	SYS_SETRLIMIT                       = 0x293
-	SYS_GETRUSAGE                       = 0x294
-	SYS_MMAP                            = 0x295
-	SYS_MPROTECT                        = 0x296
-	SYS_MSYNC                           = 0x297
-	SYS_MUNMAP                          = 0x298
-	SYS_CONFSTR                         = 0x299
-	SYS___NDMTRM                        = 0x300
-	SYS_FTOK                            = 0x301
-	SYS_BASENAME                        = 0x302
-	SYS_DIRNAME                         = 0x303
-	SYS_GETDTABLESIZE                   = 0x304
-	SYS_MKSTEMP                         = 0x305
-	SYS_MKTEMP                          = 0x306
-	SYS_NFTW                            = 0x307
-	SYS_GETWD                           = 0x308
-	SYS_LOCKF                           = 0x309
-	SYS_WORDEXP                         = 0x310
-	SYS_WORDFREE                        = 0x311
-	SYS_GETPGID                         = 0x312
-	SYS_GETSID                          = 0x313
-	SYS___UTMPXNAME                     = 0x314
-	SYS_CUSERID                         = 0x315
-	SYS_GETPASS                         = 0x316
-	SYS_FNMATCH                         = 0x317
-	SYS_FTW                             = 0x318
-	SYS_GETW                            = 0x319
-	SYS_ACOSH                           = 0x320
-	SYS_ASINH                           = 0x321
-	SYS_ATANH                           = 0x322
-	SYS_CBRT                            = 0x323
-	SYS_EXPM1                           = 0x324
-	SYS_ILOGB                           = 0x325
-	SYS_LOGB                            = 0x326
-	SYS_LOG1P                           = 0x327
-	SYS_NEXTAFTER                       = 0x328
-	SYS_RINT                            = 0x329
-	SYS_SPAWN                           = 0x330
-	SYS_SPAWNP                          = 0x331
-	SYS_GETLOGIN_UU                     = 0x332
-	SYS_ECVT                            = 0x333
-	SYS_FCVT                            = 0x334
-	SYS_GCVT                            = 0x335
-	SYS_ACCEPT                          = 0x336
-	SYS_BIND                            = 0x337
-	SYS_CONNECT                         = 0x338
-	SYS_ENDHOSTENT                      = 0x339
-	SYS_GETHOSTENT                      = 0x340
-	SYS_GETHOSTID                       = 0x341
-	SYS_GETHOSTNAME                     = 0x342
-	SYS_GETNETBYADDR                    = 0x343
-	SYS_GETNETBYNAME                    = 0x344
-	SYS_GETNETENT                       = 0x345
-	SYS_GETPEERNAME                     = 0x346
-	SYS_GETPROTOBYNAME                  = 0x347
-	SYS_GETPROTOBYNUMBER                = 0x348
-	SYS_GETPROTOENT                     = 0x349
-	SYS_INET_LNAOF                      = 0x350
-	SYS_INET_MAKEADDR                   = 0x351
-	SYS_INET_NETOF                      = 0x352
-	SYS_INET_NETWORK                    = 0x353
-	SYS_INET_NTOA                       = 0x354
-	SYS_IOCTL                           = 0x355
-	SYS_LISTEN                          = 0x356
-	SYS_READV                           = 0x357
-	SYS_RECV                            = 0x358
-	SYS_RECVFROM                        = 0x359
-	SYS_SETHOSTENT                      = 0x360
-	SYS_SETNETENT                       = 0x361
-	SYS_SETPEER                         = 0x362
-	SYS_SETPROTOENT                     = 0x363
-	SYS_SETSERVENT                      = 0x364
-	SYS_SETSOCKOPT                      = 0x365
-	SYS_SHUTDOWN                        = 0x366
-	SYS_SOCKET                          = 0x367
-	SYS_SOCKETPAIR                      = 0x368
-	SYS_WRITEV                          = 0x369
-	SYS_ENDNETENT                       = 0x370
-	SYS_CLOSELOG                        = 0x371
-	SYS_OPENLOG                         = 0x372
-	SYS_SETLOGMASK                      = 0x373
-	SYS_SYSLOG                          = 0x374
-	SYS_PTSNAME                         = 0x375
-	SYS_SETREUID                        = 0x376
-	SYS_SETREGID                        = 0x377
-	SYS_REALPATH                        = 0x378
-	SYS___SIGNGAM                       = 0x379
-	SYS_POLL                            = 0x380
-	SYS_REXEC                           = 0x381
-	SYS___ISASCII2                      = 0x382
-	SYS___TOASCII2                      = 0x383
-	SYS_CHPRIORITY                      = 0x384
-	SYS_PTHREAD_ATTR_SETSYNCTYPE_NP     = 0x385
-	SYS_PTHREAD_ATTR_GETSYNCTYPE_NP     = 0x386
-	SYS_PTHREAD_SET_LIMIT_NP            = 0x387
-	SYS___STNETENT                      = 0x388
-	SYS___STPROTOENT                    = 0x389
-	SYS___SELECT1                       = 0x390
-	SYS_PTHREAD_SECURITY_NP             = 0x391
-	SYS___CHECK_RESOURCE_AUTH_NP        = 0x392
-	SYS___CONVERT_ID_NP                 = 0x393
-	SYS___OPENVMREL                     = 0x394
-	SYS_WMEMCHR                         = 0x395
-	SYS_WMEMCMP                         = 0x396
-	SYS_WMEMCPY                         = 0x397
-	SYS_WMEMMOVE                        = 0x398
-	SYS_WMEMSET                         = 0x399
-	SYS___FPUTWC                        = 0x400
-	SYS___PUTWC                         = 0x401
-	SYS___PWCHAR                        = 0x402
-	SYS___WCSFTM                        = 0x403
-	SYS___WCSTOK                        = 0x404
-	SYS___WCWDTH                        = 0x405
-	SYS_T_ACCEPT                        = 0x409
-	SYS_T_GETINFO                       = 0x410
-	SYS_T_GETPROTADDR                   = 0x411
-	SYS_T_GETSTATE                      = 0x412
-	SYS_T_LISTEN                        = 0x413
-	SYS_T_LOOK                          = 0x414
-	SYS_T_OPEN                          = 0x415
-	SYS_T_OPTMGMT                       = 0x416
-	SYS_T_RCV                           = 0x417
-	SYS_T_RCVCONNECT                    = 0x418
-	SYS_T_RCVDIS                        = 0x419
-	SYS_T_SNDUDATA                      = 0x420
-	SYS_T_STRERROR                      = 0x421
-	SYS_T_SYNC                          = 0x422
-	SYS_T_UNBIND                        = 0x423
-	SYS___T_ERRNO                       = 0x424
-	SYS___RECVMSG2                      = 0x425
-	SYS___SENDMSG2                      = 0x426
-	SYS_FATTACH                         = 0x427
-	SYS_FDETACH                         = 0x428
-	SYS_GETMSG                          = 0x429
-	SYS_GETCONTEXT                      = 0x430
-	SYS_SETCONTEXT                      = 0x431
-	SYS_MAKECONTEXT                     = 0x432
-	SYS_SWAPCONTEXT                     = 0x433
-	SYS_PTHREAD_GETSPECIFIC_D8_NP       = 0x434
-	SYS_GETCLIENTID                     = 0x470
-	SYS___GETCLIENTID                   = 0x471
-	SYS_GETSTABLESIZE                   = 0x472
-	SYS_GETIBMOPT                       = 0x473
-	SYS_GETIBMSOCKOPT                   = 0x474
-	SYS_GIVESOCKET                      = 0x475
-	SYS_IBMSFLUSH                       = 0x476
-	SYS_MAXDESC                         = 0x477
-	SYS_SETIBMOPT                       = 0x478
-	SYS_SETIBMSOCKOPT                   = 0x479
-	SYS___SERVER_PWU                    = 0x480
-	SYS_PTHREAD_TAG_NP                  = 0x481
-	SYS___CONSOLE                       = 0x482
-	SYS___WSINIT                        = 0x483
-	SYS___IPTCPN                        = 0x489
-	SYS___SERVER_CLASSIFY               = 0x490
-	SYS___HEAPRPT                       = 0x496
-	SYS___ISBFP                         = 0x500
-	SYS___FP_CAST                       = 0x501
-	SYS___CERTIFICATE                   = 0x502
-	SYS_SEND_FILE                       = 0x503
-	SYS_AIO_CANCEL                      = 0x504
-	SYS_AIO_ERROR                       = 0x505
-	SYS_AIO_READ                        = 0x506
-	SYS_AIO_RETURN                      = 0x507
-	SYS_AIO_SUSPEND                     = 0x508
-	SYS_AIO_WRITE                       = 0x509
-	SYS_PTHREAD_RWLOCK_TRYWRLOCK        = 0x510
-	SYS_PTHREAD_RWLOCK_UNLOCK           = 0x511
-	SYS_PTHREAD_RWLOCK_WRLOCK           = 0x512
-	SYS_PTHREAD_RWLOCKATTR_GETPSHARED   = 0x513
-	SYS_PTHREAD_RWLOCKATTR_SETPSHARED   = 0x514
-	SYS_PTHREAD_RWLOCKATTR_INIT         = 0x515
-	SYS_PTHREAD_RWLOCKATTR_DESTROY      = 0x516
-	SYS___CTTBL                         = 0x517
-	SYS_PTHREAD_MUTEXATTR_SETTYPE       = 0x518
-	SYS_PTHREAD_MUTEXATTR_GETTYPE       = 0x519
-	SYS___FP_UNORDERED                  = 0x520
-	SYS___FP_READ_RND                   = 0x521
-	SYS___FP_READ_RND_B                 = 0x522
-	SYS___FP_SWAP_RND                   = 0x523
-	SYS___FP_SWAP_RND_B                 = 0x524
-	SYS___FP_LEVEL                      = 0x525
-	SYS___FP_BTOH                       = 0x526
-	SYS___FP_HTOB                       = 0x527
-	SYS___FPC_RD                        = 0x528
-	SYS___FPC_WR                        = 0x529
-	SYS_PTHREAD_SETCANCELTYPE           = 0x600
-	SYS_PTHREAD_TESTCANCEL              = 0x601
-	SYS___ATANF_B                       = 0x602
-	SYS___ATANL_B                       = 0x603
-	SYS___CEILF_B                       = 0x604
-	SYS___CEILL_B                       = 0x605
-	SYS___COSF_B                        = 0x606
-	SYS___COSL_B                        = 0x607
-	SYS___FABSF_B                       = 0x608
-	SYS___FABSL_B                       = 0x609
-	SYS___SINF_B                        = 0x610
-	SYS___SINL_B                        = 0x611
-	SYS___TANF_B                        = 0x612
-	SYS___TANL_B                        = 0x613
-	SYS___TANHF_B                       = 0x614
-	SYS___TANHL_B                       = 0x615
-	SYS___ACOSF_B                       = 0x616
-	SYS___ACOSL_B                       = 0x617
-	SYS___ASINF_B                       = 0x618
-	SYS___ASINL_B                       = 0x619
-	SYS___LOGF_B                        = 0x620
-	SYS___LOGL_B                        = 0x621
-	SYS___LOG10F_B                      = 0x622
-	SYS___LOG10L_B                      = 0x623
-	SYS___POWF_B                        = 0x624
-	SYS___POWL_B                        = 0x625
-	SYS___SINHF_B                       = 0x626
-	SYS___SINHL_B                       = 0x627
-	SYS___SQRTF_B                       = 0x628
-	SYS___SQRTL_B                       = 0x629
-	SYS___MODFL_B                       = 0x630
-	SYS_ABSF                            = 0x631
-	SYS_ABSL                            = 0x632
-	SYS_ACOSF                           = 0x633
-	SYS_ACOSL                           = 0x634
-	SYS_ASINF                           = 0x635
-	SYS_ASINL                           = 0x636
-	SYS_ATAN2F                          = 0x637
-	SYS_ATAN2L                          = 0x638
-	SYS_ATANF                           = 0x639
-	SYS_COSHL                           = 0x640
-	SYS_EXPF                            = 0x641
-	SYS_EXPL                            = 0x642
-	SYS_TANHF                           = 0x643
-	SYS_TANHL                           = 0x644
-	SYS_LOG10F                          = 0x645
-	SYS_LOG10L                          = 0x646
-	SYS_LOGF                            = 0x647
-	SYS_LOGL                            = 0x648
-	SYS_POWF                            = 0x649
-	SYS_SINHL                           = 0x650
-	SYS_TANF                            = 0x651
-	SYS_TANL                            = 0x652
-	SYS_FABSF                           = 0x653
-	SYS_FABSL                           = 0x654
-	SYS_FLOORF                          = 0x655
-	SYS_FLOORL                          = 0x656
-	SYS_FMODF                           = 0x657
-	SYS_FMODL                           = 0x658
-	SYS_FREXPF                          = 0x659
-	SYS___CHATTR                        = 0x660
-	SYS___FCHATTR                       = 0x661
-	SYS___TOCCSID                       = 0x662
-	SYS___CSNAMETYPE                    = 0x663
-	SYS___TOCSNAME                      = 0x664
-	SYS___CCSIDTYPE                     = 0x665
-	SYS___AE_CORRESTBL_QUERY            = 0x666
-	SYS___AE_AUTOCONVERT_STATE          = 0x667
-	SYS_DN_FIND                         = 0x668
-	SYS___GETHOSTBYADDR_A               = 0x669
-	SYS___MBLEN_SB_A                    = 0x670
-	SYS___MBLEN_STD_A                   = 0x671
-	SYS___MBLEN_UTF                     = 0x672
-	SYS___MBSTOWCS_A                    = 0x673
-	SYS___MBSTOWCS_STD_A                = 0x674
-	SYS___MBTOWC_A                      = 0x675
-	SYS___MBTOWC_ISO1                   = 0x676
-	SYS___MBTOWC_SBCS                   = 0x677
-	SYS___MBTOWC_MBCS                   = 0x678
-	SYS___MBTOWC_UTF                    = 0x679
-	SYS___CSID_A                        = 0x680
-	SYS___CSID_STD_A                    = 0x681
-	SYS___WCSID_A                       = 0x682
-	SYS___WCSID_STD_A                   = 0x683
-	SYS___WCTOMB_A                      = 0x684
-	SYS___WCTOMB_ISO1                   = 0x685
-	SYS___WCTOMB_STD_A                  = 0x686
-	SYS___WCTOMB_UTF                    = 0x687
-	SYS___WCWIDTH_A                     = 0x688
-	SYS___GETGRNAM_R_A                  = 0x689
-	SYS___READDIR_R_A                   = 0x690
-	SYS___E2A_S                         = 0x691
-	SYS___FNMATCH_A                     = 0x692
-	SYS___FNMATCH_C_A                   = 0x693
-	SYS___EXECL_A                       = 0x694
-	SYS___FNMATCH_STD_A                 = 0x695
-	SYS___REGCOMP_A                     = 0x696
-	SYS___REGCOMP_STD_A                 = 0x697
-	SYS___REGERROR_A                    = 0x698
-	SYS___REGERROR_STD_A                = 0x699
-	SYS___SWPRINTF_A                    = 0x700
-	SYS___FSCANF_A                      = 0x701
-	SYS___SCANF_A                       = 0x702
-	SYS___SSCANF_A                      = 0x703
-	SYS___SWSCANF_A                     = 0x704
-	SYS___ATOF_A                        = 0x705
-	SYS___ATOI_A                        = 0x706
-	SYS___ATOL_A                        = 0x707
-	SYS___STRTOD_A                      = 0x708
-	SYS___STRTOL_A                      = 0x709
-	SYS___L64A_A                        = 0x710
-	SYS___STRERROR_A                    = 0x711
-	SYS___PERROR_A                      = 0x712
-	SYS___FETCH_A                       = 0x713
-	SYS___GETENV_A                      = 0x714
-	SYS___MKSTEMP_A                     = 0x717
-	SYS___PTSNAME_A                     = 0x718
-	SYS___PUTENV_A                      = 0x719
-	SYS___CHDIR_A                       = 0x720
-	SYS___CHOWN_A                       = 0x721
-	SYS___CHROOT_A                      = 0x722
-	SYS___GETCWD_A                      = 0x723
-	SYS___GETWD_A                       = 0x724
-	SYS___LCHOWN_A                      = 0x725
-	SYS___LINK_A                        = 0x726
-	SYS___PATHCONF_A                    = 0x727
-	SYS___IF_NAMEINDEX_A                = 0x728
-	SYS___READLINK_A                    = 0x729
-	SYS___EXTLINK_NP_A                  = 0x730
-	SYS___ISALNUM_A                     = 0x731
-	SYS___ISALPHA_A                     = 0x732
-	SYS___A2E_S                         = 0x733
-	SYS___ISCNTRL_A                     = 0x734
-	SYS___ISDIGIT_A                     = 0x735
-	SYS___ISGRAPH_A                     = 0x736
-	SYS___ISLOWER_A                     = 0x737
-	SYS___ISPRINT_A                     = 0x738
-	SYS___ISPUNCT_A                     = 0x739
-	SYS___ISWALPHA_A                    = 0x740
-	SYS___A2E_L                         = 0x741
-	SYS___ISWCNTRL_A                    = 0x742
-	SYS___ISWDIGIT_A                    = 0x743
-	SYS___ISWGRAPH_A                    = 0x744
-	SYS___ISWLOWER_A                    = 0x745
-	SYS___ISWPRINT_A                    = 0x746
-	SYS___ISWPUNCT_A                    = 0x747
-	SYS___ISWSPACE_A                    = 0x748
-	SYS___ISWUPPER_A                    = 0x749
-	SYS___REMOVE_A                      = 0x750
-	SYS___RENAME_A                      = 0x751
-	SYS___TMPNAM_A                      = 0x752
-	SYS___FOPEN_A                       = 0x753
-	SYS___FREOPEN_A                     = 0x754
-	SYS___CUSERID_A                     = 0x755
-	SYS___POPEN_A                       = 0x756
-	SYS___TEMPNAM_A                     = 0x757
-	SYS___FTW_A                         = 0x758
-	SYS___GETGRENT_A                    = 0x759
-	SYS___INET_NTOP_A                   = 0x760
-	SYS___GETPASS_A                     = 0x761
-	SYS___GETPWENT_A                    = 0x762
-	SYS___GETPWNAM_A                    = 0x763
-	SYS___GETPWUID_A                    = 0x764
-	SYS_____CHECK_RESOURCE_AUTH_NP_A    = 0x765
-	SYS___CHECKSCHENV_A                 = 0x766
-	SYS___CONNECTSERVER_A               = 0x767
-	SYS___CONNECTWORKMGR_A              = 0x768
-	SYS_____CONSOLE_A                   = 0x769
-	SYS___MSGSND_A                      = 0x770
-	SYS___MSGXRCV_A                     = 0x771
-	SYS___NFTW_A                        = 0x772
-	SYS_____PASSWD_A                    = 0x773
-	SYS___PTHREAD_SECURITY_NP_A         = 0x774
-	SYS___QUERYMETRICS_A                = 0x775
-	SYS___QUERYSCHENV                   = 0x776
-	SYS___READV_A                       = 0x777
-	SYS_____SERVER_CLASSIFY_A           = 0x778
-	SYS_____SERVER_INIT_A               = 0x779
-	SYS___W_GETPSENT_A                  = 0x780
-	SYS___WRITEV_A                      = 0x781
-	SYS___W_STATFS_A                    = 0x782
-	SYS___W_STATVFS_A                   = 0x783
-	SYS___FPUTC_A                       = 0x784
-	SYS___PUTCHAR_A                     = 0x785
-	SYS___PUTS_A                        = 0x786
-	SYS___FGETS_A                       = 0x787
-	SYS___GETS_A                        = 0x788
-	SYS___FPUTS_A                       = 0x789
-	SYS___PUTC_A                        = 0x790
-	SYS___AE_THREAD_SETMODE             = 0x791
-	SYS___AE_THREAD_SWAPMODE            = 0x792
-	SYS___GETNETBYADDR_A                = 0x793
-	SYS___GETNETBYNAME_A                = 0x794
-	SYS___GETNETENT_A                   = 0x795
-	SYS___GETPROTOBYNAME_A              = 0x796
-	SYS___GETPROTOBYNUMBER_A            = 0x797
-	SYS___GETPROTOENT_A                 = 0x798
-	SYS___GETSERVBYNAME_A               = 0x799
-	SYS_ACL_FIRST_ENTRY                 = 0x800
-	SYS_ACL_GET_ENTRY                   = 0x801
-	SYS_ACL_VALID                       = 0x802
-	SYS_ACL_CREATE_ENTRY                = 0x803
-	SYS_ACL_DELETE_ENTRY                = 0x804
-	SYS_ACL_UPDATE_ENTRY                = 0x805
-	SYS_ACL_DELETE_FD                   = 0x806
-	SYS_ACL_DELETE_FILE                 = 0x807
-	SYS_ACL_GET_FD                      = 0x808
-	SYS_ACL_GET_FILE                    = 0x809
-	SYS___ERFL_B                        = 0x810
-	SYS___ERFCL_B                       = 0x811
-	SYS___LGAMMAL_B                     = 0x812
-	SYS___SETHOOKEVENTS                 = 0x813
-	SYS_IF_NAMETOINDEX                  = 0x814
-	SYS_IF_INDEXTONAME                  = 0x815
-	SYS_IF_NAMEINDEX                    = 0x816
-	SYS_IF_FREENAMEINDEX                = 0x817
-	SYS_GETADDRINFO                     = 0x818
-	SYS_GETNAMEINFO                     = 0x819
-	SYS___DYNFREE_A                     = 0x820
-	SYS___RES_QUERY_A                   = 0x821
-	SYS___RES_SEARCH_A                  = 0x822
-	SYS___RES_QUERYDOMAIN_A             = 0x823
-	SYS___RES_MKQUERY_A                 = 0x824
-	SYS___RES_SEND_A                    = 0x825
-	SYS___DN_EXPAND_A                   = 0x826
-	SYS___DN_SKIPNAME_A                 = 0x827
-	SYS___DN_COMP_A                     = 0x828
-	SYS___DN_FIND_A                     = 0x829
-	SYS___INET_NTOA_A                   = 0x830
-	SYS___INET_NETWORK_A                = 0x831
-	SYS___ACCEPT_A                      = 0x832
-	SYS___ACCEPT_AND_RECV_A             = 0x833
-	SYS___BIND_A                        = 0x834
-	SYS___CONNECT_A                     = 0x835
-	SYS___GETPEERNAME_A                 = 0x836
-	SYS___GETSOCKNAME_A                 = 0x837
-	SYS___RECVFROM_A                    = 0x838
-	SYS___SENDTO_A                      = 0x839
-	SYS___LCHATTR                       = 0x840
-	SYS___WRITEDOWN                     = 0x841
-	SYS_PTHREAD_MUTEX_INIT2             = 0x842
-	SYS___ACOSHF_B                      = 0x843
-	SYS___ACOSHL_B                      = 0x844
-	SYS___ASINHF_B                      = 0x845
-	SYS___ASINHL_B                      = 0x846
-	SYS___ATANHF_B                      = 0x847
-	SYS___ATANHL_B                      = 0x848
-	SYS___CBRTF_B                       = 0x849
-	SYS___EXP2F_B                       = 0x850
-	SYS___EXP2L_B                       = 0x851
-	SYS___EXPM1F_B                      = 0x852
-	SYS___EXPM1L_B                      = 0x853
-	SYS___FDIMF_B                       = 0x854
-	SYS___FDIM_B                        = 0x855
-	SYS___FDIML_B                       = 0x856
-	SYS___HYPOTF_B                      = 0x857
-	SYS___HYPOTL_B                      = 0x858
-	SYS___LOG1PF_B                      = 0x859
-	SYS___REMQUOF_B                     = 0x860
-	SYS___REMQUO_B                      = 0x861
-	SYS___REMQUOL_B                     = 0x862
-	SYS___TGAMMAF_B                     = 0x863
-	SYS___TGAMMA_B                      = 0x864
-	SYS___TGAMMAL_B                     = 0x865
-	SYS___TRUNCF_B                      = 0x866
-	SYS___TRUNC_B                       = 0x867
-	SYS___TRUNCL_B                      = 0x868
-	SYS___LGAMMAF_B                     = 0x869
-	SYS_ASINHF                          = 0x870
-	SYS_ASINHL                          = 0x871
-	SYS_ATANHF                          = 0x872
-	SYS_ATANHL                          = 0x873
-	SYS_CBRTF                           = 0x874
-	SYS_CBRTL                           = 0x875
-	SYS_COPYSIGNF                       = 0x876
-	SYS_CPYSIGNF                        = 0x876
-	SYS_COPYSIGNL                       = 0x877
-	SYS_CPYSIGNL                        = 0x877
-	SYS_COTANF                          = 0x878
-	SYS___COTANF                        = 0x878
-	SYS_COTAN                           = 0x879
-	SYS___COTAN                         = 0x879
-	SYS_FDIM                            = 0x881
-	SYS_FDIML                           = 0x882
-	SYS_HYPOTF                          = 0x883
-	SYS_HYPOTL                          = 0x884
-	SYS_LOG1PF                          = 0x885
-	SYS_LOG1PL                          = 0x886
-	SYS_LOG2F                           = 0x887
-	SYS_LOG2                            = 0x888
-	SYS_LOG2L                           = 0x889
-	SYS_TGAMMA                          = 0x890
-	SYS_TGAMMAL                         = 0x891
-	SYS_TRUNCF                          = 0x892
-	SYS_TRUNC                           = 0x893
-	SYS_TRUNCL                          = 0x894
-	SYS_LGAMMAF                         = 0x895
-	SYS_LGAMMAL                         = 0x896
-	SYS_LROUNDF                         = 0x897
-	SYS_LROUND                          = 0x898
-	SYS_ERFF                            = 0x899
-	SYS___COSHF_H                       = 0x900
-	SYS___COSHL_H                       = 0x901
-	SYS___COTAN_H                       = 0x902
-	SYS___COTANF_H                      = 0x903
-	SYS___COTANL_H                      = 0x904
-	SYS___ERF_H                         = 0x905
-	SYS___ERFF_H                        = 0x906
-	SYS___ERFL_H                        = 0x907
-	SYS___ERFC_H                        = 0x908
-	SYS___ERFCF_H                       = 0x909
-	SYS___FDIMF_H                       = 0x910
-	SYS___FDIML_H                       = 0x911
-	SYS___FMOD_H                        = 0x912
-	SYS___FMODF_H                       = 0x913
-	SYS___FMODL_H                       = 0x914
-	SYS___GAMMA_H                       = 0x915
-	SYS___HYPOT_H                       = 0x916
-	SYS___ILOGB_H                       = 0x917
-	SYS___LGAMMA_H                      = 0x918
-	SYS___LGAMMAF_H                     = 0x919
-	SYS___LOG2L_H                       = 0x920
-	SYS___LOG1P_H                       = 0x921
-	SYS___LOG10_H                       = 0x922
-	SYS___LOG10F_H                      = 0x923
-	SYS___LOG10L_H                      = 0x924
-	SYS___LROUND_H                      = 0x925
-	SYS___LROUNDF_H                     = 0x926
-	SYS___NEXTAFTER_H                   = 0x927
-	SYS___POW_H                         = 0x928
-	SYS___POWF_H                        = 0x929
-	SYS___SINL_H                        = 0x930
-	SYS___SINH_H                        = 0x931
-	SYS___SINHF_H                       = 0x932
-	SYS___SINHL_H                       = 0x933
-	SYS___SQRT_H                        = 0x934
-	SYS___SQRTF_H                       = 0x935
-	SYS___SQRTL_H                       = 0x936
-	SYS___TAN_H                         = 0x937
-	SYS___TANF_H                        = 0x938
-	SYS___TANL_H                        = 0x939
-	SYS___TRUNCF_H                      = 0x940
-	SYS___TRUNCL_H                      = 0x941
-	SYS___COSH_H                        = 0x942
-	SYS___LE_DEBUG_SET_RESUME_MCH       = 0x943
-	SYS_VFSCANF                         = 0x944
-	SYS_VSCANF                          = 0x946
-	SYS_VSSCANF                         = 0x948
-	SYS_IMAXABS                         = 0x950
-	SYS_IMAXDIV                         = 0x951
-	SYS_STRTOIMAX                       = 0x952
-	SYS_STRTOUMAX                       = 0x953
-	SYS_WCSTOIMAX                       = 0x954
-	SYS_WCSTOUMAX                       = 0x955
-	SYS_ATOLL                           = 0x956
-	SYS_STRTOF                          = 0x957
-	SYS_STRTOLD                         = 0x958
-	SYS_WCSTOF                          = 0x959
-	SYS_INET6_RTH_GETADDR               = 0x960
-	SYS_INET6_OPT_INIT                  = 0x961
-	SYS_INET6_OPT_APPEND                = 0x962
-	SYS_INET6_OPT_FINISH                = 0x963
-	SYS_INET6_OPT_SET_VAL               = 0x964
-	SYS_INET6_OPT_NEXT                  = 0x965
-	SYS_INET6_OPT_FIND                  = 0x966
-	SYS_INET6_OPT_GET_VAL               = 0x967
-	SYS___POW_I                         = 0x987
-	SYS___POW_I_B                       = 0x988
-	SYS___POW_I_H                       = 0x989
-	SYS___CABS_H                        = 0x990
-	SYS_CABSF                           = 0x991
-	SYS___CABSF_B                       = 0x992
-	SYS___CABSF_H                       = 0x993
-	SYS_CABSL                           = 0x994
-	SYS___CABSL_B                       = 0x995
-	SYS___CABSL_H                       = 0x996
-	SYS_CACOS                           = 0x997
-	SYS___CACOS_B                       = 0x998
-	SYS___CACOS_H                       = 0x999
+	SYS_LOG                             = 0x17  // 23
+	SYS_COSH                            = 0x18  // 24
+	SYS_TANH                            = 0x19  // 25
+	SYS_EXP                             = 0x1A  // 26
+	SYS_MODF                            = 0x1B  // 27
+	SYS_LOG10                           = 0x1C  // 28
+	SYS_FREXP                           = 0x1D  // 29
+	SYS_LDEXP                           = 0x1E  // 30
+	SYS_CEIL                            = 0x1F  // 31
+	SYS_POW                             = 0x20  // 32
+	SYS_SQRT                            = 0x21  // 33
+	SYS_FLOOR                           = 0x22  // 34
+	SYS_J1                              = 0x23  // 35
+	SYS_FABS                            = 0x24  // 36
+	SYS_FMOD                            = 0x25  // 37
+	SYS_J0                              = 0x26  // 38
+	SYS_YN                              = 0x27  // 39
+	SYS_JN                              = 0x28  // 40
+	SYS_Y0                              = 0x29  // 41
+	SYS_Y1                              = 0x2A  // 42
+	SYS_HYPOT                           = 0x2B  // 43
+	SYS_ERF                             = 0x2C  // 44
+	SYS_ERFC                            = 0x2D  // 45
+	SYS_GAMMA                           = 0x2E  // 46
+	SYS_ISALPHA                         = 0x30  // 48
+	SYS_ISALNUM                         = 0x31  // 49
+	SYS_ISLOWER                         = 0x32  // 50
+	SYS_ISCNTRL                         = 0x33  // 51
+	SYS_ISDIGIT                         = 0x34  // 52
+	SYS_ISGRAPH                         = 0x35  // 53
+	SYS_ISUPPER                         = 0x36  // 54
+	SYS_ISPRINT                         = 0x37  // 55
+	SYS_ISPUNCT                         = 0x38  // 56
+	SYS_ISSPACE                         = 0x39  // 57
+	SYS_SETLOCAL                        = 0x3A  // 58
+	SYS_SETLOCALE                       = 0x3A  // 58
+	SYS_ISXDIGIT                        = 0x3B  // 59
+	SYS_TOLOWER                         = 0x3C  // 60
+	SYS_TOUPPER                         = 0x3D  // 61
+	SYS_ASIN                            = 0x3E  // 62
+	SYS_SIN                             = 0x3F  // 63
+	SYS_COS                             = 0x40  // 64
+	SYS_TAN                             = 0x41  // 65
+	SYS_SINH                            = 0x42  // 66
+	SYS_ACOS                            = 0x43  // 67
+	SYS_ATAN                            = 0x44  // 68
+	SYS_ATAN2                           = 0x45  // 69
+	SYS_FTELL                           = 0x46  // 70
+	SYS_FGETPOS                         = 0x47  // 71
+	SYS_FSEEK                           = 0x48  // 72
+	SYS_FSETPOS                         = 0x49  // 73
+	SYS_FERROR                          = 0x4A  // 74
+	SYS_REWIND                          = 0x4B  // 75
+	SYS_CLEARERR                        = 0x4C  // 76
+	SYS_FEOF                            = 0x4D  // 77
+	SYS_ATOL                            = 0x4E  // 78
+	SYS_PERROR                          = 0x4F  // 79
+	SYS_ATOF                            = 0x50  // 80
+	SYS_ATOI                            = 0x51  // 81
+	SYS_RAND                            = 0x52  // 82
+	SYS_STRTOD                          = 0x53  // 83
+	SYS_STRTOL                          = 0x54  // 84
+	SYS_STRTOUL                         = 0x55  // 85
+	SYS_MALLOC                          = 0x56  // 86
+	SYS_SRAND                           = 0x57  // 87
+	SYS_CALLOC                          = 0x58  // 88
+	SYS_FREE                            = 0x59  // 89
+	SYS_EXIT                            = 0x5A  // 90
+	SYS_REALLOC                         = 0x5B  // 91
+	SYS_ABORT                           = 0x5C  // 92
+	SYS___ABORT                         = 0x5C  // 92
+	SYS_ATEXIT                          = 0x5D  // 93
+	SYS_RAISE                           = 0x5E  // 94
+	SYS_SETJMP                          = 0x5F  // 95
+	SYS_LONGJMP                         = 0x60  // 96
+	SYS_SIGNAL                          = 0x61  // 97
+	SYS_TMPNAM                          = 0x62  // 98
+	SYS_REMOVE                          = 0x63  // 99
+	SYS_RENAME                          = 0x64  // 100
+	SYS_TMPFILE                         = 0x65  // 101
+	SYS_FREOPEN                         = 0x66  // 102
+	SYS_FCLOSE                          = 0x67  // 103
+	SYS_FFLUSH                          = 0x68  // 104
+	SYS_FOPEN                           = 0x69  // 105
+	SYS_FSCANF                          = 0x6A  // 106
+	SYS_SETBUF                          = 0x6B  // 107
+	SYS_SETVBUF                         = 0x6C  // 108
+	SYS_FPRINTF                         = 0x6D  // 109
+	SYS_SSCANF                          = 0x6E  // 110
+	SYS_PRINTF                          = 0x6F  // 111
+	SYS_SCANF                           = 0x70  // 112
+	SYS_SPRINTF                         = 0x71  // 113
+	SYS_FGETC                           = 0x72  // 114
+	SYS_VFPRINTF                        = 0x73  // 115
+	SYS_VPRINTF                         = 0x74  // 116
+	SYS_VSPRINTF                        = 0x75  // 117
+	SYS_GETC                            = 0x76  // 118
+	SYS_FGETS                           = 0x77  // 119
+	SYS_FPUTC                           = 0x78  // 120
+	SYS_FPUTS                           = 0x79  // 121
+	SYS_PUTCHAR                         = 0x7A  // 122
+	SYS_GETCHAR                         = 0x7B  // 123
+	SYS_GETS                            = 0x7C  // 124
+	SYS_PUTC                            = 0x7D  // 125
+	SYS_FWRITE                          = 0x7E  // 126
+	SYS_PUTS                            = 0x7F  // 127
+	SYS_UNGETC                          = 0x80  // 128
+	SYS_FREAD                           = 0x81  // 129
+	SYS_WCSTOMBS                        = 0x82  // 130
+	SYS_MBTOWC                          = 0x83  // 131
+	SYS_WCTOMB                          = 0x84  // 132
+	SYS_MBSTOWCS                        = 0x85  // 133
+	SYS_WCSCPY                          = 0x86  // 134
+	SYS_WCSCAT                          = 0x87  // 135
+	SYS_WCSCHR                          = 0x88  // 136
+	SYS_WCSCMP                          = 0x89  // 137
+	SYS_WCSNCMP                         = 0x8A  // 138
+	SYS_WCSCSPN                         = 0x8B  // 139
+	SYS_WCSLEN                          = 0x8C  // 140
+	SYS_WCSNCAT                         = 0x8D  // 141
+	SYS_WCSSPN                          = 0x8E  // 142
+	SYS_WCSNCPY                         = 0x8F  // 143
+	SYS_ABS                             = 0x90  // 144
+	SYS_DIV                             = 0x91  // 145
+	SYS_LABS                            = 0x92  // 146
+	SYS_STRNCPY                         = 0x93  // 147
+	SYS_MEMCPY                          = 0x94  // 148
+	SYS_MEMMOVE                         = 0x95  // 149
+	SYS_STRCPY                          = 0x96  // 150
+	SYS_STRCMP                          = 0x97  // 151
+	SYS_STRCAT                          = 0x98  // 152
+	SYS_STRNCAT                         = 0x99  // 153
+	SYS_MEMCMP                          = 0x9A  // 154
+	SYS_MEMCHR                          = 0x9B  // 155
+	SYS_STRCOLL                         = 0x9C  // 156
+	SYS_STRNCMP                         = 0x9D  // 157
+	SYS_STRXFRM                         = 0x9E  // 158
+	SYS_STRRCHR                         = 0x9F  // 159
+	SYS_STRCHR                          = 0xA0  // 160
+	SYS_STRCSPN                         = 0xA1  // 161
+	SYS_STRPBRK                         = 0xA2  // 162
+	SYS_MEMSET                          = 0xA3  // 163
+	SYS_STRSPN                          = 0xA4  // 164
+	SYS_STRSTR                          = 0xA5  // 165
+	SYS_STRTOK                          = 0xA6  // 166
+	SYS_DIFFTIME                        = 0xA7  // 167
+	SYS_STRERROR                        = 0xA8  // 168
+	SYS_STRLEN                          = 0xA9  // 169
+	SYS_CLOCK                           = 0xAA  // 170
+	SYS_CTIME                           = 0xAB  // 171
+	SYS_MKTIME                          = 0xAC  // 172
+	SYS_TIME                            = 0xAD  // 173
+	SYS_ASCTIME                         = 0xAE  // 174
+	SYS_MBLEN                           = 0xAF  // 175
+	SYS_GMTIME                          = 0xB0  // 176
+	SYS_LOCALTIM                        = 0xB1  // 177
+	SYS_LOCALTIME                       = 0xB1  // 177
+	SYS_STRFTIME                        = 0xB2  // 178
+	SYS___GETCB                         = 0xB4  // 180
+	SYS_FUPDATE                         = 0xB5  // 181
+	SYS___FUPDT                         = 0xB5  // 181
+	SYS_CLRMEMF                         = 0xBD  // 189
+	SYS___CLRMF                         = 0xBD  // 189
+	SYS_FETCHEP                         = 0xBF  // 191
+	SYS___FTCHEP                        = 0xBF  // 191
+	SYS_FLDATA                          = 0xC1  // 193
+	SYS___FLDATA                        = 0xC1  // 193
+	SYS_DYNFREE                         = 0xC2  // 194
+	SYS___DYNFRE                        = 0xC2  // 194
+	SYS_DYNALLOC                        = 0xC3  // 195
+	SYS___DYNALL                        = 0xC3  // 195
+	SYS___CDUMP                         = 0xC4  // 196
+	SYS_CSNAP                           = 0xC5  // 197
+	SYS___CSNAP                         = 0xC5  // 197
+	SYS_CTRACE                          = 0xC6  // 198
+	SYS___CTRACE                        = 0xC6  // 198
+	SYS___CTEST                         = 0xC7  // 199
+	SYS_SETENV                          = 0xC8  // 200
+	SYS___SETENV                        = 0xC8  // 200
+	SYS_CLEARENV                        = 0xC9  // 201
+	SYS___CLRENV                        = 0xC9  // 201
+	SYS___REGCOMP_STD                   = 0xEA  // 234
+	SYS_NL_LANGINFO                     = 0xFC  // 252
+	SYS_GETSYNTX                        = 0xFD  // 253
+	SYS_ISBLANK                         = 0xFE  // 254
+	SYS___ISBLNK                        = 0xFE  // 254
+	SYS_ISWALNUM                        = 0xFF  // 255
+	SYS_ISWALPHA                        = 0x100 // 256
+	SYS_ISWBLANK                        = 0x101 // 257
+	SYS___ISWBLK                        = 0x101 // 257
+	SYS_ISWCNTRL                        = 0x102 // 258
+	SYS_ISWDIGIT                        = 0x103 // 259
+	SYS_ISWGRAPH                        = 0x104 // 260
+	SYS_ISWLOWER                        = 0x105 // 261
+	SYS_ISWPRINT                        = 0x106 // 262
+	SYS_ISWPUNCT                        = 0x107 // 263
+	SYS_ISWSPACE                        = 0x108 // 264
+	SYS_ISWUPPER                        = 0x109 // 265
+	SYS_ISWXDIGI                        = 0x10A // 266
+	SYS_ISWXDIGIT                       = 0x10A // 266
+	SYS_WCTYPE                          = 0x10B // 267
+	SYS_ISWCTYPE                        = 0x10C // 268
+	SYS_TOWLOWER                        = 0x10D // 269
+	SYS_TOWUPPER                        = 0x10E // 270
+	SYS_MBSINIT                         = 0x10F // 271
+	SYS_WCTOB                           = 0x110 // 272
+	SYS_MBRLEN                          = 0x111 // 273
+	SYS_MBRTOWC                         = 0x112 // 274
+	SYS_MBSRTOWC                        = 0x113 // 275
+	SYS_MBSRTOWCS                       = 0x113 // 275
+	SYS_WCRTOMB                         = 0x114 // 276
+	SYS_WCSRTOMB                        = 0x115 // 277
+	SYS_WCSRTOMBS                       = 0x115 // 277
+	SYS___CSID                          = 0x116 // 278
+	SYS___WCSID                         = 0x117 // 279
+	SYS_STRPTIME                        = 0x118 // 280
+	SYS___STRPTM                        = 0x118 // 280
+	SYS_STRFMON                         = 0x119 // 281
+	SYS___RPMTCH                        = 0x11A // 282
+	SYS_WCSSTR                          = 0x11B // 283
+	SYS_WCSTOK                          = 0x12C // 300
+	SYS_WCSTOL                          = 0x12D // 301
+	SYS_WCSTOD                          = 0x12E // 302
+	SYS_WCSTOUL                         = 0x12F // 303
+	SYS_WCSCOLL                         = 0x130 // 304
+	SYS_WCSXFRM                         = 0x131 // 305
+	SYS_WCSWIDTH                        = 0x132 // 306
+	SYS_WCWIDTH                         = 0x133 // 307
+	SYS_WCSFTIME                        = 0x134 // 308
+	SYS_SWPRINTF                        = 0x135 // 309
+	SYS_VSWPRINT                        = 0x136 // 310
+	SYS_VSWPRINTF                       = 0x136 // 310
+	SYS_SWSCANF                         = 0x137 // 311
+	SYS_REGCOMP                         = 0x138 // 312
+	SYS_REGEXEC                         = 0x139 // 313
+	SYS_REGFREE                         = 0x13A // 314
+	SYS_REGERROR                        = 0x13B // 315
+	SYS_FGETWC                          = 0x13C // 316
+	SYS_FGETWS                          = 0x13D // 317
+	SYS_FPUTWC                          = 0x13E // 318
+	SYS_FPUTWS                          = 0x13F // 319
+	SYS_GETWC                           = 0x140 // 320
+	SYS_GETWCHAR                        = 0x141 // 321
+	SYS_PUTWC                           = 0x142 // 322
+	SYS_PUTWCHAR                        = 0x143 // 323
+	SYS_UNGETWC                         = 0x144 // 324
+	SYS_ICONV_OPEN                      = 0x145 // 325
+	SYS_ICONV                           = 0x146 // 326
+	SYS_ICONV_CLOSE                     = 0x147 // 327
+	SYS_ISMCCOLLEL                      = 0x14C // 332
+	SYS_STRTOCOLL                       = 0x14D // 333
+	SYS_COLLTOSTR                       = 0x14E // 334
+	SYS_COLLEQUIV                       = 0x14F // 335
+	SYS_COLLRANGE                       = 0x150 // 336
+	SYS_CCLASS                          = 0x151 // 337
+	SYS_COLLORDER                       = 0x152 // 338
+	SYS___DEMANGLE                      = 0x154 // 340
+	SYS_FDOPEN                          = 0x155 // 341
+	SYS___ERRNO                         = 0x156 // 342
+	SYS___ERRNO2                        = 0x157 // 343
+	SYS___TERROR                        = 0x158 // 344
+	SYS_MAXCOLL                         = 0x169 // 361
+	SYS_GETMCCOLL                       = 0x16A // 362
+	SYS_GETWMCCOLL                      = 0x16B // 363
+	SYS___ERR2AD                        = 0x16C // 364
+	SYS_DLLQUERYFN                      = 0x16D // 365
+	SYS_DLLQUERYVAR                     = 0x16E // 366
+	SYS_DLLFREE                         = 0x16F // 367
+	SYS_DLLLOAD                         = 0x170 // 368
+	SYS__EXIT                           = 0x174 // 372
+	SYS_ACCESS                          = 0x175 // 373
+	SYS_ALARM                           = 0x176 // 374
+	SYS_CFGETISPEED                     = 0x177 // 375
+	SYS_CFGETOSPEED                     = 0x178 // 376
+	SYS_CFSETISPEED                     = 0x179 // 377
+	SYS_CFSETOSPEED                     = 0x17A // 378
+	SYS_CHDIR                           = 0x17B // 379
+	SYS_CHMOD                           = 0x17C // 380
+	SYS_CHOWN                           = 0x17D // 381
+	SYS_CLOSE                           = 0x17E // 382
+	SYS_CLOSEDIR                        = 0x17F // 383
+	SYS_CREAT                           = 0x180 // 384
+	SYS_CTERMID                         = 0x181 // 385
+	SYS_DUP                             = 0x182 // 386
+	SYS_DUP2                            = 0x183 // 387
+	SYS_EXECL                           = 0x184 // 388
+	SYS_EXECLE                          = 0x185 // 389
+	SYS_EXECLP                          = 0x186 // 390
+	SYS_EXECV                           = 0x187 // 391
+	SYS_EXECVE                          = 0x188 // 392
+	SYS_EXECVP                          = 0x189 // 393
+	SYS_FCHMOD                          = 0x18A // 394
+	SYS_FCHOWN                          = 0x18B // 395
+	SYS_FCNTL                           = 0x18C // 396
+	SYS_FILENO                          = 0x18D // 397
+	SYS_FORK                            = 0x18E // 398
+	SYS_FPATHCONF                       = 0x18F // 399
+	SYS_FSTAT                           = 0x190 // 400
+	SYS_FSYNC                           = 0x191 // 401
+	SYS_FTRUNCATE                       = 0x192 // 402
+	SYS_GETCWD                          = 0x193 // 403
+	SYS_GETEGID                         = 0x194 // 404
+	SYS_GETEUID                         = 0x195 // 405
+	SYS_GETGID                          = 0x196 // 406
+	SYS_GETGRGID                        = 0x197 // 407
+	SYS_GETGRNAM                        = 0x198 // 408
+	SYS_GETGROUPS                       = 0x199 // 409
+	SYS_GETLOGIN                        = 0x19A // 410
+	SYS_W_GETMNTENT                     = 0x19B // 411
+	SYS_GETPGRP                         = 0x19C // 412
+	SYS_GETPID                          = 0x19D // 413
+	SYS_GETPPID                         = 0x19E // 414
+	SYS_GETPWNAM                        = 0x19F // 415
+	SYS_GETPWUID                        = 0x1A0 // 416
+	SYS_GETUID                          = 0x1A1 // 417
+	SYS_W_IOCTL                         = 0x1A2 // 418
+	SYS_ISATTY                          = 0x1A3 // 419
+	SYS_KILL                            = 0x1A4 // 420
+	SYS_LINK                            = 0x1A5 // 421
+	SYS_LSEEK                           = 0x1A6 // 422
+	SYS_LSTAT                           = 0x1A7 // 423
+	SYS_MKDIR                           = 0x1A8 // 424
+	SYS_MKFIFO                          = 0x1A9 // 425
+	SYS_MKNOD                           = 0x1AA // 426
+	SYS_MOUNT                           = 0x1AB // 427
+	SYS_OPEN                            = 0x1AC // 428
+	SYS_OPENDIR                         = 0x1AD // 429
+	SYS_PATHCONF                        = 0x1AE // 430
+	SYS_PAUSE                           = 0x1AF // 431
+	SYS_PIPE                            = 0x1B0 // 432
+	SYS_W_GETPSENT                      = 0x1B1 // 433
+	SYS_READ                            = 0x1B2 // 434
+	SYS_READDIR                         = 0x1B3 // 435
+	SYS_READLINK                        = 0x1B4 // 436
+	SYS_REWINDDIR                       = 0x1B5 // 437
+	SYS_RMDIR                           = 0x1B6 // 438
+	SYS_SETEGID                         = 0x1B7 // 439
+	SYS_SETEUID                         = 0x1B8 // 440
+	SYS_SETGID                          = 0x1B9 // 441
+	SYS_SETPGID                         = 0x1BA // 442
+	SYS_SETSID                          = 0x1BB // 443
+	SYS_SETUID                          = 0x1BC // 444
+	SYS_SIGACTION                       = 0x1BD // 445
+	SYS_SIGADDSET                       = 0x1BE // 446
+	SYS_SIGDELSET                       = 0x1BF // 447
+	SYS_SIGEMPTYSET                     = 0x1C0 // 448
+	SYS_SIGFILLSET                      = 0x1C1 // 449
+	SYS_SIGISMEMBER                     = 0x1C2 // 450
+	SYS_SIGLONGJMP                      = 0x1C3 // 451
+	SYS_SIGPENDING                      = 0x1C4 // 452
+	SYS_SIGPROCMASK                     = 0x1C5 // 453
+	SYS_SIGSETJMP                       = 0x1C6 // 454
+	SYS_SIGSUSPEND                      = 0x1C7 // 455
+	SYS_SLEEP                           = 0x1C8 // 456
+	SYS_STAT                            = 0x1C9 // 457
+	SYS_W_STATFS                        = 0x1CA // 458
+	SYS_SYMLINK                         = 0x1CB // 459
+	SYS_SYSCONF                         = 0x1CC // 460
+	SYS_TCDRAIN                         = 0x1CD // 461
+	SYS_TCFLOW                          = 0x1CE // 462
+	SYS_TCFLUSH                         = 0x1CF // 463
+	SYS_TCGETATTR                       = 0x1D0 // 464
+	SYS_TCGETPGRP                       = 0x1D1 // 465
+	SYS_TCSENDBREAK                     = 0x1D2 // 466
+	SYS_TCSETATTR                       = 0x1D3 // 467
+	SYS_TCSETPGRP                       = 0x1D4 // 468
+	SYS_TIMES                           = 0x1D5 // 469
+	SYS_TTYNAME                         = 0x1D6 // 470
+	SYS_TZSET                           = 0x1D7 // 471
+	SYS_UMASK                           = 0x1D8 // 472
+	SYS_UMOUNT                          = 0x1D9 // 473
+	SYS_UNAME                           = 0x1DA // 474
+	SYS_UNLINK                          = 0x1DB // 475
+	SYS_UTIME                           = 0x1DC // 476
+	SYS_WAIT                            = 0x1DD // 477
+	SYS_WAITPID                         = 0x1DE // 478
+	SYS_WRITE                           = 0x1DF // 479
+	SYS_CHAUDIT                         = 0x1E0 // 480
+	SYS_FCHAUDIT                        = 0x1E1 // 481
+	SYS_GETGROUPSBYNAME                 = 0x1E2 // 482
+	SYS_SIGWAIT                         = 0x1E3 // 483
+	SYS_PTHREAD_EXIT                    = 0x1E4 // 484
+	SYS_PTHREAD_KILL                    = 0x1E5 // 485
+	SYS_PTHREAD_ATTR_INIT               = 0x1E6 // 486
+	SYS_PTHREAD_ATTR_DESTROY            = 0x1E7 // 487
+	SYS_PTHREAD_ATTR_SETSTACKSIZE       = 0x1E8 // 488
+	SYS_PTHREAD_ATTR_GETSTACKSIZE       = 0x1E9 // 489
+	SYS_PTHREAD_ATTR_SETDETACHSTATE     = 0x1EA // 490
+	SYS_PTHREAD_ATTR_GETDETACHSTATE     = 0x1EB // 491
+	SYS_PTHREAD_ATTR_SETWEIGHT_NP       = 0x1EC // 492
+	SYS_PTHREAD_ATTR_GETWEIGHT_NP       = 0x1ED // 493
+	SYS_PTHREAD_CANCEL                  = 0x1EE // 494
+	SYS_PTHREAD_CLEANUP_PUSH            = 0x1EF // 495
+	SYS_PTHREAD_CLEANUP_POP             = 0x1F0 // 496
+	SYS_PTHREAD_CONDATTR_INIT           = 0x1F1 // 497
+	SYS_PTHREAD_CONDATTR_DESTROY        = 0x1F2 // 498
+	SYS_PTHREAD_COND_INIT               = 0x1F3 // 499
+	SYS_PTHREAD_COND_DESTROY            = 0x1F4 // 500
+	SYS_PTHREAD_COND_SIGNAL             = 0x1F5 // 501
+	SYS_PTHREAD_COND_BROADCAST          = 0x1F6 // 502
+	SYS_PTHREAD_COND_WAIT               = 0x1F7 // 503
+	SYS_PTHREAD_COND_TIMEDWAIT          = 0x1F8 // 504
+	SYS_PTHREAD_CREATE                  = 0x1F9 // 505
+	SYS_PTHREAD_DETACH                  = 0x1FA // 506
+	SYS_PTHREAD_EQUAL                   = 0x1FB // 507
+	SYS_PTHREAD_GETSPECIFIC             = 0x1FC // 508
+	SYS_PTHREAD_JOIN                    = 0x1FD // 509
+	SYS_PTHREAD_KEY_CREATE              = 0x1FE // 510
+	SYS_PTHREAD_MUTEXATTR_INIT          = 0x1FF // 511
+	SYS_PTHREAD_MUTEXATTR_DESTROY       = 0x200 // 512
+	SYS_PTHREAD_MUTEXATTR_SETKIND_NP    = 0x201 // 513
+	SYS_PTHREAD_MUTEXATTR_GETKIND_NP    = 0x202 // 514
+	SYS_PTHREAD_MUTEX_INIT              = 0x203 // 515
+	SYS_PTHREAD_MUTEX_DESTROY           = 0x204 // 516
+	SYS_PTHREAD_MUTEX_LOCK              = 0x205 // 517
+	SYS_PTHREAD_MUTEX_TRYLOCK           = 0x206 // 518
+	SYS_PTHREAD_MUTEX_UNLOCK            = 0x207 // 519
+	SYS_PTHREAD_ONCE                    = 0x209 // 521
+	SYS_PTHREAD_SELF                    = 0x20A // 522
+	SYS_PTHREAD_SETINTR                 = 0x20B // 523
+	SYS_PTHREAD_SETINTRTYPE             = 0x20C // 524
+	SYS_PTHREAD_SETSPECIFIC             = 0x20D // 525
+	SYS_PTHREAD_TESTINTR                = 0x20E // 526
+	SYS_PTHREAD_YIELD                   = 0x20F // 527
+	SYS_TW_OPEN                         = 0x210 // 528
+	SYS_TW_FCNTL                        = 0x211 // 529
+	SYS_PTHREAD_JOIN_D4_NP              = 0x212 // 530
+	SYS_PTHREAD_CONDATTR_SETKIND_NP     = 0x213 // 531
+	SYS_PTHREAD_CONDATTR_GETKIND_NP     = 0x214 // 532
+	SYS_EXTLINK_NP                      = 0x215 // 533
+	SYS___PASSWD                        = 0x216 // 534
+	SYS_SETGROUPS                       = 0x217 // 535
+	SYS_INITGROUPS                      = 0x218 // 536
+	SYS_WCSPBRK                         = 0x23F // 575
+	SYS_WCSRCHR                         = 0x240 // 576
+	SYS_SVC99                           = 0x241 // 577
+	SYS___SVC99                         = 0x241 // 577
+	SYS_WCSWCS                          = 0x242 // 578
+	SYS_LOCALECO                        = 0x243 // 579
+	SYS_LOCALECONV                      = 0x243 // 579
+	SYS___LIBREL                        = 0x244 // 580
+	SYS_RELEASE                         = 0x245 // 581
+	SYS___RLSE                          = 0x245 // 581
+	SYS_FLOCATE                         = 0x246 // 582
+	SYS___FLOCT                         = 0x246 // 582
+	SYS_FDELREC                         = 0x247 // 583
+	SYS___FDLREC                        = 0x247 // 583
+	SYS_FETCH                           = 0x248 // 584
+	SYS___FETCH                         = 0x248 // 584
+	SYS_QSORT                           = 0x249 // 585
+	SYS_GETENV                          = 0x24A // 586
+	SYS_SYSTEM                          = 0x24B // 587
+	SYS_BSEARCH                         = 0x24C // 588
+	SYS_LDIV                            = 0x24D // 589
+	SYS___THROW                         = 0x25E // 606
+	SYS___RETHROW                       = 0x25F // 607
+	SYS___CLEANUPCATCH                  = 0x260 // 608
+	SYS___CATCHMATCH                    = 0x261 // 609
+	SYS___CLEAN2UPCATCH                 = 0x262 // 610
+	SYS_PUTENV                          = 0x26A // 618
+	SYS___GETENV                        = 0x26F // 623
+	SYS_GETPRIORITY                     = 0x270 // 624
+	SYS_NICE                            = 0x271 // 625
+	SYS_SETPRIORITY                     = 0x272 // 626
+	SYS_GETITIMER                       = 0x273 // 627
+	SYS_SETITIMER                       = 0x274 // 628
+	SYS_MSGCTL                          = 0x275 // 629
+	SYS_MSGGET                          = 0x276 // 630
+	SYS_MSGRCV                          = 0x277 // 631
+	SYS_MSGSND                          = 0x278 // 632
+	SYS_MSGXRCV                         = 0x279 // 633
+	SYS___MSGXR                         = 0x279 // 633
+	SYS_SEMCTL                          = 0x27A // 634
+	SYS_SEMGET                          = 0x27B // 635
+	SYS_SEMOP                           = 0x27C // 636
+	SYS_SHMAT                           = 0x27D // 637
+	SYS_SHMCTL                          = 0x27E // 638
+	SYS_SHMDT                           = 0x27F // 639
+	SYS_SHMGET                          = 0x280 // 640
+	SYS___GETIPC                        = 0x281 // 641
+	SYS_SETGRENT                        = 0x282 // 642
+	SYS_GETGRENT                        = 0x283 // 643
+	SYS_ENDGRENT                        = 0x284 // 644
+	SYS_SETPWENT                        = 0x285 // 645
+	SYS_GETPWENT                        = 0x286 // 646
+	SYS_ENDPWENT                        = 0x287 // 647
+	SYS_BSD_SIGNAL                      = 0x288 // 648
+	SYS_KILLPG                          = 0x289 // 649
+	SYS_SIGALTSTACK                     = 0x28A // 650
+	SYS_SIGHOLD                         = 0x28B // 651
+	SYS_SIGIGNORE                       = 0x28C // 652
+	SYS_SIGINTERRUPT                    = 0x28D // 653
+	SYS_SIGPAUSE                        = 0x28E // 654
+	SYS_SIGRELSE                        = 0x28F // 655
+	SYS_SIGSET                          = 0x290 // 656
+	SYS_SIGSTACK                        = 0x291 // 657
+	SYS_GETRLIMIT                       = 0x292 // 658
+	SYS_SETRLIMIT                       = 0x293 // 659
+	SYS_GETRUSAGE                       = 0x294 // 660
+	SYS_MMAP                            = 0x295 // 661
+	SYS_MPROTECT                        = 0x296 // 662
+	SYS_MSYNC                           = 0x297 // 663
+	SYS_MUNMAP                          = 0x298 // 664
+	SYS_CONFSTR                         = 0x299 // 665
+	SYS_GETOPT                          = 0x29A // 666
+	SYS_LCHOWN                          = 0x29B // 667
+	SYS_TRUNCATE                        = 0x29C // 668
+	SYS_GETSUBOPT                       = 0x29D // 669
+	SYS_SETPGRP                         = 0x29E // 670
+	SYS___GDERR                         = 0x29F // 671
+	SYS___TZONE                         = 0x2A0 // 672
+	SYS___DLGHT                         = 0x2A1 // 673
+	SYS___OPARGF                        = 0x2A2 // 674
+	SYS___OPOPTF                        = 0x2A3 // 675
+	SYS___OPINDF                        = 0x2A4 // 676
+	SYS___OPERRF                        = 0x2A5 // 677
+	SYS_GETDATE                         = 0x2A6 // 678
+	SYS_WAIT3                           = 0x2A7 // 679
+	SYS_WAITID                          = 0x2A8 // 680
+	SYS___CATTRM                        = 0x2A9 // 681
+	SYS___GDTRM                         = 0x2AA // 682
+	SYS___RNDTRM                        = 0x2AB // 683
+	SYS_CRYPT                           = 0x2AC // 684
+	SYS_ENCRYPT                         = 0x2AD // 685
+	SYS_SETKEY                          = 0x2AE // 686
+	SYS___CNVBLK                        = 0x2AF // 687
+	SYS___CRYTRM                        = 0x2B0 // 688
+	SYS___ECRTRM                        = 0x2B1 // 689
+	SYS_DRAND48                         = 0x2B2 // 690
+	SYS_ERAND48                         = 0x2B3 // 691
+	SYS_FSTATVFS                        = 0x2B4 // 692
+	SYS_STATVFS                         = 0x2B5 // 693
+	SYS_CATCLOSE                        = 0x2B6 // 694
+	SYS_CATGETS                         = 0x2B7 // 695
+	SYS_CATOPEN                         = 0x2B8 // 696
+	SYS_BCMP                            = 0x2B9 // 697
+	SYS_BCOPY                           = 0x2BA // 698
+	SYS_BZERO                           = 0x2BB // 699
+	SYS_FFS                             = 0x2BC // 700
+	SYS_INDEX                           = 0x2BD // 701
+	SYS_RINDEX                          = 0x2BE // 702
+	SYS_STRCASECMP                      = 0x2BF // 703
+	SYS_STRDUP                          = 0x2C0 // 704
+	SYS_STRNCASECMP                     = 0x2C1 // 705
+	SYS_INITSTATE                       = 0x2C2 // 706
+	SYS_SETSTATE                        = 0x2C3 // 707
+	SYS_RANDOM                          = 0x2C4 // 708
+	SYS_SRANDOM                         = 0x2C5 // 709
+	SYS_HCREATE                         = 0x2C6 // 710
+	SYS_HDESTROY                        = 0x2C7 // 711
+	SYS_HSEARCH                         = 0x2C8 // 712
+	SYS_LFIND                           = 0x2C9 // 713
+	SYS_LSEARCH                         = 0x2CA // 714
+	SYS_TDELETE                         = 0x2CB // 715
+	SYS_TFIND                           = 0x2CC // 716
+	SYS_TSEARCH                         = 0x2CD // 717
+	SYS_TWALK                           = 0x2CE // 718
+	SYS_INSQUE                          = 0x2CF // 719
+	SYS_REMQUE                          = 0x2D0 // 720
+	SYS_POPEN                           = 0x2D1 // 721
+	SYS_PCLOSE                          = 0x2D2 // 722
+	SYS_SWAB                            = 0x2D3 // 723
+	SYS_MEMCCPY                         = 0x2D4 // 724
+	SYS_GETPAGESIZE                     = 0x2D8 // 728
+	SYS_FCHDIR                          = 0x2D9 // 729
+	SYS___OCLCK                         = 0x2DA // 730
+	SYS___ATOE                          = 0x2DB // 731
+	SYS___ATOE_L                        = 0x2DC // 732
+	SYS___ETOA                          = 0x2DD // 733
+	SYS___ETOA_L                        = 0x2DE // 734
+	SYS_SETUTXENT                       = 0x2DF // 735
+	SYS_GETUTXENT                       = 0x2E0 // 736
+	SYS_ENDUTXENT                       = 0x2E1 // 737
+	SYS_GETUTXID                        = 0x2E2 // 738
+	SYS_GETUTXLINE                      = 0x2E3 // 739
+	SYS_PUTUTXLINE                      = 0x2E4 // 740
+	SYS_FMTMSG                          = 0x2E5 // 741
+	SYS_JRAND48                         = 0x2E6 // 742
+	SYS_LRAND48                         = 0x2E7 // 743
+	SYS_MRAND48                         = 0x2E8 // 744
+	SYS_NRAND48                         = 0x2E9 // 745
+	SYS_LCONG48                         = 0x2EA // 746
+	SYS_SRAND48                         = 0x2EB // 747
+	SYS_SEED48                          = 0x2EC // 748
+	SYS_ISASCII                         = 0x2ED // 749
+	SYS_TOASCII                         = 0x2EE // 750
+	SYS_A64L                            = 0x2EF // 751
+	SYS_L64A                            = 0x2F0 // 752
+	SYS_UALARM                          = 0x2F1 // 753
+	SYS_USLEEP                          = 0x2F2 // 754
+	SYS___UTXTRM                        = 0x2F3 // 755
+	SYS___SRCTRM                        = 0x2F4 // 756
+	SYS_FTIME                           = 0x2F5 // 757
+	SYS_GETTIMEOFDAY                    = 0x2F6 // 758
+	SYS_DBM_CLEARERR                    = 0x2F7 // 759
+	SYS_DBM_CLOSE                       = 0x2F8 // 760
+	SYS_DBM_DELETE                      = 0x2F9 // 761
+	SYS_DBM_ERROR                       = 0x2FA // 762
+	SYS_DBM_FETCH                       = 0x2FB // 763
+	SYS_DBM_FIRSTKEY                    = 0x2FC // 764
+	SYS_DBM_NEXTKEY                     = 0x2FD // 765
+	SYS_DBM_OPEN                        = 0x2FE // 766
+	SYS_DBM_STORE                       = 0x2FF // 767
+	SYS___NDMTRM                        = 0x300 // 768
+	SYS_FTOK                            = 0x301 // 769
+	SYS_BASENAME                        = 0x302 // 770
+	SYS_DIRNAME                         = 0x303 // 771
+	SYS_GETDTABLESIZE                   = 0x304 // 772
+	SYS_MKSTEMP                         = 0x305 // 773
+	SYS_MKTEMP                          = 0x306 // 774
+	SYS_NFTW                            = 0x307 // 775
+	SYS_GETWD                           = 0x308 // 776
+	SYS_LOCKF                           = 0x309 // 777
+	SYS__LONGJMP                        = 0x30D // 781
+	SYS__SETJMP                         = 0x30E // 782
+	SYS_VFORK                           = 0x30F // 783
+	SYS_WORDEXP                         = 0x310 // 784
+	SYS_WORDFREE                        = 0x311 // 785
+	SYS_GETPGID                         = 0x312 // 786
+	SYS_GETSID                          = 0x313 // 787
+	SYS___UTMPXNAME                     = 0x314 // 788
+	SYS_CUSERID                         = 0x315 // 789
+	SYS_GETPASS                         = 0x316 // 790
+	SYS_FNMATCH                         = 0x317 // 791
+	SYS_FTW                             = 0x318 // 792
+	SYS_GETW                            = 0x319 // 793
+	SYS_GLOB                            = 0x31A // 794
+	SYS_GLOBFREE                        = 0x31B // 795
+	SYS_PUTW                            = 0x31C // 796
+	SYS_SEEKDIR                         = 0x31D // 797
+	SYS_TELLDIR                         = 0x31E // 798
+	SYS_TEMPNAM                         = 0x31F // 799
+	SYS_ACOSH                           = 0x320 // 800
+	SYS_ASINH                           = 0x321 // 801
+	SYS_ATANH                           = 0x322 // 802
+	SYS_CBRT                            = 0x323 // 803
+	SYS_EXPM1                           = 0x324 // 804
+	SYS_ILOGB                           = 0x325 // 805
+	SYS_LOGB                            = 0x326 // 806
+	SYS_LOG1P                           = 0x327 // 807
+	SYS_NEXTAFTER                       = 0x328 // 808
+	SYS_RINT                            = 0x329 // 809
+	SYS_REMAINDER                       = 0x32A // 810
+	SYS_SCALB                           = 0x32B // 811
+	SYS_LGAMMA                          = 0x32C // 812
+	SYS_TTYSLOT                         = 0x32D // 813
+	SYS_GETTIMEOFDAY_R                  = 0x32E // 814
+	SYS_SYNC                            = 0x32F // 815
+	SYS_SPAWN                           = 0x330 // 816
+	SYS_SPAWNP                          = 0x331 // 817
+	SYS_GETLOGIN_UU                     = 0x332 // 818
+	SYS_ECVT                            = 0x333 // 819
+	SYS_FCVT                            = 0x334 // 820
+	SYS_GCVT                            = 0x335 // 821
+	SYS_ACCEPT                          = 0x336 // 822
+	SYS_BIND                            = 0x337 // 823
+	SYS_CONNECT                         = 0x338 // 824
+	SYS_ENDHOSTENT                      = 0x339 // 825
+	SYS_ENDPROTOENT                     = 0x33A // 826
+	SYS_ENDSERVENT                      = 0x33B // 827
+	SYS_GETHOSTBYADDR_R                 = 0x33C // 828
+	SYS_GETHOSTBYADDR                   = 0x33D // 829
+	SYS_GETHOSTBYNAME_R                 = 0x33E // 830
+	SYS_GETHOSTBYNAME                   = 0x33F // 831
+	SYS_GETHOSTENT                      = 0x340 // 832
+	SYS_GETHOSTID                       = 0x341 // 833
+	SYS_GETHOSTNAME                     = 0x342 // 834
+	SYS_GETNETBYADDR                    = 0x343 // 835
+	SYS_GETNETBYNAME                    = 0x344 // 836
+	SYS_GETNETENT                       = 0x345 // 837
+	SYS_GETPEERNAME                     = 0x346 // 838
+	SYS_GETPROTOBYNAME                  = 0x347 // 839
+	SYS_GETPROTOBYNUMBER                = 0x348 // 840
+	SYS_GETPROTOENT                     = 0x349 // 841
+	SYS_GETSERVBYNAME                   = 0x34A // 842
+	SYS_GETSERVBYPORT                   = 0x34B // 843
+	SYS_GETSERVENT                      = 0x34C // 844
+	SYS_GETSOCKNAME                     = 0x34D // 845
+	SYS_GETSOCKOPT                      = 0x34E // 846
+	SYS_INET_ADDR                       = 0x34F // 847
+	SYS_INET_LNAOF                      = 0x350 // 848
+	SYS_INET_MAKEADDR                   = 0x351 // 849
+	SYS_INET_NETOF                      = 0x352 // 850
+	SYS_INET_NETWORK                    = 0x353 // 851
+	SYS_INET_NTOA                       = 0x354 // 852
+	SYS_IOCTL                           = 0x355 // 853
+	SYS_LISTEN                          = 0x356 // 854
+	SYS_READV                           = 0x357 // 855
+	SYS_RECV                            = 0x358 // 856
+	SYS_RECVFROM                        = 0x359 // 857
+	SYS_SELECT                          = 0x35B // 859
+	SYS_SELECTEX                        = 0x35C // 860
+	SYS_SEND                            = 0x35D // 861
+	SYS_SENDTO                          = 0x35F // 863
+	SYS_SETHOSTENT                      = 0x360 // 864
+	SYS_SETNETENT                       = 0x361 // 865
+	SYS_SETPEER                         = 0x362 // 866
+	SYS_SETPROTOENT                     = 0x363 // 867
+	SYS_SETSERVENT                      = 0x364 // 868
+	SYS_SETSOCKOPT                      = 0x365 // 869
+	SYS_SHUTDOWN                        = 0x366 // 870
+	SYS_SOCKET                          = 0x367 // 871
+	SYS_SOCKETPAIR                      = 0x368 // 872
+	SYS_WRITEV                          = 0x369 // 873
+	SYS_CHROOT                          = 0x36A // 874
+	SYS_W_STATVFS                       = 0x36B // 875
+	SYS_ULIMIT                          = 0x36C // 876
+	SYS_ISNAN                           = 0x36D // 877
+	SYS_UTIMES                          = 0x36E // 878
+	SYS___H_ERRNO                       = 0x36F // 879
+	SYS_ENDNETENT                       = 0x370 // 880
+	SYS_CLOSELOG                        = 0x371 // 881
+	SYS_OPENLOG                         = 0x372 // 882
+	SYS_SETLOGMASK                      = 0x373 // 883
+	SYS_SYSLOG                          = 0x374 // 884
+	SYS_PTSNAME                         = 0x375 // 885
+	SYS_SETREUID                        = 0x376 // 886
+	SYS_SETREGID                        = 0x377 // 887
+	SYS_REALPATH                        = 0x378 // 888
+	SYS___SIGNGAM                       = 0x379 // 889
+	SYS_GRANTPT                         = 0x37A // 890
+	SYS_UNLOCKPT                        = 0x37B // 891
+	SYS_TCGETSID                        = 0x37C // 892
+	SYS___TCGETCP                       = 0x37D // 893
+	SYS___TCSETCP                       = 0x37E // 894
+	SYS___TCSETTABLES                   = 0x37F // 895
+	SYS_POLL                            = 0x380 // 896
+	SYS_REXEC                           = 0x381 // 897
+	SYS___ISASCII2                      = 0x382 // 898
+	SYS___TOASCII2                      = 0x383 // 899
+	SYS_CHPRIORITY                      = 0x384 // 900
+	SYS_PTHREAD_ATTR_SETSYNCTYPE_NP     = 0x385 // 901
+	SYS_PTHREAD_ATTR_GETSYNCTYPE_NP     = 0x386 // 902
+	SYS_PTHREAD_SET_LIMIT_NP            = 0x387 // 903
+	SYS___STNETENT                      = 0x388 // 904
+	SYS___STPROTOENT                    = 0x389 // 905
+	SYS___STSERVENT                     = 0x38A // 906
+	SYS___STHOSTENT                     = 0x38B // 907
+	SYS_NLIST                           = 0x38C // 908
+	SYS___IPDBCS                        = 0x38D // 909
+	SYS___IPDSPX                        = 0x38E // 910
+	SYS___IPMSGC                        = 0x38F // 911
+	SYS___SELECT1                       = 0x390 // 912
+	SYS_PTHREAD_SECURITY_NP             = 0x391 // 913
+	SYS___CHECK_RESOURCE_AUTH_NP        = 0x392 // 914
+	SYS___CONVERT_ID_NP                 = 0x393 // 915
+	SYS___OPENVMREL                     = 0x394 // 916
+	SYS_WMEMCHR                         = 0x395 // 917
+	SYS_WMEMCMP                         = 0x396 // 918
+	SYS_WMEMCPY                         = 0x397 // 919
+	SYS_WMEMMOVE                        = 0x398 // 920
+	SYS_WMEMSET                         = 0x399 // 921
+	SYS___FPUTWC                        = 0x400 // 1024
+	SYS___PUTWC                         = 0x401 // 1025
+	SYS___PWCHAR                        = 0x402 // 1026
+	SYS___WCSFTM                        = 0x403 // 1027
+	SYS___WCSTOK                        = 0x404 // 1028
+	SYS___WCWDTH                        = 0x405 // 1029
+	SYS_T_ACCEPT                        = 0x409 // 1033
+	SYS_T_ALLOC                         = 0x40A // 1034
+	SYS_T_BIND                          = 0x40B // 1035
+	SYS_T_CLOSE                         = 0x40C // 1036
+	SYS_T_CONNECT                       = 0x40D // 1037
+	SYS_T_ERROR                         = 0x40E // 1038
+	SYS_T_FREE                          = 0x40F // 1039
+	SYS_T_GETINFO                       = 0x410 // 1040
+	SYS_T_GETPROTADDR                   = 0x411 // 1041
+	SYS_T_GETSTATE                      = 0x412 // 1042
+	SYS_T_LISTEN                        = 0x413 // 1043
+	SYS_T_LOOK                          = 0x414 // 1044
+	SYS_T_OPEN                          = 0x415 // 1045
+	SYS_T_OPTMGMT                       = 0x416 // 1046
+	SYS_T_RCV                           = 0x417 // 1047
+	SYS_T_RCVCONNECT                    = 0x418 // 1048
+	SYS_T_RCVDIS                        = 0x419 // 1049
+	SYS_T_RCVREL                        = 0x41A // 1050
+	SYS_T_RCVUDATA                      = 0x41B // 1051
+	SYS_T_RCVUDERR                      = 0x41C // 1052
+	SYS_T_SND                           = 0x41D // 1053
+	SYS_T_SNDDIS                        = 0x41E // 1054
+	SYS_T_SNDREL                        = 0x41F // 1055
+	SYS_T_SNDUDATA                      = 0x420 // 1056
+	SYS_T_STRERROR                      = 0x421 // 1057
+	SYS_T_SYNC                          = 0x422 // 1058
+	SYS_T_UNBIND                        = 0x423 // 1059
+	SYS___T_ERRNO                       = 0x424 // 1060
+	SYS___RECVMSG2                      = 0x425 // 1061
+	SYS___SENDMSG2                      = 0x426 // 1062
+	SYS_FATTACH                         = 0x427 // 1063
+	SYS_FDETACH                         = 0x428 // 1064
+	SYS_GETMSG                          = 0x429 // 1065
+	SYS_GETPMSG                         = 0x42A // 1066
+	SYS_ISASTREAM                       = 0x42B // 1067
+	SYS_PUTMSG                          = 0x42C // 1068
+	SYS_PUTPMSG                         = 0x42D // 1069
+	SYS___ISPOSIXON                     = 0x42E // 1070
+	SYS___OPENMVSREL                    = 0x42F // 1071
+	SYS_GETCONTEXT                      = 0x430 // 1072
+	SYS_SETCONTEXT                      = 0x431 // 1073
+	SYS_MAKECONTEXT                     = 0x432 // 1074
+	SYS_SWAPCONTEXT                     = 0x433 // 1075
+	SYS_PTHREAD_GETSPECIFIC_D8_NP       = 0x434 // 1076
+	SYS_GETCLIENTID                     = 0x470 // 1136
+	SYS___GETCLIENTID                   = 0x471 // 1137
+	SYS_GETSTABLESIZE                   = 0x472 // 1138
+	SYS_GETIBMOPT                       = 0x473 // 1139
+	SYS_GETIBMSOCKOPT                   = 0x474 // 1140
+	SYS_GIVESOCKET                      = 0x475 // 1141
+	SYS_IBMSFLUSH                       = 0x476 // 1142
+	SYS_MAXDESC                         = 0x477 // 1143
+	SYS_SETIBMOPT                       = 0x478 // 1144
+	SYS_SETIBMSOCKOPT                   = 0x479 // 1145
+	SYS_SOCK_DEBUG                      = 0x47A // 1146
+	SYS_SOCK_DO_TESTSTOR                = 0x47D // 1149
+	SYS_TAKESOCKET                      = 0x47E // 1150
+	SYS___SERVER_INIT                   = 0x47F // 1151
+	SYS___SERVER_PWU                    = 0x480 // 1152
+	SYS_PTHREAD_TAG_NP                  = 0x481 // 1153
+	SYS___CONSOLE                       = 0x482 // 1154
+	SYS___WSINIT                        = 0x483 // 1155
+	SYS___IPTCPN                        = 0x489 // 1161
+	SYS___SMF_RECORD                    = 0x48A // 1162
+	SYS___IPHOST                        = 0x48B // 1163
+	SYS___IPNODE                        = 0x48C // 1164
+	SYS___SERVER_CLASSIFY_CREATE        = 0x48D // 1165
+	SYS___SERVER_CLASSIFY_DESTROY       = 0x48E // 1166
+	SYS___SERVER_CLASSIFY_RESET         = 0x48F // 1167
+	SYS___SERVER_CLASSIFY               = 0x490 // 1168
+	SYS___HEAPRPT                       = 0x496 // 1174
+	SYS___FNWSA                         = 0x49B // 1179
+	SYS___SPAWN2                        = 0x49D // 1181
+	SYS___SPAWNP2                       = 0x49E // 1182
+	SYS___GDRR                          = 0x4A1 // 1185
+	SYS___HRRNO                         = 0x4A2 // 1186
+	SYS___OPRG                          = 0x4A3 // 1187
+	SYS___OPRR                          = 0x4A4 // 1188
+	SYS___OPND                          = 0x4A5 // 1189
+	SYS___OPPT                          = 0x4A6 // 1190
+	SYS___SIGGM                         = 0x4A7 // 1191
+	SYS___DGHT                          = 0x4A8 // 1192
+	SYS___TZNE                          = 0x4A9 // 1193
+	SYS___TZZN                          = 0x4AA // 1194
+	SYS___TRRNO                         = 0x4AF // 1199
+	SYS___ENVN                          = 0x4B0 // 1200
+	SYS___MLOCKALL                      = 0x4B1 // 1201
+	SYS_CREATEWO                        = 0x4B2 // 1202
+	SYS_CREATEWORKUNIT                  = 0x4B2 // 1202
+	SYS_CONTINUE                        = 0x4B3 // 1203
+	SYS_CONTINUEWORKUNIT                = 0x4B3 // 1203
+	SYS_CONNECTW                        = 0x4B4 // 1204
+	SYS_CONNECTWORKMGR                  = 0x4B4 // 1204
+	SYS_CONNECTS                        = 0x4B5 // 1205
+	SYS_CONNECTSERVER                   = 0x4B5 // 1205
+	SYS_DISCONNE                        = 0x4B6 // 1206
+	SYS_DISCONNECTSERVER                = 0x4B6 // 1206
+	SYS_JOINWORK                        = 0x4B7 // 1207
+	SYS_JOINWORKUNIT                    = 0x4B7 // 1207
+	SYS_LEAVEWOR                        = 0x4B8 // 1208
+	SYS_LEAVEWORKUNIT                   = 0x4B8 // 1208
+	SYS_DELETEWO                        = 0x4B9 // 1209
+	SYS_DELETEWORKUNIT                  = 0x4B9 // 1209
+	SYS_QUERYMET                        = 0x4BA // 1210
+	SYS_QUERYMETRICS                    = 0x4BA // 1210
+	SYS_QUERYSCH                        = 0x4BB // 1211
+	SYS_QUERYSCHENV                     = 0x4BB // 1211
+	SYS_CHECKSCH                        = 0x4BC // 1212
+	SYS_CHECKSCHENV                     = 0x4BC // 1212
+	SYS___PID_AFFINITY                  = 0x4BD // 1213
+	SYS___ASINH_B                       = 0x4BE // 1214
+	SYS___ATAN_B                        = 0x4BF // 1215
+	SYS___CBRT_B                        = 0x4C0 // 1216
+	SYS___CEIL_B                        = 0x4C1 // 1217
+	SYS_COPYSIGN                        = 0x4C2 // 1218
+	SYS___COS_B                         = 0x4C3 // 1219
+	SYS___ERF_B                         = 0x4C4 // 1220
+	SYS___ERFC_B                        = 0x4C5 // 1221
+	SYS___EXPM1_B                       = 0x4C6 // 1222
+	SYS___FABS_B                        = 0x4C7 // 1223
+	SYS_FINITE                          = 0x4C8 // 1224
+	SYS___FLOOR_B                       = 0x4C9 // 1225
+	SYS___FREXP_B                       = 0x4CA // 1226
+	SYS___ILOGB_B                       = 0x4CB // 1227
+	SYS___ISNAN_B                       = 0x4CC // 1228
+	SYS___LDEXP_B                       = 0x4CD // 1229
+	SYS___LOG1P_B                       = 0x4CE // 1230
+	SYS___LOGB_B                        = 0x4CF // 1231
+	SYS_MATHERR                         = 0x4D0 // 1232
+	SYS___MODF_B                        = 0x4D1 // 1233
+	SYS___NEXTAFTER_B                   = 0x4D2 // 1234
+	SYS___RINT_B                        = 0x4D3 // 1235
+	SYS_SCALBN                          = 0x4D4 // 1236
+	SYS_SIGNIFIC                        = 0x4D5 // 1237
+	SYS_SIGNIFICAND                     = 0x4D5 // 1237
+	SYS___SIN_B                         = 0x4D6 // 1238
+	SYS___TAN_B                         = 0x4D7 // 1239
+	SYS___TANH_B                        = 0x4D8 // 1240
+	SYS___ACOS_B                        = 0x4D9 // 1241
+	SYS___ACOSH_B                       = 0x4DA // 1242
+	SYS___ASIN_B                        = 0x4DB // 1243
+	SYS___ATAN2_B                       = 0x4DC // 1244
+	SYS___ATANH_B                       = 0x4DD // 1245
+	SYS___COSH_B                        = 0x4DE // 1246
+	SYS___EXP_B                         = 0x4DF // 1247
+	SYS___FMOD_B                        = 0x4E0 // 1248
+	SYS___GAMMA_B                       = 0x4E1 // 1249
+	SYS_GAMMA_R                         = 0x4E2 // 1250
+	SYS___HYPOT_B                       = 0x4E3 // 1251
+	SYS___J0_B                          = 0x4E4 // 1252
+	SYS___Y0_B                          = 0x4E5 // 1253
+	SYS___J1_B                          = 0x4E6 // 1254
+	SYS___Y1_B                          = 0x4E7 // 1255
+	SYS___JN_B                          = 0x4E8 // 1256
+	SYS___YN_B                          = 0x4E9 // 1257
+	SYS___LGAMMA_B                      = 0x4EA // 1258
+	SYS_LGAMMA_R                        = 0x4EB // 1259
+	SYS___LOG_B                         = 0x4EC // 1260
+	SYS___LOG10_B                       = 0x4ED // 1261
+	SYS___POW_B                         = 0x4EE // 1262
+	SYS___REMAINDER_B                   = 0x4EF // 1263
+	SYS___SCALB_B                       = 0x4F0 // 1264
+	SYS___SINH_B                        = 0x4F1 // 1265
+	SYS___SQRT_B                        = 0x4F2 // 1266
+	SYS___OPENDIR2                      = 0x4F3 // 1267
+	SYS___READDIR2                      = 0x4F4 // 1268
+	SYS___LOGIN                         = 0x4F5 // 1269
+	SYS___OPEN_STAT                     = 0x4F6 // 1270
+	SYS_ACCEPT_AND_RECV                 = 0x4F7 // 1271
+	SYS___FP_SETMODE                    = 0x4F8 // 1272
+	SYS___SIGACTIONSET                  = 0x4FB // 1275
+	SYS___UCREATE                       = 0x4FC // 1276
+	SYS___UMALLOC                       = 0x4FD // 1277
+	SYS___UFREE                         = 0x4FE // 1278
+	SYS___UHEAPREPORT                   = 0x4FF // 1279
+	SYS___ISBFP                         = 0x500 // 1280
+	SYS___FP_CAST                       = 0x501 // 1281
+	SYS___CERTIFICATE                   = 0x502 // 1282
+	SYS_SEND_FILE                       = 0x503 // 1283
+	SYS_AIO_CANCEL                      = 0x504 // 1284
+	SYS_AIO_ERROR                       = 0x505 // 1285
+	SYS_AIO_READ                        = 0x506 // 1286
+	SYS_AIO_RETURN                      = 0x507 // 1287
+	SYS_AIO_SUSPEND                     = 0x508 // 1288
+	SYS_AIO_WRITE                       = 0x509 // 1289
+	SYS_PTHREAD_MUTEXATTR_GETPSHARED    = 0x50A // 1290
+	SYS_PTHREAD_MUTEXATTR_SETPSHARED    = 0x50B // 1291
+	SYS_PTHREAD_RWLOCK_DESTROY          = 0x50C // 1292
+	SYS_PTHREAD_RWLOCK_INIT             = 0x50D // 1293
+	SYS_PTHREAD_RWLOCK_RDLOCK           = 0x50E // 1294
+	SYS_PTHREAD_RWLOCK_TRYRDLOCK        = 0x50F // 1295
+	SYS_PTHREAD_RWLOCK_TRYWRLOCK        = 0x510 // 1296
+	SYS_PTHREAD_RWLOCK_UNLOCK           = 0x511 // 1297
+	SYS_PTHREAD_RWLOCK_WRLOCK           = 0x512 // 1298
+	SYS_PTHREAD_RWLOCKATTR_GETPSHARED   = 0x513 // 1299
+	SYS_PTHREAD_RWLOCKATTR_SETPSHARED   = 0x514 // 1300
+	SYS_PTHREAD_RWLOCKATTR_INIT         = 0x515 // 1301
+	SYS_PTHREAD_RWLOCKATTR_DESTROY      = 0x516 // 1302
+	SYS___CTTBL                         = 0x517 // 1303
+	SYS_PTHREAD_MUTEXATTR_SETTYPE       = 0x518 // 1304
+	SYS_PTHREAD_MUTEXATTR_GETTYPE       = 0x519 // 1305
+	SYS___FP_CLR_FLAG                   = 0x51A // 1306
+	SYS___FP_READ_FLAG                  = 0x51B // 1307
+	SYS___FP_RAISE_XCP                  = 0x51C // 1308
+	SYS___FP_CLASS                      = 0x51D // 1309
+	SYS___FP_FINITE                     = 0x51E // 1310
+	SYS___FP_ISNAN                      = 0x51F // 1311
+	SYS___FP_UNORDERED                  = 0x520 // 1312
+	SYS___FP_READ_RND                   = 0x521 // 1313
+	SYS___FP_READ_RND_B                 = 0x522 // 1314
+	SYS___FP_SWAP_RND                   = 0x523 // 1315
+	SYS___FP_SWAP_RND_B                 = 0x524 // 1316
+	SYS___FP_LEVEL                      = 0x525 // 1317
+	SYS___FP_BTOH                       = 0x526 // 1318
+	SYS___FP_HTOB                       = 0x527 // 1319
+	SYS___FPC_RD                        = 0x528 // 1320
+	SYS___FPC_WR                        = 0x529 // 1321
+	SYS___FPC_RW                        = 0x52A // 1322
+	SYS___FPC_SM                        = 0x52B // 1323
+	SYS___FPC_RS                        = 0x52C // 1324
+	SYS_SIGTIMEDWAIT                    = 0x52D // 1325
+	SYS_SIGWAITINFO                     = 0x52E // 1326
+	SYS___CHKBFP                        = 0x52F // 1327
+	SYS___W_PIOCTL                      = 0x59E // 1438
+	SYS___OSENV                         = 0x59F // 1439
+	SYS_EXPORTWO                        = 0x5A1 // 1441
+	SYS_EXPORTWORKUNIT                  = 0x5A1 // 1441
+	SYS_UNDOEXPO                        = 0x5A2 // 1442
+	SYS_UNDOEXPORTWORKUNIT              = 0x5A2 // 1442
+	SYS_IMPORTWO                        = 0x5A3 // 1443
+	SYS_IMPORTWORKUNIT                  = 0x5A3 // 1443
+	SYS_UNDOIMPO                        = 0x5A4 // 1444
+	SYS_UNDOIMPORTWORKUNIT              = 0x5A4 // 1444
+	SYS_EXTRACTW                        = 0x5A5 // 1445
+	SYS_EXTRACTWORKUNIT                 = 0x5A5 // 1445
+	SYS___CPL                           = 0x5A6 // 1446
+	SYS___MAP_INIT                      = 0x5A7 // 1447
+	SYS___MAP_SERVICE                   = 0x5A8 // 1448
+	SYS_SIGQUEUE                        = 0x5A9 // 1449
+	SYS___MOUNT                         = 0x5AA // 1450
+	SYS___GETUSERID                     = 0x5AB // 1451
+	SYS___IPDOMAINNAME                  = 0x5AC // 1452
+	SYS_QUERYENC                        = 0x5AD // 1453
+	SYS_QUERYWORKUNITCLASSIFICATION     = 0x5AD // 1453
+	SYS_CONNECTE                        = 0x5AE // 1454
+	SYS_CONNECTEXPORTIMPORT             = 0x5AE // 1454
+	SYS___FP_SWAPMODE                   = 0x5AF // 1455
+	SYS_STRTOLL                         = 0x5B0 // 1456
+	SYS_STRTOULL                        = 0x5B1 // 1457
+	SYS___DSA_PREV                      = 0x5B2 // 1458
+	SYS___EP_FIND                       = 0x5B3 // 1459
+	SYS___SERVER_THREADS_QUERY          = 0x5B4 // 1460
+	SYS___MSGRCV_TIMED                  = 0x5B7 // 1463
+	SYS___SEMOP_TIMED                   = 0x5B8 // 1464
+	SYS___GET_CPUID                     = 0x5B9 // 1465
+	SYS___GET_SYSTEM_SETTINGS           = 0x5BA // 1466
+	SYS_FTELLO                          = 0x5C8 // 1480
+	SYS_FSEEKO                          = 0x5C9 // 1481
+	SYS_LLDIV                           = 0x5CB // 1483
+	SYS_WCSTOLL                         = 0x5CC // 1484
+	SYS_WCSTOULL                        = 0x5CD // 1485
+	SYS_LLABS                           = 0x5CE // 1486
+	SYS___CONSOLE2                      = 0x5D2 // 1490
+	SYS_INET_NTOP                       = 0x5D3 // 1491
+	SYS_INET_PTON                       = 0x5D4 // 1492
+	SYS___RES                           = 0x5D6 // 1494
+	SYS_RES_MKQUERY                     = 0x5D7 // 1495
+	SYS_RES_INIT                        = 0x5D8 // 1496
+	SYS_RES_QUERY                       = 0x5D9 // 1497
+	SYS_RES_SEARCH                      = 0x5DA // 1498
+	SYS_RES_SEND                        = 0x5DB // 1499
+	SYS_RES_QUERYDOMAIN                 = 0x5DC // 1500
+	SYS_DN_EXPAND                       = 0x5DD // 1501
+	SYS_DN_SKIPNAME                     = 0x5DE // 1502
+	SYS_DN_COMP                         = 0x5DF // 1503
+	SYS_ASCTIME_R                       = 0x5E0 // 1504
+	SYS_CTIME_R                         = 0x5E1 // 1505
+	SYS_GMTIME_R                        = 0x5E2 // 1506
+	SYS_LOCALTIME_R                     = 0x5E3 // 1507
+	SYS_RAND_R                          = 0x5E4 // 1508
+	SYS_STRTOK_R                        = 0x5E5 // 1509
+	SYS_READDIR_R                       = 0x5E6 // 1510
+	SYS_GETGRGID_R                      = 0x5E7 // 1511
+	SYS_GETGRNAM_R                      = 0x5E8 // 1512
+	SYS_GETLOGIN_R                      = 0x5E9 // 1513
+	SYS_GETPWNAM_R                      = 0x5EA // 1514
+	SYS_GETPWUID_R                      = 0x5EB // 1515
+	SYS_TTYNAME_R                       = 0x5EC // 1516
+	SYS_PTHREAD_ATFORK                  = 0x5ED // 1517
+	SYS_PTHREAD_ATTR_GETGUARDSIZE       = 0x5EE // 1518
+	SYS_PTHREAD_ATTR_GETSTACKADDR       = 0x5EF // 1519
+	SYS_PTHREAD_ATTR_SETGUARDSIZE       = 0x5F0 // 1520
+	SYS_PTHREAD_ATTR_SETSTACKADDR       = 0x5F1 // 1521
+	SYS_PTHREAD_CONDATTR_GETPSHARED     = 0x5F2 // 1522
+	SYS_PTHREAD_CONDATTR_SETPSHARED     = 0x5F3 // 1523
+	SYS_PTHREAD_GETCONCURRENCY          = 0x5F4 // 1524
+	SYS_PTHREAD_KEY_DELETE              = 0x5F5 // 1525
+	SYS_PTHREAD_SETCONCURRENCY          = 0x5F6 // 1526
+	SYS_PTHREAD_SIGMASK                 = 0x5F7 // 1527
+	SYS___DISCARDDATA                   = 0x5F8 // 1528
+	SYS_PTHREAD_ATTR_GETSCHEDPARAM      = 0x5F9 // 1529
+	SYS_PTHREAD_ATTR_SETSCHEDPARAM      = 0x5FA // 1530
+	SYS_PTHREAD_ATTR_GETDETACHSTATE_U98 = 0x5FB // 1531
+	SYS_PTHREAD_ATTR_SETDETACHSTATE_U98 = 0x5FC // 1532
+	SYS_PTHREAD_DETACH_U98              = 0x5FD // 1533
+	SYS_PTHREAD_GETSPECIFIC_U98         = 0x5FE // 1534
+	SYS_PTHREAD_SETCANCELSTATE          = 0x5FF // 1535
+	SYS_PTHREAD_SETCANCELTYPE           = 0x600 // 1536
+	SYS_PTHREAD_TESTCANCEL              = 0x601 // 1537
+	SYS___ATANF_B                       = 0x602 // 1538
+	SYS___ATANL_B                       = 0x603 // 1539
+	SYS___CEILF_B                       = 0x604 // 1540
+	SYS___CEILL_B                       = 0x605 // 1541
+	SYS___COSF_B                        = 0x606 // 1542
+	SYS___COSL_B                        = 0x607 // 1543
+	SYS___FABSF_B                       = 0x608 // 1544
+	SYS___FABSL_B                       = 0x609 // 1545
+	SYS___FLOORF_B                      = 0x60A // 1546
+	SYS___FLOORL_B                      = 0x60B // 1547
+	SYS___FREXPF_B                      = 0x60C // 1548
+	SYS___FREXPL_B                      = 0x60D // 1549
+	SYS___LDEXPF_B                      = 0x60E // 1550
+	SYS___LDEXPL_B                      = 0x60F // 1551
+	SYS___SINF_B                        = 0x610 // 1552
+	SYS___SINL_B                        = 0x611 // 1553
+	SYS___TANF_B                        = 0x612 // 1554
+	SYS___TANL_B                        = 0x613 // 1555
+	SYS___TANHF_B                       = 0x614 // 1556
+	SYS___TANHL_B                       = 0x615 // 1557
+	SYS___ACOSF_B                       = 0x616 // 1558
+	SYS___ACOSL_B                       = 0x617 // 1559
+	SYS___ASINF_B                       = 0x618 // 1560
+	SYS___ASINL_B                       = 0x619 // 1561
+	SYS___ATAN2F_B                      = 0x61A // 1562
+	SYS___ATAN2L_B                      = 0x61B // 1563
+	SYS___COSHF_B                       = 0x61C // 1564
+	SYS___COSHL_B                       = 0x61D // 1565
+	SYS___EXPF_B                        = 0x61E // 1566
+	SYS___EXPL_B                        = 0x61F // 1567
+	SYS___LOGF_B                        = 0x620 // 1568
+	SYS___LOGL_B                        = 0x621 // 1569
+	SYS___LOG10F_B                      = 0x622 // 1570
+	SYS___LOG10L_B                      = 0x623 // 1571
+	SYS___POWF_B                        = 0x624 // 1572
+	SYS___POWL_B                        = 0x625 // 1573
+	SYS___SINHF_B                       = 0x626 // 1574
+	SYS___SINHL_B                       = 0x627 // 1575
+	SYS___SQRTF_B                       = 0x628 // 1576
+	SYS___SQRTL_B                       = 0x629 // 1577
+	SYS___ABSF_B                        = 0x62A // 1578
+	SYS___ABS_B                         = 0x62B // 1579
+	SYS___ABSL_B                        = 0x62C // 1580
+	SYS___FMODF_B                       = 0x62D // 1581
+	SYS___FMODL_B                       = 0x62E // 1582
+	SYS___MODFF_B                       = 0x62F // 1583
+	SYS___MODFL_B                       = 0x630 // 1584
+	SYS_ABSF                            = 0x631 // 1585
+	SYS_ABSL                            = 0x632 // 1586
+	SYS_ACOSF                           = 0x633 // 1587
+	SYS_ACOSL                           = 0x634 // 1588
+	SYS_ASINF                           = 0x635 // 1589
+	SYS_ASINL                           = 0x636 // 1590
+	SYS_ATAN2F                          = 0x637 // 1591
+	SYS_ATAN2L                          = 0x638 // 1592
+	SYS_ATANF                           = 0x639 // 1593
+	SYS_ATANL                           = 0x63A // 1594
+	SYS_CEILF                           = 0x63B // 1595
+	SYS_CEILL                           = 0x63C // 1596
+	SYS_COSF                            = 0x63D // 1597
+	SYS_COSL                            = 0x63E // 1598
+	SYS_COSHF                           = 0x63F // 1599
+	SYS_COSHL                           = 0x640 // 1600
+	SYS_EXPF                            = 0x641 // 1601
+	SYS_EXPL                            = 0x642 // 1602
+	SYS_TANHF                           = 0x643 // 1603
+	SYS_TANHL                           = 0x644 // 1604
+	SYS_LOG10F                          = 0x645 // 1605
+	SYS_LOG10L                          = 0x646 // 1606
+	SYS_LOGF                            = 0x647 // 1607
+	SYS_LOGL                            = 0x648 // 1608
+	SYS_POWF                            = 0x649 // 1609
+	SYS_POWL                            = 0x64A // 1610
+	SYS_SINF                            = 0x64B // 1611
+	SYS_SINL                            = 0x64C // 1612
+	SYS_SQRTF                           = 0x64D // 1613
+	SYS_SQRTL                           = 0x64E // 1614
+	SYS_SINHF                           = 0x64F // 1615
+	SYS_SINHL                           = 0x650 // 1616
+	SYS_TANF                            = 0x651 // 1617
+	SYS_TANL                            = 0x652 // 1618
+	SYS_FABSF                           = 0x653 // 1619
+	SYS_FABSL                           = 0x654 // 1620
+	SYS_FLOORF                          = 0x655 // 1621
+	SYS_FLOORL                          = 0x656 // 1622
+	SYS_FMODF                           = 0x657 // 1623
+	SYS_FMODL                           = 0x658 // 1624
+	SYS_FREXPF                          = 0x659 // 1625
+	SYS_FREXPL                          = 0x65A // 1626
+	SYS_LDEXPF                          = 0x65B // 1627
+	SYS_LDEXPL                          = 0x65C // 1628
+	SYS_MODFF                           = 0x65D // 1629
+	SYS_MODFL                           = 0x65E // 1630
+	SYS_BTOWC                           = 0x65F // 1631
+	SYS___CHATTR                        = 0x660 // 1632
+	SYS___FCHATTR                       = 0x661 // 1633
+	SYS___TOCCSID                       = 0x662 // 1634
+	SYS___CSNAMETYPE                    = 0x663 // 1635
+	SYS___TOCSNAME                      = 0x664 // 1636
+	SYS___CCSIDTYPE                     = 0x665 // 1637
+	SYS___AE_CORRESTBL_QUERY            = 0x666 // 1638
+	SYS___AE_AUTOCONVERT_STATE          = 0x667 // 1639
+	SYS_DN_FIND                         = 0x668 // 1640
+	SYS___GETHOSTBYADDR_A               = 0x669 // 1641
+	SYS___GETHOSTBYNAME_A               = 0x66A // 1642
+	SYS___RES_INIT_A                    = 0x66B // 1643
+	SYS___GETHOSTBYADDR_R_A             = 0x66C // 1644
+	SYS___GETHOSTBYNAME_R_A             = 0x66D // 1645
+	SYS___CHARMAP_INIT_A                = 0x66E // 1646
+	SYS___MBLEN_A                       = 0x66F // 1647
+	SYS___MBLEN_SB_A                    = 0x670 // 1648
+	SYS___MBLEN_STD_A                   = 0x671 // 1649
+	SYS___MBLEN_UTF                     = 0x672 // 1650
+	SYS___MBSTOWCS_A                    = 0x673 // 1651
+	SYS___MBSTOWCS_STD_A                = 0x674 // 1652
+	SYS___MBTOWC_A                      = 0x675 // 1653
+	SYS___MBTOWC_ISO1                   = 0x676 // 1654
+	SYS___MBTOWC_SBCS                   = 0x677 // 1655
+	SYS___MBTOWC_MBCS                   = 0x678 // 1656
+	SYS___MBTOWC_UTF                    = 0x679 // 1657
+	SYS___WCSTOMBS_A                    = 0x67A // 1658
+	SYS___WCSTOMBS_STD_A                = 0x67B // 1659
+	SYS___WCSWIDTH_A                    = 0x67C // 1660
+	SYS___GETGRGID_R_A                  = 0x67D // 1661
+	SYS___WCSWIDTH_STD_A                = 0x67E // 1662
+	SYS___WCSWIDTH_ASIA                 = 0x67F // 1663
+	SYS___CSID_A                        = 0x680 // 1664
+	SYS___CSID_STD_A                    = 0x681 // 1665
+	SYS___WCSID_A                       = 0x682 // 1666
+	SYS___WCSID_STD_A                   = 0x683 // 1667
+	SYS___WCTOMB_A                      = 0x684 // 1668
+	SYS___WCTOMB_ISO1                   = 0x685 // 1669
+	SYS___WCTOMB_STD_A                  = 0x686 // 1670
+	SYS___WCTOMB_UTF                    = 0x687 // 1671
+	SYS___WCWIDTH_A                     = 0x688 // 1672
+	SYS___GETGRNAM_R_A                  = 0x689 // 1673
+	SYS___WCWIDTH_STD_A                 = 0x68A // 1674
+	SYS___WCWIDTH_ASIA                  = 0x68B // 1675
+	SYS___GETPWNAM_R_A                  = 0x68C // 1676
+	SYS___GETPWUID_R_A                  = 0x68D // 1677
+	SYS___GETLOGIN_R_A                  = 0x68E // 1678
+	SYS___TTYNAME_R_A                   = 0x68F // 1679
+	SYS___READDIR_R_A                   = 0x690 // 1680
+	SYS___E2A_S                         = 0x691 // 1681
+	SYS___FNMATCH_A                     = 0x692 // 1682
+	SYS___FNMATCH_C_A                   = 0x693 // 1683
+	SYS___EXECL_A                       = 0x694 // 1684
+	SYS___FNMATCH_STD_A                 = 0x695 // 1685
+	SYS___REGCOMP_A                     = 0x696 // 1686
+	SYS___REGCOMP_STD_A                 = 0x697 // 1687
+	SYS___REGERROR_A                    = 0x698 // 1688
+	SYS___REGERROR_STD_A                = 0x699 // 1689
+	SYS___REGEXEC_A                     = 0x69A // 1690
+	SYS___REGEXEC_STD_A                 = 0x69B // 1691
+	SYS___REGFREE_A                     = 0x69C // 1692
+	SYS___REGFREE_STD_A                 = 0x69D // 1693
+	SYS___STRCOLL_A                     = 0x69E // 1694
+	SYS___STRCOLL_C_A                   = 0x69F // 1695
+	SYS___EXECLE_A                      = 0x6A0 // 1696
+	SYS___STRCOLL_STD_A                 = 0x6A1 // 1697
+	SYS___STRXFRM_A                     = 0x6A2 // 1698
+	SYS___STRXFRM_C_A                   = 0x6A3 // 1699
+	SYS___EXECLP_A                      = 0x6A4 // 1700
+	SYS___STRXFRM_STD_A                 = 0x6A5 // 1701
+	SYS___WCSCOLL_A                     = 0x6A6 // 1702
+	SYS___WCSCOLL_C_A                   = 0x6A7 // 1703
+	SYS___WCSCOLL_STD_A                 = 0x6A8 // 1704
+	SYS___WCSXFRM_A                     = 0x6A9 // 1705
+	SYS___WCSXFRM_C_A                   = 0x6AA // 1706
+	SYS___WCSXFRM_STD_A                 = 0x6AB // 1707
+	SYS___COLLATE_INIT_A                = 0x6AC // 1708
+	SYS___WCTYPE_A                      = 0x6AD // 1709
+	SYS___GET_WCTYPE_STD_A              = 0x6AE // 1710
+	SYS___CTYPE_INIT_A                  = 0x6AF // 1711
+	SYS___ISWCTYPE_A                    = 0x6B0 // 1712
+	SYS___EXECV_A                       = 0x6B1 // 1713
+	SYS___IS_WCTYPE_STD_A               = 0x6B2 // 1714
+	SYS___TOWLOWER_A                    = 0x6B3 // 1715
+	SYS___TOWLOWER_STD_A                = 0x6B4 // 1716
+	SYS___TOWUPPER_A                    = 0x6B5 // 1717
+	SYS___TOWUPPER_STD_A                = 0x6B6 // 1718
+	SYS___LOCALE_INIT_A                 = 0x6B7 // 1719
+	SYS___LOCALECONV_A                  = 0x6B8 // 1720
+	SYS___LOCALECONV_STD_A              = 0x6B9 // 1721
+	SYS___NL_LANGINFO_A                 = 0x6BA // 1722
+	SYS___NL_LNAGINFO_STD_A             = 0x6BB // 1723
+	SYS___MONETARY_INIT_A               = 0x6BC // 1724
+	SYS___STRFMON_A                     = 0x6BD // 1725
+	SYS___STRFMON_STD_A                 = 0x6BE // 1726
+	SYS___GETADDRINFO_A                 = 0x6BF // 1727
+	SYS___CATGETS_A                     = 0x6C0 // 1728
+	SYS___EXECVE_A                      = 0x6C1 // 1729
+	SYS___EXECVP_A                      = 0x6C2 // 1730
+	SYS___SPAWN_A                       = 0x6C3 // 1731
+	SYS___GETNAMEINFO_A                 = 0x6C4 // 1732
+	SYS___SPAWNP_A                      = 0x6C5 // 1733
+	SYS___NUMERIC_INIT_A                = 0x6C6 // 1734
+	SYS___RESP_INIT_A                   = 0x6C7 // 1735
+	SYS___RPMATCH_A                     = 0x6C8 // 1736
+	SYS___RPMATCH_C_A                   = 0x6C9 // 1737
+	SYS___RPMATCH_STD_A                 = 0x6CA // 1738
+	SYS___TIME_INIT_A                   = 0x6CB // 1739
+	SYS___STRFTIME_A                    = 0x6CC // 1740
+	SYS___STRFTIME_STD_A                = 0x6CD // 1741
+	SYS___STRPTIME_A                    = 0x6CE // 1742
+	SYS___STRPTIME_STD_A                = 0x6CF // 1743
+	SYS___WCSFTIME_A                    = 0x6D0 // 1744
+	SYS___WCSFTIME_STD_A                = 0x6D1 // 1745
+	SYS_____SPAWN2_A                    = 0x6D2 // 1746
+	SYS_____SPAWNP2_A                   = 0x6D3 // 1747
+	SYS___SYNTAX_INIT_A                 = 0x6D4 // 1748
+	SYS___TOD_INIT_A                    = 0x6D5 // 1749
+	SYS___NL_CSINFO_A                   = 0x6D6 // 1750
+	SYS___NL_MONINFO_A                  = 0x6D7 // 1751
+	SYS___NL_NUMINFO_A                  = 0x6D8 // 1752
+	SYS___NL_RESPINFO_A                 = 0x6D9 // 1753
+	SYS___NL_TIMINFO_A                  = 0x6DA // 1754
+	SYS___IF_NAMETOINDEX_A              = 0x6DB // 1755
+	SYS___IF_INDEXTONAME_A              = 0x6DC // 1756
+	SYS___PRINTF_A                      = 0x6DD // 1757
+	SYS___ICONV_OPEN_A                  = 0x6DE // 1758
+	SYS___DLLLOAD_A                     = 0x6DF // 1759
+	SYS___DLLQUERYFN_A                  = 0x6E0 // 1760
+	SYS___DLLQUERYVAR_A                 = 0x6E1 // 1761
+	SYS_____CHATTR_A                    = 0x6E2 // 1762
+	SYS___E2A_L                         = 0x6E3 // 1763
+	SYS_____TOCCSID_A                   = 0x6E4 // 1764
+	SYS_____TOCSNAME_A                  = 0x6E5 // 1765
+	SYS_____CCSIDTYPE_A                 = 0x6E6 // 1766
+	SYS_____CSNAMETYPE_A                = 0x6E7 // 1767
+	SYS___CHMOD_A                       = 0x6E8 // 1768
+	SYS___MKDIR_A                       = 0x6E9 // 1769
+	SYS___STAT_A                        = 0x6EA // 1770
+	SYS___STAT_O_A                      = 0x6EB // 1771
+	SYS___MKFIFO_A                      = 0x6EC // 1772
+	SYS_____OPEN_STAT_A                 = 0x6ED // 1773
+	SYS___LSTAT_A                       = 0x6EE // 1774
+	SYS___LSTAT_O_A                     = 0x6EF // 1775
+	SYS___MKNOD_A                       = 0x6F0 // 1776
+	SYS___MOUNT_A                       = 0x6F1 // 1777
+	SYS___UMOUNT_A                      = 0x6F2 // 1778
+	SYS___CHAUDIT_A                     = 0x6F4 // 1780
+	SYS___W_GETMNTENT_A                 = 0x6F5 // 1781
+	SYS___CREAT_A                       = 0x6F6 // 1782
+	SYS___OPEN_A                        = 0x6F7 // 1783
+	SYS___SETLOCALE_A                   = 0x6F9 // 1785
+	SYS___FPRINTF_A                     = 0x6FA // 1786
+	SYS___SPRINTF_A                     = 0x6FB // 1787
+	SYS___VFPRINTF_A                    = 0x6FC // 1788
+	SYS___VPRINTF_A                     = 0x6FD // 1789
+	SYS___VSPRINTF_A                    = 0x6FE // 1790
+	SYS___VSWPRINTF_A                   = 0x6FF // 1791
+	SYS___SWPRINTF_A                    = 0x700 // 1792
+	SYS___FSCANF_A                      = 0x701 // 1793
+	SYS___SCANF_A                       = 0x702 // 1794
+	SYS___SSCANF_A                      = 0x703 // 1795
+	SYS___SWSCANF_A                     = 0x704 // 1796
+	SYS___ATOF_A                        = 0x705 // 1797
+	SYS___ATOI_A                        = 0x706 // 1798
+	SYS___ATOL_A                        = 0x707 // 1799
+	SYS___STRTOD_A                      = 0x708 // 1800
+	SYS___STRTOL_A                      = 0x709 // 1801
+	SYS___STRTOUL_A                     = 0x70A // 1802
+	SYS_____AE_CORRESTBL_QUERY_A        = 0x70B // 1803
+	SYS___A64L_A                        = 0x70C // 1804
+	SYS___ECVT_A                        = 0x70D // 1805
+	SYS___FCVT_A                        = 0x70E // 1806
+	SYS___GCVT_A                        = 0x70F // 1807
+	SYS___L64A_A                        = 0x710 // 1808
+	SYS___STRERROR_A                    = 0x711 // 1809
+	SYS___PERROR_A                      = 0x712 // 1810
+	SYS___FETCH_A                       = 0x713 // 1811
+	SYS___GETENV_A                      = 0x714 // 1812
+	SYS___MKSTEMP_A                     = 0x717 // 1815
+	SYS___PTSNAME_A                     = 0x718 // 1816
+	SYS___PUTENV_A                      = 0x719 // 1817
+	SYS___REALPATH_A                    = 0x71A // 1818
+	SYS___SETENV_A                      = 0x71B // 1819
+	SYS___SYSTEM_A                      = 0x71C // 1820
+	SYS___GETOPT_A                      = 0x71D // 1821
+	SYS___CATOPEN_A                     = 0x71E // 1822
+	SYS___ACCESS_A                      = 0x71F // 1823
+	SYS___CHDIR_A                       = 0x720 // 1824
+	SYS___CHOWN_A                       = 0x721 // 1825
+	SYS___CHROOT_A                      = 0x722 // 1826
+	SYS___GETCWD_A                      = 0x723 // 1827
+	SYS___GETWD_A                       = 0x724 // 1828
+	SYS___LCHOWN_A                      = 0x725 // 1829
+	SYS___LINK_A                        = 0x726 // 1830
+	SYS___PATHCONF_A                    = 0x727 // 1831
+	SYS___IF_NAMEINDEX_A                = 0x728 // 1832
+	SYS___READLINK_A                    = 0x729 // 1833
+	SYS___RMDIR_A                       = 0x72A // 1834
+	SYS___STATVFS_A                     = 0x72B // 1835
+	SYS___SYMLINK_A                     = 0x72C // 1836
+	SYS___TRUNCATE_A                    = 0x72D // 1837
+	SYS___UNLINK_A                      = 0x72E // 1838
+	SYS___GAI_STRERROR_A                = 0x72F // 1839
+	SYS___EXTLINK_NP_A                  = 0x730 // 1840
+	SYS___ISALNUM_A                     = 0x731 // 1841
+	SYS___ISALPHA_A                     = 0x732 // 1842
+	SYS___A2E_S                         = 0x733 // 1843
+	SYS___ISCNTRL_A                     = 0x734 // 1844
+	SYS___ISDIGIT_A                     = 0x735 // 1845
+	SYS___ISGRAPH_A                     = 0x736 // 1846
+	SYS___ISLOWER_A                     = 0x737 // 1847
+	SYS___ISPRINT_A                     = 0x738 // 1848
+	SYS___ISPUNCT_A                     = 0x739 // 1849
+	SYS___ISSPACE_A                     = 0x73A // 1850
+	SYS___ISUPPER_A                     = 0x73B // 1851
+	SYS___ISXDIGIT_A                    = 0x73C // 1852
+	SYS___TOLOWER_A                     = 0x73D // 1853
+	SYS___TOUPPER_A                     = 0x73E // 1854
+	SYS___ISWALNUM_A                    = 0x73F // 1855
+	SYS___ISWALPHA_A                    = 0x740 // 1856
+	SYS___A2E_L                         = 0x741 // 1857
+	SYS___ISWCNTRL_A                    = 0x742 // 1858
+	SYS___ISWDIGIT_A                    = 0x743 // 1859
+	SYS___ISWGRAPH_A                    = 0x744 // 1860
+	SYS___ISWLOWER_A                    = 0x745 // 1861
+	SYS___ISWPRINT_A                    = 0x746 // 1862
+	SYS___ISWPUNCT_A                    = 0x747 // 1863
+	SYS___ISWSPACE_A                    = 0x748 // 1864
+	SYS___ISWUPPER_A                    = 0x749 // 1865
+	SYS___ISWXDIGIT_A                   = 0x74A // 1866
+	SYS___CONFSTR_A                     = 0x74B // 1867
+	SYS___FTOK_A                        = 0x74C // 1868
+	SYS___MKTEMP_A                      = 0x74D // 1869
+	SYS___FDOPEN_A                      = 0x74E // 1870
+	SYS___FLDATA_A                      = 0x74F // 1871
+	SYS___REMOVE_A                      = 0x750 // 1872
+	SYS___RENAME_A                      = 0x751 // 1873
+	SYS___TMPNAM_A                      = 0x752 // 1874
+	SYS___FOPEN_A                       = 0x753 // 1875
+	SYS___FREOPEN_A                     = 0x754 // 1876
+	SYS___CUSERID_A                     = 0x755 // 1877
+	SYS___POPEN_A                       = 0x756 // 1878
+	SYS___TEMPNAM_A                     = 0x757 // 1879
+	SYS___FTW_A                         = 0x758 // 1880
+	SYS___GETGRENT_A                    = 0x759 // 1881
+	SYS___GETGRGID_A                    = 0x75A // 1882
+	SYS___GETGRNAM_A                    = 0x75B // 1883
+	SYS___GETGROUPSBYNAME_A             = 0x75C // 1884
+	SYS___GETHOSTENT_A                  = 0x75D // 1885
+	SYS___GETHOSTNAME_A                 = 0x75E // 1886
+	SYS___GETLOGIN_A                    = 0x75F // 1887
+	SYS___INET_NTOP_A                   = 0x760 // 1888
+	SYS___GETPASS_A                     = 0x761 // 1889
+	SYS___GETPWENT_A                    = 0x762 // 1890
+	SYS___GETPWNAM_A                    = 0x763 // 1891
+	SYS___GETPWUID_A                    = 0x764 // 1892
+	SYS_____CHECK_RESOURCE_AUTH_NP_A    = 0x765 // 1893
+	SYS___CHECKSCHENV_A                 = 0x766 // 1894
+	SYS___CONNECTSERVER_A               = 0x767 // 1895
+	SYS___CONNECTWORKMGR_A              = 0x768 // 1896
+	SYS_____CONSOLE_A                   = 0x769 // 1897
+	SYS___CREATEWORKUNIT_A              = 0x76A // 1898
+	SYS___CTERMID_A                     = 0x76B // 1899
+	SYS___FMTMSG_A                      = 0x76C // 1900
+	SYS___INITGROUPS_A                  = 0x76D // 1901
+	SYS_____LOGIN_A                     = 0x76E // 1902
+	SYS___MSGRCV_A                      = 0x76F // 1903
+	SYS___MSGSND_A                      = 0x770 // 1904
+	SYS___MSGXRCV_A                     = 0x771 // 1905
+	SYS___NFTW_A                        = 0x772 // 1906
+	SYS_____PASSWD_A                    = 0x773 // 1907
+	SYS___PTHREAD_SECURITY_NP_A         = 0x774 // 1908
+	SYS___QUERYMETRICS_A                = 0x775 // 1909
+	SYS___QUERYSCHENV                   = 0x776 // 1910
+	SYS___READV_A                       = 0x777 // 1911
+	SYS_____SERVER_CLASSIFY_A           = 0x778 // 1912
+	SYS_____SERVER_INIT_A               = 0x779 // 1913
+	SYS_____SERVER_PWU_A                = 0x77A // 1914
+	SYS___STRCASECMP_A                  = 0x77B // 1915
+	SYS___STRNCASECMP_A                 = 0x77C // 1916
+	SYS___TTYNAME_A                     = 0x77D // 1917
+	SYS___UNAME_A                       = 0x77E // 1918
+	SYS___UTIMES_A                      = 0x77F // 1919
+	SYS___W_GETPSENT_A                  = 0x780 // 1920
+	SYS___WRITEV_A                      = 0x781 // 1921
+	SYS___W_STATFS_A                    = 0x782 // 1922
+	SYS___W_STATVFS_A                   = 0x783 // 1923
+	SYS___FPUTC_A                       = 0x784 // 1924
+	SYS___PUTCHAR_A                     = 0x785 // 1925
+	SYS___PUTS_A                        = 0x786 // 1926
+	SYS___FGETS_A                       = 0x787 // 1927
+	SYS___GETS_A                        = 0x788 // 1928
+	SYS___FPUTS_A                       = 0x789 // 1929
+	SYS___FREAD_A                       = 0x78A // 1930
+	SYS___FWRITE_A                      = 0x78B // 1931
+	SYS___OPEN_O_A                      = 0x78C // 1932
+	SYS___ISASCII                       = 0x78D // 1933
+	SYS___CREAT_O_A                     = 0x78E // 1934
+	SYS___ENVNA                         = 0x78F // 1935
+	SYS___PUTC_A                        = 0x790 // 1936
+	SYS___AE_THREAD_SETMODE             = 0x791 // 1937
+	SYS___AE_THREAD_SWAPMODE            = 0x792 // 1938
+	SYS___GETNETBYADDR_A                = 0x793 // 1939
+	SYS___GETNETBYNAME_A                = 0x794 // 1940
+	SYS___GETNETENT_A                   = 0x795 // 1941
+	SYS___GETPROTOBYNAME_A              = 0x796 // 1942
+	SYS___GETPROTOBYNUMBER_A            = 0x797 // 1943
+	SYS___GETPROTOENT_A                 = 0x798 // 1944
+	SYS___GETSERVBYNAME_A               = 0x799 // 1945
+	SYS___GETSERVBYPORT_A               = 0x79A // 1946
+	SYS___GETSERVENT_A                  = 0x79B // 1947
+	SYS___ASCTIME_A                     = 0x79C // 1948
+	SYS___CTIME_A                       = 0x79D // 1949
+	SYS___GETDATE_A                     = 0x79E // 1950
+	SYS___TZSET_A                       = 0x79F // 1951
+	SYS___UTIME_A                       = 0x7A0 // 1952
+	SYS___ASCTIME_R_A                   = 0x7A1 // 1953
+	SYS___CTIME_R_A                     = 0x7A2 // 1954
+	SYS___STRTOLL_A                     = 0x7A3 // 1955
+	SYS___STRTOULL_A                    = 0x7A4 // 1956
+	SYS___FPUTWC_A                      = 0x7A5 // 1957
+	SYS___PUTWC_A                       = 0x7A6 // 1958
+	SYS___PUTWCHAR_A                    = 0x7A7 // 1959
+	SYS___FPUTWS_A                      = 0x7A8 // 1960
+	SYS___UNGETWC_A                     = 0x7A9 // 1961
+	SYS___FGETWC_A                      = 0x7AA // 1962
+	SYS___GETWC_A                       = 0x7AB // 1963
+	SYS___GETWCHAR_A                    = 0x7AC // 1964
+	SYS___FGETWS_A                      = 0x7AD // 1965
+	SYS___GETTIMEOFDAY_A                = 0x7AE // 1966
+	SYS___GMTIME_A                      = 0x7AF // 1967
+	SYS___GMTIME_R_A                    = 0x7B0 // 1968
+	SYS___LOCALTIME_A                   = 0x7B1 // 1969
+	SYS___LOCALTIME_R_A                 = 0x7B2 // 1970
+	SYS___MKTIME_A                      = 0x7B3 // 1971
+	SYS___TZZNA                         = 0x7B4 // 1972
+	SYS_UNATEXIT                        = 0x7B5 // 1973
+	SYS___CEE3DMP_A                     = 0x7B6 // 1974
+	SYS___CDUMP_A                       = 0x7B7 // 1975
+	SYS___CSNAP_A                       = 0x7B8 // 1976
+	SYS___CTEST_A                       = 0x7B9 // 1977
+	SYS___CTRACE_A                      = 0x7BA // 1978
+	SYS___VSWPRNTF2_A                   = 0x7BB // 1979
+	SYS___INET_PTON_A                   = 0x7BC // 1980
+	SYS___SYSLOG_A                      = 0x7BD // 1981
+	SYS___CRYPT_A                       = 0x7BE // 1982
+	SYS_____OPENDIR2_A                  = 0x7BF // 1983
+	SYS_____READDIR2_A                  = 0x7C0 // 1984
+	SYS___OPENDIR_A                     = 0x7C2 // 1986
+	SYS___READDIR_A                     = 0x7C3 // 1987
+	SYS_PREAD                           = 0x7C7 // 1991
+	SYS_PWRITE                          = 0x7C8 // 1992
+	SYS_M_CREATE_LAYOUT                 = 0x7C9 // 1993
+	SYS_M_DESTROY_LAYOUT                = 0x7CA // 1994
+	SYS_M_GETVALUES_LAYOUT              = 0x7CB // 1995
+	SYS_M_SETVALUES_LAYOUT              = 0x7CC // 1996
+	SYS_M_TRANSFORM_LAYOUT              = 0x7CD // 1997
+	SYS_M_WTRANSFORM_LAYOUT             = 0x7CE // 1998
+	SYS_FWPRINTF                        = 0x7D1 // 2001
+	SYS_WPRINTF                         = 0x7D2 // 2002
+	SYS_VFWPRINT                        = 0x7D3 // 2003
+	SYS_VFWPRINTF                       = 0x7D3 // 2003
+	SYS_VWPRINTF                        = 0x7D4 // 2004
+	SYS_FWSCANF                         = 0x7D5 // 2005
+	SYS_WSCANF                          = 0x7D6 // 2006
+	SYS_WCTRANS                         = 0x7D7 // 2007
+	SYS_TOWCTRAN                        = 0x7D8 // 2008
+	SYS_TOWCTRANS                       = 0x7D8 // 2008
+	SYS___WCSTOD_A                      = 0x7D9 // 2009
+	SYS___WCSTOL_A                      = 0x7DA // 2010
+	SYS___WCSTOUL_A                     = 0x7DB // 2011
+	SYS___BASENAME_A                    = 0x7DC // 2012
+	SYS___DIRNAME_A                     = 0x7DD // 2013
+	SYS___GLOB_A                        = 0x7DE // 2014
+	SYS_FWIDE                           = 0x7DF // 2015
+	SYS___OSNAME                        = 0x7E0 // 2016
+	SYS_____OSNAME_A                    = 0x7E1 // 2017
+	SYS___BTOWC_A                       = 0x7E4 // 2020
+	SYS___WCTOB_A                       = 0x7E5 // 2021
+	SYS___DBM_OPEN_A                    = 0x7E6 // 2022
+	SYS___VFPRINTF2_A                   = 0x7E7 // 2023
+	SYS___VPRINTF2_A                    = 0x7E8 // 2024
+	SYS___VSPRINTF2_A                   = 0x7E9 // 2025
+	SYS___CEIL_H                        = 0x7EA // 2026
+	SYS___FLOOR_H                       = 0x7EB // 2027
+	SYS___MODF_H                        = 0x7EC // 2028
+	SYS___FABS_H                        = 0x7ED // 2029
+	SYS___J0_H                          = 0x7EE // 2030
+	SYS___J1_H                          = 0x7EF // 2031
+	SYS___JN_H                          = 0x7F0 // 2032
+	SYS___Y0_H                          = 0x7F1 // 2033
+	SYS___Y1_H                          = 0x7F2 // 2034
+	SYS___YN_H                          = 0x7F3 // 2035
+	SYS___CEILF_H                       = 0x7F4 // 2036
+	SYS___CEILL_H                       = 0x7F5 // 2037
+	SYS___FLOORF_H                      = 0x7F6 // 2038
+	SYS___FLOORL_H                      = 0x7F7 // 2039
+	SYS___MODFF_H                       = 0x7F8 // 2040
+	SYS___MODFL_H                       = 0x7F9 // 2041
+	SYS___FABSF_H                       = 0x7FA // 2042
+	SYS___FABSL_H                       = 0x7FB // 2043
+	SYS___MALLOC24                      = 0x7FC // 2044
+	SYS___MALLOC31                      = 0x7FD // 2045
+	SYS_ACL_INIT                        = 0x7FE // 2046
+	SYS_ACL_FREE                        = 0x7FF // 2047
+	SYS_ACL_FIRST_ENTRY                 = 0x800 // 2048
+	SYS_ACL_GET_ENTRY                   = 0x801 // 2049
+	SYS_ACL_VALID                       = 0x802 // 2050
+	SYS_ACL_CREATE_ENTRY                = 0x803 // 2051
+	SYS_ACL_DELETE_ENTRY                = 0x804 // 2052
+	SYS_ACL_UPDATE_ENTRY                = 0x805 // 2053
+	SYS_ACL_DELETE_FD                   = 0x806 // 2054
+	SYS_ACL_DELETE_FILE                 = 0x807 // 2055
+	SYS_ACL_GET_FD                      = 0x808 // 2056
+	SYS_ACL_GET_FILE                    = 0x809 // 2057
+	SYS_ACL_SET_FD                      = 0x80A // 2058
+	SYS_ACL_SET_FILE                    = 0x80B // 2059
+	SYS_ACL_FROM_TEXT                   = 0x80C // 2060
+	SYS_ACL_TO_TEXT                     = 0x80D // 2061
+	SYS_ACL_SORT                        = 0x80E // 2062
+	SYS___SHUTDOWN_REGISTRATION         = 0x80F // 2063
+	SYS___ERFL_B                        = 0x810 // 2064
+	SYS___ERFCL_B                       = 0x811 // 2065
+	SYS___LGAMMAL_B                     = 0x812 // 2066
+	SYS___SETHOOKEVENTS                 = 0x813 // 2067
+	SYS_IF_NAMETOINDEX                  = 0x814 // 2068
+	SYS_IF_INDEXTONAME                  = 0x815 // 2069
+	SYS_IF_NAMEINDEX                    = 0x816 // 2070
+	SYS_IF_FREENAMEINDEX                = 0x817 // 2071
+	SYS_GETADDRINFO                     = 0x818 // 2072
+	SYS_GETNAMEINFO                     = 0x819 // 2073
+	SYS_FREEADDRINFO                    = 0x81A // 2074
+	SYS_GAI_STRERROR                    = 0x81B // 2075
+	SYS_REXEC_AF                        = 0x81C // 2076
+	SYS___POE                           = 0x81D // 2077
+	SYS___DYNALLOC_A                    = 0x81F // 2079
+	SYS___DYNFREE_A                     = 0x820 // 2080
+	SYS___RES_QUERY_A                   = 0x821 // 2081
+	SYS___RES_SEARCH_A                  = 0x822 // 2082
+	SYS___RES_QUERYDOMAIN_A             = 0x823 // 2083
+	SYS___RES_MKQUERY_A                 = 0x824 // 2084
+	SYS___RES_SEND_A                    = 0x825 // 2085
+	SYS___DN_EXPAND_A                   = 0x826 // 2086
+	SYS___DN_SKIPNAME_A                 = 0x827 // 2087
+	SYS___DN_COMP_A                     = 0x828 // 2088
+	SYS___DN_FIND_A                     = 0x829 // 2089
+	SYS___NLIST_A                       = 0x82A // 2090
+	SYS_____TCGETCP_A                   = 0x82B // 2091
+	SYS_____TCSETCP_A                   = 0x82C // 2092
+	SYS_____W_PIOCTL_A                  = 0x82E // 2094
+	SYS___INET_ADDR_A                   = 0x82F // 2095
+	SYS___INET_NTOA_A                   = 0x830 // 2096
+	SYS___INET_NETWORK_A                = 0x831 // 2097
+	SYS___ACCEPT_A                      = 0x832 // 2098
+	SYS___ACCEPT_AND_RECV_A             = 0x833 // 2099
+	SYS___BIND_A                        = 0x834 // 2100
+	SYS___CONNECT_A                     = 0x835 // 2101
+	SYS___GETPEERNAME_A                 = 0x836 // 2102
+	SYS___GETSOCKNAME_A                 = 0x837 // 2103
+	SYS___RECVFROM_A                    = 0x838 // 2104
+	SYS___SENDTO_A                      = 0x839 // 2105
+	SYS___SENDMSG_A                     = 0x83A // 2106
+	SYS___RECVMSG_A                     = 0x83B // 2107
+	SYS_____LCHATTR_A                   = 0x83C // 2108
+	SYS___CABEND                        = 0x83D // 2109
+	SYS___LE_CIB_GET                    = 0x83E // 2110
+	SYS___SET_LAA_FOR_JIT               = 0x83F // 2111
+	SYS___LCHATTR                       = 0x840 // 2112
+	SYS___WRITEDOWN                     = 0x841 // 2113
+	SYS_PTHREAD_MUTEX_INIT2             = 0x842 // 2114
+	SYS___ACOSHF_B                      = 0x843 // 2115
+	SYS___ACOSHL_B                      = 0x844 // 2116
+	SYS___ASINHF_B                      = 0x845 // 2117
+	SYS___ASINHL_B                      = 0x846 // 2118
+	SYS___ATANHF_B                      = 0x847 // 2119
+	SYS___ATANHL_B                      = 0x848 // 2120
+	SYS___CBRTF_B                       = 0x849 // 2121
+	SYS___CBRTL_B                       = 0x84A // 2122
+	SYS___COPYSIGNF_B                   = 0x84B // 2123
+	SYS___COPYSIGNL_B                   = 0x84C // 2124
+	SYS___COTANF_B                      = 0x84D // 2125
+	SYS___COTAN_B                       = 0x84E // 2126
+	SYS___COTANL_B                      = 0x84F // 2127
+	SYS___EXP2F_B                       = 0x850 // 2128
+	SYS___EXP2L_B                       = 0x851 // 2129
+	SYS___EXPM1F_B                      = 0x852 // 2130
+	SYS___EXPM1L_B                      = 0x853 // 2131
+	SYS___FDIMF_B                       = 0x854 // 2132
+	SYS___FDIM_B                        = 0x855 // 2133
+	SYS___FDIML_B                       = 0x856 // 2134
+	SYS___HYPOTF_B                      = 0x857 // 2135
+	SYS___HYPOTL_B                      = 0x858 // 2136
+	SYS___LOG1PF_B                      = 0x859 // 2137
+	SYS___LOG1PL_B                      = 0x85A // 2138
+	SYS___LOG2F_B                       = 0x85B // 2139
+	SYS___LOG2_B                        = 0x85C // 2140
+	SYS___LOG2L_B                       = 0x85D // 2141
+	SYS___REMAINDERF_B                  = 0x85E // 2142
+	SYS___REMAINDERL_B                  = 0x85F // 2143
+	SYS___REMQUOF_B                     = 0x860 // 2144
+	SYS___REMQUO_B                      = 0x861 // 2145
+	SYS___REMQUOL_B                     = 0x862 // 2146
+	SYS___TGAMMAF_B                     = 0x863 // 2147
+	SYS___TGAMMA_B                      = 0x864 // 2148
+	SYS___TGAMMAL_B                     = 0x865 // 2149
+	SYS___TRUNCF_B                      = 0x866 // 2150
+	SYS___TRUNC_B                       = 0x867 // 2151
+	SYS___TRUNCL_B                      = 0x868 // 2152
+	SYS___LGAMMAF_B                     = 0x869 // 2153
+	SYS___LROUNDF_B                     = 0x86A // 2154
+	SYS___LROUND_B                      = 0x86B // 2155
+	SYS___ERFF_B                        = 0x86C // 2156
+	SYS___ERFCF_B                       = 0x86D // 2157
+	SYS_ACOSHF                          = 0x86E // 2158
+	SYS_ACOSHL                          = 0x86F // 2159
+	SYS_ASINHF                          = 0x870 // 2160
+	SYS_ASINHL                          = 0x871 // 2161
+	SYS_ATANHF                          = 0x872 // 2162
+	SYS_ATANHL                          = 0x873 // 2163
+	SYS_CBRTF                           = 0x874 // 2164
+	SYS_CBRTL                           = 0x875 // 2165
+	SYS_COPYSIGNF                       = 0x876 // 2166
+	SYS_CPYSIGNF                        = 0x876 // 2166
+	SYS_COPYSIGNL                       = 0x877 // 2167
+	SYS_CPYSIGNL                        = 0x877 // 2167
+	SYS_COTANF                          = 0x878 // 2168
+	SYS___COTANF                        = 0x878 // 2168
+	SYS_COTAN                           = 0x879 // 2169
+	SYS___COTAN                         = 0x879 // 2169
+	SYS_COTANL                          = 0x87A // 2170
+	SYS___COTANL                        = 0x87A // 2170
+	SYS_EXP2F                           = 0x87B // 2171
+	SYS_EXP2L                           = 0x87C // 2172
+	SYS_EXPM1F                          = 0x87D // 2173
+	SYS_EXPM1L                          = 0x87E // 2174
+	SYS_FDIMF                           = 0x87F // 2175
+	SYS_FDIM                            = 0x881 // 2177
+	SYS_FDIML                           = 0x882 // 2178
+	SYS_HYPOTF                          = 0x883 // 2179
+	SYS_HYPOTL                          = 0x884 // 2180
+	SYS_LOG1PF                          = 0x885 // 2181
+	SYS_LOG1PL                          = 0x886 // 2182
+	SYS_LOG2F                           = 0x887 // 2183
+	SYS_LOG2                            = 0x888 // 2184
+	SYS_LOG2L                           = 0x889 // 2185
+	SYS_REMAINDERF                      = 0x88A // 2186
+	SYS_REMAINDF                        = 0x88A // 2186
+	SYS_REMAINDERL                      = 0x88B // 2187
+	SYS_REMAINDL                        = 0x88B // 2187
+	SYS_REMQUOF                         = 0x88C // 2188
+	SYS_REMQUO                          = 0x88D // 2189
+	SYS_REMQUOL                         = 0x88E // 2190
+	SYS_TGAMMAF                         = 0x88F // 2191
+	SYS_TGAMMA                          = 0x890 // 2192
+	SYS_TGAMMAL                         = 0x891 // 2193
+	SYS_TRUNCF                          = 0x892 // 2194
+	SYS_TRUNC                           = 0x893 // 2195
+	SYS_TRUNCL                          = 0x894 // 2196
+	SYS_LGAMMAF                         = 0x895 // 2197
+	SYS_LGAMMAL                         = 0x896 // 2198
+	SYS_LROUNDF                         = 0x897 // 2199
+	SYS_LROUND                          = 0x898 // 2200
+	SYS_ERFF                            = 0x899 // 2201
+	SYS_ERFL                            = 0x89A // 2202
+	SYS_ERFCF                           = 0x89B // 2203
+	SYS_ERFCL                           = 0x89C // 2204
+	SYS___EXP2_B                        = 0x89D // 2205
+	SYS_EXP2                            = 0x89E // 2206
+	SYS___FAR_JUMP                      = 0x89F // 2207
+	SYS___TCGETATTR_A                   = 0x8A1 // 2209
+	SYS___TCSETATTR_A                   = 0x8A2 // 2210
+	SYS___SUPERKILL                     = 0x8A4 // 2212
+	SYS___LE_CONDITION_TOKEN_BUILD      = 0x8A5 // 2213
+	SYS___LE_MSG_ADD_INSERT             = 0x8A6 // 2214
+	SYS___LE_MSG_GET                    = 0x8A7 // 2215
+	SYS___LE_MSG_GET_AND_WRITE          = 0x8A8 // 2216
+	SYS___LE_MSG_WRITE                  = 0x8A9 // 2217
+	SYS___ITOA                          = 0x8AA // 2218
+	SYS___UTOA                          = 0x8AB // 2219
+	SYS___LTOA                          = 0x8AC // 2220
+	SYS___ULTOA                         = 0x8AD // 2221
+	SYS___LLTOA                         = 0x8AE // 2222
+	SYS___ULLTOA                        = 0x8AF // 2223
+	SYS___ITOA_A                        = 0x8B0 // 2224
+	SYS___UTOA_A                        = 0x8B1 // 2225
+	SYS___LTOA_A                        = 0x8B2 // 2226
+	SYS___ULTOA_A                       = 0x8B3 // 2227
+	SYS___LLTOA_A                       = 0x8B4 // 2228
+	SYS___ULLTOA_A                      = 0x8B5 // 2229
+	SYS_____GETENV_A                    = 0x8C3 // 2243
+	SYS___REXEC_A                       = 0x8C4 // 2244
+	SYS___REXEC_AF_A                    = 0x8C5 // 2245
+	SYS___GETUTXENT_A                   = 0x8C6 // 2246
+	SYS___GETUTXID_A                    = 0x8C7 // 2247
+	SYS___GETUTXLINE_A                  = 0x8C8 // 2248
+	SYS___PUTUTXLINE_A                  = 0x8C9 // 2249
+	SYS_____UTMPXNAME_A                 = 0x8CA // 2250
+	SYS___PUTC_UNLOCKED_A               = 0x8CB // 2251
+	SYS___PUTCHAR_UNLOCKED_A            = 0x8CC // 2252
+	SYS___SNPRINTF_A                    = 0x8CD // 2253
+	SYS___VSNPRINTF_A                   = 0x8CE // 2254
+	SYS___DLOPEN_A                      = 0x8D0 // 2256
+	SYS___DLSYM_A                       = 0x8D1 // 2257
+	SYS___DLERROR_A                     = 0x8D2 // 2258
+	SYS_FLOCKFILE                       = 0x8D3 // 2259
+	SYS_FTRYLOCKFILE                    = 0x8D4 // 2260
+	SYS_FUNLOCKFILE                     = 0x8D5 // 2261
+	SYS_GETC_UNLOCKED                   = 0x8D6 // 2262
+	SYS_GETCHAR_UNLOCKED                = 0x8D7 // 2263
+	SYS_PUTC_UNLOCKED                   = 0x8D8 // 2264
+	SYS_PUTCHAR_UNLOCKED                = 0x8D9 // 2265
+	SYS_SNPRINTF                        = 0x8DA // 2266
+	SYS_VSNPRINTF                       = 0x8DB // 2267
+	SYS_DLOPEN                          = 0x8DD // 2269
+	SYS_DLSYM                           = 0x8DE // 2270
+	SYS_DLCLOSE                         = 0x8DF // 2271
+	SYS_DLERROR                         = 0x8E0 // 2272
+	SYS___SET_EXCEPTION_HANDLER         = 0x8E2 // 2274
+	SYS___RESET_EXCEPTION_HANDLER       = 0x8E3 // 2275
+	SYS___VHM_EVENT                     = 0x8E4 // 2276
+	SYS___ABS_H                         = 0x8E6 // 2278
+	SYS___ABSF_H                        = 0x8E7 // 2279
+	SYS___ABSL_H                        = 0x8E8 // 2280
+	SYS___ACOS_H                        = 0x8E9 // 2281
+	SYS___ACOSF_H                       = 0x8EA // 2282
+	SYS___ACOSL_H                       = 0x8EB // 2283
+	SYS___ACOSH_H                       = 0x8EC // 2284
+	SYS___ASIN_H                        = 0x8ED // 2285
+	SYS___ASINF_H                       = 0x8EE // 2286
+	SYS___ASINL_H                       = 0x8EF // 2287
+	SYS___ASINH_H                       = 0x8F0 // 2288
+	SYS___ATAN_H                        = 0x8F1 // 2289
+	SYS___ATANF_H                       = 0x8F2 // 2290
+	SYS___ATANL_H                       = 0x8F3 // 2291
+	SYS___ATANH_H                       = 0x8F4 // 2292
+	SYS___ATANHF_H                      = 0x8F5 // 2293
+	SYS___ATANHL_H                      = 0x8F6 // 2294
+	SYS___ATAN2_H                       = 0x8F7 // 2295
+	SYS___ATAN2F_H                      = 0x8F8 // 2296
+	SYS___ATAN2L_H                      = 0x8F9 // 2297
+	SYS___CBRT_H                        = 0x8FA // 2298
+	SYS___COPYSIGNF_H                   = 0x8FB // 2299
+	SYS___COPYSIGNL_H                   = 0x8FC // 2300
+	SYS___COS_H                         = 0x8FD // 2301
+	SYS___COSF_H                        = 0x8FE // 2302
+	SYS___COSL_H                        = 0x8FF // 2303
+	SYS___COSHF_H                       = 0x900 // 2304
+	SYS___COSHL_H                       = 0x901 // 2305
+	SYS___COTAN_H                       = 0x902 // 2306
+	SYS___COTANF_H                      = 0x903 // 2307
+	SYS___COTANL_H                      = 0x904 // 2308
+	SYS___ERF_H                         = 0x905 // 2309
+	SYS___ERFF_H                        = 0x906 // 2310
+	SYS___ERFL_H                        = 0x907 // 2311
+	SYS___ERFC_H                        = 0x908 // 2312
+	SYS___ERFCF_H                       = 0x909 // 2313
+	SYS___ERFCL_H                       = 0x90A // 2314
+	SYS___EXP_H                         = 0x90B // 2315
+	SYS___EXPF_H                        = 0x90C // 2316
+	SYS___EXPL_H                        = 0x90D // 2317
+	SYS___EXPM1_H                       = 0x90E // 2318
+	SYS___FDIM_H                        = 0x90F // 2319
+	SYS___FDIMF_H                       = 0x910 // 2320
+	SYS___FDIML_H                       = 0x911 // 2321
+	SYS___FMOD_H                        = 0x912 // 2322
+	SYS___FMODF_H                       = 0x913 // 2323
+	SYS___FMODL_H                       = 0x914 // 2324
+	SYS___GAMMA_H                       = 0x915 // 2325
+	SYS___HYPOT_H                       = 0x916 // 2326
+	SYS___ILOGB_H                       = 0x917 // 2327
+	SYS___LGAMMA_H                      = 0x918 // 2328
+	SYS___LGAMMAF_H                     = 0x919 // 2329
+	SYS___LOG_H                         = 0x91A // 2330
+	SYS___LOGF_H                        = 0x91B // 2331
+	SYS___LOGL_H                        = 0x91C // 2332
+	SYS___LOGB_H                        = 0x91D // 2333
+	SYS___LOG2_H                        = 0x91E // 2334
+	SYS___LOG2F_H                       = 0x91F // 2335
+	SYS___LOG2L_H                       = 0x920 // 2336
+	SYS___LOG1P_H                       = 0x921 // 2337
+	SYS___LOG10_H                       = 0x922 // 2338
+	SYS___LOG10F_H                      = 0x923 // 2339
+	SYS___LOG10L_H                      = 0x924 // 2340
+	SYS___LROUND_H                      = 0x925 // 2341
+	SYS___LROUNDF_H                     = 0x926 // 2342
+	SYS___NEXTAFTER_H                   = 0x927 // 2343
+	SYS___POW_H                         = 0x928 // 2344
+	SYS___POWF_H                        = 0x929 // 2345
+	SYS___POWL_H                        = 0x92A // 2346
+	SYS___REMAINDER_H                   = 0x92B // 2347
+	SYS___RINT_H                        = 0x92C // 2348
+	SYS___SCALB_H                       = 0x92D // 2349
+	SYS___SIN_H                         = 0x92E // 2350
+	SYS___SINF_H                        = 0x92F // 2351
+	SYS___SINL_H                        = 0x930 // 2352
+	SYS___SINH_H                        = 0x931 // 2353
+	SYS___SINHF_H                       = 0x932 // 2354
+	SYS___SINHL_H                       = 0x933 // 2355
+	SYS___SQRT_H                        = 0x934 // 2356
+	SYS___SQRTF_H                       = 0x935 // 2357
+	SYS___SQRTL_H                       = 0x936 // 2358
+	SYS___TAN_H                         = 0x937 // 2359
+	SYS___TANF_H                        = 0x938 // 2360
+	SYS___TANL_H                        = 0x939 // 2361
+	SYS___TANH_H                        = 0x93A // 2362
+	SYS___TANHF_H                       = 0x93B // 2363
+	SYS___TANHL_H                       = 0x93C // 2364
+	SYS___TGAMMA_H                      = 0x93D // 2365
+	SYS___TGAMMAF_H                     = 0x93E // 2366
+	SYS___TRUNC_H                       = 0x93F // 2367
+	SYS___TRUNCF_H                      = 0x940 // 2368
+	SYS___TRUNCL_H                      = 0x941 // 2369
+	SYS___COSH_H                        = 0x942 // 2370
+	SYS___LE_DEBUG_SET_RESUME_MCH       = 0x943 // 2371
+	SYS_VFSCANF                         = 0x944 // 2372
+	SYS_VSCANF                          = 0x946 // 2374
+	SYS_VSSCANF                         = 0x948 // 2376
+	SYS_VFWSCANF                        = 0x94A // 2378
+	SYS_VWSCANF                         = 0x94C // 2380
+	SYS_VSWSCANF                        = 0x94E // 2382
+	SYS_IMAXABS                         = 0x950 // 2384
+	SYS_IMAXDIV                         = 0x951 // 2385
+	SYS_STRTOIMAX                       = 0x952 // 2386
+	SYS_STRTOUMAX                       = 0x953 // 2387
+	SYS_WCSTOIMAX                       = 0x954 // 2388
+	SYS_WCSTOUMAX                       = 0x955 // 2389
+	SYS_ATOLL                           = 0x956 // 2390
+	SYS_STRTOF                          = 0x957 // 2391
+	SYS_STRTOLD                         = 0x958 // 2392
+	SYS_WCSTOF                          = 0x959 // 2393
+	SYS_WCSTOLD                         = 0x95A // 2394
+	SYS_INET6_RTH_SPACE                 = 0x95B // 2395
+	SYS_INET6_RTH_INIT                  = 0x95C // 2396
+	SYS_INET6_RTH_ADD                   = 0x95D // 2397
+	SYS_INET6_RTH_REVERSE               = 0x95E // 2398
+	SYS_INET6_RTH_SEGMENTS              = 0x95F // 2399
+	SYS_INET6_RTH_GETADDR               = 0x960 // 2400
+	SYS_INET6_OPT_INIT                  = 0x961 // 2401
+	SYS_INET6_OPT_APPEND                = 0x962 // 2402
+	SYS_INET6_OPT_FINISH                = 0x963 // 2403
+	SYS_INET6_OPT_SET_VAL               = 0x964 // 2404
+	SYS_INET6_OPT_NEXT                  = 0x965 // 2405
+	SYS_INET6_OPT_FIND                  = 0x966 // 2406
+	SYS_INET6_OPT_GET_VAL               = 0x967 // 2407
+	SYS___POW_I                         = 0x987 // 2439
+	SYS___POW_I_B                       = 0x988 // 2440
+	SYS___POW_I_H                       = 0x989 // 2441
+	SYS___POW_II                        = 0x98A // 2442
+	SYS___POW_II_B                      = 0x98B // 2443
+	SYS___POW_II_H                      = 0x98C // 2444
+	SYS_CABS                            = 0x98E // 2446
+	SYS___CABS_B                        = 0x98F // 2447
+	SYS___CABS_H                        = 0x990 // 2448
+	SYS_CABSF                           = 0x991 // 2449
+	SYS___CABSF_B                       = 0x992 // 2450
+	SYS___CABSF_H                       = 0x993 // 2451
+	SYS_CABSL                           = 0x994 // 2452
+	SYS___CABSL_B                       = 0x995 // 2453
+	SYS___CABSL_H                       = 0x996 // 2454
+	SYS_CACOS                           = 0x997 // 2455
+	SYS___CACOS_B                       = 0x998 // 2456
+	SYS___CACOS_H                       = 0x999 // 2457
+	SYS_CACOSF                          = 0x99A // 2458
+	SYS___CACOSF_B                      = 0x99B // 2459
+	SYS___CACOSF_H                      = 0x99C // 2460
+	SYS_CACOSL                          = 0x99D // 2461
+	SYS___CACOSL_B                      = 0x99E // 2462
+	SYS___CACOSL_H                      = 0x99F // 2463
+	SYS_CACOSH                          = 0x9A0 // 2464
+	SYS___CACOSH_B                      = 0x9A1 // 2465
+	SYS___CACOSH_H                      = 0x9A2 // 2466
+	SYS_CACOSHF                         = 0x9A3 // 2467
+	SYS___CACOSHF_B                     = 0x9A4 // 2468
+	SYS___CACOSHF_H                     = 0x9A5 // 2469
+	SYS_CACOSHL                         = 0x9A6 // 2470
+	SYS___CACOSHL_B                     = 0x9A7 // 2471
+	SYS___CACOSHL_H                     = 0x9A8 // 2472
+	SYS_CARG                            = 0x9A9 // 2473
+	SYS___CARG_B                        = 0x9AA // 2474
+	SYS___CARG_H                        = 0x9AB // 2475
+	SYS_CARGF                           = 0x9AC // 2476
+	SYS___CARGF_B                       = 0x9AD // 2477
+	SYS___CARGF_H                       = 0x9AE // 2478
+	SYS_CARGL                           = 0x9AF // 2479
+	SYS___CARGL_B                       = 0x9B0 // 2480
+	SYS___CARGL_H                       = 0x9B1 // 2481
+	SYS_CASIN                           = 0x9B2 // 2482
+	SYS___CASIN_B                       = 0x9B3 // 2483
+	SYS___CASIN_H                       = 0x9B4 // 2484
+	SYS_CASINF                          = 0x9B5 // 2485
+	SYS___CASINF_B                      = 0x9B6 // 2486
+	SYS___CASINF_H                      = 0x9B7 // 2487
+	SYS_CASINL                          = 0x9B8 // 2488
+	SYS___CASINL_B                      = 0x9B9 // 2489
+	SYS___CASINL_H                      = 0x9BA // 2490
+	SYS_CASINH                          = 0x9BB // 2491
+	SYS___CASINH_B                      = 0x9BC // 2492
+	SYS___CASINH_H                      = 0x9BD // 2493
+	SYS_CASINHF                         = 0x9BE // 2494
+	SYS___CASINHF_B                     = 0x9BF // 2495
+	SYS___CASINHF_H                     = 0x9C0 // 2496
+	SYS_CASINHL                         = 0x9C1 // 2497
+	SYS___CASINHL_B                     = 0x9C2 // 2498
+	SYS___CASINHL_H                     = 0x9C3 // 2499
+	SYS_CATAN                           = 0x9C4 // 2500
+	SYS___CATAN_B                       = 0x9C5 // 2501
+	SYS___CATAN_H                       = 0x9C6 // 2502
+	SYS_CATANF                          = 0x9C7 // 2503
+	SYS___CATANF_B                      = 0x9C8 // 2504
+	SYS___CATANF_H                      = 0x9C9 // 2505
+	SYS_CATANL                          = 0x9CA // 2506
+	SYS___CATANL_B                      = 0x9CB // 2507
+	SYS___CATANL_H                      = 0x9CC // 2508
+	SYS_CATANH                          = 0x9CD // 2509
+	SYS___CATANH_B                      = 0x9CE // 2510
+	SYS___CATANH_H                      = 0x9CF // 2511
+	SYS_CATANHF                         = 0x9D0 // 2512
+	SYS___CATANHF_B                     = 0x9D1 // 2513
+	SYS___CATANHF_H                     = 0x9D2 // 2514
+	SYS_CATANHL                         = 0x9D3 // 2515
+	SYS___CATANHL_B                     = 0x9D4 // 2516
+	SYS___CATANHL_H                     = 0x9D5 // 2517
+	SYS_CCOS                            = 0x9D6 // 2518
+	SYS___CCOS_B                        = 0x9D7 // 2519
+	SYS___CCOS_H                        = 0x9D8 // 2520
+	SYS_CCOSF                           = 0x9D9 // 2521
+	SYS___CCOSF_B                       = 0x9DA // 2522
+	SYS___CCOSF_H                       = 0x9DB // 2523
+	SYS_CCOSL                           = 0x9DC // 2524
+	SYS___CCOSL_B                       = 0x9DD // 2525
+	SYS___CCOSL_H                       = 0x9DE // 2526
+	SYS_CCOSH                           = 0x9DF // 2527
+	SYS___CCOSH_B                       = 0x9E0 // 2528
+	SYS___CCOSH_H                       = 0x9E1 // 2529
+	SYS_CCOSHF                          = 0x9E2 // 2530
+	SYS___CCOSHF_B                      = 0x9E3 // 2531
+	SYS___CCOSHF_H                      = 0x9E4 // 2532
+	SYS_CCOSHL                          = 0x9E5 // 2533
+	SYS___CCOSHL_B                      = 0x9E6 // 2534
+	SYS___CCOSHL_H                      = 0x9E7 // 2535
+	SYS_CEXP                            = 0x9E8 // 2536
+	SYS___CEXP_B                        = 0x9E9 // 2537
+	SYS___CEXP_H                        = 0x9EA // 2538
+	SYS_CEXPF                           = 0x9EB // 2539
+	SYS___CEXPF_B                       = 0x9EC // 2540
+	SYS___CEXPF_H                       = 0x9ED // 2541
+	SYS_CEXPL                           = 0x9EE // 2542
+	SYS___CEXPL_B                       = 0x9EF // 2543
+	SYS___CEXPL_H                       = 0x9F0 // 2544
+	SYS_CIMAG                           = 0x9F1 // 2545
+	SYS___CIMAG_B                       = 0x9F2 // 2546
+	SYS___CIMAG_H                       = 0x9F3 // 2547
+	SYS_CIMAGF                          = 0x9F4 // 2548
+	SYS___CIMAGF_B                      = 0x9F5 // 2549
+	SYS___CIMAGF_H                      = 0x9F6 // 2550
+	SYS_CIMAGL                          = 0x9F7 // 2551
+	SYS___CIMAGL_B                      = 0x9F8 // 2552
+	SYS___CIMAGL_H                      = 0x9F9 // 2553
+	SYS___CLOG                          = 0x9FA // 2554
+	SYS___CLOG_B                        = 0x9FB // 2555
+	SYS___CLOG_H                        = 0x9FC // 2556
+	SYS_CLOGF                           = 0x9FD // 2557
+	SYS___CLOGF_B                       = 0x9FE // 2558
+	SYS___CLOGF_H                       = 0x9FF // 2559
+	SYS_CLOGL                           = 0xA00 // 2560
+	SYS___CLOGL_B                       = 0xA01 // 2561
+	SYS___CLOGL_H                       = 0xA02 // 2562
+	SYS_CONJ                            = 0xA03 // 2563
+	SYS___CONJ_B                        = 0xA04 // 2564
+	SYS___CONJ_H                        = 0xA05 // 2565
+	SYS_CONJF                           = 0xA06 // 2566
+	SYS___CONJF_B                       = 0xA07 // 2567
+	SYS___CONJF_H                       = 0xA08 // 2568
+	SYS_CONJL                           = 0xA09 // 2569
+	SYS___CONJL_B                       = 0xA0A // 2570
+	SYS___CONJL_H                       = 0xA0B // 2571
+	SYS_CPOW                            = 0xA0C // 2572
+	SYS___CPOW_B                        = 0xA0D // 2573
+	SYS___CPOW_H                        = 0xA0E // 2574
+	SYS_CPOWF                           = 0xA0F // 2575
+	SYS___CPOWF_B                       = 0xA10 // 2576
+	SYS___CPOWF_H                       = 0xA11 // 2577
+	SYS_CPOWL                           = 0xA12 // 2578
+	SYS___CPOWL_B                       = 0xA13 // 2579
+	SYS___CPOWL_H                       = 0xA14 // 2580
+	SYS_CPROJ                           = 0xA15 // 2581
+	SYS___CPROJ_B                       = 0xA16 // 2582
+	SYS___CPROJ_H                       = 0xA17 // 2583
+	SYS_CPROJF                          = 0xA18 // 2584
+	SYS___CPROJF_B                      = 0xA19 // 2585
+	SYS___CPROJF_H                      = 0xA1A // 2586
+	SYS_CPROJL                          = 0xA1B // 2587
+	SYS___CPROJL_B                      = 0xA1C // 2588
+	SYS___CPROJL_H                      = 0xA1D // 2589
+	SYS_CREAL                           = 0xA1E // 2590
+	SYS___CREAL_B                       = 0xA1F // 2591
+	SYS___CREAL_H                       = 0xA20 // 2592
+	SYS_CREALF                          = 0xA21 // 2593
+	SYS___CREALF_B                      = 0xA22 // 2594
+	SYS___CREALF_H                      = 0xA23 // 2595
+	SYS_CREALL                          = 0xA24 // 2596
+	SYS___CREALL_B                      = 0xA25 // 2597
+	SYS___CREALL_H                      = 0xA26 // 2598
+	SYS_CSIN                            = 0xA27 // 2599
+	SYS___CSIN_B                        = 0xA28 // 2600
+	SYS___CSIN_H                        = 0xA29 // 2601
+	SYS_CSINF                           = 0xA2A // 2602
+	SYS___CSINF_B                       = 0xA2B // 2603
+	SYS___CSINF_H                       = 0xA2C // 2604
+	SYS_CSINL                           = 0xA2D // 2605
+	SYS___CSINL_B                       = 0xA2E // 2606
+	SYS___CSINL_H                       = 0xA2F // 2607
+	SYS_CSINH                           = 0xA30 // 2608
+	SYS___CSINH_B                       = 0xA31 // 2609
+	SYS___CSINH_H                       = 0xA32 // 2610
+	SYS_CSINHF                          = 0xA33 // 2611
+	SYS___CSINHF_B                      = 0xA34 // 2612
+	SYS___CSINHF_H                      = 0xA35 // 2613
+	SYS_CSINHL                          = 0xA36 // 2614
+	SYS___CSINHL_B                      = 0xA37 // 2615
+	SYS___CSINHL_H                      = 0xA38 // 2616
+	SYS_CSQRT                           = 0xA39 // 2617
+	SYS___CSQRT_B                       = 0xA3A // 2618
+	SYS___CSQRT_H                       = 0xA3B // 2619
+	SYS_CSQRTF                          = 0xA3C // 2620
+	SYS___CSQRTF_B                      = 0xA3D // 2621
+	SYS___CSQRTF_H                      = 0xA3E // 2622
+	SYS_CSQRTL                          = 0xA3F // 2623
+	SYS___CSQRTL_B                      = 0xA40 // 2624
+	SYS___CSQRTL_H                      = 0xA41 // 2625
+	SYS_CTAN                            = 0xA42 // 2626
+	SYS___CTAN_B                        = 0xA43 // 2627
+	SYS___CTAN_H                        = 0xA44 // 2628
+	SYS_CTANF                           = 0xA45 // 2629
+	SYS___CTANF_B                       = 0xA46 // 2630
+	SYS___CTANF_H                       = 0xA47 // 2631
+	SYS_CTANL                           = 0xA48 // 2632
+	SYS___CTANL_B                       = 0xA49 // 2633
+	SYS___CTANL_H                       = 0xA4A // 2634
+	SYS_CTANH                           = 0xA4B // 2635
+	SYS___CTANH_B                       = 0xA4C // 2636
+	SYS___CTANH_H                       = 0xA4D // 2637
+	SYS_CTANHF                          = 0xA4E // 2638
+	SYS___CTANHF_B                      = 0xA4F // 2639
+	SYS___CTANHF_H                      = 0xA50 // 2640
+	SYS_CTANHL                          = 0xA51 // 2641
+	SYS___CTANHL_B                      = 0xA52 // 2642
+	SYS___CTANHL_H                      = 0xA53 // 2643
+	SYS___ACOSHF_H                      = 0xA54 // 2644
+	SYS___ACOSHL_H                      = 0xA55 // 2645
+	SYS___ASINHF_H                      = 0xA56 // 2646
+	SYS___ASINHL_H                      = 0xA57 // 2647
+	SYS___CBRTF_H                       = 0xA58 // 2648
+	SYS___CBRTL_H                       = 0xA59 // 2649
+	SYS___COPYSIGN_B                    = 0xA5A // 2650
+	SYS___EXPM1F_H                      = 0xA5B // 2651
+	SYS___EXPM1L_H                      = 0xA5C // 2652
+	SYS___EXP2_H                        = 0xA5D // 2653
+	SYS___EXP2F_H                       = 0xA5E // 2654
+	SYS___EXP2L_H                       = 0xA5F // 2655
+	SYS___LOG1PF_H                      = 0xA60 // 2656
+	SYS___LOG1PL_H                      = 0xA61 // 2657
+	SYS___LGAMMAL_H                     = 0xA62 // 2658
+	SYS_FMA                             = 0xA63 // 2659
+	SYS___FMA_B                         = 0xA64 // 2660
+	SYS___FMA_H                         = 0xA65 // 2661
+	SYS_FMAF                            = 0xA66 // 2662
+	SYS___FMAF_B                        = 0xA67 // 2663
+	SYS___FMAF_H                        = 0xA68 // 2664
+	SYS_FMAL                            = 0xA69 // 2665
+	SYS___FMAL_B                        = 0xA6A // 2666
+	SYS___FMAL_H                        = 0xA6B // 2667
+	SYS_FMAX                            = 0xA6C // 2668
+	SYS___FMAX_B                        = 0xA6D // 2669
+	SYS___FMAX_H                        = 0xA6E // 2670
+	SYS_FMAXF                           = 0xA6F // 2671
+	SYS___FMAXF_B                       = 0xA70 // 2672
+	SYS___FMAXF_H                       = 0xA71 // 2673
+	SYS_FMAXL                           = 0xA72 // 2674
+	SYS___FMAXL_B                       = 0xA73 // 2675
+	SYS___FMAXL_H                       = 0xA74 // 2676
+	SYS_FMIN                            = 0xA75 // 2677
+	SYS___FMIN_B                        = 0xA76 // 2678
+	SYS___FMIN_H                        = 0xA77 // 2679
+	SYS_FMINF                           = 0xA78 // 2680
+	SYS___FMINF_B                       = 0xA79 // 2681
+	SYS___FMINF_H                       = 0xA7A // 2682
+	SYS_FMINL                           = 0xA7B // 2683
+	SYS___FMINL_B                       = 0xA7C // 2684
+	SYS___FMINL_H                       = 0xA7D // 2685
+	SYS_ILOGBF                          = 0xA7E // 2686
+	SYS___ILOGBF_B                      = 0xA7F // 2687
+	SYS___ILOGBF_H                      = 0xA80 // 2688
+	SYS_ILOGBL                          = 0xA81 // 2689
+	SYS___ILOGBL_B                      = 0xA82 // 2690
+	SYS___ILOGBL_H                      = 0xA83 // 2691
+	SYS_LLRINT                          = 0xA84 // 2692
+	SYS___LLRINT_B                      = 0xA85 // 2693
+	SYS___LLRINT_H                      = 0xA86 // 2694
+	SYS_LLRINTF                         = 0xA87 // 2695
+	SYS___LLRINTF_B                     = 0xA88 // 2696
+	SYS___LLRINTF_H                     = 0xA89 // 2697
+	SYS_LLRINTL                         = 0xA8A // 2698
+	SYS___LLRINTL_B                     = 0xA8B // 2699
+	SYS___LLRINTL_H                     = 0xA8C // 2700
+	SYS_LLROUND                         = 0xA8D // 2701
+	SYS___LLROUND_B                     = 0xA8E // 2702
+	SYS___LLROUND_H                     = 0xA8F // 2703
+	SYS_LLROUNDF                        = 0xA90 // 2704
+	SYS___LLROUNDF_B                    = 0xA91 // 2705
+	SYS___LLROUNDF_H                    = 0xA92 // 2706
+	SYS_LLROUNDL                        = 0xA93 // 2707
+	SYS___LLROUNDL_B                    = 0xA94 // 2708
+	SYS___LLROUNDL_H                    = 0xA95 // 2709
+	SYS_LOGBF                           = 0xA96 // 2710
+	SYS___LOGBF_B                       = 0xA97 // 2711
+	SYS___LOGBF_H                       = 0xA98 // 2712
+	SYS_LOGBL                           = 0xA99 // 2713
+	SYS___LOGBL_B                       = 0xA9A // 2714
+	SYS___LOGBL_H                       = 0xA9B // 2715
+	SYS_LRINT                           = 0xA9C // 2716
+	SYS___LRINT_B                       = 0xA9D // 2717
+	SYS___LRINT_H                       = 0xA9E // 2718
+	SYS_LRINTF                          = 0xA9F // 2719
+	SYS___LRINTF_B                      = 0xAA0 // 2720
+	SYS___LRINTF_H                      = 0xAA1 // 2721
+	SYS_LRINTL                          = 0xAA2 // 2722
+	SYS___LRINTL_B                      = 0xAA3 // 2723
+	SYS___LRINTL_H                      = 0xAA4 // 2724
+	SYS_LROUNDL                         = 0xAA5 // 2725
+	SYS___LROUNDL_B                     = 0xAA6 // 2726
+	SYS___LROUNDL_H                     = 0xAA7 // 2727
+	SYS_NAN                             = 0xAA8 // 2728
+	SYS___NAN_B                         = 0xAA9 // 2729
+	SYS_NANF                            = 0xAAA // 2730
+	SYS___NANF_B                        = 0xAAB // 2731
+	SYS_NANL                            = 0xAAC // 2732
+	SYS___NANL_B                        = 0xAAD // 2733
+	SYS_NEARBYINT                       = 0xAAE // 2734
+	SYS___NEARBYINT_B                   = 0xAAF // 2735
+	SYS___NEARBYINT_H                   = 0xAB0 // 2736
+	SYS_NEARBYINTF                      = 0xAB1 // 2737
+	SYS___NEARBYINTF_B                  = 0xAB2 // 2738
+	SYS___NEARBYINTF_H                  = 0xAB3 // 2739
+	SYS_NEARBYINTL                      = 0xAB4 // 2740
+	SYS___NEARBYINTL_B                  = 0xAB5 // 2741
+	SYS___NEARBYINTL_H                  = 0xAB6 // 2742
+	SYS_NEXTAFTERF                      = 0xAB7 // 2743
+	SYS___NEXTAFTERF_B                  = 0xAB8 // 2744
+	SYS___NEXTAFTERF_H                  = 0xAB9 // 2745
+	SYS_NEXTAFTERL                      = 0xABA // 2746
+	SYS___NEXTAFTERL_B                  = 0xABB // 2747
+	SYS___NEXTAFTERL_H                  = 0xABC // 2748
+	SYS_NEXTTOWARD                      = 0xABD // 2749
+	SYS___NEXTTOWARD_B                  = 0xABE // 2750
+	SYS___NEXTTOWARD_H                  = 0xABF // 2751
+	SYS_NEXTTOWARDF                     = 0xAC0 // 2752
+	SYS___NEXTTOWARDF_B                 = 0xAC1 // 2753
+	SYS___NEXTTOWARDF_H                 = 0xAC2 // 2754
+	SYS_NEXTTOWARDL                     = 0xAC3 // 2755
+	SYS___NEXTTOWARDL_B                 = 0xAC4 // 2756
+	SYS___NEXTTOWARDL_H                 = 0xAC5 // 2757
+	SYS___REMAINDERF_H                  = 0xAC6 // 2758
+	SYS___REMAINDERL_H                  = 0xAC7 // 2759
+	SYS___REMQUO_H                      = 0xAC8 // 2760
+	SYS___REMQUOF_H                     = 0xAC9 // 2761
+	SYS___REMQUOL_H                     = 0xACA // 2762
+	SYS_RINTF                           = 0xACB // 2763
+	SYS___RINTF_B                       = 0xACC // 2764
+	SYS_RINTL                           = 0xACD // 2765
+	SYS___RINTL_B                       = 0xACE // 2766
+	SYS_ROUND                           = 0xACF // 2767
+	SYS___ROUND_B                       = 0xAD0 // 2768
+	SYS___ROUND_H                       = 0xAD1 // 2769
+	SYS_ROUNDF                          = 0xAD2 // 2770
+	SYS___ROUNDF_B                      = 0xAD3 // 2771
+	SYS___ROUNDF_H                      = 0xAD4 // 2772
+	SYS_ROUNDL                          = 0xAD5 // 2773
+	SYS___ROUNDL_B                      = 0xAD6 // 2774
+	SYS___ROUNDL_H                      = 0xAD7 // 2775
+	SYS_SCALBLN                         = 0xAD8 // 2776
+	SYS___SCALBLN_B                     = 0xAD9 // 2777
+	SYS___SCALBLN_H                     = 0xADA // 2778
+	SYS_SCALBLNF                        = 0xADB // 2779
+	SYS___SCALBLNF_B                    = 0xADC // 2780
+	SYS___SCALBLNF_H                    = 0xADD // 2781
+	SYS_SCALBLNL                        = 0xADE // 2782
+	SYS___SCALBLNL_B                    = 0xADF // 2783
+	SYS___SCALBLNL_H                    = 0xAE0 // 2784
+	SYS___SCALBN_B                      = 0xAE1 // 2785
+	SYS___SCALBN_H                      = 0xAE2 // 2786
+	SYS_SCALBNF                         = 0xAE3 // 2787
+	SYS___SCALBNF_B                     = 0xAE4 // 2788
+	SYS___SCALBNF_H                     = 0xAE5 // 2789
+	SYS_SCALBNL                         = 0xAE6 // 2790
+	SYS___SCALBNL_B                     = 0xAE7 // 2791
+	SYS___SCALBNL_H                     = 0xAE8 // 2792
+	SYS___TGAMMAL_H                     = 0xAE9 // 2793
+	SYS_FECLEAREXCEPT                   = 0xAEA // 2794
+	SYS_FEGETENV                        = 0xAEB // 2795
+	SYS_FEGETEXCEPTFLAG                 = 0xAEC // 2796
+	SYS_FEGETROUND                      = 0xAED // 2797
+	SYS_FEHOLDEXCEPT                    = 0xAEE // 2798
+	SYS_FERAISEEXCEPT                   = 0xAEF // 2799
+	SYS_FESETENV                        = 0xAF0 // 2800
+	SYS_FESETEXCEPTFLAG                 = 0xAF1 // 2801
+	SYS_FESETROUND                      = 0xAF2 // 2802
+	SYS_FETESTEXCEPT                    = 0xAF3 // 2803
+	SYS_FEUPDATEENV                     = 0xAF4 // 2804
+	SYS___COPYSIGN_H                    = 0xAF5 // 2805
+	SYS___HYPOTF_H                      = 0xAF6 // 2806
+	SYS___HYPOTL_H                      = 0xAF7 // 2807
+	SYS___CLASS                         = 0xAFA // 2810
+	SYS___CLASS_B                       = 0xAFB // 2811
+	SYS___CLASS_H                       = 0xAFC // 2812
+	SYS___ISBLANK_A                     = 0xB2E // 2862
+	SYS___ISWBLANK_A                    = 0xB2F // 2863
+	SYS___LROUND_FIXUP                  = 0xB30 // 2864
+	SYS___LROUNDF_FIXUP                 = 0xB31 // 2865
+	SYS_SCHED_YIELD                     = 0xB32 // 2866
+	SYS_STRERROR_R                      = 0xB33 // 2867
+	SYS_UNSETENV                        = 0xB34 // 2868
+	SYS___LGAMMA_H_C99                  = 0xB38 // 2872
+	SYS___LGAMMA_B_C99                  = 0xB39 // 2873
+	SYS___LGAMMA_R_C99                  = 0xB3A // 2874
+	SYS___FTELL2                        = 0xB3B // 2875
+	SYS___FSEEK2                        = 0xB3C // 2876
+	SYS___STATIC_REINIT                 = 0xB3D // 2877
+	SYS_PTHREAD_ATTR_GETSTACK           = 0xB3E // 2878
+	SYS_PTHREAD_ATTR_SETSTACK           = 0xB3F // 2879
+	SYS___TGAMMA_H_C99                  = 0xB78 // 2936
+	SYS___TGAMMAF_H_C99                 = 0xB79 // 2937
+	SYS___LE_TRACEBACK                  = 0xB7A // 2938
+	SYS___MUST_STAY_CLEAN               = 0xB7C // 2940
+	SYS___O_ENV                         = 0xB7D // 2941
+	SYS_ACOSD32                         = 0xB7E // 2942
+	SYS_ACOSD64                         = 0xB7F // 2943
+	SYS_ACOSD128                        = 0xB80 // 2944
+	SYS_ACOSHD32                        = 0xB81 // 2945
+	SYS_ACOSHD64                        = 0xB82 // 2946
+	SYS_ACOSHD128                       = 0xB83 // 2947
+	SYS_ASIND32                         = 0xB84 // 2948
+	SYS_ASIND64                         = 0xB85 // 2949
+	SYS_ASIND128                        = 0xB86 // 2950
+	SYS_ASINHD32                        = 0xB87 // 2951
+	SYS_ASINHD64                        = 0xB88 // 2952
+	SYS_ASINHD128                       = 0xB89 // 2953
+	SYS_ATAND32                         = 0xB8A // 2954
+	SYS_ATAND64                         = 0xB8B // 2955
+	SYS_ATAND128                        = 0xB8C // 2956
+	SYS_ATAN2D32                        = 0xB8D // 2957
+	SYS_ATAN2D64                        = 0xB8E // 2958
+	SYS_ATAN2D128                       = 0xB8F // 2959
+	SYS_ATANHD32                        = 0xB90 // 2960
+	SYS_ATANHD64                        = 0xB91 // 2961
+	SYS_ATANHD128                       = 0xB92 // 2962
+	SYS_CBRTD32                         = 0xB93 // 2963
+	SYS_CBRTD64                         = 0xB94 // 2964
+	SYS_CBRTD128                        = 0xB95 // 2965
+	SYS_CEILD32                         = 0xB96 // 2966
+	SYS_CEILD64                         = 0xB97 // 2967
+	SYS_CEILD128                        = 0xB98 // 2968
+	SYS___CLASS2                        = 0xB99 // 2969
+	SYS___CLASS2_B                      = 0xB9A // 2970
+	SYS___CLASS2_H                      = 0xB9B // 2971
+	SYS_COPYSIGND32                     = 0xB9C // 2972
+	SYS_COPYSIGND64                     = 0xB9D // 2973
+	SYS_COPYSIGND128                    = 0xB9E // 2974
+	SYS_COSD32                          = 0xB9F // 2975
+	SYS_COSD64                          = 0xBA0 // 2976
+	SYS_COSD128                         = 0xBA1 // 2977
+	SYS_COSHD32                         = 0xBA2 // 2978
+	SYS_COSHD64                         = 0xBA3 // 2979
+	SYS_COSHD128                        = 0xBA4 // 2980
+	SYS_ERFD32                          = 0xBA5 // 2981
+	SYS_ERFD64                          = 0xBA6 // 2982
+	SYS_ERFD128                         = 0xBA7 // 2983
+	SYS_ERFCD32                         = 0xBA8 // 2984
+	SYS_ERFCD64                         = 0xBA9 // 2985
+	SYS_ERFCD128                        = 0xBAA // 2986
+	SYS_EXPD32                          = 0xBAB // 2987
+	SYS_EXPD64                          = 0xBAC // 2988
+	SYS_EXPD128                         = 0xBAD // 2989
+	SYS_EXP2D32                         = 0xBAE // 2990
+	SYS_EXP2D64                         = 0xBAF // 2991
+	SYS_EXP2D128                        = 0xBB0 // 2992
+	SYS_EXPM1D32                        = 0xBB1 // 2993
+	SYS_EXPM1D64                        = 0xBB2 // 2994
+	SYS_EXPM1D128                       = 0xBB3 // 2995
+	SYS_FABSD32                         = 0xBB4 // 2996
+	SYS_FABSD64                         = 0xBB5 // 2997
+	SYS_FABSD128                        = 0xBB6 // 2998
+	SYS_FDIMD32                         = 0xBB7 // 2999
+	SYS_FDIMD64                         = 0xBB8 // 3000
+	SYS_FDIMD128                        = 0xBB9 // 3001
+	SYS_FE_DEC_GETROUND                 = 0xBBA // 3002
+	SYS_FE_DEC_SETROUND                 = 0xBBB // 3003
+	SYS_FLOORD32                        = 0xBBC // 3004
+	SYS_FLOORD64                        = 0xBBD // 3005
+	SYS_FLOORD128                       = 0xBBE // 3006
+	SYS_FMAD32                          = 0xBBF // 3007
+	SYS_FMAD64                          = 0xBC0 // 3008
+	SYS_FMAD128                         = 0xBC1 // 3009
+	SYS_FMAXD32                         = 0xBC2 // 3010
+	SYS_FMAXD64                         = 0xBC3 // 3011
+	SYS_FMAXD128                        = 0xBC4 // 3012
+	SYS_FMIND32                         = 0xBC5 // 3013
+	SYS_FMIND64                         = 0xBC6 // 3014
+	SYS_FMIND128                        = 0xBC7 // 3015
+	SYS_FMODD32                         = 0xBC8 // 3016
+	SYS_FMODD64                         = 0xBC9 // 3017
+	SYS_FMODD128                        = 0xBCA // 3018
+	SYS___FP_CAST_D                     = 0xBCB // 3019
+	SYS_FREXPD32                        = 0xBCC // 3020
+	SYS_FREXPD64                        = 0xBCD // 3021
+	SYS_FREXPD128                       = 0xBCE // 3022
+	SYS_HYPOTD32                        = 0xBCF // 3023
+	SYS_HYPOTD64                        = 0xBD0 // 3024
+	SYS_HYPOTD128                       = 0xBD1 // 3025
+	SYS_ILOGBD32                        = 0xBD2 // 3026
+	SYS_ILOGBD64                        = 0xBD3 // 3027
+	SYS_ILOGBD128                       = 0xBD4 // 3028
+	SYS_LDEXPD32                        = 0xBD5 // 3029
+	SYS_LDEXPD64                        = 0xBD6 // 3030
+	SYS_LDEXPD128                       = 0xBD7 // 3031
+	SYS_LGAMMAD32                       = 0xBD8 // 3032
+	SYS_LGAMMAD64                       = 0xBD9 // 3033
+	SYS_LGAMMAD128                      = 0xBDA // 3034
+	SYS_LLRINTD32                       = 0xBDB // 3035
+	SYS_LLRINTD64                       = 0xBDC // 3036
+	SYS_LLRINTD128                      = 0xBDD // 3037
+	SYS_LLROUNDD32                      = 0xBDE // 3038
+	SYS_LLROUNDD64                      = 0xBDF // 3039
+	SYS_LLROUNDD128                     = 0xBE0 // 3040
+	SYS_LOGD32                          = 0xBE1 // 3041
+	SYS_LOGD64                          = 0xBE2 // 3042
+	SYS_LOGD128                         = 0xBE3 // 3043
+	SYS_LOG10D32                        = 0xBE4 // 3044
+	SYS_LOG10D64                        = 0xBE5 // 3045
+	SYS_LOG10D128                       = 0xBE6 // 3046
+	SYS_LOG1PD32                        = 0xBE7 // 3047
+	SYS_LOG1PD64                        = 0xBE8 // 3048
+	SYS_LOG1PD128                       = 0xBE9 // 3049
+	SYS_LOG2D32                         = 0xBEA // 3050
+	SYS_LOG2D64                         = 0xBEB // 3051
+	SYS_LOG2D128                        = 0xBEC // 3052
+	SYS_LOGBD32                         = 0xBED // 3053
+	SYS_LOGBD64                         = 0xBEE // 3054
+	SYS_LOGBD128                        = 0xBEF // 3055
+	SYS_LRINTD32                        = 0xBF0 // 3056
+	SYS_LRINTD64                        = 0xBF1 // 3057
+	SYS_LRINTD128                       = 0xBF2 // 3058
+	SYS_LROUNDD32                       = 0xBF3 // 3059
+	SYS_LROUNDD64                       = 0xBF4 // 3060
+	SYS_LROUNDD128                      = 0xBF5 // 3061
+	SYS_MODFD32                         = 0xBF6 // 3062
+	SYS_MODFD64                         = 0xBF7 // 3063
+	SYS_MODFD128                        = 0xBF8 // 3064
+	SYS_NAND32                          = 0xBF9 // 3065
+	SYS_NAND64                          = 0xBFA // 3066
+	SYS_NAND128                         = 0xBFB // 3067
+	SYS_NEARBYINTD32                    = 0xBFC // 3068
+	SYS_NEARBYINTD64                    = 0xBFD // 3069
+	SYS_NEARBYINTD128                   = 0xBFE // 3070
+	SYS_NEXTAFTERD32                    = 0xBFF // 3071
+	SYS_NEXTAFTERD64                    = 0xC00 // 3072
+	SYS_NEXTAFTERD128                   = 0xC01 // 3073
+	SYS_NEXTTOWARDD32                   = 0xC02 // 3074
+	SYS_NEXTTOWARDD64                   = 0xC03 // 3075
+	SYS_NEXTTOWARDD128                  = 0xC04 // 3076
+	SYS_POWD32                          = 0xC05 // 3077
+	SYS_POWD64                          = 0xC06 // 3078
+	SYS_POWD128                         = 0xC07 // 3079
+	SYS_QUANTIZED32                     = 0xC08 // 3080
+	SYS_QUANTIZED64                     = 0xC09 // 3081
+	SYS_QUANTIZED128                    = 0xC0A // 3082
+	SYS_REMAINDERD32                    = 0xC0B // 3083
+	SYS_REMAINDERD64                    = 0xC0C // 3084
+	SYS_REMAINDERD128                   = 0xC0D // 3085
+	SYS___REMQUOD32                     = 0xC0E // 3086
+	SYS___REMQUOD64                     = 0xC0F // 3087
+	SYS___REMQUOD128                    = 0xC10 // 3088
+	SYS_RINTD32                         = 0xC11 // 3089
+	SYS_RINTD64                         = 0xC12 // 3090
+	SYS_RINTD128                        = 0xC13 // 3091
+	SYS_ROUNDD32                        = 0xC14 // 3092
+	SYS_ROUNDD64                        = 0xC15 // 3093
+	SYS_ROUNDD128                       = 0xC16 // 3094
+	SYS_SAMEQUANTUMD32                  = 0xC17 // 3095
+	SYS_SAMEQUANTUMD64                  = 0xC18 // 3096
+	SYS_SAMEQUANTUMD128                 = 0xC19 // 3097
+	SYS_SCALBLND32                      = 0xC1A // 3098
+	SYS_SCALBLND64                      = 0xC1B // 3099
+	SYS_SCALBLND128                     = 0xC1C // 3100
+	SYS_SCALBND32                       = 0xC1D // 3101
+	SYS_SCALBND64                       = 0xC1E // 3102
+	SYS_SCALBND128                      = 0xC1F // 3103
+	SYS_SIND32                          = 0xC20 // 3104
+	SYS_SIND64                          = 0xC21 // 3105
+	SYS_SIND128                         = 0xC22 // 3106
+	SYS_SINHD32                         = 0xC23 // 3107
+	SYS_SINHD64                         = 0xC24 // 3108
+	SYS_SINHD128                        = 0xC25 // 3109
+	SYS_SQRTD32                         = 0xC26 // 3110
+	SYS_SQRTD64                         = 0xC27 // 3111
+	SYS_SQRTD128                        = 0xC28 // 3112
+	SYS_STRTOD32                        = 0xC29 // 3113
+	SYS_STRTOD64                        = 0xC2A // 3114
+	SYS_STRTOD128                       = 0xC2B // 3115
+	SYS_TAND32                          = 0xC2C // 3116
+	SYS_TAND64                          = 0xC2D // 3117
+	SYS_TAND128                         = 0xC2E // 3118
+	SYS_TANHD32                         = 0xC2F // 3119
+	SYS_TANHD64                         = 0xC30 // 3120
+	SYS_TANHD128                        = 0xC31 // 3121
+	SYS_TGAMMAD32                       = 0xC32 // 3122
+	SYS_TGAMMAD64                       = 0xC33 // 3123
+	SYS_TGAMMAD128                      = 0xC34 // 3124
+	SYS_TRUNCD32                        = 0xC3E // 3134
+	SYS_TRUNCD64                        = 0xC3F // 3135
+	SYS_TRUNCD128                       = 0xC40 // 3136
+	SYS_WCSTOD32                        = 0xC41 // 3137
+	SYS_WCSTOD64                        = 0xC42 // 3138
+	SYS_WCSTOD128                       = 0xC43 // 3139
+	SYS___CODEPAGE_INFO                 = 0xC64 // 3172
+	SYS_POSIX_OPENPT                    = 0xC66 // 3174
+	SYS_PSELECT                         = 0xC67 // 3175
+	SYS_SOCKATMARK                      = 0xC68 // 3176
+	SYS_AIO_FSYNC                       = 0xC69 // 3177
+	SYS_LIO_LISTIO                      = 0xC6A // 3178
+	SYS___ATANPID32                     = 0xC6B // 3179
+	SYS___ATANPID64                     = 0xC6C // 3180
+	SYS___ATANPID128                    = 0xC6D // 3181
+	SYS___COSPID32                      = 0xC6E // 3182
+	SYS___COSPID64                      = 0xC6F // 3183
+	SYS___COSPID128                     = 0xC70 // 3184
+	SYS___SINPID32                      = 0xC71 // 3185
+	SYS___SINPID64                      = 0xC72 // 3186
+	SYS___SINPID128                     = 0xC73 // 3187
+	SYS_SETIPV4SOURCEFILTER             = 0xC76 // 3190
+	SYS_GETIPV4SOURCEFILTER             = 0xC77 // 3191
+	SYS_SETSOURCEFILTER                 = 0xC78 // 3192
+	SYS_GETSOURCEFILTER                 = 0xC79 // 3193
+	SYS_FWRITE_UNLOCKED                 = 0xC7A // 3194
+	SYS_FREAD_UNLOCKED                  = 0xC7B // 3195
+	SYS_FGETS_UNLOCKED                  = 0xC7C // 3196
+	SYS_GETS_UNLOCKED                   = 0xC7D // 3197
+	SYS_FPUTS_UNLOCKED                  = 0xC7E // 3198
+	SYS_PUTS_UNLOCKED                   = 0xC7F // 3199
+	SYS_FGETC_UNLOCKED                  = 0xC80 // 3200
+	SYS_FPUTC_UNLOCKED                  = 0xC81 // 3201
+	SYS_DLADDR                          = 0xC82 // 3202
+	SYS_SHM_OPEN                        = 0xC8C // 3212
+	SYS_SHM_UNLINK                      = 0xC8D // 3213
+	SYS___CLASS2F                       = 0xC91 // 3217
+	SYS___CLASS2L                       = 0xC92 // 3218
+	SYS___CLASS2F_B                     = 0xC93 // 3219
+	SYS___CLASS2F_H                     = 0xC94 // 3220
+	SYS___CLASS2L_B                     = 0xC95 // 3221
+	SYS___CLASS2L_H                     = 0xC96 // 3222
+	SYS___CLASS2D32                     = 0xC97 // 3223
+	SYS___CLASS2D64                     = 0xC98 // 3224
+	SYS___CLASS2D128                    = 0xC99 // 3225
+	SYS___TOCSNAME2                     = 0xC9A // 3226
+	SYS___D1TOP                         = 0xC9B // 3227
+	SYS___D2TOP                         = 0xC9C // 3228
+	SYS___D4TOP                         = 0xC9D // 3229
+	SYS___PTOD1                         = 0xC9E // 3230
+	SYS___PTOD2                         = 0xC9F // 3231
+	SYS___PTOD4                         = 0xCA0 // 3232
+	SYS_CLEARERR_UNLOCKED               = 0xCA1 // 3233
+	SYS_FDELREC_UNLOCKED                = 0xCA2 // 3234
+	SYS_FEOF_UNLOCKED                   = 0xCA3 // 3235
+	SYS_FERROR_UNLOCKED                 = 0xCA4 // 3236
+	SYS_FFLUSH_UNLOCKED                 = 0xCA5 // 3237
+	SYS_FGETPOS_UNLOCKED                = 0xCA6 // 3238
+	SYS_FGETWC_UNLOCKED                 = 0xCA7 // 3239
+	SYS_FGETWS_UNLOCKED                 = 0xCA8 // 3240
+	SYS_FILENO_UNLOCKED                 = 0xCA9 // 3241
+	SYS_FLDATA_UNLOCKED                 = 0xCAA // 3242
+	SYS_FLOCATE_UNLOCKED                = 0xCAB // 3243
+	SYS_FPRINTF_UNLOCKED                = 0xCAC // 3244
+	SYS_FPUTWC_UNLOCKED                 = 0xCAD // 3245
+	SYS_FPUTWS_UNLOCKED                 = 0xCAE // 3246
+	SYS_FSCANF_UNLOCKED                 = 0xCAF // 3247
+	SYS_FSEEK_UNLOCKED                  = 0xCB0 // 3248
+	SYS_FSEEKO_UNLOCKED                 = 0xCB1 // 3249
+	SYS_FSETPOS_UNLOCKED                = 0xCB3 // 3251
+	SYS_FTELL_UNLOCKED                  = 0xCB4 // 3252
+	SYS_FTELLO_UNLOCKED                 = 0xCB5 // 3253
+	SYS_FUPDATE_UNLOCKED                = 0xCB7 // 3255
+	SYS_FWIDE_UNLOCKED                  = 0xCB8 // 3256
+	SYS_FWPRINTF_UNLOCKED               = 0xCB9 // 3257
+	SYS_FWSCANF_UNLOCKED                = 0xCBA // 3258
+	SYS_GETWC_UNLOCKED                  = 0xCBB // 3259
+	SYS_GETWCHAR_UNLOCKED               = 0xCBC // 3260
+	SYS_PERROR_UNLOCKED                 = 0xCBD // 3261
+	SYS_PRINTF_UNLOCKED                 = 0xCBE // 3262
+	SYS_PUTWC_UNLOCKED                  = 0xCBF // 3263
+	SYS_PUTWCHAR_UNLOCKED               = 0xCC0 // 3264
+	SYS_REWIND_UNLOCKED                 = 0xCC1 // 3265
+	SYS_SCANF_UNLOCKED                  = 0xCC2 // 3266
+	SYS_UNGETC_UNLOCKED                 = 0xCC3 // 3267
+	SYS_UNGETWC_UNLOCKED                = 0xCC4 // 3268
+	SYS_VFPRINTF_UNLOCKED               = 0xCC5 // 3269
+	SYS_VFSCANF_UNLOCKED                = 0xCC7 // 3271
+	SYS_VFWPRINTF_UNLOCKED              = 0xCC9 // 3273
+	SYS_VFWSCANF_UNLOCKED               = 0xCCB // 3275
+	SYS_VPRINTF_UNLOCKED                = 0xCCD // 3277
+	SYS_VSCANF_UNLOCKED                 = 0xCCF // 3279
+	SYS_VWPRINTF_UNLOCKED               = 0xCD1 // 3281
+	SYS_VWSCANF_UNLOCKED                = 0xCD3 // 3283
+	SYS_WPRINTF_UNLOCKED                = 0xCD5 // 3285
+	SYS_WSCANF_UNLOCKED                 = 0xCD6 // 3286
+	SYS_ASCTIME64                       = 0xCD7 // 3287
+	SYS_ASCTIME64_R                     = 0xCD8 // 3288
+	SYS_CTIME64                         = 0xCD9 // 3289
+	SYS_CTIME64_R                       = 0xCDA // 3290
+	SYS_DIFFTIME64                      = 0xCDB // 3291
+	SYS_GMTIME64                        = 0xCDC // 3292
+	SYS_GMTIME64_R                      = 0xCDD // 3293
+	SYS_LOCALTIME64                     = 0xCDE // 3294
+	SYS_LOCALTIME64_R                   = 0xCDF // 3295
+	SYS_MKTIME64                        = 0xCE0 // 3296
+	SYS_TIME64                          = 0xCE1 // 3297
+	SYS___LOGIN_APPLID                  = 0xCE2 // 3298
+	SYS___PASSWD_APPLID                 = 0xCE3 // 3299
+	SYS_PTHREAD_SECURITY_APPLID_NP      = 0xCE4 // 3300
+	SYS___GETTHENT                      = 0xCE5 // 3301
+	SYS_FREEIFADDRS                     = 0xCE6 // 3302
+	SYS_GETIFADDRS                      = 0xCE7 // 3303
+	SYS_POSIX_FALLOCATE                 = 0xCE8 // 3304
+	SYS_POSIX_MEMALIGN                  = 0xCE9 // 3305
+	SYS_SIZEOF_ALLOC                    = 0xCEA // 3306
+	SYS_RESIZE_ALLOC                    = 0xCEB // 3307
+	SYS_FREAD_NOUPDATE                  = 0xCEC // 3308
+	SYS_FREAD_NOUPDATE_UNLOCKED         = 0xCED // 3309
+	SYS_FGETPOS64                       = 0xCEE // 3310
+	SYS_FSEEK64                         = 0xCEF // 3311
+	SYS_FSEEKO64                        = 0xCF0 // 3312
+	SYS_FSETPOS64                       = 0xCF1 // 3313
+	SYS_FTELL64                         = 0xCF2 // 3314
+	SYS_FTELLO64                        = 0xCF3 // 3315
+	SYS_FGETPOS64_UNLOCKED              = 0xCF4 // 3316
+	SYS_FSEEK64_UNLOCKED                = 0xCF5 // 3317
+	SYS_FSEEKO64_UNLOCKED               = 0xCF6 // 3318
+	SYS_FSETPOS64_UNLOCKED              = 0xCF7 // 3319
+	SYS_FTELL64_UNLOCKED                = 0xCF8 // 3320
+	SYS_FTELLO64_UNLOCKED               = 0xCF9 // 3321
+	SYS_FOPEN_UNLOCKED                  = 0xCFA // 3322
+	SYS_FREOPEN_UNLOCKED                = 0xCFB // 3323
+	SYS_FDOPEN_UNLOCKED                 = 0xCFC // 3324
+	SYS_TMPFILE_UNLOCKED                = 0xCFD // 3325
+	SYS___MOSERVICES                    = 0xD3D // 3389
+	SYS___GETTOD                        = 0xD3E // 3390
+	SYS_C16RTOMB                        = 0xD40 // 3392
+	SYS_C32RTOMB                        = 0xD41 // 3393
+	SYS_MBRTOC16                        = 0xD42 // 3394
+	SYS_MBRTOC32                        = 0xD43 // 3395
+	SYS_QUANTEXPD32                     = 0xD44 // 3396
+	SYS_QUANTEXPD64                     = 0xD45 // 3397
+	SYS_QUANTEXPD128                    = 0xD46 // 3398
+	SYS___LOCALE_CTL                    = 0xD47 // 3399
+	SYS___SMF_RECORD2                   = 0xD48 // 3400
+	SYS_FOPEN64                         = 0xD49 // 3401
+	SYS_FOPEN64_UNLOCKED                = 0xD4A // 3402
+	SYS_FREOPEN64                       = 0xD4B // 3403
+	SYS_FREOPEN64_UNLOCKED              = 0xD4C // 3404
+	SYS_TMPFILE64                       = 0xD4D // 3405
+	SYS_TMPFILE64_UNLOCKED              = 0xD4E // 3406
+	SYS_GETDATE64                       = 0xD4F // 3407
+	SYS_GETTIMEOFDAY64                  = 0xD50 // 3408
+	SYS_BIND2ADDRSEL                    = 0xD59 // 3417
+	SYS_INET6_IS_SRCADDR                = 0xD5A // 3418
+	SYS___GETGRGID1                     = 0xD5B // 3419
+	SYS___GETGRNAM1                     = 0xD5C // 3420
+	SYS___FBUFSIZE                      = 0xD60 // 3424
+	SYS___FPENDING                      = 0xD61 // 3425
+	SYS___FLBF                          = 0xD62 // 3426
+	SYS___FREADABLE                     = 0xD63 // 3427
+	SYS___FWRITABLE                     = 0xD64 // 3428
+	SYS___FREADING                      = 0xD65 // 3429
+	SYS___FWRITING                      = 0xD66 // 3430
+	SYS___FSETLOCKING                   = 0xD67 // 3431
+	SYS__FLUSHLBF                       = 0xD68 // 3432
+	SYS___FPURGE                        = 0xD69 // 3433
+	SYS___FREADAHEAD                    = 0xD6A // 3434
+	SYS___FSETERR                       = 0xD6B // 3435
+	SYS___FPENDING_UNLOCKED             = 0xD6C // 3436
+	SYS___FREADING_UNLOCKED             = 0xD6D // 3437
+	SYS___FWRITING_UNLOCKED             = 0xD6E // 3438
+	SYS__FLUSHLBF_UNLOCKED              = 0xD6F // 3439
+	SYS___FPURGE_UNLOCKED               = 0xD70 // 3440
+	SYS___FREADAHEAD_UNLOCKED           = 0xD71 // 3441
+	SYS___LE_CEEGTJS                    = 0xD72 // 3442
+	SYS___LE_RECORD_DUMP                = 0xD73 // 3443
+	SYS_FSTAT64                         = 0xD74 // 3444
+	SYS_LSTAT64                         = 0xD75 // 3445
+	SYS_STAT64                          = 0xD76 // 3446
+	SYS___READDIR2_64                   = 0xD77 // 3447
+	SYS___OPEN_STAT64                   = 0xD78 // 3448
+	SYS_FTW64                           = 0xD79 // 3449
+	SYS_NFTW64                          = 0xD7A // 3450
+	SYS_UTIME64                         = 0xD7B // 3451
+	SYS_UTIMES64                        = 0xD7C // 3452
+	SYS___GETIPC64                      = 0xD7D // 3453
+	SYS_MSGCTL64                        = 0xD7E // 3454
+	SYS_SEMCTL64                        = 0xD7F // 3455
+	SYS_SHMCTL64                        = 0xD80 // 3456
+	SYS_MSGXRCV64                       = 0xD81 // 3457
+	SYS___MGXR64                        = 0xD81 // 3457
+	SYS_W_GETPSENT64                    = 0xD82 // 3458
+	SYS_PTHREAD_COND_TIMEDWAIT64        = 0xD83 // 3459
+	SYS_FTIME64                         = 0xD85 // 3461
+	SYS_GETUTXENT64                     = 0xD86 // 3462
+	SYS_GETUTXID64                      = 0xD87 // 3463
+	SYS_GETUTXLINE64                    = 0xD88 // 3464
+	SYS_PUTUTXLINE64                    = 0xD89 // 3465
+	SYS_NEWLOCALE                       = 0xD8A // 3466
+	SYS_FREELOCALE                      = 0xD8B // 3467
+	SYS_USELOCALE                       = 0xD8C // 3468
+	SYS_DUPLOCALE                       = 0xD8D // 3469
+	SYS___CHATTR64                      = 0xD9C // 3484
+	SYS___LCHATTR64                     = 0xD9D // 3485
+	SYS___FCHATTR64                     = 0xD9E // 3486
+	SYS_____CHATTR64_A                  = 0xD9F // 3487
+	SYS_____LCHATTR64_A                 = 0xDA0 // 3488
+	SYS___LE_CEEUSGD                    = 0xDA1 // 3489
+	SYS___LE_IFAM_CON                   = 0xDA2 // 3490
+	SYS___LE_IFAM_DSC                   = 0xDA3 // 3491
+	SYS___LE_IFAM_GET                   = 0xDA4 // 3492
+	SYS___LE_IFAM_QRY                   = 0xDA5 // 3493
+	SYS_ALIGNED_ALLOC                   = 0xDA6 // 3494
+	SYS_ACCEPT4                         = 0xDA7 // 3495
+	SYS___ACCEPT4_A                     = 0xDA8 // 3496
+	SYS_COPYFILERANGE                   = 0xDA9 // 3497
+	SYS_GETLINE                         = 0xDAA // 3498
+	SYS___GETLINE_A                     = 0xDAB // 3499
+	SYS_DIRFD                           = 0xDAC // 3500
+	SYS_CLOCK_GETTIME                   = 0xDAD // 3501
+	SYS_DUP3                            = 0xDAE // 3502
+	SYS_EPOLL_CREATE                    = 0xDAF // 3503
+	SYS_EPOLL_CREATE1                   = 0xDB0 // 3504
+	SYS_EPOLL_CTL                       = 0xDB1 // 3505
+	SYS_EPOLL_WAIT                      = 0xDB2 // 3506
+	SYS_EPOLL_PWAIT                     = 0xDB3 // 3507
+	SYS_EVENTFD                         = 0xDB4 // 3508
+	SYS_STATFS                          = 0xDB5 // 3509
+	SYS___STATFS_A                      = 0xDB6 // 3510
+	SYS_FSTATFS                         = 0xDB7 // 3511
+	SYS_INOTIFY_INIT                    = 0xDB8 // 3512
+	SYS_INOTIFY_INIT1                   = 0xDB9 // 3513
+	SYS_INOTIFY_ADD_WATCH               = 0xDBA // 3514
+	SYS___INOTIFY_ADD_WATCH_A           = 0xDBB // 3515
+	SYS_INOTIFY_RM_WATCH                = 0xDBC // 3516
+	SYS_PIPE2                           = 0xDBD // 3517
+	SYS_PIVOT_ROOT                      = 0xDBE // 3518
+	SYS___PIVOT_ROOT_A                  = 0xDBF // 3519
+	SYS_PRCTL                           = 0xDC0 // 3520
+	SYS_PRLIMIT                         = 0xDC1 // 3521
+	SYS_SETHOSTNAME                     = 0xDC2 // 3522
+	SYS___SETHOSTNAME_A                 = 0xDC3 // 3523
+	SYS_SETRESUID                       = 0xDC4 // 3524
+	SYS_SETRESGID                       = 0xDC5 // 3525
+	SYS_PTHREAD_CONDATTR_GETCLOCK       = 0xDC6 // 3526
+	SYS_FLOCK                           = 0xDC7 // 3527
+	SYS_FGETXATTR                       = 0xDC8 // 3528
+	SYS___FGETXATTR_A                   = 0xDC9 // 3529
+	SYS_FLISTXATTR                      = 0xDCA // 3530
+	SYS___FLISTXATTR_A                  = 0xDCB // 3531
+	SYS_FREMOVEXATTR                    = 0xDCC // 3532
+	SYS___FREMOVEXATTR_A                = 0xDCD // 3533
+	SYS_FSETXATTR                       = 0xDCE // 3534
+	SYS___FSETXATTR_A                   = 0xDCF // 3535
+	SYS_GETXATTR                        = 0xDD0 // 3536
+	SYS___GETXATTR_A                    = 0xDD1 // 3537
+	SYS_LGETXATTR                       = 0xDD2 // 3538
+	SYS___LGETXATTR_A                   = 0xDD3 // 3539
+	SYS_LISTXATTR                       = 0xDD4 // 3540
+	SYS___LISTXATTR_A                   = 0xDD5 // 3541
+	SYS_LLISTXATTR                      = 0xDD6 // 3542
+	SYS___LLISTXATTR_A                  = 0xDD7 // 3543
+	SYS_LREMOVEXATTR                    = 0xDD8 // 3544
+	SYS___LREMOVEXATTR_A                = 0xDD9 // 3545
+	SYS_LSETXATTR                       = 0xDDA // 3546
+	SYS___LSETXATTR_A                   = 0xDDB // 3547
+	SYS_REMOVEXATTR                     = 0xDDC // 3548
+	SYS___REMOVEXATTR_A                 = 0xDDD // 3549
+	SYS_SETXATTR                        = 0xDDE // 3550
+	SYS___SETXATTR_A                    = 0xDDF // 3551
+	SYS_FDATASYNC                       = 0xDE0 // 3552
+	SYS_SYNCFS                          = 0xDE1 // 3553
+	SYS_FUTIMES                         = 0xDE2 // 3554
+	SYS_FUTIMESAT                       = 0xDE3 // 3555
+	SYS___FUTIMESAT_A                   = 0xDE4 // 3556
+	SYS_LUTIMES                         = 0xDE5 // 3557
+	SYS___LUTIMES_A                     = 0xDE6 // 3558
+	SYS_INET_ATON                       = 0xDE7 // 3559
+	SYS_GETRANDOM                       = 0xDE8 // 3560
+	SYS_GETTID                          = 0xDE9 // 3561
+	SYS_MEMFD_CREATE                    = 0xDEA // 3562
+	SYS___MEMFD_CREATE_A                = 0xDEB // 3563
+	SYS_FACCESSAT                       = 0xDEC // 3564
+	SYS___FACCESSAT_A                   = 0xDED // 3565
+	SYS_FCHMODAT                        = 0xDEE // 3566
+	SYS___FCHMODAT_A                    = 0xDEF // 3567
+	SYS_FCHOWNAT                        = 0xDF0 // 3568
+	SYS___FCHOWNAT_A                    = 0xDF1 // 3569
+	SYS_FSTATAT                         = 0xDF2 // 3570
+	SYS___FSTATAT_A                     = 0xDF3 // 3571
+	SYS_LINKAT                          = 0xDF4 // 3572
+	SYS___LINKAT_A                      = 0xDF5 // 3573
+	SYS_MKDIRAT                         = 0xDF6 // 3574
+	SYS___MKDIRAT_A                     = 0xDF7 // 3575
+	SYS_MKFIFOAT                        = 0xDF8 // 3576
+	SYS___MKFIFOAT_A                    = 0xDF9 // 3577
+	SYS_MKNODAT                         = 0xDFA // 3578
+	SYS___MKNODAT_A                     = 0xDFB // 3579
+	SYS_OPENAT                          = 0xDFC // 3580
+	SYS___OPENAT_A                      = 0xDFD // 3581
+	SYS_READLINKAT                      = 0xDFE // 3582
+	SYS___READLINKAT_A                  = 0xDFF // 3583
+	SYS_RENAMEAT                        = 0xE00 // 3584
+	SYS___RENAMEAT_A                    = 0xE01 // 3585
+	SYS_RENAMEAT2                       = 0xE02 // 3586
+	SYS___RENAMEAT2_A                   = 0xE03 // 3587
+	SYS_SYMLINKAT                       = 0xE04 // 3588
+	SYS___SYMLINKAT_A                   = 0xE05 // 3589
+	SYS_UNLINKAT                        = 0xE06 // 3590
+	SYS___UNLINKAT_A                    = 0xE07 // 3591
+	SYS_SYSINFO                         = 0xE08 // 3592
+	SYS_WAIT4                           = 0xE0A // 3594
+	SYS_CLONE                           = 0xE0B // 3595
+	SYS_UNSHARE                         = 0xE0C // 3596
+	SYS_SETNS                           = 0xE0D // 3597
+	SYS_CAPGET                          = 0xE0E // 3598
+	SYS_CAPSET                          = 0xE0F // 3599
+	SYS_STRCHRNUL                       = 0xE10 // 3600
+	SYS_PTHREAD_CONDATTR_SETCLOCK       = 0xE12 // 3602
+	SYS_OPEN_BY_HANDLE_AT               = 0xE13 // 3603
+	SYS___OPEN_BY_HANDLE_AT_A           = 0xE14 // 3604
+	SYS___INET_ATON_A                   = 0xE15 // 3605
+	SYS_MOUNT1                          = 0xE16 // 3606
+	SYS___MOUNT1_A                      = 0xE17 // 3607
+	SYS_UMOUNT1                         = 0xE18 // 3608
+	SYS___UMOUNT1_A                     = 0xE19 // 3609
+	SYS_UMOUNT2                         = 0xE1A // 3610
+	SYS___UMOUNT2_A                     = 0xE1B // 3611
+	SYS___PRCTL_A                       = 0xE1C // 3612
+	SYS_LOCALTIME_R2                    = 0xE1D // 3613
+	SYS___LOCALTIME_R2_A                = 0xE1E // 3614
+	SYS_OPENAT2                         = 0xE1F // 3615
+	SYS___OPENAT2_A                     = 0xE20 // 3616
+	SYS___LE_CEEMICT                    = 0xE21 // 3617
+	SYS_GETENTROPY                      = 0xE22 // 3618
+	SYS_NANOSLEEP                       = 0xE23 // 3619
+	SYS_UTIMENSAT                       = 0xE24 // 3620
+	SYS___UTIMENSAT_A                   = 0xE25 // 3621
+	SYS_ASPRINTF                        = 0xE26 // 3622
+	SYS___ASPRINTF_A                    = 0xE27 // 3623
+	SYS_VASPRINTF                       = 0xE28 // 3624
+	SYS___VASPRINTF_A                   = 0xE29 // 3625
+	SYS_DPRINTF                         = 0xE2A // 3626
+	SYS___DPRINTF_A                     = 0xE2B // 3627
+	SYS_GETOPT_LONG                     = 0xE2C // 3628
+	SYS___GETOPT_LONG_A                 = 0xE2D // 3629
+	SYS_PSIGNAL                         = 0xE2E // 3630
+	SYS___PSIGNAL_A                     = 0xE2F // 3631
+	SYS_PSIGNAL_UNLOCKED                = 0xE30 // 3632
+	SYS___PSIGNAL_UNLOCKED_A            = 0xE31 // 3633
+	SYS_FSTATAT_O                       = 0xE32 // 3634
+	SYS___FSTATAT_O_A                   = 0xE33 // 3635
+	SYS_FSTATAT64                       = 0xE34 // 3636
+	SYS___FSTATAT64_A                   = 0xE35 // 3637
+	SYS___CHATTRAT                      = 0xE36 // 3638
+	SYS_____CHATTRAT_A                  = 0xE37 // 3639
+	SYS___CHATTRAT64                    = 0xE38 // 3640
+	SYS_____CHATTRAT64_A                = 0xE39 // 3641
+	SYS_MADVISE                         = 0xE3A // 3642
+	SYS___AUTHENTICATE                  = 0xE3B // 3643
+
 )
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index bbf8399ff5..4740b83485 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -174,7 +174,8 @@ type FscryptPolicyV2 struct {
 	Contents_encryption_mode  uint8
 	Filenames_encryption_mode uint8
 	Flags                     uint8
-	_                         [4]uint8
+	Log2_data_unit_size       uint8
+	_                         [3]uint8
 	Master_key_identifier     [16]uint8
 }
 
@@ -455,60 +456,63 @@ type Ucred struct {
 }
 
 type TCPInfo struct {
-	State           uint8
-	Ca_state        uint8
-	Retransmits     uint8
-	Probes          uint8
-	Backoff         uint8
-	Options         uint8
-	Rto             uint32
-	Ato             uint32
-	Snd_mss         uint32
-	Rcv_mss         uint32
-	Unacked         uint32
-	Sacked          uint32
-	Lost            uint32
-	Retrans         uint32
-	Fackets         uint32
-	Last_data_sent  uint32
-	Last_ack_sent   uint32
-	Last_data_recv  uint32
-	Last_ack_recv   uint32
-	Pmtu            uint32
-	Rcv_ssthresh    uint32
-	Rtt             uint32
-	Rttvar          uint32
-	Snd_ssthresh    uint32
-	Snd_cwnd        uint32
-	Advmss          uint32
-	Reordering      uint32
-	Rcv_rtt         uint32
-	Rcv_space       uint32
-	Total_retrans   uint32
-	Pacing_rate     uint64
-	Max_pacing_rate uint64
-	Bytes_acked     uint64
-	Bytes_received  uint64
-	Segs_out        uint32
-	Segs_in         uint32
-	Notsent_bytes   uint32
-	Min_rtt         uint32
-	Data_segs_in    uint32
-	Data_segs_out   uint32
-	Delivery_rate   uint64
-	Busy_time       uint64
-	Rwnd_limited    uint64
-	Sndbuf_limited  uint64
-	Delivered       uint32
-	Delivered_ce    uint32
-	Bytes_sent      uint64
-	Bytes_retrans   uint64
-	Dsack_dups      uint32
-	Reord_seen      uint32
-	Rcv_ooopack     uint32
-	Snd_wnd         uint32
-	Rcv_wnd         uint32
-	Rehash          uint32
+	State                uint8
+	Ca_state             uint8
+	Retransmits          uint8
+	Probes               uint8
+	Backoff              uint8
+	Options              uint8
+	Rto                  uint32
+	Ato                  uint32
+	Snd_mss              uint32
+	Rcv_mss              uint32
+	Unacked              uint32
+	Sacked               uint32
+	Lost                 uint32
+	Retrans              uint32
+	Fackets              uint32
+	Last_data_sent       uint32
+	Last_ack_sent        uint32
+	Last_data_recv       uint32
+	Last_ack_recv        uint32
+	Pmtu                 uint32
+	Rcv_ssthresh         uint32
+	Rtt                  uint32
+	Rttvar               uint32
+	Snd_ssthresh         uint32
+	Snd_cwnd             uint32
+	Advmss               uint32
+	Reordering           uint32
+	Rcv_rtt              uint32
+	Rcv_space            uint32
+	Total_retrans        uint32
+	Pacing_rate          uint64
+	Max_pacing_rate      uint64
+	Bytes_acked          uint64
+	Bytes_received       uint64
+	Segs_out             uint32
+	Segs_in              uint32
+	Notsent_bytes        uint32
+	Min_rtt              uint32
+	Data_segs_in         uint32
+	Data_segs_out        uint32
+	Delivery_rate        uint64
+	Busy_time            uint64
+	Rwnd_limited         uint64
+	Sndbuf_limited       uint64
+	Delivered            uint32
+	Delivered_ce         uint32
+	Bytes_sent           uint64
+	Bytes_retrans        uint64
+	Dsack_dups           uint32
+	Reord_seen           uint32
+	Rcv_ooopack          uint32
+	Snd_wnd              uint32
+	Rcv_wnd              uint32
+	Rehash               uint32
+	Total_rto            uint16
+	Total_rto_recoveries uint16
+	Total_rto_time       uint32
 }
 
 type CanFilter struct {
@@ -551,7 +555,7 @@ const (
 	SizeofIPv6MTUInfo       = 0x20
 	SizeofICMPv6Filter      = 0x20
 	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0xf0
+	SizeofTCPInfo           = 0xf8
 	SizeofCanFilter         = 0x8
 	SizeofTCPRepairOpt      = 0x8
 )
@@ -832,6 +836,15 @@ const (
 	FSPICK_EMPTY_PATH       = 0x8
 
 	FSMOUNT_CLOEXEC = 0x1
+
+	FSCONFIG_SET_FLAG        = 0x0
+	FSCONFIG_SET_STRING      = 0x1
+	FSCONFIG_SET_BINARY      = 0x2
+	FSCONFIG_SET_PATH        = 0x3
+	FSCONFIG_SET_PATH_EMPTY  = 0x4
+	FSCONFIG_SET_FD          = 0x5
+	FSCONFIG_CMD_CREATE      = 0x6
+	FSCONFIG_CMD_RECONFIGURE = 0x7
 )
 
 type OpenHow struct {
@@ -1165,7 +1178,8 @@ const (
 	PERF_SAMPLE_BRANCH_TYPE_SAVE_SHIFT    = 0x10
 	PERF_SAMPLE_BRANCH_HW_INDEX_SHIFT     = 0x11
 	PERF_SAMPLE_BRANCH_PRIV_SAVE_SHIFT    = 0x12
-	PERF_SAMPLE_BRANCH_MAX_SHIFT          = 0x13
+	PERF_SAMPLE_BRANCH_COUNTERS           = 0x80000
+	PERF_SAMPLE_BRANCH_MAX_SHIFT          = 0x14
 	PERF_SAMPLE_BRANCH_USER               = 0x1
 	PERF_SAMPLE_BRANCH_KERNEL             = 0x2
 	PERF_SAMPLE_BRANCH_HV                 = 0x4
@@ -1185,7 +1199,7 @@ const (
 	PERF_SAMPLE_BRANCH_TYPE_SAVE          = 0x10000
 	PERF_SAMPLE_BRANCH_HW_INDEX           = 0x20000
 	PERF_SAMPLE_BRANCH_PRIV_SAVE          = 0x40000
-	PERF_SAMPLE_BRANCH_MAX                = 0x80000
+	PERF_SAMPLE_BRANCH_MAX                = 0x100000
 	PERF_BR_UNKNOWN                       = 0x0
 	PERF_BR_COND                          = 0x1
 	PERF_BR_UNCOND                        = 0x2
@@ -1546,6 +1560,7 @@ const (
 	IFLA_DEVLINK_PORT                          = 0x3e
 	IFLA_GSO_IPV4_MAX_SIZE                     = 0x3f
 	IFLA_GRO_IPV4_MAX_SIZE                     = 0x40
+	IFLA_DPLL_PIN                              = 0x41
 	IFLA_PROTO_DOWN_REASON_UNSPEC              = 0x0
 	IFLA_PROTO_DOWN_REASON_MASK                = 0x1
 	IFLA_PROTO_DOWN_REASON_VALUE               = 0x2
@@ -1561,6 +1576,7 @@ const (
 	IFLA_INET6_ICMP6STATS                      = 0x6
 	IFLA_INET6_TOKEN                           = 0x7
 	IFLA_INET6_ADDR_GEN_MODE                   = 0x8
+	IFLA_INET6_RA_MTU                          = 0x9
 	IFLA_BR_UNSPEC                             = 0x0
 	IFLA_BR_FORWARD_DELAY                      = 0x1
 	IFLA_BR_HELLO_TIME                         = 0x2
@@ -1608,6 +1624,9 @@ const (
 	IFLA_BR_MCAST_MLD_VERSION                  = 0x2c
 	IFLA_BR_VLAN_STATS_PER_PORT                = 0x2d
 	IFLA_BR_MULTI_BOOLOPT                      = 0x2e
+	IFLA_BR_MCAST_QUERIER_STATE                = 0x2f
+	IFLA_BR_FDB_N_LEARNED                      = 0x30
+	IFLA_BR_FDB_MAX_LEARNED                    = 0x31
 	IFLA_BRPORT_UNSPEC                         = 0x0
 	IFLA_BRPORT_STATE                          = 0x1
 	IFLA_BRPORT_PRIORITY                       = 0x2
@@ -1645,6 +1664,14 @@ const (
 	IFLA_BRPORT_BACKUP_PORT                    = 0x22
 	IFLA_BRPORT_MRP_RING_OPEN                  = 0x23
 	IFLA_BRPORT_MRP_IN_OPEN                    = 0x24
+	IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT          = 0x25
+	IFLA_BRPORT_MCAST_EHT_HOSTS_CNT            = 0x26
+	IFLA_BRPORT_LOCKED                         = 0x27
+	IFLA_BRPORT_MAB                            = 0x28
+	IFLA_BRPORT_MCAST_N_GROUPS                 = 0x29
+	IFLA_BRPORT_MCAST_MAX_GROUPS               = 0x2a
+	IFLA_BRPORT_NEIGH_VLAN_SUPPRESS            = 0x2b
+	IFLA_BRPORT_BACKUP_NHID                    = 0x2c
 	IFLA_INFO_UNSPEC                           = 0x0
 	IFLA_INFO_KIND                             = 0x1
 	IFLA_INFO_DATA                             = 0x2
@@ -1666,6 +1693,9 @@ const (
 	IFLA_MACVLAN_MACADDR                       = 0x4
 	IFLA_MACVLAN_MACADDR_DATA                  = 0x5
 	IFLA_MACVLAN_MACADDR_COUNT                 = 0x6
+	IFLA_MACVLAN_BC_QUEUE_LEN                  = 0x7
+	IFLA_MACVLAN_BC_QUEUE_LEN_USED             = 0x8
+	IFLA_MACVLAN_BC_CUTOFF                     = 0x9
 	IFLA_VRF_UNSPEC                            = 0x0
 	IFLA_VRF_TABLE                             = 0x1
 	IFLA_VRF_PORT_UNSPEC                       = 0x0
@@ -1689,9 +1719,22 @@ const (
 	IFLA_XFRM_UNSPEC                           = 0x0
 	IFLA_XFRM_LINK                             = 0x1
 	IFLA_XFRM_IF_ID                            = 0x2
+	IFLA_XFRM_COLLECT_METADATA                 = 0x3
 	IFLA_IPVLAN_UNSPEC                         = 0x0
 	IFLA_IPVLAN_MODE                           = 0x1
 	IFLA_IPVLAN_FLAGS                          = 0x2
+	NETKIT_NEXT                                = -0x1
+	NETKIT_PASS                                = 0x0
+	NETKIT_DROP                                = 0x2
+	NETKIT_REDIRECT                            = 0x7
+	NETKIT_L2                                  = 0x0
+	NETKIT_L3                                  = 0x1
+	IFLA_NETKIT_UNSPEC                         = 0x0
+	IFLA_NETKIT_PEER_INFO                      = 0x1
+	IFLA_NETKIT_PRIMARY                        = 0x2
+	IFLA_NETKIT_POLICY                         = 0x3
+	IFLA_NETKIT_PEER_POLICY                    = 0x4
+	IFLA_NETKIT_MODE                           = 0x5
 	IFLA_VXLAN_UNSPEC                          = 0x0
 	IFLA_VXLAN_ID                              = 0x1
 	IFLA_VXLAN_GROUP                           = 0x2
@@ -1722,6 +1765,8 @@ const (
 	IFLA_VXLAN_GPE                             = 0x1b
 	IFLA_VXLAN_TTL_INHERIT                     = 0x1c
 	IFLA_VXLAN_DF                              = 0x1d
+	IFLA_VXLAN_VNIFILTER                       = 0x1e
+	IFLA_VXLAN_LOCALBYPASS                     = 0x1f
 	IFLA_GENEVE_UNSPEC                         = 0x0
 	IFLA_GENEVE_ID                             = 0x1
 	IFLA_GENEVE_REMOTE                         = 0x2
@@ -1736,6 +1781,7 @@ const (
 	IFLA_GENEVE_LABEL                          = 0xb
 	IFLA_GENEVE_TTL_INHERIT                    = 0xc
 	IFLA_GENEVE_DF                             = 0xd
+	IFLA_GENEVE_INNER_PROTO_INHERIT            = 0xe
 	IFLA_BAREUDP_UNSPEC                        = 0x0
 	IFLA_BAREUDP_PORT                          = 0x1
 	IFLA_BAREUDP_ETHERTYPE                     = 0x2
@@ -1748,6 +1794,8 @@ const (
 	IFLA_GTP_FD1                               = 0x2
 	IFLA_GTP_PDP_HASHSIZE                      = 0x3
 	IFLA_GTP_ROLE                              = 0x4
+	IFLA_GTP_CREATE_SOCKETS                    = 0x5
+	IFLA_GTP_RESTART_COUNT                     = 0x6
 	IFLA_BOND_UNSPEC                           = 0x0
 	IFLA_BOND_MODE                             = 0x1
 	IFLA_BOND_ACTIVE_SLAVE                     = 0x2
@@ -1777,6 +1825,9 @@ const (
 	IFLA_BOND_AD_ACTOR_SYSTEM                  = 0x1a
 	IFLA_BOND_TLB_DYNAMIC_LB                   = 0x1b
 	IFLA_BOND_PEER_NOTIF_DELAY                 = 0x1c
+	IFLA_BOND_AD_LACP_ACTIVE                   = 0x1d
+	IFLA_BOND_MISSED_MAX                       = 0x1e
+	IFLA_BOND_NS_IP6_TARGET                    = 0x1f
 	IFLA_BOND_AD_INFO_UNSPEC                   = 0x0
 	IFLA_BOND_AD_INFO_AGGREGATOR               = 0x1
 	IFLA_BOND_AD_INFO_NUM_PORTS                = 0x2
@@ -1792,6 +1843,7 @@ const (
 	IFLA_BOND_SLAVE_AD_AGGREGATOR_ID           = 0x6
 	IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE   = 0x7
 	IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE = 0x8
+	IFLA_BOND_SLAVE_PRIO                       = 0x9
 	IFLA_VF_INFO_UNSPEC                        = 0x0
 	IFLA_VF_INFO                               = 0x1
 	IFLA_VF_UNSPEC                             = 0x0
@@ -1850,8 +1902,16 @@ const (
 	IFLA_STATS_LINK_XSTATS_SLAVE               = 0x3
 	IFLA_STATS_LINK_OFFLOAD_XSTATS             = 0x4
 	IFLA_STATS_AF_SPEC                         = 0x5
+	IFLA_STATS_GETSET_UNSPEC                   = 0x0
+	IFLA_STATS_GET_FILTERS                     = 0x1
+	IFLA_STATS_SET_OFFLOAD_XSTATS_L3_STATS     = 0x2
 	IFLA_OFFLOAD_XSTATS_UNSPEC                 = 0x0
 	IFLA_OFFLOAD_XSTATS_CPU_HIT                = 0x1
+	IFLA_OFFLOAD_XSTATS_HW_S_INFO              = 0x2
+	IFLA_OFFLOAD_XSTATS_L3_STATS               = 0x3
+	IFLA_OFFLOAD_XSTATS_HW_S_INFO_UNSPEC       = 0x0
+	IFLA_OFFLOAD_XSTATS_HW_S_INFO_REQUEST      = 0x1
+	IFLA_OFFLOAD_XSTATS_HW_S_INFO_USED         = 0x2
 	IFLA_XDP_UNSPEC                            = 0x0
 	IFLA_XDP_FD                                = 0x1
 	IFLA_XDP_ATTACHED                          = 0x2
@@ -1881,6 +1941,11 @@ const (
 	IFLA_RMNET_UNSPEC                          = 0x0
 	IFLA_RMNET_MUX_ID                          = 0x1
 	IFLA_RMNET_FLAGS                           = 0x2
+	IFLA_MCTP_UNSPEC                           = 0x0
+	IFLA_MCTP_NET                              = 0x1
+	IFLA_DSA_UNSPEC                            = 0x0
+	IFLA_DSA_CONDUIT                           = 0x1
+	IFLA_DSA_MASTER                            = 0x1
 )
 
 const (
@@ -2417,6 +2482,15 @@ type XDPMmapOffsets struct {
 	Cr XDPRingOffset
 }
 
+type XDPUmemReg struct {
+	Addr            uint64
+	Len             uint64
+	Chunk_size      uint32
+	Headroom        uint32
+	Flags           uint32
+	Tx_metadata_len uint32
+}
+
 type XDPStatistics struct {
 	Rx_dropped               uint64
 	Rx_invalid_descs         uint64
@@ -2871,7 +2945,7 @@ const (
 	BPF_TCP_LISTEN                             = 0xa
 	BPF_TCP_CLOSING                            = 0xb
 	BPF_TCP_NEW_SYN_RECV                       = 0xc
-	BPF_TCP_MAX_STATES                         = 0xd
+	BPF_TCP_MAX_STATES                         = 0xe
 	TCP_BPF_IW                                 = 0x3e9
 	TCP_BPF_SNDCWND_CLAMP                      = 0x3ea
 	TCP_BPF_DELACK_MAX                         = 0x3eb
@@ -3147,7 +3221,7 @@ const (
 	DEVLINK_CMD_LINECARD_NEW                           = 0x50
 	DEVLINK_CMD_LINECARD_DEL                           = 0x51
 	DEVLINK_CMD_SELFTESTS_GET                          = 0x52
-	DEVLINK_CMD_MAX                                    = 0x53
+	DEVLINK_CMD_MAX                                    = 0x54
 	DEVLINK_PORT_TYPE_NOTSET                           = 0x0
 	DEVLINK_PORT_TYPE_AUTO                             = 0x1
 	DEVLINK_PORT_TYPE_ETH                              = 0x2
@@ -3399,7 +3473,7 @@ const (
 	DEVLINK_PORT_FN_ATTR_STATE                         = 0x2
 	DEVLINK_PORT_FN_ATTR_OPSTATE                       = 0x3
 	DEVLINK_PORT_FN_ATTR_CAPS                          = 0x4
-	DEVLINK_PORT_FUNCTION_ATTR_MAX                     = 0x4
+	DEVLINK_PORT_FUNCTION_ATTR_MAX                     = 0x5
 )
 
 type FsverityDigest struct {
@@ -4183,7 +4257,8 @@ const (
 )
 
 type LandlockRulesetAttr struct {
-	Access_fs uint64
+	Access_fs  uint64
+	Access_net uint64
 }
 
 type LandlockPathBeneathAttr struct {
@@ -4530,7 +4605,7 @@ const (
 	NL80211_ATTR_MAC_HINT                                   = 0xc8
 	NL80211_ATTR_MAC_MASK                                   = 0xd7
 	NL80211_ATTR_MAX_AP_ASSOC_STA                           = 0xca
-	NL80211_ATTR_MAX                                        = 0x146
+	NL80211_ATTR_MAX                                        = 0x14a
 	NL80211_ATTR_MAX_CRIT_PROT_DURATION                     = 0xb4
 	NL80211_ATTR_MAX_CSA_COUNTERS                           = 0xce
 	NL80211_ATTR_MAX_MATCH_SETS                             = 0x85
@@ -4796,7 +4871,7 @@ const (
 	NL80211_BSS_FREQUENCY_OFFSET                            = 0x14
 	NL80211_BSS_INFORMATION_ELEMENTS                        = 0x6
 	NL80211_BSS_LAST_SEEN_BOOTTIME                          = 0xf
-	NL80211_BSS_MAX                                         = 0x16
+	NL80211_BSS_MAX                                         = 0x18
 	NL80211_BSS_MLD_ADDR                                    = 0x16
 	NL80211_BSS_MLO_LINK_ID                                 = 0x15
 	NL80211_BSS_PAD                                         = 0x10
@@ -4900,7 +4975,7 @@ const (
 	NL80211_CMD_LEAVE_IBSS                                  = 0x2c
 	NL80211_CMD_LEAVE_MESH                                  = 0x45
 	NL80211_CMD_LEAVE_OCB                                   = 0x6d
-	NL80211_CMD_MAX                                         = 0x9a
+	NL80211_CMD_MAX                                         = 0x9b
 	NL80211_CMD_MICHAEL_MIC_FAILURE                         = 0x29
 	NL80211_CMD_MODIFY_LINK_STA                             = 0x97
 	NL80211_CMD_NAN_MATCH                                   = 0x78
@@ -5134,7 +5209,7 @@ const (
 	NL80211_FREQUENCY_ATTR_GO_CONCURRENT                    = 0xf
 	NL80211_FREQUENCY_ATTR_INDOOR_ONLY                      = 0xe
 	NL80211_FREQUENCY_ATTR_IR_CONCURRENT                    = 0xf
-	NL80211_FREQUENCY_ATTR_MAX                              = 0x1b
+	NL80211_FREQUENCY_ATTR_MAX                              = 0x20
 	NL80211_FREQUENCY_ATTR_MAX_TX_POWER                     = 0x6
 	NL80211_FREQUENCY_ATTR_NO_10MHZ                         = 0x11
 	NL80211_FREQUENCY_ATTR_NO_160MHZ                        = 0xc
@@ -5547,7 +5622,7 @@ const (
 	NL80211_REGDOM_TYPE_CUSTOM_WORLD                        = 0x2
 	NL80211_REGDOM_TYPE_INTERSECTION                        = 0x3
 	NL80211_REGDOM_TYPE_WORLD                               = 0x1
-	NL80211_REG_RULE_ATTR_MAX                               = 0x7
+	NL80211_REG_RULE_ATTR_MAX                               = 0x8
 	NL80211_REKEY_DATA_AKM                                  = 0x4
 	NL80211_REKEY_DATA_KCK                                  = 0x2
 	NL80211_REKEY_DATA_KEK                                  = 0x1
@@ -5628,7 +5703,7 @@ const (
 	NL80211_STA_FLAG_ASSOCIATED                             = 0x7
 	NL80211_STA_FLAG_AUTHENTICATED                          = 0x5
 	NL80211_STA_FLAG_AUTHORIZED                             = 0x1
-	NL80211_STA_FLAG_MAX                                    = 0x7
+	NL80211_STA_FLAG_MAX                                    = 0x8
 	NL80211_STA_FLAG_MAX_OLD_API                            = 0x6
 	NL80211_STA_FLAG_MFP                                    = 0x4
 	NL80211_STA_FLAG_SHORT_PREAMBLE                         = 0x2
@@ -5926,3 +6001,34 @@ type CachestatRange struct {
 	Off uint64
 	Len uint64
 }
+
+const (
+	SK_MEMINFO_RMEM_ALLOC          = 0x0
+	SK_MEMINFO_RCVBUF              = 0x1
+	SK_MEMINFO_WMEM_ALLOC          = 0x2
+	SK_MEMINFO_SNDBUF              = 0x3
+	SK_MEMINFO_FWD_ALLOC           = 0x4
+	SK_MEMINFO_WMEM_QUEUED         = 0x5
+	SK_MEMINFO_OPTMEM              = 0x6
+	SK_MEMINFO_BACKLOG             = 0x7
+	SK_MEMINFO_DROPS               = 0x8
+	SK_MEMINFO_VARS                = 0x9
+	SKNLGRP_NONE                   = 0x0
+	SKNLGRP_INET_TCP_DESTROY       = 0x1
+	SKNLGRP_INET_UDP_DESTROY       = 0x2
+	SKNLGRP_INET6_TCP_DESTROY      = 0x3
+	SKNLGRP_INET6_UDP_DESTROY      = 0x4
+	SK_DIAG_BPF_STORAGE_REQ_NONE   = 0x0
+	SK_DIAG_BPF_STORAGE_REQ_MAP_FD = 0x1
+	SK_DIAG_BPF_STORAGE_REP_NONE   = 0x0
+	SK_DIAG_BPF_STORAGE            = 0x1
+	SK_DIAG_BPF_STORAGE_NONE       = 0x0
+	SK_DIAG_BPF_STORAGE_PAD        = 0x1
+	SK_DIAG_BPF_STORAGE_MAP_ID     = 0x2
+	SK_DIAG_BPF_STORAGE_MAP_VALUE  = 0x3
+)
+
+type SockDiagReq struct {
+	Family   uint8
+	Protocol uint8
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index 438a30affa..fd402da43f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -477,14 +477,6 @@ const (
 	BLKPG = 0x1269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index adceca3553..eb7a5e1864 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -492,15 +492,6 @@ const (
 	BLKPG = 0x1269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index eeaa00a37d..d78ac108b6 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -470,15 +470,6 @@ const (
 	BLKPG = 0x1269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]uint8
 	Driver_name [64]uint8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index 6739aa91d4..cd06d47f1f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -471,15 +471,6 @@ const (
 	BLKPG = 0x1269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
index 9920ef6317..2f28fe26c1 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
@@ -472,15 +472,6 @@ const (
 	BLKPG = 0x1269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 2923b799a4..71d6cac2f1 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -476,15 +476,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index ce2750ee41..8596d45356 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -474,15 +474,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 3038811d70..cd60ea1866 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -474,15 +474,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index efc6fed18c..b0ae420c48 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -476,15 +476,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
index 9a654b75a9..8359728759 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
@@ -482,15 +482,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]uint8
 	Driver_name [64]uint8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index 40d358e33e..69eb6a5c68 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -481,15 +481,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]uint8
 	Driver_name [64]uint8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index 148c6ceb86..5f583cb62b 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -481,15 +481,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]uint8
 	Driver_name [64]uint8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
index 72ba81543e..15adc04142 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -499,15 +499,6 @@ const (
 	BLKPG = 0x1269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]uint8
 	Driver_name [64]uint8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index 71e765508e..cf3ce90037 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -495,15 +495,6 @@ const (
 	BLKPG = 0x1269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index 4abbdb9de9..590b56739c 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -476,15 +476,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
index 54f31be637..d9a13af468 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
@@ -25,10 +25,13 @@ const (
 	SizeofIPv6Mreq      = 20
 	SizeofICMPv6Filter  = 32
 	SizeofIPv6MTUInfo   = 32
+	SizeofInet4Pktinfo  = 8
+	SizeofInet6Pktinfo  = 20
 	SizeofLinger        = 8
 	SizeofSockaddrInet4 = 16
 	SizeofSockaddrInet6 = 28
 	SizeofTCPInfo       = 0x68
+	SizeofUcred         = 12
 )
 
 type (
@@ -69,12 +72,17 @@ type Utimbuf struct {
 }
 
 type Utsname struct {
-	Sysname    [65]byte
-	Nodename   [65]byte
-	Release    [65]byte
-	Version    [65]byte
-	Machine    [65]byte
-	Domainname [65]byte
+	Sysname  [16]byte
+	Nodename [32]byte
+	Release  [8]byte
+	Version  [8]byte
+	Machine  [16]byte
+}
+
+type Ucred struct {
+	Pid int32
+	Uid uint32
+	Gid uint32
 }
 
 type RawSockaddrInet4 struct {
@@ -325,7 +333,7 @@ type Statvfs_t struct {
 }
 
 type Statfs_t struct {
-	Type    uint32
+	Type    uint64
 	Bsize   uint64
 	Blocks  uint64
 	Bfree   uint64
@@ -336,6 +344,7 @@ type Statfs_t struct {
 	Namelen uint64
 	Frsize  uint64
 	Flags   uint64
+	_       [4]uint64
 }
 
 type direntLE struct {
@@ -412,3 +421,126 @@ type W_Mntent struct {
 	Quiesceowner [8]byte
 	_            [38]byte
 }
+
+type EpollEvent struct {
+	Events uint32
+	_      int32
+	Fd     int32
+	Pad    int32
+}
+
+type InotifyEvent struct {
+	Wd     int32
+	Mask   uint32
+	Cookie uint32
+	Len    uint32
+	Name   string
+}
+
+const (
+	SizeofInotifyEvent = 0x10
+)
+
+type ConsMsg2 struct {
+	Cm2Format       uint16
+	Cm2R1           uint16
+	Cm2Msglength    uint32
+	Cm2Msg          *byte
+	Cm2R2           [4]byte
+	Cm2R3           [4]byte
+	Cm2Routcde      *uint32
+	Cm2Descr        *uint32
+	Cm2Msgflag      uint32
+	Cm2Token        uint32
+	Cm2Msgid        *uint32
+	Cm2R4           [4]byte
+	Cm2DomToken     uint32
+	Cm2DomMsgid     *uint32
+	Cm2ModCartptr   *byte
+	Cm2ModConsidptr *byte
+	Cm2MsgCart      [8]byte
+	Cm2MsgConsid    [4]byte
+	Cm2R5           [12]byte
+}
+
+const (
+	CC_modify        = 1
+	CC_stop          = 2
+	CONSOLE_FORMAT_2 = 2
+	CONSOLE_FORMAT_3 = 3
+	CONSOLE_HRDCPY   = 0x80000000
+)
+
+type OpenHow struct {
+	Flags   uint64
+	Mode    uint64
+	Resolve uint64
+}
+
+const SizeofOpenHow = 0x18
+
+const (
+	RESOLVE_CACHED        = 0x20
+	RESOLVE_BENEATH       = 0x8
+	RESOLVE_IN_ROOT       = 0x10
+	RESOLVE_NO_MAGICLINKS = 0x2
+	RESOLVE_NO_SYMLINKS   = 0x4
+	RESOLVE_NO_XDEV       = 0x1
+)
+
+type Siginfo struct {
+	Signo int32
+	Errno int32
+	Code  int32
+	Pid   int32
+	Uid   uint32
+	_     [44]byte
+}
+
+type SysvIpcPerm struct {
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode int32
+}
+
+type SysvShmDesc struct {
+	Perm   SysvIpcPerm
+	_      [4]byte
+	Lpid   int32
+	Cpid   int32
+	Nattch uint32
+	_      [4]byte
+	_      [4]byte
+	_      [4]byte
+	_      int32
+	_      uint8
+	_      uint8
+	_      uint16
+	_      *byte
+	Segsz  uint64
+	Atime  Time_t
+	Dtime  Time_t
+	Ctime  Time_t
+}
+
+type SysvShmDesc64 struct {
+	Perm   SysvIpcPerm
+	_      [4]byte
+	Lpid   int32
+	Cpid   int32
+	Nattch uint32
+	_      [4]byte
+	_      [4]byte
+	_      [4]byte
+	_      int32
+	_      byte
+	_      uint8
+	_      uint16
+	_      *byte
+	Segsz  uint64
+	Atime  int64
+	Dtime  int64
+	Ctime  int64
+}
diff --git a/vendor/golang.org/x/sys/windows/aliases.go b/vendor/golang.org/x/sys/windows/aliases.go
index ce2d713d62..16f90560a2 100644
--- a/vendor/golang.org/x/sys/windows/aliases.go
+++ b/vendor/golang.org/x/sys/windows/aliases.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build windows && go1.9
+//go:build windows
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/empty.s b/vendor/golang.org/x/sys/windows/empty.s
deleted file mode 100644
index ba64caca5d..0000000000
--- a/vendor/golang.org/x/sys/windows/empty.s
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.12
-
-// This file is here to allow bodyless functions with go:linkname for Go 1.11
-// and earlier (see https://golang.org/issue/23311).
diff --git a/vendor/golang.org/x/sys/windows/env_windows.go b/vendor/golang.org/x/sys/windows/env_windows.go
index b8ad192506..d4577a4238 100644
--- a/vendor/golang.org/x/sys/windows/env_windows.go
+++ b/vendor/golang.org/x/sys/windows/env_windows.go
@@ -37,14 +37,17 @@ func (token Token) Environ(inheritExisting bool) (env []string, err error) {
 		return nil, err
 	}
 	defer DestroyEnvironmentBlock(block)
-	blockp := unsafe.Pointer(block)
-	for {
-		entry := UTF16PtrToString((*uint16)(blockp))
-		if len(entry) == 0 {
-			break
+	size := unsafe.Sizeof(*block)
+	for *block != 0 {
+		// find NUL terminator
+		end := unsafe.Pointer(block)
+		for *(*uint16)(end) != 0 {
+			end = unsafe.Add(end, size)
 		}
-		env = append(env, entry)
-		blockp = unsafe.Add(blockp, 2*(len(entry)+1))
+
+		entry := unsafe.Slice(block, (uintptr(end)-uintptr(unsafe.Pointer(block)))/size)
+		env = append(env, UTF16ToString(entry))
+		block = (*uint16)(unsafe.Add(end, size))
 	}
 	return env, nil
 }
diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go
index 26be94a8a7..97651b5bd0 100644
--- a/vendor/golang.org/x/sys/windows/security_windows.go
+++ b/vendor/golang.org/x/sys/windows/security_windows.go
@@ -68,6 +68,7 @@ type UserInfo10 struct {
 //sys	NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **byte) (neterr error) = netapi32.NetUserGetInfo
 //sys	NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (neterr error) = netapi32.NetGetJoinInformation
 //sys	NetApiBufferFree(buf *byte) (neterr error) = netapi32.NetApiBufferFree
+//sys   NetUserEnum(serverName *uint16, level uint32, filter uint32, buf **byte, prefMaxLen uint32, entriesRead *uint32, totalEntries *uint32, resumeHandle *uint32) (neterr error) = netapi32.NetUserEnum
 
 const (
 	// do not reorder
@@ -893,7 +894,7 @@ type ACL struct {
 	aclRevision byte
 	sbz1        byte
 	aclSize     uint16
-	aceCount    uint16
+	AceCount    uint16
 	sbz2        uint16
 }
 
@@ -1086,6 +1087,27 @@ type EXPLICIT_ACCESS struct {
 	Trustee           TRUSTEE
 }
 
+// https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header
+type ACE_HEADER struct {
+	AceType  uint8
+	AceFlags uint8
+	AceSize  uint16
+}
+
+// https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_allowed_ace
+type ACCESS_ALLOWED_ACE struct {
+	Header   ACE_HEADER
+	Mask     ACCESS_MASK
+	SidStart uint32
+}
+
+const (
+	// Constants for AceType
+	// https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header
+	ACCESS_ALLOWED_ACE_TYPE = 0
+	ACCESS_DENIED_ACE_TYPE  = 1
+)
+
 // This type is the union inside of TRUSTEE and must be created using one of the TrusteeValueFrom* functions.
 type TrusteeValue uintptr
 
@@ -1157,6 +1179,7 @@ type OBJECTS_AND_NAME struct {
 //sys	makeSelfRelativeSD(absoluteSD *SECURITY_DESCRIPTOR, selfRelativeSD *SECURITY_DESCRIPTOR, selfRelativeSDSize *uint32) (err error) = advapi32.MakeSelfRelativeSD
 
 //sys	setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCESS, oldACL *ACL, newACL **ACL) (ret error) = advapi32.SetEntriesInAclW
+//sys	GetAce(acl *ACL, aceIndex uint32, pAce **ACCESS_ALLOWED_ACE) (ret error) = advapi32.GetAce
 
 // Control returns the security descriptor control bits.
 func (sd *SECURITY_DESCRIPTOR) Control() (control SECURITY_DESCRIPTOR_CONTROL, revision uint32, err error) {
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index ffb8708ccf..6525c62f3c 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -125,8 +125,7 @@ func UTF16PtrToString(p *uint16) string {
 	for ptr := unsafe.Pointer(p); *(*uint16)(ptr) != 0; n++ {
 		ptr = unsafe.Pointer(uintptr(ptr) + unsafe.Sizeof(*p))
 	}
-
-	return string(utf16.Decode(unsafe.Slice(p, n)))
+	return UTF16ToString(unsafe.Slice(p, n))
 }
 
 func Getpagesize() int { return 4096 }
@@ -166,6 +165,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	CreateFile(name *uint16, access uint32, mode uint32, sa *SecurityAttributes, createmode uint32, attrs uint32, templatefile Handle) (handle Handle, err error) [failretval==InvalidHandle] = CreateFileW
 //sys	CreateNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *SecurityAttributes) (handle Handle, err error)  [failretval==InvalidHandle] = CreateNamedPipeW
 //sys	ConnectNamedPipe(pipe Handle, overlapped *Overlapped) (err error)
+//sys	DisconnectNamedPipe(pipe Handle) (err error)
 //sys	GetNamedPipeInfo(pipe Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error)
 //sys	GetNamedPipeHandleState(pipe Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) = GetNamedPipeHandleStateW
 //sys	SetNamedPipeHandleState(pipe Handle, state *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32) (err error) = SetNamedPipeHandleState
@@ -349,8 +349,19 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	SetProcessPriorityBoost(process Handle, disable bool) (err error) = kernel32.SetProcessPriorityBoost
 //sys	GetProcessWorkingSetSizeEx(hProcess Handle, lpMinimumWorkingSetSize *uintptr, lpMaximumWorkingSetSize *uintptr, flags *uint32)
 //sys	SetProcessWorkingSetSizeEx(hProcess Handle, dwMinimumWorkingSetSize uintptr, dwMaximumWorkingSetSize uintptr, flags uint32) (err error)
+//sys	ClearCommBreak(handle Handle) (err error)
+//sys	ClearCommError(handle Handle, lpErrors *uint32, lpStat *ComStat) (err error)
+//sys	EscapeCommFunction(handle Handle, dwFunc uint32) (err error)
+//sys	GetCommState(handle Handle, lpDCB *DCB) (err error)
+//sys	GetCommModemStatus(handle Handle, lpModemStat *uint32) (err error)
 //sys	GetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error)
+//sys	PurgeComm(handle Handle, dwFlags uint32) (err error)
+//sys	SetCommBreak(handle Handle) (err error)
+//sys	SetCommMask(handle Handle, dwEvtMask uint32) (err error)
+//sys	SetCommState(handle Handle, lpDCB *DCB) (err error)
 //sys	SetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error)
+//sys	SetupComm(handle Handle, dwInQueue uint32, dwOutQueue uint32) (err error)
+//sys	WaitCommEvent(handle Handle, lpEvtMask *uint32, lpOverlapped *Overlapped) (err error)
 //sys	GetActiveProcessorCount(groupNumber uint16) (ret uint32)
 //sys	GetMaximumProcessorCount(groupNumber uint16) (ret uint32)
 //sys	EnumWindows(enumFunc uintptr, param unsafe.Pointer) (err error) = user32.EnumWindows
@@ -1835,3 +1846,73 @@ func ResizePseudoConsole(pconsole Handle, size Coord) error {
 	// accept arguments that can be casted to uintptr, and Coord can't.
 	return resizePseudoConsole(pconsole, *((*uint32)(unsafe.Pointer(&size))))
 }
+
+// DCB constants. See https://learn.microsoft.com/en-us/windows/win32/api/winbase/ns-winbase-dcb.
+const (
+	CBR_110    = 110
+	CBR_300    = 300
+	CBR_600    = 600
+	CBR_1200   = 1200
+	CBR_2400   = 2400
+	CBR_4800   = 4800
+	CBR_9600   = 9600
+	CBR_14400  = 14400
+	CBR_19200  = 19200
+	CBR_38400  = 38400
+	CBR_57600  = 57600
+	CBR_115200 = 115200
+	CBR_128000 = 128000
+	CBR_256000 = 256000
+
+	DTR_CONTROL_DISABLE   = 0x00000000
+	DTR_CONTROL_ENABLE    = 0x00000010
+	DTR_CONTROL_HANDSHAKE = 0x00000020
+
+	RTS_CONTROL_DISABLE   = 0x00000000
+	RTS_CONTROL_ENABLE    = 0x00001000
+	RTS_CONTROL_HANDSHAKE = 0x00002000
+	RTS_CONTROL_TOGGLE    = 0x00003000
+
+	NOPARITY    = 0
+	ODDPARITY   = 1
+	EVENPARITY  = 2
+	MARKPARITY  = 3
+	SPACEPARITY = 4
+
+	ONESTOPBIT   = 0
+	ONE5STOPBITS = 1
+	TWOSTOPBITS  = 2
+)
+
+// EscapeCommFunction constants. See https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-escapecommfunction.
+const (
+	SETXOFF  = 1
+	SETXON   = 2
+	SETRTS   = 3
+	CLRRTS   = 4
+	SETDTR   = 5
+	CLRDTR   = 6
+	SETBREAK = 8
+	CLRBREAK = 9
+)
+
+// PurgeComm constants. See https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-purgecomm.
+const (
+	PURGE_TXABORT = 0x0001
+	PURGE_RXABORT = 0x0002
+	PURGE_TXCLEAR = 0x0004
+	PURGE_RXCLEAR = 0x0008
+)
+
+// SetCommMask constants. See https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-setcommmask.
+const (
+	EV_RXCHAR  = 0x0001
+	EV_RXFLAG  = 0x0002
+	EV_TXEMPTY = 0x0004
+	EV_CTS     = 0x0008
+	EV_DSR     = 0x0010
+	EV_RLSD    = 0x0020
+	EV_BREAK   = 0x0040
+	EV_ERR     = 0x0080
+	EV_RING    = 0x0100
+)
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index 359780f6ac..d8cb71db0a 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -3380,3 +3380,27 @@ type BLOB struct {
 	Size     uint32
 	BlobData *byte
 }
+
+type ComStat struct {
+	Flags    uint32
+	CBInQue  uint32
+	CBOutQue uint32
+}
+
+type DCB struct {
+	DCBlength  uint32
+	BaudRate   uint32
+	Flags      uint32
+	wReserved  uint16
+	XonLim     uint16
+	XoffLim    uint16
+	ByteSize   uint8
+	Parity     uint8
+	StopBits   uint8
+	XonChar    byte
+	XoffChar   byte
+	ErrorChar  byte
+	EofChar    byte
+	EvtChar    byte
+	wReserved1 uint16
+}
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index e8791c82c3..eba761018a 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -91,6 +91,7 @@ var (
 	procEnumServicesStatusExW                                = modadvapi32.NewProc("EnumServicesStatusExW")
 	procEqualSid                                             = modadvapi32.NewProc("EqualSid")
 	procFreeSid                                              = modadvapi32.NewProc("FreeSid")
+	procGetAce                                               = modadvapi32.NewProc("GetAce")
 	procGetLengthSid                                         = modadvapi32.NewProc("GetLengthSid")
 	procGetNamedSecurityInfoW                                = modadvapi32.NewProc("GetNamedSecurityInfoW")
 	procGetSecurityDescriptorControl                         = modadvapi32.NewProc("GetSecurityDescriptorControl")
@@ -188,6 +189,8 @@ var (
 	procAssignProcessToJobObject                             = modkernel32.NewProc("AssignProcessToJobObject")
 	procCancelIo                                             = modkernel32.NewProc("CancelIo")
 	procCancelIoEx                                           = modkernel32.NewProc("CancelIoEx")
+	procClearCommBreak                                       = modkernel32.NewProc("ClearCommBreak")
+	procClearCommError                                       = modkernel32.NewProc("ClearCommError")
 	procCloseHandle                                          = modkernel32.NewProc("CloseHandle")
 	procClosePseudoConsole                                   = modkernel32.NewProc("ClosePseudoConsole")
 	procConnectNamedPipe                                     = modkernel32.NewProc("ConnectNamedPipe")
@@ -212,7 +215,9 @@ var (
 	procDeleteProcThreadAttributeList                        = modkernel32.NewProc("DeleteProcThreadAttributeList")
 	procDeleteVolumeMountPointW                              = modkernel32.NewProc("DeleteVolumeMountPointW")
 	procDeviceIoControl                                      = modkernel32.NewProc("DeviceIoControl")
+	procDisconnectNamedPipe                                  = modkernel32.NewProc("DisconnectNamedPipe")
 	procDuplicateHandle                                      = modkernel32.NewProc("DuplicateHandle")
+	procEscapeCommFunction                                   = modkernel32.NewProc("EscapeCommFunction")
 	procExitProcess                                          = modkernel32.NewProc("ExitProcess")
 	procExpandEnvironmentStringsW                            = modkernel32.NewProc("ExpandEnvironmentStringsW")
 	procFindClose                                            = modkernel32.NewProc("FindClose")
@@ -236,6 +241,8 @@ var (
 	procGenerateConsoleCtrlEvent                             = modkernel32.NewProc("GenerateConsoleCtrlEvent")
 	procGetACP                                               = modkernel32.NewProc("GetACP")
 	procGetActiveProcessorCount                              = modkernel32.NewProc("GetActiveProcessorCount")
+	procGetCommModemStatus                                   = modkernel32.NewProc("GetCommModemStatus")
+	procGetCommState                                         = modkernel32.NewProc("GetCommState")
 	procGetCommTimeouts                                      = modkernel32.NewProc("GetCommTimeouts")
 	procGetCommandLineW                                      = modkernel32.NewProc("GetCommandLineW")
 	procGetComputerNameExW                                   = modkernel32.NewProc("GetComputerNameExW")
@@ -322,6 +329,7 @@ var (
 	procProcess32NextW                                       = modkernel32.NewProc("Process32NextW")
 	procProcessIdToSessionId                                 = modkernel32.NewProc("ProcessIdToSessionId")
 	procPulseEvent                                           = modkernel32.NewProc("PulseEvent")
+	procPurgeComm                                            = modkernel32.NewProc("PurgeComm")
 	procQueryDosDeviceW                                      = modkernel32.NewProc("QueryDosDeviceW")
 	procQueryFullProcessImageNameW                           = modkernel32.NewProc("QueryFullProcessImageNameW")
 	procQueryInformationJobObject                            = modkernel32.NewProc("QueryInformationJobObject")
@@ -335,6 +343,9 @@ var (
 	procResetEvent                                           = modkernel32.NewProc("ResetEvent")
 	procResizePseudoConsole                                  = modkernel32.NewProc("ResizePseudoConsole")
 	procResumeThread                                         = modkernel32.NewProc("ResumeThread")
+	procSetCommBreak                                         = modkernel32.NewProc("SetCommBreak")
+	procSetCommMask                                          = modkernel32.NewProc("SetCommMask")
+	procSetCommState                                         = modkernel32.NewProc("SetCommState")
 	procSetCommTimeouts                                      = modkernel32.NewProc("SetCommTimeouts")
 	procSetConsoleCursorPosition                             = modkernel32.NewProc("SetConsoleCursorPosition")
 	procSetConsoleMode                                       = modkernel32.NewProc("SetConsoleMode")
@@ -342,7 +353,6 @@ var (
 	procSetDefaultDllDirectories                             = modkernel32.NewProc("SetDefaultDllDirectories")
 	procSetDllDirectoryW                                     = modkernel32.NewProc("SetDllDirectoryW")
 	procSetEndOfFile                                         = modkernel32.NewProc("SetEndOfFile")
-	procSetFileValidData                                     = modkernel32.NewProc("SetFileValidData")
 	procSetEnvironmentVariableW                              = modkernel32.NewProc("SetEnvironmentVariableW")
 	procSetErrorMode                                         = modkernel32.NewProc("SetErrorMode")
 	procSetEvent                                             = modkernel32.NewProc("SetEvent")
@@ -351,6 +361,7 @@ var (
 	procSetFileInformationByHandle                           = modkernel32.NewProc("SetFileInformationByHandle")
 	procSetFilePointer                                       = modkernel32.NewProc("SetFilePointer")
 	procSetFileTime                                          = modkernel32.NewProc("SetFileTime")
+	procSetFileValidData                                     = modkernel32.NewProc("SetFileValidData")
 	procSetHandleInformation                                 = modkernel32.NewProc("SetHandleInformation")
 	procSetInformationJobObject                              = modkernel32.NewProc("SetInformationJobObject")
 	procSetNamedPipeHandleState                              = modkernel32.NewProc("SetNamedPipeHandleState")
@@ -361,6 +372,7 @@ var (
 	procSetStdHandle                                         = modkernel32.NewProc("SetStdHandle")
 	procSetVolumeLabelW                                      = modkernel32.NewProc("SetVolumeLabelW")
 	procSetVolumeMountPointW                                 = modkernel32.NewProc("SetVolumeMountPointW")
+	procSetupComm                                            = modkernel32.NewProc("SetupComm")
 	procSizeofResource                                       = modkernel32.NewProc("SizeofResource")
 	procSleepEx                                              = modkernel32.NewProc("SleepEx")
 	procTerminateJobObject                                   = modkernel32.NewProc("TerminateJobObject")
@@ -379,6 +391,7 @@ var (
 	procVirtualQueryEx                                       = modkernel32.NewProc("VirtualQueryEx")
 	procVirtualUnlock                                        = modkernel32.NewProc("VirtualUnlock")
 	procWTSGetActiveConsoleSessionId                         = modkernel32.NewProc("WTSGetActiveConsoleSessionId")
+	procWaitCommEvent                                        = modkernel32.NewProc("WaitCommEvent")
 	procWaitForMultipleObjects                               = modkernel32.NewProc("WaitForMultipleObjects")
 	procWaitForSingleObject                                  = modkernel32.NewProc("WaitForSingleObject")
 	procWriteConsoleW                                        = modkernel32.NewProc("WriteConsoleW")
@@ -389,6 +402,7 @@ var (
 	procTransmitFile                                         = modmswsock.NewProc("TransmitFile")
 	procNetApiBufferFree                                     = modnetapi32.NewProc("NetApiBufferFree")
 	procNetGetJoinInformation                                = modnetapi32.NewProc("NetGetJoinInformation")
+	procNetUserEnum                                          = modnetapi32.NewProc("NetUserEnum")
 	procNetUserGetInfo                                       = modnetapi32.NewProc("NetUserGetInfo")
 	procNtCreateFile                                         = modntdll.NewProc("NtCreateFile")
 	procNtCreateNamedPipeFile                                = modntdll.NewProc("NtCreateNamedPipeFile")
@@ -1211,6 +1225,14 @@ func setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCE
 	return
 }
 
+func GetAce(acl *ACL, aceIndex uint32, pAce **ACCESS_ALLOWED_ACE) (ret error) {
+	r0, _, _ := syscall.Syscall(procGetAce.Addr(), 3, uintptr(unsafe.Pointer(acl)), uintptr(aceIndex), uintptr(unsafe.Pointer(pAce)))
+	if r0 == 0 {
+		ret = GetLastError()
+	}
+	return
+}
+
 func SetKernelObjectSecurity(handle Handle, securityInformation SECURITY_INFORMATION, securityDescriptor *SECURITY_DESCRIPTOR) (err error) {
 	r1, _, e1 := syscall.Syscall(procSetKernelObjectSecurity.Addr(), 3, uintptr(handle), uintptr(securityInformation), uintptr(unsafe.Pointer(securityDescriptor)))
 	if r1 == 0 {
@@ -1641,6 +1663,22 @@ func CancelIoEx(s Handle, o *Overlapped) (err error) {
 	return
 }
 
+func ClearCommBreak(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procClearCommBreak.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func ClearCommError(handle Handle, lpErrors *uint32, lpStat *ComStat) (err error) {
+	r1, _, e1 := syscall.Syscall(procClearCommError.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(lpErrors)), uintptr(unsafe.Pointer(lpStat)))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func CloseHandle(handle Handle) (err error) {
 	r1, _, e1 := syscall.Syscall(procCloseHandle.Addr(), 1, uintptr(handle), 0, 0)
 	if r1 == 0 {
@@ -1845,6 +1883,14 @@ func DeviceIoControl(handle Handle, ioControlCode uint32, inBuffer *byte, inBuff
 	return
 }
 
+func DisconnectNamedPipe(pipe Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procDisconnectNamedPipe.Addr(), 1, uintptr(pipe), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func DuplicateHandle(hSourceProcessHandle Handle, hSourceHandle Handle, hTargetProcessHandle Handle, lpTargetHandle *Handle, dwDesiredAccess uint32, bInheritHandle bool, dwOptions uint32) (err error) {
 	var _p0 uint32
 	if bInheritHandle {
@@ -1857,6 +1903,14 @@ func DuplicateHandle(hSourceProcessHandle Handle, hSourceHandle Handle, hTargetP
 	return
 }
 
+func EscapeCommFunction(handle Handle, dwFunc uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procEscapeCommFunction.Addr(), 2, uintptr(handle), uintptr(dwFunc), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func ExitProcess(exitcode uint32) {
 	syscall.Syscall(procExitProcess.Addr(), 1, uintptr(exitcode), 0, 0)
 	return
@@ -2058,6 +2112,22 @@ func GetActiveProcessorCount(groupNumber uint16) (ret uint32) {
 	return
 }
 
+func GetCommModemStatus(handle Handle, lpModemStat *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetCommModemStatus.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(lpModemStat)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func GetCommState(handle Handle, lpDCB *DCB) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetCommState.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(lpDCB)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func GetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) {
 	r1, _, e1 := syscall.Syscall(procGetCommTimeouts.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(timeouts)), 0)
 	if r1 == 0 {
@@ -2810,6 +2880,14 @@ func PulseEvent(event Handle) (err error) {
 	return
 }
 
+func PurgeComm(handle Handle, dwFlags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procPurgeComm.Addr(), 2, uintptr(handle), uintptr(dwFlags), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func QueryDosDevice(deviceName *uint16, targetPath *uint16, max uint32) (n uint32, err error) {
 	r0, _, e1 := syscall.Syscall(procQueryDosDeviceW.Addr(), 3, uintptr(unsafe.Pointer(deviceName)), uintptr(unsafe.Pointer(targetPath)), uintptr(max))
 	n = uint32(r0)
@@ -2924,6 +3002,30 @@ func ResumeThread(thread Handle) (ret uint32, err error) {
 	return
 }
 
+func SetCommBreak(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetCommBreak.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetCommMask(handle Handle, dwEvtMask uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetCommMask.Addr(), 2, uintptr(handle), uintptr(dwEvtMask), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetCommState(handle Handle, lpDCB *DCB) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetCommState.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(lpDCB)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func SetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) {
 	r1, _, e1 := syscall.Syscall(procSetCommTimeouts.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(timeouts)), 0)
 	if r1 == 0 {
@@ -2989,14 +3091,6 @@ func SetEndOfFile(handle Handle) (err error) {
 	return
 }
 
-func SetFileValidData(handle Handle, validDataLength int64) (err error) {
-	r1, _, e1 := syscall.Syscall(procSetFileValidData.Addr(), 2, uintptr(handle), uintptr(validDataLength), 0)
-	if r1 == 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
 func SetEnvironmentVariable(name *uint16, value *uint16) (err error) {
 	r1, _, e1 := syscall.Syscall(procSetEnvironmentVariableW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(value)), 0)
 	if r1 == 0 {
@@ -3060,6 +3154,14 @@ func SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetim
 	return
 }
 
+func SetFileValidData(handle Handle, validDataLength int64) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetFileValidData.Addr(), 2, uintptr(handle), uintptr(validDataLength), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func SetHandleInformation(handle Handle, mask uint32, flags uint32) (err error) {
 	r1, _, e1 := syscall.Syscall(procSetHandleInformation.Addr(), 3, uintptr(handle), uintptr(mask), uintptr(flags))
 	if r1 == 0 {
@@ -3145,6 +3247,14 @@ func SetVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16) (err erro
 	return
 }
 
+func SetupComm(handle Handle, dwInQueue uint32, dwOutQueue uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetupComm.Addr(), 3, uintptr(handle), uintptr(dwInQueue), uintptr(dwOutQueue))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func SizeofResource(module Handle, resInfo Handle) (size uint32, err error) {
 	r0, _, e1 := syscall.Syscall(procSizeofResource.Addr(), 2, uintptr(module), uintptr(resInfo), 0)
 	size = uint32(r0)
@@ -3291,6 +3401,14 @@ func WTSGetActiveConsoleSessionId() (sessionID uint32) {
 	return
 }
 
+func WaitCommEvent(handle Handle, lpEvtMask *uint32, lpOverlapped *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall(procWaitCommEvent.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(lpEvtMask)), uintptr(unsafe.Pointer(lpOverlapped)))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func waitForMultipleObjects(count uint32, handles uintptr, waitAll bool, waitMilliseconds uint32) (event uint32, err error) {
 	var _p0 uint32
 	if waitAll {
@@ -3378,6 +3496,14 @@ func NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (nete
 	return
 }
 
+func NetUserEnum(serverName *uint16, level uint32, filter uint32, buf **byte, prefMaxLen uint32, entriesRead *uint32, totalEntries *uint32, resumeHandle *uint32) (neterr error) {
+	r0, _, _ := syscall.Syscall9(procNetUserEnum.Addr(), 8, uintptr(unsafe.Pointer(serverName)), uintptr(level), uintptr(filter), uintptr(unsafe.Pointer(buf)), uintptr(prefMaxLen), uintptr(unsafe.Pointer(entriesRead)), uintptr(unsafe.Pointer(totalEntries)), uintptr(unsafe.Pointer(resumeHandle)), 0)
+	if r0 != 0 {
+		neterr = syscall.Errno(r0)
+	}
+	return
+}
+
 func NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **byte) (neterr error) {
 	r0, _, _ := syscall.Syscall6(procNetUserGetInfo.Addr(), 4, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(userName)), uintptr(level), uintptr(unsafe.Pointer(buf)), 0, 0)
 	if r0 != 0 {
diff --git a/vendor/google.golang.org/appengine/internal/api.go b/vendor/google.golang.org/appengine/internal/api.go
deleted file mode 100644
index 0569f5dd43..0000000000
--- a/vendor/google.golang.org/appengine/internal/api.go
+++ /dev/null
@@ -1,653 +0,0 @@
-// Copyright 2011 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-//go:build !appengine
-// +build !appengine
-
-package internal
-
-import (
-	"bytes"
-	"context"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"log"
-	"net"
-	"net/http"
-	"net/url"
-	"os"
-	"runtime"
-	"strconv"
-	"strings"
-	"sync"
-	"sync/atomic"
-	"time"
-
-	"github.com/golang/protobuf/proto"
-
-	basepb "google.golang.org/appengine/internal/base"
-	logpb "google.golang.org/appengine/internal/log"
-	remotepb "google.golang.org/appengine/internal/remote_api"
-)
-
-const (
-	apiPath = "/rpc_http"
-)
-
-var (
-	// Incoming headers.
-	ticketHeader       = http.CanonicalHeaderKey("X-AppEngine-API-Ticket")
-	dapperHeader       = http.CanonicalHeaderKey("X-Google-DapperTraceInfo")
-	traceHeader        = http.CanonicalHeaderKey("X-Cloud-Trace-Context")
-	curNamespaceHeader = http.CanonicalHeaderKey("X-AppEngine-Current-Namespace")
-	userIPHeader       = http.CanonicalHeaderKey("X-AppEngine-User-IP")
-	remoteAddrHeader   = http.CanonicalHeaderKey("X-AppEngine-Remote-Addr")
-	devRequestIdHeader = http.CanonicalHeaderKey("X-Appengine-Dev-Request-Id")
-
-	// Outgoing headers.
-	apiEndpointHeader      = http.CanonicalHeaderKey("X-Google-RPC-Service-Endpoint")
-	apiEndpointHeaderValue = []string{"app-engine-apis"}
-	apiMethodHeader        = http.CanonicalHeaderKey("X-Google-RPC-Service-Method")
-	apiMethodHeaderValue   = []string{"/VMRemoteAPI.CallRemoteAPI"}
-	apiDeadlineHeader      = http.CanonicalHeaderKey("X-Google-RPC-Service-Deadline")
-	apiContentType         = http.CanonicalHeaderKey("Content-Type")
-	apiContentTypeValue    = []string{"application/octet-stream"}
-	logFlushHeader         = http.CanonicalHeaderKey("X-AppEngine-Log-Flush-Count")
-
-	apiHTTPClient = &http.Client{
-		Transport: &http.Transport{
-			Proxy:               http.ProxyFromEnvironment,
-			Dial:                limitDial,
-			MaxIdleConns:        1000,
-			MaxIdleConnsPerHost: 10000,
-			IdleConnTimeout:     90 * time.Second,
-		},
-	}
-)
-
-func apiURL(ctx context.Context) *url.URL {
-	host, port := "appengine.googleapis.internal", "10001"
-	if h := os.Getenv("API_HOST"); h != "" {
-		host = h
-	}
-	if hostOverride := ctx.Value(apiHostOverrideKey); hostOverride != nil {
-		host = hostOverride.(string)
-	}
-	if p := os.Getenv("API_PORT"); p != "" {
-		port = p
-	}
-	if portOverride := ctx.Value(apiPortOverrideKey); portOverride != nil {
-		port = portOverride.(string)
-	}
-	return &url.URL{
-		Scheme: "http",
-		Host:   host + ":" + port,
-		Path:   apiPath,
-	}
-}
-
-// Middleware wraps an http handler so that it can make GAE API calls
-func Middleware(next http.Handler) http.Handler {
-	return handleHTTPMiddleware(executeRequestSafelyMiddleware(next))
-}
-
-func handleHTTPMiddleware(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		c := &aeContext{
-			req:       r,
-			outHeader: w.Header(),
-		}
-		r = r.WithContext(withContext(r.Context(), c))
-		c.req = r
-
-		stopFlushing := make(chan int)
-
-		// Patch up RemoteAddr so it looks reasonable.
-		if addr := r.Header.Get(userIPHeader); addr != "" {
-			r.RemoteAddr = addr
-		} else if addr = r.Header.Get(remoteAddrHeader); addr != "" {
-			r.RemoteAddr = addr
-		} else {
-			// Should not normally reach here, but pick a sensible default anyway.
-			r.RemoteAddr = "127.0.0.1"
-		}
-		// The address in the headers will most likely be of these forms:
-		//	123.123.123.123
-		//	2001:db8::1
-		// net/http.Request.RemoteAddr is specified to be in "IP:port" form.
-		if _, _, err := net.SplitHostPort(r.RemoteAddr); err != nil {
-			// Assume the remote address is only a host; add a default port.
-			r.RemoteAddr = net.JoinHostPort(r.RemoteAddr, "80")
-		}
-
-		if logToLogservice() {
-			// Start goroutine responsible for flushing app logs.
-			// This is done after adding c to ctx.m (and stopped before removing it)
-			// because flushing logs requires making an API call.
-			go c.logFlusher(stopFlushing)
-		}
-
-		next.ServeHTTP(c, r)
-		c.outHeader = nil // make sure header changes aren't respected any more
-
-		flushed := make(chan struct{})
-		if logToLogservice() {
-			stopFlushing <- 1 // any logging beyond this point will be dropped
-
-			// Flush any pending logs asynchronously.
-			c.pendingLogs.Lock()
-			flushes := c.pendingLogs.flushes
-			if len(c.pendingLogs.lines) > 0 {
-				flushes++
-			}
-			c.pendingLogs.Unlock()
-			go func() {
-				defer close(flushed)
-				// Force a log flush, because with very short requests we
-				// may not ever flush logs.
-				c.flushLog(true)
-			}()
-			w.Header().Set(logFlushHeader, strconv.Itoa(flushes))
-		}
-
-		// Avoid nil Write call if c.Write is never called.
-		if c.outCode != 0 {
-			w.WriteHeader(c.outCode)
-		}
-		if c.outBody != nil {
-			w.Write(c.outBody)
-		}
-		if logToLogservice() {
-			// Wait for the last flush to complete before returning,
-			// otherwise the security ticket will not be valid.
-			<-flushed
-		}
-	})
-}
-
-func executeRequestSafelyMiddleware(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		defer func() {
-			if x := recover(); x != nil {
-				c := w.(*aeContext)
-				logf(c, 4, "%s", renderPanic(x)) // 4 == critical
-				c.outCode = 500
-			}
-		}()
-
-		next.ServeHTTP(w, r)
-	})
-}
-
-func renderPanic(x interface{}) string {
-	buf := make([]byte, 16<<10) // 16 KB should be plenty
-	buf = buf[:runtime.Stack(buf, false)]
-
-	// Remove the first few stack frames:
-	//   this func
-	//   the recover closure in the caller
-	// That will root the stack trace at the site of the panic.
-	const (
-		skipStart  = "internal.renderPanic"
-		skipFrames = 2
-	)
-	start := bytes.Index(buf, []byte(skipStart))
-	p := start
-	for i := 0; i < skipFrames*2 && p+1 < len(buf); i++ {
-		p = bytes.IndexByte(buf[p+1:], '\n') + p + 1
-		if p < 0 {
-			break
-		}
-	}
-	if p >= 0 {
-		// buf[start:p+1] is the block to remove.
-		// Copy buf[p+1:] over buf[start:] and shrink buf.
-		copy(buf[start:], buf[p+1:])
-		buf = buf[:len(buf)-(p+1-start)]
-	}
-
-	// Add panic heading.
-	head := fmt.Sprintf("panic: %v\n\n", x)
-	if len(head) > len(buf) {
-		// Extremely unlikely to happen.
-		return head
-	}
-	copy(buf[len(head):], buf)
-	copy(buf, head)
-
-	return string(buf)
-}
-
-// aeContext represents the aeContext of an in-flight HTTP request.
-// It implements the appengine.Context and http.ResponseWriter interfaces.
-type aeContext struct {
-	req *http.Request
-
-	outCode   int
-	outHeader http.Header
-	outBody   []byte
-
-	pendingLogs struct {
-		sync.Mutex
-		lines   []*logpb.UserAppLogLine
-		flushes int
-	}
-}
-
-var contextKey = "holds a *context"
-
-// jointContext joins two contexts in a superficial way.
-// It takes values and timeouts from a base context, and only values from another context.
-type jointContext struct {
-	base       context.Context
-	valuesOnly context.Context
-}
-
-func (c jointContext) Deadline() (time.Time, bool) {
-	return c.base.Deadline()
-}
-
-func (c jointContext) Done() <-chan struct{} {
-	return c.base.Done()
-}
-
-func (c jointContext) Err() error {
-	return c.base.Err()
-}
-
-func (c jointContext) Value(key interface{}) interface{} {
-	if val := c.base.Value(key); val != nil {
-		return val
-	}
-	return c.valuesOnly.Value(key)
-}
-
-// fromContext returns the App Engine context or nil if ctx is not
-// derived from an App Engine context.
-func fromContext(ctx context.Context) *aeContext {
-	c, _ := ctx.Value(&contextKey).(*aeContext)
-	return c
-}
-
-func withContext(parent context.Context, c *aeContext) context.Context {
-	ctx := context.WithValue(parent, &contextKey, c)
-	if ns := c.req.Header.Get(curNamespaceHeader); ns != "" {
-		ctx = withNamespace(ctx, ns)
-	}
-	return ctx
-}
-
-func toContext(c *aeContext) context.Context {
-	return withContext(context.Background(), c)
-}
-
-func IncomingHeaders(ctx context.Context) http.Header {
-	if c := fromContext(ctx); c != nil {
-		return c.req.Header
-	}
-	return nil
-}
-
-func ReqContext(req *http.Request) context.Context {
-	return req.Context()
-}
-
-func WithContext(parent context.Context, req *http.Request) context.Context {
-	return jointContext{
-		base:       parent,
-		valuesOnly: req.Context(),
-	}
-}
-
-// RegisterTestRequest registers the HTTP request req for testing, such that
-// any API calls are sent to the provided URL.
-// It should only be used by aetest package.
-func RegisterTestRequest(req *http.Request, apiURL *url.URL, appID string) *http.Request {
-	ctx := req.Context()
-	ctx = withAPIHostOverride(ctx, apiURL.Hostname())
-	ctx = withAPIPortOverride(ctx, apiURL.Port())
-	ctx = WithAppIDOverride(ctx, appID)
-
-	// use the unregistered request as a placeholder so that withContext can read the headers
-	c := &aeContext{req: req}
-	c.req = req.WithContext(withContext(ctx, c))
-	return c.req
-}
-
-var errTimeout = &CallError{
-	Detail:  "Deadline exceeded",
-	Code:    int32(remotepb.RpcError_CANCELLED),
-	Timeout: true,
-}
-
-func (c *aeContext) Header() http.Header { return c.outHeader }
-
-// Copied from $GOROOT/src/pkg/net/http/transfer.go. Some response status
-// codes do not permit a response body (nor response entity headers such as
-// Content-Length, Content-Type, etc).
-func bodyAllowedForStatus(status int) bool {
-	switch {
-	case status >= 100 && status <= 199:
-		return false
-	case status == 204:
-		return false
-	case status == 304:
-		return false
-	}
-	return true
-}
-
-func (c *aeContext) Write(b []byte) (int, error) {
-	if c.outCode == 0 {
-		c.WriteHeader(http.StatusOK)
-	}
-	if len(b) > 0 && !bodyAllowedForStatus(c.outCode) {
-		return 0, http.ErrBodyNotAllowed
-	}
-	c.outBody = append(c.outBody, b...)
-	return len(b), nil
-}
-
-func (c *aeContext) WriteHeader(code int) {
-	if c.outCode != 0 {
-		logf(c, 3, "WriteHeader called multiple times on request.") // error level
-		return
-	}
-	c.outCode = code
-}
-
-func post(ctx context.Context, body []byte, timeout time.Duration) (b []byte, err error) {
-	apiURL := apiURL(ctx)
-	hreq := &http.Request{
-		Method: "POST",
-		URL:    apiURL,
-		Header: http.Header{
-			apiEndpointHeader: apiEndpointHeaderValue,
-			apiMethodHeader:   apiMethodHeaderValue,
-			apiContentType:    apiContentTypeValue,
-			apiDeadlineHeader: []string{strconv.FormatFloat(timeout.Seconds(), 'f', -1, 64)},
-		},
-		Body:          ioutil.NopCloser(bytes.NewReader(body)),
-		ContentLength: int64(len(body)),
-		Host:          apiURL.Host,
-	}
-	c := fromContext(ctx)
-	if c != nil {
-		if info := c.req.Header.Get(dapperHeader); info != "" {
-			hreq.Header.Set(dapperHeader, info)
-		}
-		if info := c.req.Header.Get(traceHeader); info != "" {
-			hreq.Header.Set(traceHeader, info)
-		}
-	}
-
-	tr := apiHTTPClient.Transport.(*http.Transport)
-
-	var timedOut int32 // atomic; set to 1 if timed out
-	t := time.AfterFunc(timeout, func() {
-		atomic.StoreInt32(&timedOut, 1)
-		tr.CancelRequest(hreq)
-	})
-	defer t.Stop()
-	defer func() {
-		// Check if timeout was exceeded.
-		if atomic.LoadInt32(&timedOut) != 0 {
-			err = errTimeout
-		}
-	}()
-
-	hresp, err := apiHTTPClient.Do(hreq)
-	if err != nil {
-		return nil, &CallError{
-			Detail: fmt.Sprintf("service bridge HTTP failed: %v", err),
-			Code:   int32(remotepb.RpcError_UNKNOWN),
-		}
-	}
-	defer hresp.Body.Close()
-	hrespBody, err := ioutil.ReadAll(hresp.Body)
-	if hresp.StatusCode != 200 {
-		return nil, &CallError{
-			Detail: fmt.Sprintf("service bridge returned HTTP %d (%q)", hresp.StatusCode, hrespBody),
-			Code:   int32(remotepb.RpcError_UNKNOWN),
-		}
-	}
-	if err != nil {
-		return nil, &CallError{
-			Detail: fmt.Sprintf("service bridge response bad: %v", err),
-			Code:   int32(remotepb.RpcError_UNKNOWN),
-		}
-	}
-	return hrespBody, nil
-}
-
-func Call(ctx context.Context, service, method string, in, out proto.Message) error {
-	if ns := NamespaceFromContext(ctx); ns != "" {
-		if fn, ok := NamespaceMods[service]; ok {
-			fn(in, ns)
-		}
-	}
-
-	if f, ctx, ok := callOverrideFromContext(ctx); ok {
-		return f(ctx, service, method, in, out)
-	}
-
-	// Handle already-done contexts quickly.
-	select {
-	case <-ctx.Done():
-		return ctx.Err()
-	default:
-	}
-
-	c := fromContext(ctx)
-
-	// Apply transaction modifications if we're in a transaction.
-	if t := transactionFromContext(ctx); t != nil {
-		if t.finished {
-			return errors.New("transaction aeContext has expired")
-		}
-		applyTransaction(in, &t.transaction)
-	}
-
-	// Default RPC timeout is 60s.
-	timeout := 60 * time.Second
-	if deadline, ok := ctx.Deadline(); ok {
-		timeout = deadline.Sub(time.Now())
-	}
-
-	data, err := proto.Marshal(in)
-	if err != nil {
-		return err
-	}
-
-	ticket := ""
-	if c != nil {
-		ticket = c.req.Header.Get(ticketHeader)
-		if dri := c.req.Header.Get(devRequestIdHeader); IsDevAppServer() && dri != "" {
-			ticket = dri
-		}
-	}
-	req := &remotepb.Request{
-		ServiceName: &service,
-		Method:      &method,
-		Request:     data,
-		RequestId:   &ticket,
-	}
-	hreqBody, err := proto.Marshal(req)
-	if err != nil {
-		return err
-	}
-
-	hrespBody, err := post(ctx, hreqBody, timeout)
-	if err != nil {
-		return err
-	}
-
-	res := &remotepb.Response{}
-	if err := proto.Unmarshal(hrespBody, res); err != nil {
-		return err
-	}
-	if res.RpcError != nil {
-		ce := &CallError{
-			Detail: res.RpcError.GetDetail(),
-			Code:   *res.RpcError.Code,
-		}
-		switch remotepb.RpcError_ErrorCode(ce.Code) {
-		case remotepb.RpcError_CANCELLED, remotepb.RpcError_DEADLINE_EXCEEDED:
-			ce.Timeout = true
-		}
-		return ce
-	}
-	if res.ApplicationError != nil {
-		return &APIError{
-			Service: *req.ServiceName,
-			Detail:  res.ApplicationError.GetDetail(),
-			Code:    *res.ApplicationError.Code,
-		}
-	}
-	if res.Exception != nil || res.JavaException != nil {
-		// This shouldn't happen, but let's be defensive.
-		return &CallError{
-			Detail: "service bridge returned exception",
-			Code:   int32(remotepb.RpcError_UNKNOWN),
-		}
-	}
-	return proto.Unmarshal(res.Response, out)
-}
-
-func (c *aeContext) Request() *http.Request {
-	return c.req
-}
-
-func (c *aeContext) addLogLine(ll *logpb.UserAppLogLine) {
-	// Truncate long log lines.
-	// TODO(dsymonds): Check if this is still necessary.
-	const lim = 8 << 10
-	if len(*ll.Message) > lim {
-		suffix := fmt.Sprintf("...(length %d)", len(*ll.Message))
-		ll.Message = proto.String((*ll.Message)[:lim-len(suffix)] + suffix)
-	}
-
-	c.pendingLogs.Lock()
-	c.pendingLogs.lines = append(c.pendingLogs.lines, ll)
-	c.pendingLogs.Unlock()
-}
-
-var logLevelName = map[int64]string{
-	0: "DEBUG",
-	1: "INFO",
-	2: "WARNING",
-	3: "ERROR",
-	4: "CRITICAL",
-}
-
-func logf(c *aeContext, level int64, format string, args ...interface{}) {
-	if c == nil {
-		panic("not an App Engine aeContext")
-	}
-	s := fmt.Sprintf(format, args...)
-	s = strings.TrimRight(s, "\n") // Remove any trailing newline characters.
-	if logToLogservice() {
-		c.addLogLine(&logpb.UserAppLogLine{
-			TimestampUsec: proto.Int64(time.Now().UnixNano() / 1e3),
-			Level:         &level,
-			Message:       &s,
-		})
-	}
-	// Log to stdout if not deployed
-	if !IsSecondGen() {
-		log.Print(logLevelName[level] + ": " + s)
-	}
-}
-
-// flushLog attempts to flush any pending logs to the appserver.
-// It should not be called concurrently.
-func (c *aeContext) flushLog(force bool) (flushed bool) {
-	c.pendingLogs.Lock()
-	// Grab up to 30 MB. We can get away with up to 32 MB, but let's be cautious.
-	n, rem := 0, 30<<20
-	for ; n < len(c.pendingLogs.lines); n++ {
-		ll := c.pendingLogs.lines[n]
-		// Each log line will require about 3 bytes of overhead.
-		nb := proto.Size(ll) + 3
-		if nb > rem {
-			break
-		}
-		rem -= nb
-	}
-	lines := c.pendingLogs.lines[:n]
-	c.pendingLogs.lines = c.pendingLogs.lines[n:]
-	c.pendingLogs.Unlock()
-
-	if len(lines) == 0 && !force {
-		// Nothing to flush.
-		return false
-	}
-
-	rescueLogs := false
-	defer func() {
-		if rescueLogs {
-			c.pendingLogs.Lock()
-			c.pendingLogs.lines = append(lines, c.pendingLogs.lines...)
-			c.pendingLogs.Unlock()
-		}
-	}()
-
-	buf, err := proto.Marshal(&logpb.UserAppLogGroup{
-		LogLine: lines,
-	})
-	if err != nil {
-		log.Printf("internal.flushLog: marshaling UserAppLogGroup: %v", err)
-		rescueLogs = true
-		return false
-	}
-
-	req := &logpb.FlushRequest{
-		Logs: buf,
-	}
-	res := &basepb.VoidProto{}
-	c.pendingLogs.Lock()
-	c.pendingLogs.flushes++
-	c.pendingLogs.Unlock()
-	if err := Call(toContext(c), "logservice", "Flush", req, res); err != nil {
-		log.Printf("internal.flushLog: Flush RPC: %v", err)
-		rescueLogs = true
-		return false
-	}
-	return true
-}
-
-const (
-	// Log flushing parameters.
-	flushInterval      = 1 * time.Second
-	forceFlushInterval = 60 * time.Second
-)
-
-func (c *aeContext) logFlusher(stop <-chan int) {
-	lastFlush := time.Now()
-	tick := time.NewTicker(flushInterval)
-	for {
-		select {
-		case <-stop:
-			// Request finished.
-			tick.Stop()
-			return
-		case <-tick.C:
-			force := time.Now().Sub(lastFlush) > forceFlushInterval
-			if c.flushLog(force) {
-				lastFlush = time.Now()
-			}
-		}
-	}
-}
-
-func ContextForTesting(req *http.Request) context.Context {
-	return toContext(&aeContext{req: req})
-}
-
-func logToLogservice() bool {
-	// TODO: replace logservice with json structured logs to $LOG_DIR/app.log.json
-	// where $LOG_DIR is /var/log in prod and some tmpdir in dev
-	return os.Getenv("LOG_TO_LOGSERVICE") != "0"
-}
diff --git a/vendor/google.golang.org/appengine/internal/api_classic.go b/vendor/google.golang.org/appengine/internal/api_classic.go
deleted file mode 100644
index 87c33c798e..0000000000
--- a/vendor/google.golang.org/appengine/internal/api_classic.go
+++ /dev/null
@@ -1,170 +0,0 @@
-// Copyright 2015 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-//go:build appengine
-// +build appengine
-
-package internal
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"appengine"
-	"appengine_internal"
-	basepb "appengine_internal/base"
-
-	"github.com/golang/protobuf/proto"
-)
-
-var contextKey = "holds an appengine.Context"
-
-// fromContext returns the App Engine context or nil if ctx is not
-// derived from an App Engine context.
-func fromContext(ctx context.Context) appengine.Context {
-	c, _ := ctx.Value(&contextKey).(appengine.Context)
-	return c
-}
-
-// This is only for classic App Engine adapters.
-func ClassicContextFromContext(ctx context.Context) (appengine.Context, error) {
-	c := fromContext(ctx)
-	if c == nil {
-		return nil, errNotAppEngineContext
-	}
-	return c, nil
-}
-
-func withContext(parent context.Context, c appengine.Context) context.Context {
-	ctx := context.WithValue(parent, &contextKey, c)
-
-	s := &basepb.StringProto{}
-	c.Call("__go__", "GetNamespace", &basepb.VoidProto{}, s, nil)
-	if ns := s.GetValue(); ns != "" {
-		ctx = NamespacedContext(ctx, ns)
-	}
-
-	return ctx
-}
-
-func IncomingHeaders(ctx context.Context) http.Header {
-	if c := fromContext(ctx); c != nil {
-		if req, ok := c.Request().(*http.Request); ok {
-			return req.Header
-		}
-	}
-	return nil
-}
-
-func ReqContext(req *http.Request) context.Context {
-	return WithContext(context.Background(), req)
-}
-
-func WithContext(parent context.Context, req *http.Request) context.Context {
-	c := appengine.NewContext(req)
-	return withContext(parent, c)
-}
-
-type testingContext struct {
-	appengine.Context
-
-	req *http.Request
-}
-
-func (t *testingContext) FullyQualifiedAppID() string { return "dev~testcontext" }
-func (t *testingContext) Call(service, method string, _, _ appengine_internal.ProtoMessage, _ *appengine_internal.CallOptions) error {
-	if service == "__go__" && method == "GetNamespace" {
-		return nil
-	}
-	return fmt.Errorf("testingContext: unsupported Call")
-}
-func (t *testingContext) Request() interface{} { return t.req }
-
-func ContextForTesting(req *http.Request) context.Context {
-	return withContext(context.Background(), &testingContext{req: req})
-}
-
-func Call(ctx context.Context, service, method string, in, out proto.Message) error {
-	if ns := NamespaceFromContext(ctx); ns != "" {
-		if fn, ok := NamespaceMods[service]; ok {
-			fn(in, ns)
-		}
-	}
-
-	if f, ctx, ok := callOverrideFromContext(ctx); ok {
-		return f(ctx, service, method, in, out)
-	}
-
-	// Handle already-done contexts quickly.
-	select {
-	case <-ctx.Done():
-		return ctx.Err()
-	default:
-	}
-
-	c := fromContext(ctx)
-	if c == nil {
-		// Give a good error message rather than a panic lower down.
-		return errNotAppEngineContext
-	}
-
-	// Apply transaction modifications if we're in a transaction.
-	if t := transactionFromContext(ctx); t != nil {
-		if t.finished {
-			return errors.New("transaction context has expired")
-		}
-		applyTransaction(in, &t.transaction)
-	}
-
-	var opts *appengine_internal.CallOptions
-	if d, ok := ctx.Deadline(); ok {
-		opts = &appengine_internal.CallOptions{
-			Timeout: d.Sub(time.Now()),
-		}
-	}
-
-	err := c.Call(service, method, in, out, opts)
-	switch v := err.(type) {
-	case *appengine_internal.APIError:
-		return &APIError{
-			Service: v.Service,
-			Detail:  v.Detail,
-			Code:    v.Code,
-		}
-	case *appengine_internal.CallError:
-		return &CallError{
-			Detail:  v.Detail,
-			Code:    v.Code,
-			Timeout: v.Timeout,
-		}
-	}
-	return err
-}
-
-func Middleware(next http.Handler) http.Handler {
-	panic("Middleware called; this should be impossible")
-}
-
-func logf(c appengine.Context, level int64, format string, args ...interface{}) {
-	var fn func(format string, args ...interface{})
-	switch level {
-	case 0:
-		fn = c.Debugf
-	case 1:
-		fn = c.Infof
-	case 2:
-		fn = c.Warningf
-	case 3:
-		fn = c.Errorf
-	case 4:
-		fn = c.Criticalf
-	default:
-		// This shouldn't happen.
-		fn = c.Criticalf
-	}
-	fn(format, args...)
-}
diff --git a/vendor/google.golang.org/appengine/internal/api_common.go b/vendor/google.golang.org/appengine/internal/api_common.go
deleted file mode 100644
index 5b95c13d92..0000000000
--- a/vendor/google.golang.org/appengine/internal/api_common.go
+++ /dev/null
@@ -1,141 +0,0 @@
-// Copyright 2015 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-package internal
-
-import (
-	"context"
-	"errors"
-	"os"
-
-	"github.com/golang/protobuf/proto"
-)
-
-type ctxKey string
-
-func (c ctxKey) String() string {
-	return "appengine context key: " + string(c)
-}
-
-var errNotAppEngineContext = errors.New("not an App Engine context")
-
-type CallOverrideFunc func(ctx context.Context, service, method string, in, out proto.Message) error
-
-var callOverrideKey = "holds []CallOverrideFunc"
-
-func WithCallOverride(ctx context.Context, f CallOverrideFunc) context.Context {
-	// We avoid appending to any existing call override
-	// so we don't risk overwriting a popped stack below.
-	var cofs []CallOverrideFunc
-	if uf, ok := ctx.Value(&callOverrideKey).([]CallOverrideFunc); ok {
-		cofs = append(cofs, uf...)
-	}
-	cofs = append(cofs, f)
-	return context.WithValue(ctx, &callOverrideKey, cofs)
-}
-
-func callOverrideFromContext(ctx context.Context) (CallOverrideFunc, context.Context, bool) {
-	cofs, _ := ctx.Value(&callOverrideKey).([]CallOverrideFunc)
-	if len(cofs) == 0 {
-		return nil, nil, false
-	}
-	// We found a list of overrides; grab the last, and reconstitute a
-	// context that will hide it.
-	f := cofs[len(cofs)-1]
-	ctx = context.WithValue(ctx, &callOverrideKey, cofs[:len(cofs)-1])
-	return f, ctx, true
-}
-
-type logOverrideFunc func(level int64, format string, args ...interface{})
-
-var logOverrideKey = "holds a logOverrideFunc"
-
-func WithLogOverride(ctx context.Context, f logOverrideFunc) context.Context {
-	return context.WithValue(ctx, &logOverrideKey, f)
-}
-
-var appIDOverrideKey = "holds a string, being the full app ID"
-
-func WithAppIDOverride(ctx context.Context, appID string) context.Context {
-	return context.WithValue(ctx, &appIDOverrideKey, appID)
-}
-
-var apiHostOverrideKey = ctxKey("holds a string, being the alternate API_HOST")
-
-func withAPIHostOverride(ctx context.Context, apiHost string) context.Context {
-	return context.WithValue(ctx, apiHostOverrideKey, apiHost)
-}
-
-var apiPortOverrideKey = ctxKey("holds a string, being the alternate API_PORT")
-
-func withAPIPortOverride(ctx context.Context, apiPort string) context.Context {
-	return context.WithValue(ctx, apiPortOverrideKey, apiPort)
-}
-
-var namespaceKey = "holds the namespace string"
-
-func withNamespace(ctx context.Context, ns string) context.Context {
-	return context.WithValue(ctx, &namespaceKey, ns)
-}
-
-func NamespaceFromContext(ctx context.Context) string {
-	// If there's no namespace, return the empty string.
-	ns, _ := ctx.Value(&namespaceKey).(string)
-	return ns
-}
-
-// FullyQualifiedAppID returns the fully-qualified application ID.
-// This may contain a partition prefix (e.g. "s~" for High Replication apps),
-// or a domain prefix (e.g. "example.com:").
-func FullyQualifiedAppID(ctx context.Context) string {
-	if id, ok := ctx.Value(&appIDOverrideKey).(string); ok {
-		return id
-	}
-	return fullyQualifiedAppID(ctx)
-}
-
-func Logf(ctx context.Context, level int64, format string, args ...interface{}) {
-	if f, ok := ctx.Value(&logOverrideKey).(logOverrideFunc); ok {
-		f(level, format, args...)
-		return
-	}
-	c := fromContext(ctx)
-	if c == nil {
-		panic(errNotAppEngineContext)
-	}
-	logf(c, level, format, args...)
-}
-
-// NamespacedContext wraps a Context to support namespaces.
-func NamespacedContext(ctx context.Context, namespace string) context.Context {
-	return withNamespace(ctx, namespace)
-}
-
-// SetTestEnv sets the env variables for testing background ticket in Flex.
-func SetTestEnv() func() {
-	var environ = []struct {
-		key, value string
-	}{
-		{"GAE_LONG_APP_ID", "my-app-id"},
-		{"GAE_MINOR_VERSION", "067924799508853122"},
-		{"GAE_MODULE_INSTANCE", "0"},
-		{"GAE_MODULE_NAME", "default"},
-		{"GAE_MODULE_VERSION", "20150612t184001"},
-	}
-
-	for _, v := range environ {
-		old := os.Getenv(v.key)
-		os.Setenv(v.key, v.value)
-		v.value = old
-	}
-	return func() { // Restore old environment after the test completes.
-		for _, v := range environ {
-			if v.value == "" {
-				os.Unsetenv(v.key)
-				continue
-			}
-			os.Setenv(v.key, v.value)
-		}
-	}
-}
diff --git a/vendor/google.golang.org/appengine/internal/app_id.go b/vendor/google.golang.org/appengine/internal/app_id.go
deleted file mode 100644
index 11df8c07b5..0000000000
--- a/vendor/google.golang.org/appengine/internal/app_id.go
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright 2011 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-package internal
-
-import (
-	"strings"
-)
-
-func parseFullAppID(appid string) (partition, domain, displayID string) {
-	if i := strings.Index(appid, "~"); i != -1 {
-		partition, appid = appid[:i], appid[i+1:]
-	}
-	if i := strings.Index(appid, ":"); i != -1 {
-		domain, appid = appid[:i], appid[i+1:]
-	}
-	return partition, domain, appid
-}
-
-// appID returns "appid" or "domain.com:appid".
-func appID(fullAppID string) string {
-	_, dom, dis := parseFullAppID(fullAppID)
-	if dom != "" {
-		return dom + ":" + dis
-	}
-	return dis
-}
diff --git a/vendor/google.golang.org/appengine/internal/base/api_base.pb.go b/vendor/google.golang.org/appengine/internal/base/api_base.pb.go
deleted file mode 100644
index db4777e68e..0000000000
--- a/vendor/google.golang.org/appengine/internal/base/api_base.pb.go
+++ /dev/null
@@ -1,308 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// source: google.golang.org/appengine/internal/base/api_base.proto
-
-package base
-
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
-
-type StringProto struct {
-	Value                *string  `protobuf:"bytes,1,req,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *StringProto) Reset()         { *m = StringProto{} }
-func (m *StringProto) String() string { return proto.CompactTextString(m) }
-func (*StringProto) ProtoMessage()    {}
-func (*StringProto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_api_base_9d49f8792e0c1140, []int{0}
-}
-func (m *StringProto) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_StringProto.Unmarshal(m, b)
-}
-func (m *StringProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_StringProto.Marshal(b, m, deterministic)
-}
-func (dst *StringProto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_StringProto.Merge(dst, src)
-}
-func (m *StringProto) XXX_Size() int {
-	return xxx_messageInfo_StringProto.Size(m)
-}
-func (m *StringProto) XXX_DiscardUnknown() {
-	xxx_messageInfo_StringProto.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_StringProto proto.InternalMessageInfo
-
-func (m *StringProto) GetValue() string {
-	if m != nil && m.Value != nil {
-		return *m.Value
-	}
-	return ""
-}
-
-type Integer32Proto struct {
-	Value                *int32   `protobuf:"varint,1,req,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *Integer32Proto) Reset()         { *m = Integer32Proto{} }
-func (m *Integer32Proto) String() string { return proto.CompactTextString(m) }
-func (*Integer32Proto) ProtoMessage()    {}
-func (*Integer32Proto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_api_base_9d49f8792e0c1140, []int{1}
-}
-func (m *Integer32Proto) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Integer32Proto.Unmarshal(m, b)
-}
-func (m *Integer32Proto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Integer32Proto.Marshal(b, m, deterministic)
-}
-func (dst *Integer32Proto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Integer32Proto.Merge(dst, src)
-}
-func (m *Integer32Proto) XXX_Size() int {
-	return xxx_messageInfo_Integer32Proto.Size(m)
-}
-func (m *Integer32Proto) XXX_DiscardUnknown() {
-	xxx_messageInfo_Integer32Proto.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Integer32Proto proto.InternalMessageInfo
-
-func (m *Integer32Proto) GetValue() int32 {
-	if m != nil && m.Value != nil {
-		return *m.Value
-	}
-	return 0
-}
-
-type Integer64Proto struct {
-	Value                *int64   `protobuf:"varint,1,req,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *Integer64Proto) Reset()         { *m = Integer64Proto{} }
-func (m *Integer64Proto) String() string { return proto.CompactTextString(m) }
-func (*Integer64Proto) ProtoMessage()    {}
-func (*Integer64Proto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_api_base_9d49f8792e0c1140, []int{2}
-}
-func (m *Integer64Proto) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Integer64Proto.Unmarshal(m, b)
-}
-func (m *Integer64Proto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Integer64Proto.Marshal(b, m, deterministic)
-}
-func (dst *Integer64Proto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Integer64Proto.Merge(dst, src)
-}
-func (m *Integer64Proto) XXX_Size() int {
-	return xxx_messageInfo_Integer64Proto.Size(m)
-}
-func (m *Integer64Proto) XXX_DiscardUnknown() {
-	xxx_messageInfo_Integer64Proto.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Integer64Proto proto.InternalMessageInfo
-
-func (m *Integer64Proto) GetValue() int64 {
-	if m != nil && m.Value != nil {
-		return *m.Value
-	}
-	return 0
-}
-
-type BoolProto struct {
-	Value                *bool    `protobuf:"varint,1,req,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *BoolProto) Reset()         { *m = BoolProto{} }
-func (m *BoolProto) String() string { return proto.CompactTextString(m) }
-func (*BoolProto) ProtoMessage()    {}
-func (*BoolProto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_api_base_9d49f8792e0c1140, []int{3}
-}
-func (m *BoolProto) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_BoolProto.Unmarshal(m, b)
-}
-func (m *BoolProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_BoolProto.Marshal(b, m, deterministic)
-}
-func (dst *BoolProto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_BoolProto.Merge(dst, src)
-}
-func (m *BoolProto) XXX_Size() int {
-	return xxx_messageInfo_BoolProto.Size(m)
-}
-func (m *BoolProto) XXX_DiscardUnknown() {
-	xxx_messageInfo_BoolProto.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_BoolProto proto.InternalMessageInfo
-
-func (m *BoolProto) GetValue() bool {
-	if m != nil && m.Value != nil {
-		return *m.Value
-	}
-	return false
-}
-
-type DoubleProto struct {
-	Value                *float64 `protobuf:"fixed64,1,req,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *DoubleProto) Reset()         { *m = DoubleProto{} }
-func (m *DoubleProto) String() string { return proto.CompactTextString(m) }
-func (*DoubleProto) ProtoMessage()    {}
-func (*DoubleProto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_api_base_9d49f8792e0c1140, []int{4}
-}
-func (m *DoubleProto) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_DoubleProto.Unmarshal(m, b)
-}
-func (m *DoubleProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_DoubleProto.Marshal(b, m, deterministic)
-}
-func (dst *DoubleProto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_DoubleProto.Merge(dst, src)
-}
-func (m *DoubleProto) XXX_Size() int {
-	return xxx_messageInfo_DoubleProto.Size(m)
-}
-func (m *DoubleProto) XXX_DiscardUnknown() {
-	xxx_messageInfo_DoubleProto.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_DoubleProto proto.InternalMessageInfo
-
-func (m *DoubleProto) GetValue() float64 {
-	if m != nil && m.Value != nil {
-		return *m.Value
-	}
-	return 0
-}
-
-type BytesProto struct {
-	Value                []byte   `protobuf:"bytes,1,req,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *BytesProto) Reset()         { *m = BytesProto{} }
-func (m *BytesProto) String() string { return proto.CompactTextString(m) }
-func (*BytesProto) ProtoMessage()    {}
-func (*BytesProto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_api_base_9d49f8792e0c1140, []int{5}
-}
-func (m *BytesProto) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_BytesProto.Unmarshal(m, b)
-}
-func (m *BytesProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_BytesProto.Marshal(b, m, deterministic)
-}
-func (dst *BytesProto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_BytesProto.Merge(dst, src)
-}
-func (m *BytesProto) XXX_Size() int {
-	return xxx_messageInfo_BytesProto.Size(m)
-}
-func (m *BytesProto) XXX_DiscardUnknown() {
-	xxx_messageInfo_BytesProto.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_BytesProto proto.InternalMessageInfo
-
-func (m *BytesProto) GetValue() []byte {
-	if m != nil {
-		return m.Value
-	}
-	return nil
-}
-
-type VoidProto struct {
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *VoidProto) Reset()         { *m = VoidProto{} }
-func (m *VoidProto) String() string { return proto.CompactTextString(m) }
-func (*VoidProto) ProtoMessage()    {}
-func (*VoidProto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_api_base_9d49f8792e0c1140, []int{6}
-}
-func (m *VoidProto) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_VoidProto.Unmarshal(m, b)
-}
-func (m *VoidProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_VoidProto.Marshal(b, m, deterministic)
-}
-func (dst *VoidProto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_VoidProto.Merge(dst, src)
-}
-func (m *VoidProto) XXX_Size() int {
-	return xxx_messageInfo_VoidProto.Size(m)
-}
-func (m *VoidProto) XXX_DiscardUnknown() {
-	xxx_messageInfo_VoidProto.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_VoidProto proto.InternalMessageInfo
-
-func init() {
-	proto.RegisterType((*StringProto)(nil), "appengine.base.StringProto")
-	proto.RegisterType((*Integer32Proto)(nil), "appengine.base.Integer32Proto")
-	proto.RegisterType((*Integer64Proto)(nil), "appengine.base.Integer64Proto")
-	proto.RegisterType((*BoolProto)(nil), "appengine.base.BoolProto")
-	proto.RegisterType((*DoubleProto)(nil), "appengine.base.DoubleProto")
-	proto.RegisterType((*BytesProto)(nil), "appengine.base.BytesProto")
-	proto.RegisterType((*VoidProto)(nil), "appengine.base.VoidProto")
-}
-
-func init() {
-	proto.RegisterFile("google.golang.org/appengine/internal/base/api_base.proto", fileDescriptor_api_base_9d49f8792e0c1140)
-}
-
-var fileDescriptor_api_base_9d49f8792e0c1140 = []byte{
-	// 199 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0xcf, 0x3f, 0x4b, 0xc6, 0x30,
-	0x10, 0x06, 0x70, 0x5a, 0xad, 0xb4, 0x57, 0xe9, 0x20, 0x0e, 0x1d, 0xb5, 0x05, 0x71, 0x4a, 0x40,
-	0x45, 0x9c, 0x83, 0x8b, 0x9b, 0x28, 0x38, 0xb8, 0x48, 0x8a, 0xc7, 0x11, 0x08, 0xb9, 0x90, 0xa6,
-	0x82, 0xdf, 0x5e, 0xda, 0xd2, 0xfa, 0xc2, 0x9b, 0xed, 0xfe, 0xfc, 0xe0, 0xe1, 0x81, 0x27, 0x62,
-	0x26, 0x8b, 0x82, 0xd8, 0x6a, 0x47, 0x82, 0x03, 0x49, 0xed, 0x3d, 0x3a, 0x32, 0x0e, 0xa5, 0x71,
-	0x11, 0x83, 0xd3, 0x56, 0x0e, 0x7a, 0x44, 0xa9, 0xbd, 0xf9, 0x9a, 0x07, 0xe1, 0x03, 0x47, 0xbe,
-	0x68, 0x76, 0x27, 0xe6, 0x6b, 0xd7, 0x43, 0xfd, 0x1e, 0x83, 0x71, 0xf4, 0xba, 0xbc, 0x2f, 0xa1,
-	0xf8, 0xd1, 0x76, 0xc2, 0x36, 0xbb, 0xca, 0x6f, 0xab, 0xb7, 0x75, 0xe9, 0x6e, 0xa0, 0x79, 0x71,
-	0x11, 0x09, 0xc3, 0xfd, 0x5d, 0xc2, 0x15, 0xc7, 0xee, 0xf1, 0x21, 0xe1, 0x4e, 0x36, 0x77, 0x0d,
-	0x95, 0x62, 0xb6, 0x09, 0x52, 0x6e, 0xa4, 0x87, 0xfa, 0x99, 0xa7, 0xc1, 0x62, 0x02, 0x65, 0xff,
-	0x79, 0xa0, 0x7e, 0x23, 0x8e, 0xab, 0x69, 0x0f, 0xcd, 0xb9, 0xca, 0xcb, 0xdd, 0xd5, 0x50, 0x7d,
-	0xb0, 0xf9, 0x5e, 0x98, 0x3a, 0xfb, 0x3c, 0x9d, 0x9b, 0xff, 0x05, 0x00, 0x00, 0xff, 0xff, 0xba,
-	0x37, 0x25, 0xea, 0x44, 0x01, 0x00, 0x00,
-}
diff --git a/vendor/google.golang.org/appengine/internal/base/api_base.proto b/vendor/google.golang.org/appengine/internal/base/api_base.proto
deleted file mode 100644
index 56cd7a3cad..0000000000
--- a/vendor/google.golang.org/appengine/internal/base/api_base.proto
+++ /dev/null
@@ -1,33 +0,0 @@
-// Built-in base types for API calls. Primarily useful as return types.
-
-syntax = "proto2";
-option go_package = "base";
-
-package appengine.base;
-
-message StringProto {
-  required string value = 1;
-}
-
-message Integer32Proto {
-  required int32 value = 1;
-}
-
-message Integer64Proto {
-  required int64 value = 1;
-}
-
-message BoolProto {
-  required bool value = 1;
-}
-
-message DoubleProto {
-  required double value = 1;
-}
-
-message BytesProto {
-  required bytes value = 1 [ctype=CORD];
-}
-
-message VoidProto {
-}
diff --git a/vendor/google.golang.org/appengine/internal/datastore/datastore_v3.pb.go b/vendor/google.golang.org/appengine/internal/datastore/datastore_v3.pb.go
deleted file mode 100644
index 2fb7482896..0000000000
--- a/vendor/google.golang.org/appengine/internal/datastore/datastore_v3.pb.go
+++ /dev/null
@@ -1,4367 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// source: google.golang.org/appengine/internal/datastore/datastore_v3.proto
-
-package datastore
-
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
-
-type Property_Meaning int32
-
-const (
-	Property_NO_MEANING       Property_Meaning = 0
-	Property_BLOB             Property_Meaning = 14
-	Property_TEXT             Property_Meaning = 15
-	Property_BYTESTRING       Property_Meaning = 16
-	Property_ATOM_CATEGORY    Property_Meaning = 1
-	Property_ATOM_LINK        Property_Meaning = 2
-	Property_ATOM_TITLE       Property_Meaning = 3
-	Property_ATOM_CONTENT     Property_Meaning = 4
-	Property_ATOM_SUMMARY     Property_Meaning = 5
-	Property_ATOM_AUTHOR      Property_Meaning = 6
-	Property_GD_WHEN          Property_Meaning = 7
-	Property_GD_EMAIL         Property_Meaning = 8
-	Property_GEORSS_POINT     Property_Meaning = 9
-	Property_GD_IM            Property_Meaning = 10
-	Property_GD_PHONENUMBER   Property_Meaning = 11
-	Property_GD_POSTALADDRESS Property_Meaning = 12
-	Property_GD_RATING        Property_Meaning = 13
-	Property_BLOBKEY          Property_Meaning = 17
-	Property_ENTITY_PROTO     Property_Meaning = 19
-	Property_INDEX_VALUE      Property_Meaning = 18
-)
-
-var Property_Meaning_name = map[int32]string{
-	0:  "NO_MEANING",
-	14: "BLOB",
-	15: "TEXT",
-	16: "BYTESTRING",
-	1:  "ATOM_CATEGORY",
-	2:  "ATOM_LINK",
-	3:  "ATOM_TITLE",
-	4:  "ATOM_CONTENT",
-	5:  "ATOM_SUMMARY",
-	6:  "ATOM_AUTHOR",
-	7:  "GD_WHEN",
-	8:  "GD_EMAIL",
-	9:  "GEORSS_POINT",
-	10: "GD_IM",
-	11: "GD_PHONENUMBER",
-	12: "GD_POSTALADDRESS",
-	13: "GD_RATING",
-	17: "BLOBKEY",
-	19: "ENTITY_PROTO",
-	18: "INDEX_VALUE",
-}
-var Property_Meaning_value = map[string]int32{
-	"NO_MEANING":       0,
-	"BLOB":             14,
-	"TEXT":             15,
-	"BYTESTRING":       16,
-	"ATOM_CATEGORY":    1,
-	"ATOM_LINK":        2,
-	"ATOM_TITLE":       3,
-	"ATOM_CONTENT":     4,
-	"ATOM_SUMMARY":     5,
-	"ATOM_AUTHOR":      6,
-	"GD_WHEN":          7,
-	"GD_EMAIL":         8,
-	"GEORSS_POINT":     9,
-	"GD_IM":            10,
-	"GD_PHONENUMBER":   11,
-	"GD_POSTALADDRESS": 12,
-	"GD_RATING":        13,
-	"BLOBKEY":          17,
-	"ENTITY_PROTO":     19,
-	"INDEX_VALUE":      18,
-}
-
-func (x Property_Meaning) Enum() *Property_Meaning {
-	p := new(Property_Meaning)
-	*p = x
-	return p
-}
-func (x Property_Meaning) String() string {
-	return proto.EnumName(Property_Meaning_name, int32(x))
-}
-func (x *Property_Meaning) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(Property_Meaning_value, data, "Property_Meaning")
-	if err != nil {
-		return err
-	}
-	*x = Property_Meaning(value)
-	return nil
-}
-func (Property_Meaning) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{2, 0}
-}
-
-type Property_FtsTokenizationOption int32
-
-const (
-	Property_HTML Property_FtsTokenizationOption = 1
-	Property_ATOM Property_FtsTokenizationOption = 2
-)
-
-var Property_FtsTokenizationOption_name = map[int32]string{
-	1: "HTML",
-	2: "ATOM",
-}
-var Property_FtsTokenizationOption_value = map[string]int32{
-	"HTML": 1,
-	"ATOM": 2,
-}
-
-func (x Property_FtsTokenizationOption) Enum() *Property_FtsTokenizationOption {
-	p := new(Property_FtsTokenizationOption)
-	*p = x
-	return p
-}
-func (x Property_FtsTokenizationOption) String() string {
-	return proto.EnumName(Property_FtsTokenizationOption_name, int32(x))
-}
-func (x *Property_FtsTokenizationOption) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(Property_FtsTokenizationOption_value, data, "Property_FtsTokenizationOption")
-	if err != nil {
-		return err
-	}
-	*x = Property_FtsTokenizationOption(value)
-	return nil
-}
-func (Property_FtsTokenizationOption) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{2, 1}
-}
-
-type EntityProto_Kind int32
-
-const (
-	EntityProto_GD_CONTACT EntityProto_Kind = 1
-	EntityProto_GD_EVENT   EntityProto_Kind = 2
-	EntityProto_GD_MESSAGE EntityProto_Kind = 3
-)
-
-var EntityProto_Kind_name = map[int32]string{
-	1: "GD_CONTACT",
-	2: "GD_EVENT",
-	3: "GD_MESSAGE",
-}
-var EntityProto_Kind_value = map[string]int32{
-	"GD_CONTACT": 1,
-	"GD_EVENT":   2,
-	"GD_MESSAGE": 3,
-}
-
-func (x EntityProto_Kind) Enum() *EntityProto_Kind {
-	p := new(EntityProto_Kind)
-	*p = x
-	return p
-}
-func (x EntityProto_Kind) String() string {
-	return proto.EnumName(EntityProto_Kind_name, int32(x))
-}
-func (x *EntityProto_Kind) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(EntityProto_Kind_value, data, "EntityProto_Kind")
-	if err != nil {
-		return err
-	}
-	*x = EntityProto_Kind(value)
-	return nil
-}
-func (EntityProto_Kind) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{6, 0}
-}
-
-type Index_Property_Direction int32
-
-const (
-	Index_Property_ASCENDING  Index_Property_Direction = 1
-	Index_Property_DESCENDING Index_Property_Direction = 2
-)
-
-var Index_Property_Direction_name = map[int32]string{
-	1: "ASCENDING",
-	2: "DESCENDING",
-}
-var Index_Property_Direction_value = map[string]int32{
-	"ASCENDING":  1,
-	"DESCENDING": 2,
-}
-
-func (x Index_Property_Direction) Enum() *Index_Property_Direction {
-	p := new(Index_Property_Direction)
-	*p = x
-	return p
-}
-func (x Index_Property_Direction) String() string {
-	return proto.EnumName(Index_Property_Direction_name, int32(x))
-}
-func (x *Index_Property_Direction) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(Index_Property_Direction_value, data, "Index_Property_Direction")
-	if err != nil {
-		return err
-	}
-	*x = Index_Property_Direction(value)
-	return nil
-}
-func (Index_Property_Direction) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{8, 0, 0}
-}
-
-type CompositeIndex_State int32
-
-const (
-	CompositeIndex_WRITE_ONLY CompositeIndex_State = 1
-	CompositeIndex_READ_WRITE CompositeIndex_State = 2
-	CompositeIndex_DELETED    CompositeIndex_State = 3
-	CompositeIndex_ERROR      CompositeIndex_State = 4
-)
-
-var CompositeIndex_State_name = map[int32]string{
-	1: "WRITE_ONLY",
-	2: "READ_WRITE",
-	3: "DELETED",
-	4: "ERROR",
-}
-var CompositeIndex_State_value = map[string]int32{
-	"WRITE_ONLY": 1,
-	"READ_WRITE": 2,
-	"DELETED":    3,
-	"ERROR":      4,
-}
-
-func (x CompositeIndex_State) Enum() *CompositeIndex_State {
-	p := new(CompositeIndex_State)
-	*p = x
-	return p
-}
-func (x CompositeIndex_State) String() string {
-	return proto.EnumName(CompositeIndex_State_name, int32(x))
-}
-func (x *CompositeIndex_State) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(CompositeIndex_State_value, data, "CompositeIndex_State")
-	if err != nil {
-		return err
-	}
-	*x = CompositeIndex_State(value)
-	return nil
-}
-func (CompositeIndex_State) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{9, 0}
-}
-
-type Snapshot_Status int32
-
-const (
-	Snapshot_INACTIVE Snapshot_Status = 0
-	Snapshot_ACTIVE   Snapshot_Status = 1
-)
-
-var Snapshot_Status_name = map[int32]string{
-	0: "INACTIVE",
-	1: "ACTIVE",
-}
-var Snapshot_Status_value = map[string]int32{
-	"INACTIVE": 0,
-	"ACTIVE":   1,
-}
-
-func (x Snapshot_Status) Enum() *Snapshot_Status {
-	p := new(Snapshot_Status)
-	*p = x
-	return p
-}
-func (x Snapshot_Status) String() string {
-	return proto.EnumName(Snapshot_Status_name, int32(x))
-}
-func (x *Snapshot_Status) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(Snapshot_Status_value, data, "Snapshot_Status")
-	if err != nil {
-		return err
-	}
-	*x = Snapshot_Status(value)
-	return nil
-}
-func (Snapshot_Status) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{12, 0}
-}
-
-type Query_Hint int32
-
-const (
-	Query_ORDER_FIRST    Query_Hint = 1
-	Query_ANCESTOR_FIRST Query_Hint = 2
-	Query_FILTER_FIRST   Query_Hint = 3
-)
-
-var Query_Hint_name = map[int32]string{
-	1: "ORDER_FIRST",
-	2: "ANCESTOR_FIRST",
-	3: "FILTER_FIRST",
-}
-var Query_Hint_value = map[string]int32{
-	"ORDER_FIRST":    1,
-	"ANCESTOR_FIRST": 2,
-	"FILTER_FIRST":   3,
-}
-
-func (x Query_Hint) Enum() *Query_Hint {
-	p := new(Query_Hint)
-	*p = x
-	return p
-}
-func (x Query_Hint) String() string {
-	return proto.EnumName(Query_Hint_name, int32(x))
-}
-func (x *Query_Hint) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(Query_Hint_value, data, "Query_Hint")
-	if err != nil {
-		return err
-	}
-	*x = Query_Hint(value)
-	return nil
-}
-func (Query_Hint) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{15, 0}
-}
-
-type Query_Filter_Operator int32
-
-const (
-	Query_Filter_LESS_THAN             Query_Filter_Operator = 1
-	Query_Filter_LESS_THAN_OR_EQUAL    Query_Filter_Operator = 2
-	Query_Filter_GREATER_THAN          Query_Filter_Operator = 3
-	Query_Filter_GREATER_THAN_OR_EQUAL Query_Filter_Operator = 4
-	Query_Filter_EQUAL                 Query_Filter_Operator = 5
-	Query_Filter_IN                    Query_Filter_Operator = 6
-	Query_Filter_EXISTS                Query_Filter_Operator = 7
-)
-
-var Query_Filter_Operator_name = map[int32]string{
-	1: "LESS_THAN",
-	2: "LESS_THAN_OR_EQUAL",
-	3: "GREATER_THAN",
-	4: "GREATER_THAN_OR_EQUAL",
-	5: "EQUAL",
-	6: "IN",
-	7: "EXISTS",
-}
-var Query_Filter_Operator_value = map[string]int32{
-	"LESS_THAN":             1,
-	"LESS_THAN_OR_EQUAL":    2,
-	"GREATER_THAN":          3,
-	"GREATER_THAN_OR_EQUAL": 4,
-	"EQUAL":                 5,
-	"IN":                    6,
-	"EXISTS":                7,
-}
-
-func (x Query_Filter_Operator) Enum() *Query_Filter_Operator {
-	p := new(Query_Filter_Operator)
-	*p = x
-	return p
-}
-func (x Query_Filter_Operator) String() string {
-	return proto.EnumName(Query_Filter_Operator_name, int32(x))
-}
-func (x *Query_Filter_Operator) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(Query_Filter_Operator_value, data, "Query_Filter_Operator")
-	if err != nil {
-		return err
-	}
-	*x = Query_Filter_Operator(value)
-	return nil
-}
-func (Query_Filter_Operator) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{15, 0, 0}
-}
-
-type Query_Order_Direction int32
-
-const (
-	Query_Order_ASCENDING  Query_Order_Direction = 1
-	Query_Order_DESCENDING Query_Order_Direction = 2
-)
-
-var Query_Order_Direction_name = map[int32]string{
-	1: "ASCENDING",
-	2: "DESCENDING",
-}
-var Query_Order_Direction_value = map[string]int32{
-	"ASCENDING":  1,
-	"DESCENDING": 2,
-}
-
-func (x Query_Order_Direction) Enum() *Query_Order_Direction {
-	p := new(Query_Order_Direction)
-	*p = x
-	return p
-}
-func (x Query_Order_Direction) String() string {
-	return proto.EnumName(Query_Order_Direction_name, int32(x))
-}
-func (x *Query_Order_Direction) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(Query_Order_Direction_value, data, "Query_Order_Direction")
-	if err != nil {
-		return err
-	}
-	*x = Query_Order_Direction(value)
-	return nil
-}
-func (Query_Order_Direction) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{15, 1, 0}
-}
-
-type Error_ErrorCode int32
-
-const (
-	Error_BAD_REQUEST                  Error_ErrorCode = 1
-	Error_CONCURRENT_TRANSACTION       Error_ErrorCode = 2
-	Error_INTERNAL_ERROR               Error_ErrorCode = 3
-	Error_NEED_INDEX                   Error_ErrorCode = 4
-	Error_TIMEOUT                      Error_ErrorCode = 5
-	Error_PERMISSION_DENIED            Error_ErrorCode = 6
-	Error_BIGTABLE_ERROR               Error_ErrorCode = 7
-	Error_COMMITTED_BUT_STILL_APPLYING Error_ErrorCode = 8
-	Error_CAPABILITY_DISABLED          Error_ErrorCode = 9
-	Error_TRY_ALTERNATE_BACKEND        Error_ErrorCode = 10
-	Error_SAFE_TIME_TOO_OLD            Error_ErrorCode = 11
-)
-
-var Error_ErrorCode_name = map[int32]string{
-	1:  "BAD_REQUEST",
-	2:  "CONCURRENT_TRANSACTION",
-	3:  "INTERNAL_ERROR",
-	4:  "NEED_INDEX",
-	5:  "TIMEOUT",
-	6:  "PERMISSION_DENIED",
-	7:  "BIGTABLE_ERROR",
-	8:  "COMMITTED_BUT_STILL_APPLYING",
-	9:  "CAPABILITY_DISABLED",
-	10: "TRY_ALTERNATE_BACKEND",
-	11: "SAFE_TIME_TOO_OLD",
-}
-var Error_ErrorCode_value = map[string]int32{
-	"BAD_REQUEST":                  1,
-	"CONCURRENT_TRANSACTION":       2,
-	"INTERNAL_ERROR":               3,
-	"NEED_INDEX":                   4,
-	"TIMEOUT":                      5,
-	"PERMISSION_DENIED":            6,
-	"BIGTABLE_ERROR":               7,
-	"COMMITTED_BUT_STILL_APPLYING": 8,
-	"CAPABILITY_DISABLED":          9,
-	"TRY_ALTERNATE_BACKEND":        10,
-	"SAFE_TIME_TOO_OLD":            11,
-}
-
-func (x Error_ErrorCode) Enum() *Error_ErrorCode {
-	p := new(Error_ErrorCode)
-	*p = x
-	return p
-}
-func (x Error_ErrorCode) String() string {
-	return proto.EnumName(Error_ErrorCode_name, int32(x))
-}
-func (x *Error_ErrorCode) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(Error_ErrorCode_value, data, "Error_ErrorCode")
-	if err != nil {
-		return err
-	}
-	*x = Error_ErrorCode(value)
-	return nil
-}
-func (Error_ErrorCode) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{19, 0}
-}
-
-type PutRequest_AutoIdPolicy int32
-
-const (
-	PutRequest_CURRENT    PutRequest_AutoIdPolicy = 0
-	PutRequest_SEQUENTIAL PutRequest_AutoIdPolicy = 1
-)
-
-var PutRequest_AutoIdPolicy_name = map[int32]string{
-	0: "CURRENT",
-	1: "SEQUENTIAL",
-}
-var PutRequest_AutoIdPolicy_value = map[string]int32{
-	"CURRENT":    0,
-	"SEQUENTIAL": 1,
-}
-
-func (x PutRequest_AutoIdPolicy) Enum() *PutRequest_AutoIdPolicy {
-	p := new(PutRequest_AutoIdPolicy)
-	*p = x
-	return p
-}
-func (x PutRequest_AutoIdPolicy) String() string {
-	return proto.EnumName(PutRequest_AutoIdPolicy_name, int32(x))
-}
-func (x *PutRequest_AutoIdPolicy) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(PutRequest_AutoIdPolicy_value, data, "PutRequest_AutoIdPolicy")
-	if err != nil {
-		return err
-	}
-	*x = PutRequest_AutoIdPolicy(value)
-	return nil
-}
-func (PutRequest_AutoIdPolicy) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{23, 0}
-}
-
-type BeginTransactionRequest_TransactionMode int32
-
-const (
-	BeginTransactionRequest_UNKNOWN    BeginTransactionRequest_TransactionMode = 0
-	BeginTransactionRequest_READ_ONLY  BeginTransactionRequest_TransactionMode = 1
-	BeginTransactionRequest_READ_WRITE BeginTransactionRequest_TransactionMode = 2
-)
-
-var BeginTransactionRequest_TransactionMode_name = map[int32]string{
-	0: "UNKNOWN",
-	1: "READ_ONLY",
-	2: "READ_WRITE",
-}
-var BeginTransactionRequest_TransactionMode_value = map[string]int32{
-	"UNKNOWN":    0,
-	"READ_ONLY":  1,
-	"READ_WRITE": 2,
-}
-
-func (x BeginTransactionRequest_TransactionMode) Enum() *BeginTransactionRequest_TransactionMode {
-	p := new(BeginTransactionRequest_TransactionMode)
-	*p = x
-	return p
-}
-func (x BeginTransactionRequest_TransactionMode) String() string {
-	return proto.EnumName(BeginTransactionRequest_TransactionMode_name, int32(x))
-}
-func (x *BeginTransactionRequest_TransactionMode) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(BeginTransactionRequest_TransactionMode_value, data, "BeginTransactionRequest_TransactionMode")
-	if err != nil {
-		return err
-	}
-	*x = BeginTransactionRequest_TransactionMode(value)
-	return nil
-}
-func (BeginTransactionRequest_TransactionMode) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{36, 0}
-}
-
-type Action struct {
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *Action) Reset()         { *m = Action{} }
-func (m *Action) String() string { return proto.CompactTextString(m) }
-func (*Action) ProtoMessage()    {}
-func (*Action) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{0}
-}
-func (m *Action) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Action.Unmarshal(m, b)
-}
-func (m *Action) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Action.Marshal(b, m, deterministic)
-}
-func (dst *Action) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Action.Merge(dst, src)
-}
-func (m *Action) XXX_Size() int {
-	return xxx_messageInfo_Action.Size(m)
-}
-func (m *Action) XXX_DiscardUnknown() {
-	xxx_messageInfo_Action.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Action proto.InternalMessageInfo
-
-type PropertyValue struct {
-	Int64Value           *int64                        `protobuf:"varint,1,opt,name=int64Value" json:"int64Value,omitempty"`
-	BooleanValue         *bool                         `protobuf:"varint,2,opt,name=booleanValue" json:"booleanValue,omitempty"`
-	StringValue          *string                       `protobuf:"bytes,3,opt,name=stringValue" json:"stringValue,omitempty"`
-	DoubleValue          *float64                      `protobuf:"fixed64,4,opt,name=doubleValue" json:"doubleValue,omitempty"`
-	Pointvalue           *PropertyValue_PointValue     `protobuf:"group,5,opt,name=PointValue,json=pointvalue" json:"pointvalue,omitempty"`
-	Uservalue            *PropertyValue_UserValue      `protobuf:"group,8,opt,name=UserValue,json=uservalue" json:"uservalue,omitempty"`
-	Referencevalue       *PropertyValue_ReferenceValue `protobuf:"group,12,opt,name=ReferenceValue,json=referencevalue" json:"referencevalue,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                      `json:"-"`
-	XXX_unrecognized     []byte                        `json:"-"`
-	XXX_sizecache        int32                         `json:"-"`
-}
-
-func (m *PropertyValue) Reset()         { *m = PropertyValue{} }
-func (m *PropertyValue) String() string { return proto.CompactTextString(m) }
-func (*PropertyValue) ProtoMessage()    {}
-func (*PropertyValue) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{1}
-}
-func (m *PropertyValue) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PropertyValue.Unmarshal(m, b)
-}
-func (m *PropertyValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PropertyValue.Marshal(b, m, deterministic)
-}
-func (dst *PropertyValue) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PropertyValue.Merge(dst, src)
-}
-func (m *PropertyValue) XXX_Size() int {
-	return xxx_messageInfo_PropertyValue.Size(m)
-}
-func (m *PropertyValue) XXX_DiscardUnknown() {
-	xxx_messageInfo_PropertyValue.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PropertyValue proto.InternalMessageInfo
-
-func (m *PropertyValue) GetInt64Value() int64 {
-	if m != nil && m.Int64Value != nil {
-		return *m.Int64Value
-	}
-	return 0
-}
-
-func (m *PropertyValue) GetBooleanValue() bool {
-	if m != nil && m.BooleanValue != nil {
-		return *m.BooleanValue
-	}
-	return false
-}
-
-func (m *PropertyValue) GetStringValue() string {
-	if m != nil && m.StringValue != nil {
-		return *m.StringValue
-	}
-	return ""
-}
-
-func (m *PropertyValue) GetDoubleValue() float64 {
-	if m != nil && m.DoubleValue != nil {
-		return *m.DoubleValue
-	}
-	return 0
-}
-
-func (m *PropertyValue) GetPointvalue() *PropertyValue_PointValue {
-	if m != nil {
-		return m.Pointvalue
-	}
-	return nil
-}
-
-func (m *PropertyValue) GetUservalue() *PropertyValue_UserValue {
-	if m != nil {
-		return m.Uservalue
-	}
-	return nil
-}
-
-func (m *PropertyValue) GetReferencevalue() *PropertyValue_ReferenceValue {
-	if m != nil {
-		return m.Referencevalue
-	}
-	return nil
-}
-
-type PropertyValue_PointValue struct {
-	X                    *float64 `protobuf:"fixed64,6,req,name=x" json:"x,omitempty"`
-	Y                    *float64 `protobuf:"fixed64,7,req,name=y" json:"y,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *PropertyValue_PointValue) Reset()         { *m = PropertyValue_PointValue{} }
-func (m *PropertyValue_PointValue) String() string { return proto.CompactTextString(m) }
-func (*PropertyValue_PointValue) ProtoMessage()    {}
-func (*PropertyValue_PointValue) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{1, 0}
-}
-func (m *PropertyValue_PointValue) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PropertyValue_PointValue.Unmarshal(m, b)
-}
-func (m *PropertyValue_PointValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PropertyValue_PointValue.Marshal(b, m, deterministic)
-}
-func (dst *PropertyValue_PointValue) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PropertyValue_PointValue.Merge(dst, src)
-}
-func (m *PropertyValue_PointValue) XXX_Size() int {
-	return xxx_messageInfo_PropertyValue_PointValue.Size(m)
-}
-func (m *PropertyValue_PointValue) XXX_DiscardUnknown() {
-	xxx_messageInfo_PropertyValue_PointValue.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PropertyValue_PointValue proto.InternalMessageInfo
-
-func (m *PropertyValue_PointValue) GetX() float64 {
-	if m != nil && m.X != nil {
-		return *m.X
-	}
-	return 0
-}
-
-func (m *PropertyValue_PointValue) GetY() float64 {
-	if m != nil && m.Y != nil {
-		return *m.Y
-	}
-	return 0
-}
-
-type PropertyValue_UserValue struct {
-	Email                *string  `protobuf:"bytes,9,req,name=email" json:"email,omitempty"`
-	AuthDomain           *string  `protobuf:"bytes,10,req,name=auth_domain,json=authDomain" json:"auth_domain,omitempty"`
-	Nickname             *string  `protobuf:"bytes,11,opt,name=nickname" json:"nickname,omitempty"`
-	FederatedIdentity    *string  `protobuf:"bytes,21,opt,name=federated_identity,json=federatedIdentity" json:"federated_identity,omitempty"`
-	FederatedProvider    *string  `protobuf:"bytes,22,opt,name=federated_provider,json=federatedProvider" json:"federated_provider,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *PropertyValue_UserValue) Reset()         { *m = PropertyValue_UserValue{} }
-func (m *PropertyValue_UserValue) String() string { return proto.CompactTextString(m) }
-func (*PropertyValue_UserValue) ProtoMessage()    {}
-func (*PropertyValue_UserValue) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{1, 1}
-}
-func (m *PropertyValue_UserValue) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PropertyValue_UserValue.Unmarshal(m, b)
-}
-func (m *PropertyValue_UserValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PropertyValue_UserValue.Marshal(b, m, deterministic)
-}
-func (dst *PropertyValue_UserValue) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PropertyValue_UserValue.Merge(dst, src)
-}
-func (m *PropertyValue_UserValue) XXX_Size() int {
-	return xxx_messageInfo_PropertyValue_UserValue.Size(m)
-}
-func (m *PropertyValue_UserValue) XXX_DiscardUnknown() {
-	xxx_messageInfo_PropertyValue_UserValue.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PropertyValue_UserValue proto.InternalMessageInfo
-
-func (m *PropertyValue_UserValue) GetEmail() string {
-	if m != nil && m.Email != nil {
-		return *m.Email
-	}
-	return ""
-}
-
-func (m *PropertyValue_UserValue) GetAuthDomain() string {
-	if m != nil && m.AuthDomain != nil {
-		return *m.AuthDomain
-	}
-	return ""
-}
-
-func (m *PropertyValue_UserValue) GetNickname() string {
-	if m != nil && m.Nickname != nil {
-		return *m.Nickname
-	}
-	return ""
-}
-
-func (m *PropertyValue_UserValue) GetFederatedIdentity() string {
-	if m != nil && m.FederatedIdentity != nil {
-		return *m.FederatedIdentity
-	}
-	return ""
-}
-
-func (m *PropertyValue_UserValue) GetFederatedProvider() string {
-	if m != nil && m.FederatedProvider != nil {
-		return *m.FederatedProvider
-	}
-	return ""
-}
-
-type PropertyValue_ReferenceValue struct {
-	App                  *string                                     `protobuf:"bytes,13,req,name=app" json:"app,omitempty"`
-	NameSpace            *string                                     `protobuf:"bytes,20,opt,name=name_space,json=nameSpace" json:"name_space,omitempty"`
-	Pathelement          []*PropertyValue_ReferenceValue_PathElement `protobuf:"group,14,rep,name=PathElement,json=pathelement" json:"pathelement,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                                    `json:"-"`
-	XXX_unrecognized     []byte                                      `json:"-"`
-	XXX_sizecache        int32                                       `json:"-"`
-}
-
-func (m *PropertyValue_ReferenceValue) Reset()         { *m = PropertyValue_ReferenceValue{} }
-func (m *PropertyValue_ReferenceValue) String() string { return proto.CompactTextString(m) }
-func (*PropertyValue_ReferenceValue) ProtoMessage()    {}
-func (*PropertyValue_ReferenceValue) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{1, 2}
-}
-func (m *PropertyValue_ReferenceValue) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PropertyValue_ReferenceValue.Unmarshal(m, b)
-}
-func (m *PropertyValue_ReferenceValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PropertyValue_ReferenceValue.Marshal(b, m, deterministic)
-}
-func (dst *PropertyValue_ReferenceValue) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PropertyValue_ReferenceValue.Merge(dst, src)
-}
-func (m *PropertyValue_ReferenceValue) XXX_Size() int {
-	return xxx_messageInfo_PropertyValue_ReferenceValue.Size(m)
-}
-func (m *PropertyValue_ReferenceValue) XXX_DiscardUnknown() {
-	xxx_messageInfo_PropertyValue_ReferenceValue.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PropertyValue_ReferenceValue proto.InternalMessageInfo
-
-func (m *PropertyValue_ReferenceValue) GetApp() string {
-	if m != nil && m.App != nil {
-		return *m.App
-	}
-	return ""
-}
-
-func (m *PropertyValue_ReferenceValue) GetNameSpace() string {
-	if m != nil && m.NameSpace != nil {
-		return *m.NameSpace
-	}
-	return ""
-}
-
-func (m *PropertyValue_ReferenceValue) GetPathelement() []*PropertyValue_ReferenceValue_PathElement {
-	if m != nil {
-		return m.Pathelement
-	}
-	return nil
-}
-
-type PropertyValue_ReferenceValue_PathElement struct {
-	Type                 *string  `protobuf:"bytes,15,req,name=type" json:"type,omitempty"`
-	Id                   *int64   `protobuf:"varint,16,opt,name=id" json:"id,omitempty"`
-	Name                 *string  `protobuf:"bytes,17,opt,name=name" json:"name,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *PropertyValue_ReferenceValue_PathElement) Reset() {
-	*m = PropertyValue_ReferenceValue_PathElement{}
-}
-func (m *PropertyValue_ReferenceValue_PathElement) String() string { return proto.CompactTextString(m) }
-func (*PropertyValue_ReferenceValue_PathElement) ProtoMessage()    {}
-func (*PropertyValue_ReferenceValue_PathElement) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{1, 2, 0}
-}
-func (m *PropertyValue_ReferenceValue_PathElement) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PropertyValue_ReferenceValue_PathElement.Unmarshal(m, b)
-}
-func (m *PropertyValue_ReferenceValue_PathElement) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PropertyValue_ReferenceValue_PathElement.Marshal(b, m, deterministic)
-}
-func (dst *PropertyValue_ReferenceValue_PathElement) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PropertyValue_ReferenceValue_PathElement.Merge(dst, src)
-}
-func (m *PropertyValue_ReferenceValue_PathElement) XXX_Size() int {
-	return xxx_messageInfo_PropertyValue_ReferenceValue_PathElement.Size(m)
-}
-func (m *PropertyValue_ReferenceValue_PathElement) XXX_DiscardUnknown() {
-	xxx_messageInfo_PropertyValue_ReferenceValue_PathElement.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PropertyValue_ReferenceValue_PathElement proto.InternalMessageInfo
-
-func (m *PropertyValue_ReferenceValue_PathElement) GetType() string {
-	if m != nil && m.Type != nil {
-		return *m.Type
-	}
-	return ""
-}
-
-func (m *PropertyValue_ReferenceValue_PathElement) GetId() int64 {
-	if m != nil && m.Id != nil {
-		return *m.Id
-	}
-	return 0
-}
-
-func (m *PropertyValue_ReferenceValue_PathElement) GetName() string {
-	if m != nil && m.Name != nil {
-		return *m.Name
-	}
-	return ""
-}
-
-type Property struct {
-	Meaning               *Property_Meaning               `protobuf:"varint,1,opt,name=meaning,enum=appengine.Property_Meaning,def=0" json:"meaning,omitempty"`
-	MeaningUri            *string                         `protobuf:"bytes,2,opt,name=meaning_uri,json=meaningUri" json:"meaning_uri,omitempty"`
-	Name                  *string                         `protobuf:"bytes,3,req,name=name" json:"name,omitempty"`
-	Value                 *PropertyValue                  `protobuf:"bytes,5,req,name=value" json:"value,omitempty"`
-	Multiple              *bool                           `protobuf:"varint,4,req,name=multiple" json:"multiple,omitempty"`
-	Searchable            *bool                           `protobuf:"varint,6,opt,name=searchable,def=0" json:"searchable,omitempty"`
-	FtsTokenizationOption *Property_FtsTokenizationOption `protobuf:"varint,8,opt,name=fts_tokenization_option,json=ftsTokenizationOption,enum=appengine.Property_FtsTokenizationOption" json:"fts_tokenization_option,omitempty"`
-	Locale                *string                         `protobuf:"bytes,9,opt,name=locale,def=en" json:"locale,omitempty"`
-	XXX_NoUnkeyedLiteral  struct{}                        `json:"-"`
-	XXX_unrecognized      []byte                          `json:"-"`
-	XXX_sizecache         int32                           `json:"-"`
-}
-
-func (m *Property) Reset()         { *m = Property{} }
-func (m *Property) String() string { return proto.CompactTextString(m) }
-func (*Property) ProtoMessage()    {}
-func (*Property) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{2}
-}
-func (m *Property) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Property.Unmarshal(m, b)
-}
-func (m *Property) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Property.Marshal(b, m, deterministic)
-}
-func (dst *Property) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Property.Merge(dst, src)
-}
-func (m *Property) XXX_Size() int {
-	return xxx_messageInfo_Property.Size(m)
-}
-func (m *Property) XXX_DiscardUnknown() {
-	xxx_messageInfo_Property.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Property proto.InternalMessageInfo
-
-const Default_Property_Meaning Property_Meaning = Property_NO_MEANING
-const Default_Property_Searchable bool = false
-const Default_Property_Locale string = "en"
-
-func (m *Property) GetMeaning() Property_Meaning {
-	if m != nil && m.Meaning != nil {
-		return *m.Meaning
-	}
-	return Default_Property_Meaning
-}
-
-func (m *Property) GetMeaningUri() string {
-	if m != nil && m.MeaningUri != nil {
-		return *m.MeaningUri
-	}
-	return ""
-}
-
-func (m *Property) GetName() string {
-	if m != nil && m.Name != nil {
-		return *m.Name
-	}
-	return ""
-}
-
-func (m *Property) GetValue() *PropertyValue {
-	if m != nil {
-		return m.Value
-	}
-	return nil
-}
-
-func (m *Property) GetMultiple() bool {
-	if m != nil && m.Multiple != nil {
-		return *m.Multiple
-	}
-	return false
-}
-
-func (m *Property) GetSearchable() bool {
-	if m != nil && m.Searchable != nil {
-		return *m.Searchable
-	}
-	return Default_Property_Searchable
-}
-
-func (m *Property) GetFtsTokenizationOption() Property_FtsTokenizationOption {
-	if m != nil && m.FtsTokenizationOption != nil {
-		return *m.FtsTokenizationOption
-	}
-	return Property_HTML
-}
-
-func (m *Property) GetLocale() string {
-	if m != nil && m.Locale != nil {
-		return *m.Locale
-	}
-	return Default_Property_Locale
-}
-
-type Path struct {
-	Element              []*Path_Element `protobuf:"group,1,rep,name=Element,json=element" json:"element,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
-	XXX_unrecognized     []byte          `json:"-"`
-	XXX_sizecache        int32           `json:"-"`
-}
-
-func (m *Path) Reset()         { *m = Path{} }
-func (m *Path) String() string { return proto.CompactTextString(m) }
-func (*Path) ProtoMessage()    {}
-func (*Path) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{3}
-}
-func (m *Path) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Path.Unmarshal(m, b)
-}
-func (m *Path) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Path.Marshal(b, m, deterministic)
-}
-func (dst *Path) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Path.Merge(dst, src)
-}
-func (m *Path) XXX_Size() int {
-	return xxx_messageInfo_Path.Size(m)
-}
-func (m *Path) XXX_DiscardUnknown() {
-	xxx_messageInfo_Path.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Path proto.InternalMessageInfo
-
-func (m *Path) GetElement() []*Path_Element {
-	if m != nil {
-		return m.Element
-	}
-	return nil
-}
-
-type Path_Element struct {
-	Type                 *string  `protobuf:"bytes,2,req,name=type" json:"type,omitempty"`
-	Id                   *int64   `protobuf:"varint,3,opt,name=id" json:"id,omitempty"`
-	Name                 *string  `protobuf:"bytes,4,opt,name=name" json:"name,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *Path_Element) Reset()         { *m = Path_Element{} }
-func (m *Path_Element) String() string { return proto.CompactTextString(m) }
-func (*Path_Element) ProtoMessage()    {}
-func (*Path_Element) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{3, 0}
-}
-func (m *Path_Element) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Path_Element.Unmarshal(m, b)
-}
-func (m *Path_Element) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Path_Element.Marshal(b, m, deterministic)
-}
-func (dst *Path_Element) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Path_Element.Merge(dst, src)
-}
-func (m *Path_Element) XXX_Size() int {
-	return xxx_messageInfo_Path_Element.Size(m)
-}
-func (m *Path_Element) XXX_DiscardUnknown() {
-	xxx_messageInfo_Path_Element.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Path_Element proto.InternalMessageInfo
-
-func (m *Path_Element) GetType() string {
-	if m != nil && m.Type != nil {
-		return *m.Type
-	}
-	return ""
-}
-
-func (m *Path_Element) GetId() int64 {
-	if m != nil && m.Id != nil {
-		return *m.Id
-	}
-	return 0
-}
-
-func (m *Path_Element) GetName() string {
-	if m != nil && m.Name != nil {
-		return *m.Name
-	}
-	return ""
-}
-
-type Reference struct {
-	App                  *string  `protobuf:"bytes,13,req,name=app" json:"app,omitempty"`
-	NameSpace            *string  `protobuf:"bytes,20,opt,name=name_space,json=nameSpace" json:"name_space,omitempty"`
-	Path                 *Path    `protobuf:"bytes,14,req,name=path" json:"path,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *Reference) Reset()         { *m = Reference{} }
-func (m *Reference) String() string { return proto.CompactTextString(m) }
-func (*Reference) ProtoMessage()    {}
-func (*Reference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{4}
-}
-func (m *Reference) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Reference.Unmarshal(m, b)
-}
-func (m *Reference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Reference.Marshal(b, m, deterministic)
-}
-func (dst *Reference) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Reference.Merge(dst, src)
-}
-func (m *Reference) XXX_Size() int {
-	return xxx_messageInfo_Reference.Size(m)
-}
-func (m *Reference) XXX_DiscardUnknown() {
-	xxx_messageInfo_Reference.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Reference proto.InternalMessageInfo
-
-func (m *Reference) GetApp() string {
-	if m != nil && m.App != nil {
-		return *m.App
-	}
-	return ""
-}
-
-func (m *Reference) GetNameSpace() string {
-	if m != nil && m.NameSpace != nil {
-		return *m.NameSpace
-	}
-	return ""
-}
-
-func (m *Reference) GetPath() *Path {
-	if m != nil {
-		return m.Path
-	}
-	return nil
-}
-
-type User struct {
-	Email                *string  `protobuf:"bytes,1,req,name=email" json:"email,omitempty"`
-	AuthDomain           *string  `protobuf:"bytes,2,req,name=auth_domain,json=authDomain" json:"auth_domain,omitempty"`
-	Nickname             *string  `protobuf:"bytes,3,opt,name=nickname" json:"nickname,omitempty"`
-	FederatedIdentity    *string  `protobuf:"bytes,6,opt,name=federated_identity,json=federatedIdentity" json:"federated_identity,omitempty"`
-	FederatedProvider    *string  `protobuf:"bytes,7,opt,name=federated_provider,json=federatedProvider" json:"federated_provider,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *User) Reset()         { *m = User{} }
-func (m *User) String() string { return proto.CompactTextString(m) }
-func (*User) ProtoMessage()    {}
-func (*User) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{5}
-}
-func (m *User) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_User.Unmarshal(m, b)
-}
-func (m *User) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_User.Marshal(b, m, deterministic)
-}
-func (dst *User) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_User.Merge(dst, src)
-}
-func (m *User) XXX_Size() int {
-	return xxx_messageInfo_User.Size(m)
-}
-func (m *User) XXX_DiscardUnknown() {
-	xxx_messageInfo_User.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_User proto.InternalMessageInfo
-
-func (m *User) GetEmail() string {
-	if m != nil && m.Email != nil {
-		return *m.Email
-	}
-	return ""
-}
-
-func (m *User) GetAuthDomain() string {
-	if m != nil && m.AuthDomain != nil {
-		return *m.AuthDomain
-	}
-	return ""
-}
-
-func (m *User) GetNickname() string {
-	if m != nil && m.Nickname != nil {
-		return *m.Nickname
-	}
-	return ""
-}
-
-func (m *User) GetFederatedIdentity() string {
-	if m != nil && m.FederatedIdentity != nil {
-		return *m.FederatedIdentity
-	}
-	return ""
-}
-
-func (m *User) GetFederatedProvider() string {
-	if m != nil && m.FederatedProvider != nil {
-		return *m.FederatedProvider
-	}
-	return ""
-}
-
-type EntityProto struct {
-	Key                  *Reference        `protobuf:"bytes,13,req,name=key" json:"key,omitempty"`
-	EntityGroup          *Path             `protobuf:"bytes,16,req,name=entity_group,json=entityGroup" json:"entity_group,omitempty"`
-	Owner                *User             `protobuf:"bytes,17,opt,name=owner" json:"owner,omitempty"`
-	Kind                 *EntityProto_Kind `protobuf:"varint,4,opt,name=kind,enum=appengine.EntityProto_Kind" json:"kind,omitempty"`
-	KindUri              *string           `protobuf:"bytes,5,opt,name=kind_uri,json=kindUri" json:"kind_uri,omitempty"`
-	Property             []*Property       `protobuf:"bytes,14,rep,name=property" json:"property,omitempty"`
-	RawProperty          []*Property       `protobuf:"bytes,15,rep,name=raw_property,json=rawProperty" json:"raw_property,omitempty"`
-	Rank                 *int32            `protobuf:"varint,18,opt,name=rank" json:"rank,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
-	XXX_unrecognized     []byte            `json:"-"`
-	XXX_sizecache        int32             `json:"-"`
-}
-
-func (m *EntityProto) Reset()         { *m = EntityProto{} }
-func (m *EntityProto) String() string { return proto.CompactTextString(m) }
-func (*EntityProto) ProtoMessage()    {}
-func (*EntityProto) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{6}
-}
-func (m *EntityProto) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_EntityProto.Unmarshal(m, b)
-}
-func (m *EntityProto) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_EntityProto.Marshal(b, m, deterministic)
-}
-func (dst *EntityProto) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_EntityProto.Merge(dst, src)
-}
-func (m *EntityProto) XXX_Size() int {
-	return xxx_messageInfo_EntityProto.Size(m)
-}
-func (m *EntityProto) XXX_DiscardUnknown() {
-	xxx_messageInfo_EntityProto.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_EntityProto proto.InternalMessageInfo
-
-func (m *EntityProto) GetKey() *Reference {
-	if m != nil {
-		return m.Key
-	}
-	return nil
-}
-
-func (m *EntityProto) GetEntityGroup() *Path {
-	if m != nil {
-		return m.EntityGroup
-	}
-	return nil
-}
-
-func (m *EntityProto) GetOwner() *User {
-	if m != nil {
-		return m.Owner
-	}
-	return nil
-}
-
-func (m *EntityProto) GetKind() EntityProto_Kind {
-	if m != nil && m.Kind != nil {
-		return *m.Kind
-	}
-	return EntityProto_GD_CONTACT
-}
-
-func (m *EntityProto) GetKindUri() string {
-	if m != nil && m.KindUri != nil {
-		return *m.KindUri
-	}
-	return ""
-}
-
-func (m *EntityProto) GetProperty() []*Property {
-	if m != nil {
-		return m.Property
-	}
-	return nil
-}
-
-func (m *EntityProto) GetRawProperty() []*Property {
-	if m != nil {
-		return m.RawProperty
-	}
-	return nil
-}
-
-func (m *EntityProto) GetRank() int32 {
-	if m != nil && m.Rank != nil {
-		return *m.Rank
-	}
-	return 0
-}
-
-type CompositeProperty struct {
-	IndexId              *int64   `protobuf:"varint,1,req,name=index_id,json=indexId" json:"index_id,omitempty"`
-	Value                []string `protobuf:"bytes,2,rep,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *CompositeProperty) Reset()         { *m = CompositeProperty{} }
-func (m *CompositeProperty) String() string { return proto.CompactTextString(m) }
-func (*CompositeProperty) ProtoMessage()    {}
-func (*CompositeProperty) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{7}
-}
-func (m *CompositeProperty) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CompositeProperty.Unmarshal(m, b)
-}
-func (m *CompositeProperty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CompositeProperty.Marshal(b, m, deterministic)
-}
-func (dst *CompositeProperty) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CompositeProperty.Merge(dst, src)
-}
-func (m *CompositeProperty) XXX_Size() int {
-	return xxx_messageInfo_CompositeProperty.Size(m)
-}
-func (m *CompositeProperty) XXX_DiscardUnknown() {
-	xxx_messageInfo_CompositeProperty.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CompositeProperty proto.InternalMessageInfo
-
-func (m *CompositeProperty) GetIndexId() int64 {
-	if m != nil && m.IndexId != nil {
-		return *m.IndexId
-	}
-	return 0
-}
-
-func (m *CompositeProperty) GetValue() []string {
-	if m != nil {
-		return m.Value
-	}
-	return nil
-}
-
-type Index struct {
-	EntityType           *string           `protobuf:"bytes,1,req,name=entity_type,json=entityType" json:"entity_type,omitempty"`
-	Ancestor             *bool             `protobuf:"varint,5,req,name=ancestor" json:"ancestor,omitempty"`
-	Property             []*Index_Property `protobuf:"group,2,rep,name=Property,json=property" json:"property,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
-	XXX_unrecognized     []byte            `json:"-"`
-	XXX_sizecache        int32             `json:"-"`
-}
-
-func (m *Index) Reset()         { *m = Index{} }
-func (m *Index) String() string { return proto.CompactTextString(m) }
-func (*Index) ProtoMessage()    {}
-func (*Index) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{8}
-}
-func (m *Index) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Index.Unmarshal(m, b)
-}
-func (m *Index) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Index.Marshal(b, m, deterministic)
-}
-func (dst *Index) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Index.Merge(dst, src)
-}
-func (m *Index) XXX_Size() int {
-	return xxx_messageInfo_Index.Size(m)
-}
-func (m *Index) XXX_DiscardUnknown() {
-	xxx_messageInfo_Index.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Index proto.InternalMessageInfo
-
-func (m *Index) GetEntityType() string {
-	if m != nil && m.EntityType != nil {
-		return *m.EntityType
-	}
-	return ""
-}
-
-func (m *Index) GetAncestor() bool {
-	if m != nil && m.Ancestor != nil {
-		return *m.Ancestor
-	}
-	return false
-}
-
-func (m *Index) GetProperty() []*Index_Property {
-	if m != nil {
-		return m.Property
-	}
-	return nil
-}
-
-type Index_Property struct {
-	Name                 *string                   `protobuf:"bytes,3,req,name=name" json:"name,omitempty"`
-	Direction            *Index_Property_Direction `protobuf:"varint,4,opt,name=direction,enum=appengine.Index_Property_Direction,def=1" json:"direction,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                  `json:"-"`
-	XXX_unrecognized     []byte                    `json:"-"`
-	XXX_sizecache        int32                     `json:"-"`
-}
-
-func (m *Index_Property) Reset()         { *m = Index_Property{} }
-func (m *Index_Property) String() string { return proto.CompactTextString(m) }
-func (*Index_Property) ProtoMessage()    {}
-func (*Index_Property) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{8, 0}
-}
-func (m *Index_Property) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Index_Property.Unmarshal(m, b)
-}
-func (m *Index_Property) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Index_Property.Marshal(b, m, deterministic)
-}
-func (dst *Index_Property) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Index_Property.Merge(dst, src)
-}
-func (m *Index_Property) XXX_Size() int {
-	return xxx_messageInfo_Index_Property.Size(m)
-}
-func (m *Index_Property) XXX_DiscardUnknown() {
-	xxx_messageInfo_Index_Property.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Index_Property proto.InternalMessageInfo
-
-const Default_Index_Property_Direction Index_Property_Direction = Index_Property_ASCENDING
-
-func (m *Index_Property) GetName() string {
-	if m != nil && m.Name != nil {
-		return *m.Name
-	}
-	return ""
-}
-
-func (m *Index_Property) GetDirection() Index_Property_Direction {
-	if m != nil && m.Direction != nil {
-		return *m.Direction
-	}
-	return Default_Index_Property_Direction
-}
-
-type CompositeIndex struct {
-	AppId                *string               `protobuf:"bytes,1,req,name=app_id,json=appId" json:"app_id,omitempty"`
-	Id                   *int64                `protobuf:"varint,2,req,name=id" json:"id,omitempty"`
-	Definition           *Index                `protobuf:"bytes,3,req,name=definition" json:"definition,omitempty"`
-	State                *CompositeIndex_State `protobuf:"varint,4,req,name=state,enum=appengine.CompositeIndex_State" json:"state,omitempty"`
-	OnlyUseIfRequired    *bool                 `protobuf:"varint,6,opt,name=only_use_if_required,json=onlyUseIfRequired,def=0" json:"only_use_if_required,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
-	XXX_unrecognized     []byte                `json:"-"`
-	XXX_sizecache        int32                 `json:"-"`
-}
-
-func (m *CompositeIndex) Reset()         { *m = CompositeIndex{} }
-func (m *CompositeIndex) String() string { return proto.CompactTextString(m) }
-func (*CompositeIndex) ProtoMessage()    {}
-func (*CompositeIndex) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{9}
-}
-func (m *CompositeIndex) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CompositeIndex.Unmarshal(m, b)
-}
-func (m *CompositeIndex) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CompositeIndex.Marshal(b, m, deterministic)
-}
-func (dst *CompositeIndex) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CompositeIndex.Merge(dst, src)
-}
-func (m *CompositeIndex) XXX_Size() int {
-	return xxx_messageInfo_CompositeIndex.Size(m)
-}
-func (m *CompositeIndex) XXX_DiscardUnknown() {
-	xxx_messageInfo_CompositeIndex.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CompositeIndex proto.InternalMessageInfo
-
-const Default_CompositeIndex_OnlyUseIfRequired bool = false
-
-func (m *CompositeIndex) GetAppId() string {
-	if m != nil && m.AppId != nil {
-		return *m.AppId
-	}
-	return ""
-}
-
-func (m *CompositeIndex) GetId() int64 {
-	if m != nil && m.Id != nil {
-		return *m.Id
-	}
-	return 0
-}
-
-func (m *CompositeIndex) GetDefinition() *Index {
-	if m != nil {
-		return m.Definition
-	}
-	return nil
-}
-
-func (m *CompositeIndex) GetState() CompositeIndex_State {
-	if m != nil && m.State != nil {
-		return *m.State
-	}
-	return CompositeIndex_WRITE_ONLY
-}
-
-func (m *CompositeIndex) GetOnlyUseIfRequired() bool {
-	if m != nil && m.OnlyUseIfRequired != nil {
-		return *m.OnlyUseIfRequired
-	}
-	return Default_CompositeIndex_OnlyUseIfRequired
-}
-
-type IndexPostfix struct {
-	IndexValue           []*IndexPostfix_IndexValue `protobuf:"bytes,1,rep,name=index_value,json=indexValue" json:"index_value,omitempty"`
-	Key                  *Reference                 `protobuf:"bytes,2,opt,name=key" json:"key,omitempty"`
-	Before               *bool                      `protobuf:"varint,3,opt,name=before,def=1" json:"before,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                   `json:"-"`
-	XXX_unrecognized     []byte                     `json:"-"`
-	XXX_sizecache        int32                      `json:"-"`
-}
-
-func (m *IndexPostfix) Reset()         { *m = IndexPostfix{} }
-func (m *IndexPostfix) String() string { return proto.CompactTextString(m) }
-func (*IndexPostfix) ProtoMessage()    {}
-func (*IndexPostfix) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{10}
-}
-func (m *IndexPostfix) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_IndexPostfix.Unmarshal(m, b)
-}
-func (m *IndexPostfix) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_IndexPostfix.Marshal(b, m, deterministic)
-}
-func (dst *IndexPostfix) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_IndexPostfix.Merge(dst, src)
-}
-func (m *IndexPostfix) XXX_Size() int {
-	return xxx_messageInfo_IndexPostfix.Size(m)
-}
-func (m *IndexPostfix) XXX_DiscardUnknown() {
-	xxx_messageInfo_IndexPostfix.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_IndexPostfix proto.InternalMessageInfo
-
-const Default_IndexPostfix_Before bool = true
-
-func (m *IndexPostfix) GetIndexValue() []*IndexPostfix_IndexValue {
-	if m != nil {
-		return m.IndexValue
-	}
-	return nil
-}
-
-func (m *IndexPostfix) GetKey() *Reference {
-	if m != nil {
-		return m.Key
-	}
-	return nil
-}
-
-func (m *IndexPostfix) GetBefore() bool {
-	if m != nil && m.Before != nil {
-		return *m.Before
-	}
-	return Default_IndexPostfix_Before
-}
-
-type IndexPostfix_IndexValue struct {
-	PropertyName         *string        `protobuf:"bytes,1,req,name=property_name,json=propertyName" json:"property_name,omitempty"`
-	Value                *PropertyValue `protobuf:"bytes,2,req,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
-	XXX_unrecognized     []byte         `json:"-"`
-	XXX_sizecache        int32          `json:"-"`
-}
-
-func (m *IndexPostfix_IndexValue) Reset()         { *m = IndexPostfix_IndexValue{} }
-func (m *IndexPostfix_IndexValue) String() string { return proto.CompactTextString(m) }
-func (*IndexPostfix_IndexValue) ProtoMessage()    {}
-func (*IndexPostfix_IndexValue) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{10, 0}
-}
-func (m *IndexPostfix_IndexValue) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_IndexPostfix_IndexValue.Unmarshal(m, b)
-}
-func (m *IndexPostfix_IndexValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_IndexPostfix_IndexValue.Marshal(b, m, deterministic)
-}
-func (dst *IndexPostfix_IndexValue) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_IndexPostfix_IndexValue.Merge(dst, src)
-}
-func (m *IndexPostfix_IndexValue) XXX_Size() int {
-	return xxx_messageInfo_IndexPostfix_IndexValue.Size(m)
-}
-func (m *IndexPostfix_IndexValue) XXX_DiscardUnknown() {
-	xxx_messageInfo_IndexPostfix_IndexValue.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_IndexPostfix_IndexValue proto.InternalMessageInfo
-
-func (m *IndexPostfix_IndexValue) GetPropertyName() string {
-	if m != nil && m.PropertyName != nil {
-		return *m.PropertyName
-	}
-	return ""
-}
-
-func (m *IndexPostfix_IndexValue) GetValue() *PropertyValue {
-	if m != nil {
-		return m.Value
-	}
-	return nil
-}
-
-type IndexPosition struct {
-	Key                  *string  `protobuf:"bytes,1,opt,name=key" json:"key,omitempty"`
-	Before               *bool    `protobuf:"varint,2,opt,name=before,def=1" json:"before,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *IndexPosition) Reset()         { *m = IndexPosition{} }
-func (m *IndexPosition) String() string { return proto.CompactTextString(m) }
-func (*IndexPosition) ProtoMessage()    {}
-func (*IndexPosition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{11}
-}
-func (m *IndexPosition) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_IndexPosition.Unmarshal(m, b)
-}
-func (m *IndexPosition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_IndexPosition.Marshal(b, m, deterministic)
-}
-func (dst *IndexPosition) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_IndexPosition.Merge(dst, src)
-}
-func (m *IndexPosition) XXX_Size() int {
-	return xxx_messageInfo_IndexPosition.Size(m)
-}
-func (m *IndexPosition) XXX_DiscardUnknown() {
-	xxx_messageInfo_IndexPosition.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_IndexPosition proto.InternalMessageInfo
-
-const Default_IndexPosition_Before bool = true
-
-func (m *IndexPosition) GetKey() string {
-	if m != nil && m.Key != nil {
-		return *m.Key
-	}
-	return ""
-}
-
-func (m *IndexPosition) GetBefore() bool {
-	if m != nil && m.Before != nil {
-		return *m.Before
-	}
-	return Default_IndexPosition_Before
-}
-
-type Snapshot struct {
-	Ts                   *int64   `protobuf:"varint,1,req,name=ts" json:"ts,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *Snapshot) Reset()         { *m = Snapshot{} }
-func (m *Snapshot) String() string { return proto.CompactTextString(m) }
-func (*Snapshot) ProtoMessage()    {}
-func (*Snapshot) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{12}
-}
-func (m *Snapshot) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Snapshot.Unmarshal(m, b)
-}
-func (m *Snapshot) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Snapshot.Marshal(b, m, deterministic)
-}
-func (dst *Snapshot) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Snapshot.Merge(dst, src)
-}
-func (m *Snapshot) XXX_Size() int {
-	return xxx_messageInfo_Snapshot.Size(m)
-}
-func (m *Snapshot) XXX_DiscardUnknown() {
-	xxx_messageInfo_Snapshot.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Snapshot proto.InternalMessageInfo
-
-func (m *Snapshot) GetTs() int64 {
-	if m != nil && m.Ts != nil {
-		return *m.Ts
-	}
-	return 0
-}
-
-type InternalHeader struct {
-	Qos                  *string  `protobuf:"bytes,1,opt,name=qos" json:"qos,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *InternalHeader) Reset()         { *m = InternalHeader{} }
-func (m *InternalHeader) String() string { return proto.CompactTextString(m) }
-func (*InternalHeader) ProtoMessage()    {}
-func (*InternalHeader) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{13}
-}
-func (m *InternalHeader) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_InternalHeader.Unmarshal(m, b)
-}
-func (m *InternalHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_InternalHeader.Marshal(b, m, deterministic)
-}
-func (dst *InternalHeader) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_InternalHeader.Merge(dst, src)
-}
-func (m *InternalHeader) XXX_Size() int {
-	return xxx_messageInfo_InternalHeader.Size(m)
-}
-func (m *InternalHeader) XXX_DiscardUnknown() {
-	xxx_messageInfo_InternalHeader.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_InternalHeader proto.InternalMessageInfo
-
-func (m *InternalHeader) GetQos() string {
-	if m != nil && m.Qos != nil {
-		return *m.Qos
-	}
-	return ""
-}
-
-type Transaction struct {
-	Header               *InternalHeader `protobuf:"bytes,4,opt,name=header" json:"header,omitempty"`
-	Handle               *uint64         `protobuf:"fixed64,1,req,name=handle" json:"handle,omitempty"`
-	App                  *string         `protobuf:"bytes,2,req,name=app" json:"app,omitempty"`
-	MarkChanges          *bool           `protobuf:"varint,3,opt,name=mark_changes,json=markChanges,def=0" json:"mark_changes,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
-	XXX_unrecognized     []byte          `json:"-"`
-	XXX_sizecache        int32           `json:"-"`
-}
-
-func (m *Transaction) Reset()         { *m = Transaction{} }
-func (m *Transaction) String() string { return proto.CompactTextString(m) }
-func (*Transaction) ProtoMessage()    {}
-func (*Transaction) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{14}
-}
-func (m *Transaction) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Transaction.Unmarshal(m, b)
-}
-func (m *Transaction) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Transaction.Marshal(b, m, deterministic)
-}
-func (dst *Transaction) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Transaction.Merge(dst, src)
-}
-func (m *Transaction) XXX_Size() int {
-	return xxx_messageInfo_Transaction.Size(m)
-}
-func (m *Transaction) XXX_DiscardUnknown() {
-	xxx_messageInfo_Transaction.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Transaction proto.InternalMessageInfo
-
-const Default_Transaction_MarkChanges bool = false
-
-func (m *Transaction) GetHeader() *InternalHeader {
-	if m != nil {
-		return m.Header
-	}
-	return nil
-}
-
-func (m *Transaction) GetHandle() uint64 {
-	if m != nil && m.Handle != nil {
-		return *m.Handle
-	}
-	return 0
-}
-
-func (m *Transaction) GetApp() string {
-	if m != nil && m.App != nil {
-		return *m.App
-	}
-	return ""
-}
-
-func (m *Transaction) GetMarkChanges() bool {
-	if m != nil && m.MarkChanges != nil {
-		return *m.MarkChanges
-	}
-	return Default_Transaction_MarkChanges
-}
-
-type Query struct {
-	Header               *InternalHeader   `protobuf:"bytes,39,opt,name=header" json:"header,omitempty"`
-	App                  *string           `protobuf:"bytes,1,req,name=app" json:"app,omitempty"`
-	NameSpace            *string           `protobuf:"bytes,29,opt,name=name_space,json=nameSpace" json:"name_space,omitempty"`
-	Kind                 *string           `protobuf:"bytes,3,opt,name=kind" json:"kind,omitempty"`
-	Ancestor             *Reference        `protobuf:"bytes,17,opt,name=ancestor" json:"ancestor,omitempty"`
-	Filter               []*Query_Filter   `protobuf:"group,4,rep,name=Filter,json=filter" json:"filter,omitempty"`
-	SearchQuery          *string           `protobuf:"bytes,8,opt,name=search_query,json=searchQuery" json:"search_query,omitempty"`
-	Order                []*Query_Order    `protobuf:"group,9,rep,name=Order,json=order" json:"order,omitempty"`
-	Hint                 *Query_Hint       `protobuf:"varint,18,opt,name=hint,enum=appengine.Query_Hint" json:"hint,omitempty"`
-	Count                *int32            `protobuf:"varint,23,opt,name=count" json:"count,omitempty"`
-	Offset               *int32            `protobuf:"varint,12,opt,name=offset,def=0" json:"offset,omitempty"`
-	Limit                *int32            `protobuf:"varint,16,opt,name=limit" json:"limit,omitempty"`
-	CompiledCursor       *CompiledCursor   `protobuf:"bytes,30,opt,name=compiled_cursor,json=compiledCursor" json:"compiled_cursor,omitempty"`
-	EndCompiledCursor    *CompiledCursor   `protobuf:"bytes,31,opt,name=end_compiled_cursor,json=endCompiledCursor" json:"end_compiled_cursor,omitempty"`
-	CompositeIndex       []*CompositeIndex `protobuf:"bytes,19,rep,name=composite_index,json=compositeIndex" json:"composite_index,omitempty"`
-	RequirePerfectPlan   *bool             `protobuf:"varint,20,opt,name=require_perfect_plan,json=requirePerfectPlan,def=0" json:"require_perfect_plan,omitempty"`
-	KeysOnly             *bool             `protobuf:"varint,21,opt,name=keys_only,json=keysOnly,def=0" json:"keys_only,omitempty"`
-	Transaction          *Transaction      `protobuf:"bytes,22,opt,name=transaction" json:"transaction,omitempty"`
-	Compile              *bool             `protobuf:"varint,25,opt,name=compile,def=0" json:"compile,omitempty"`
-	FailoverMs           *int64            `protobuf:"varint,26,opt,name=failover_ms,json=failoverMs" json:"failover_ms,omitempty"`
-	Strong               *bool             `protobuf:"varint,32,opt,name=strong" json:"strong,omitempty"`
-	PropertyName         []string          `protobuf:"bytes,33,rep,name=property_name,json=propertyName" json:"property_name,omitempty"`
-	GroupByPropertyName  []string          `protobuf:"bytes,34,rep,name=group_by_property_name,json=groupByPropertyName" json:"group_by_property_name,omitempty"`
-	Distinct             *bool             `protobuf:"varint,24,opt,name=distinct" json:"distinct,omitempty"`
-	MinSafeTimeSeconds   *int64            `protobuf:"varint,35,opt,name=min_safe_time_seconds,json=minSafeTimeSeconds" json:"min_safe_time_seconds,omitempty"`
-	SafeReplicaName      []string          `protobuf:"bytes,36,rep,name=safe_replica_name,json=safeReplicaName" json:"safe_replica_name,omitempty"`
-	PersistOffset        *bool             `protobuf:"varint,37,opt,name=persist_offset,json=persistOffset,def=0" json:"persist_offset,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
-	XXX_unrecognized     []byte            `json:"-"`
-	XXX_sizecache        int32             `json:"-"`
-}
-
-func (m *Query) Reset()         { *m = Query{} }
-func (m *Query) String() string { return proto.CompactTextString(m) }
-func (*Query) ProtoMessage()    {}
-func (*Query) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{15}
-}
-func (m *Query) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Query.Unmarshal(m, b)
-}
-func (m *Query) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Query.Marshal(b, m, deterministic)
-}
-func (dst *Query) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Query.Merge(dst, src)
-}
-func (m *Query) XXX_Size() int {
-	return xxx_messageInfo_Query.Size(m)
-}
-func (m *Query) XXX_DiscardUnknown() {
-	xxx_messageInfo_Query.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Query proto.InternalMessageInfo
-
-const Default_Query_Offset int32 = 0
-const Default_Query_RequirePerfectPlan bool = false
-const Default_Query_KeysOnly bool = false
-const Default_Query_Compile bool = false
-const Default_Query_PersistOffset bool = false
-
-func (m *Query) GetHeader() *InternalHeader {
-	if m != nil {
-		return m.Header
-	}
-	return nil
-}
-
-func (m *Query) GetApp() string {
-	if m != nil && m.App != nil {
-		return *m.App
-	}
-	return ""
-}
-
-func (m *Query) GetNameSpace() string {
-	if m != nil && m.NameSpace != nil {
-		return *m.NameSpace
-	}
-	return ""
-}
-
-func (m *Query) GetKind() string {
-	if m != nil && m.Kind != nil {
-		return *m.Kind
-	}
-	return ""
-}
-
-func (m *Query) GetAncestor() *Reference {
-	if m != nil {
-		return m.Ancestor
-	}
-	return nil
-}
-
-func (m *Query) GetFilter() []*Query_Filter {
-	if m != nil {
-		return m.Filter
-	}
-	return nil
-}
-
-func (m *Query) GetSearchQuery() string {
-	if m != nil && m.SearchQuery != nil {
-		return *m.SearchQuery
-	}
-	return ""
-}
-
-func (m *Query) GetOrder() []*Query_Order {
-	if m != nil {
-		return m.Order
-	}
-	return nil
-}
-
-func (m *Query) GetHint() Query_Hint {
-	if m != nil && m.Hint != nil {
-		return *m.Hint
-	}
-	return Query_ORDER_FIRST
-}
-
-func (m *Query) GetCount() int32 {
-	if m != nil && m.Count != nil {
-		return *m.Count
-	}
-	return 0
-}
-
-func (m *Query) GetOffset() int32 {
-	if m != nil && m.Offset != nil {
-		return *m.Offset
-	}
-	return Default_Query_Offset
-}
-
-func (m *Query) GetLimit() int32 {
-	if m != nil && m.Limit != nil {
-		return *m.Limit
-	}
-	return 0
-}
-
-func (m *Query) GetCompiledCursor() *CompiledCursor {
-	if m != nil {
-		return m.CompiledCursor
-	}
-	return nil
-}
-
-func (m *Query) GetEndCompiledCursor() *CompiledCursor {
-	if m != nil {
-		return m.EndCompiledCursor
-	}
-	return nil
-}
-
-func (m *Query) GetCompositeIndex() []*CompositeIndex {
-	if m != nil {
-		return m.CompositeIndex
-	}
-	return nil
-}
-
-func (m *Query) GetRequirePerfectPlan() bool {
-	if m != nil && m.RequirePerfectPlan != nil {
-		return *m.RequirePerfectPlan
-	}
-	return Default_Query_RequirePerfectPlan
-}
-
-func (m *Query) GetKeysOnly() bool {
-	if m != nil && m.KeysOnly != nil {
-		return *m.KeysOnly
-	}
-	return Default_Query_KeysOnly
-}
-
-func (m *Query) GetTransaction() *Transaction {
-	if m != nil {
-		return m.Transaction
-	}
-	return nil
-}
-
-func (m *Query) GetCompile() bool {
-	if m != nil && m.Compile != nil {
-		return *m.Compile
-	}
-	return Default_Query_Compile
-}
-
-func (m *Query) GetFailoverMs() int64 {
-	if m != nil && m.FailoverMs != nil {
-		return *m.FailoverMs
-	}
-	return 0
-}
-
-func (m *Query) GetStrong() bool {
-	if m != nil && m.Strong != nil {
-		return *m.Strong
-	}
-	return false
-}
-
-func (m *Query) GetPropertyName() []string {
-	if m != nil {
-		return m.PropertyName
-	}
-	return nil
-}
-
-func (m *Query) GetGroupByPropertyName() []string {
-	if m != nil {
-		return m.GroupByPropertyName
-	}
-	return nil
-}
-
-func (m *Query) GetDistinct() bool {
-	if m != nil && m.Distinct != nil {
-		return *m.Distinct
-	}
-	return false
-}
-
-func (m *Query) GetMinSafeTimeSeconds() int64 {
-	if m != nil && m.MinSafeTimeSeconds != nil {
-		return *m.MinSafeTimeSeconds
-	}
-	return 0
-}
-
-func (m *Query) GetSafeReplicaName() []string {
-	if m != nil {
-		return m.SafeReplicaName
-	}
-	return nil
-}
-
-func (m *Query) GetPersistOffset() bool {
-	if m != nil && m.PersistOffset != nil {
-		return *m.PersistOffset
-	}
-	return Default_Query_PersistOffset
-}
-
-type Query_Filter struct {
-	Op                   *Query_Filter_Operator `protobuf:"varint,6,req,name=op,enum=appengine.Query_Filter_Operator" json:"op,omitempty"`
-	Property             []*Property            `protobuf:"bytes,14,rep,name=property" json:"property,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
-	XXX_unrecognized     []byte                 `json:"-"`
-	XXX_sizecache        int32                  `json:"-"`
-}
-
-func (m *Query_Filter) Reset()         { *m = Query_Filter{} }
-func (m *Query_Filter) String() string { return proto.CompactTextString(m) }
-func (*Query_Filter) ProtoMessage()    {}
-func (*Query_Filter) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{15, 0}
-}
-func (m *Query_Filter) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Query_Filter.Unmarshal(m, b)
-}
-func (m *Query_Filter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Query_Filter.Marshal(b, m, deterministic)
-}
-func (dst *Query_Filter) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Query_Filter.Merge(dst, src)
-}
-func (m *Query_Filter) XXX_Size() int {
-	return xxx_messageInfo_Query_Filter.Size(m)
-}
-func (m *Query_Filter) XXX_DiscardUnknown() {
-	xxx_messageInfo_Query_Filter.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Query_Filter proto.InternalMessageInfo
-
-func (m *Query_Filter) GetOp() Query_Filter_Operator {
-	if m != nil && m.Op != nil {
-		return *m.Op
-	}
-	return Query_Filter_LESS_THAN
-}
-
-func (m *Query_Filter) GetProperty() []*Property {
-	if m != nil {
-		return m.Property
-	}
-	return nil
-}
-
-type Query_Order struct {
-	Property             *string                `protobuf:"bytes,10,req,name=property" json:"property,omitempty"`
-	Direction            *Query_Order_Direction `protobuf:"varint,11,opt,name=direction,enum=appengine.Query_Order_Direction,def=1" json:"direction,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
-	XXX_unrecognized     []byte                 `json:"-"`
-	XXX_sizecache        int32                  `json:"-"`
-}
-
-func (m *Query_Order) Reset()         { *m = Query_Order{} }
-func (m *Query_Order) String() string { return proto.CompactTextString(m) }
-func (*Query_Order) ProtoMessage()    {}
-func (*Query_Order) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{15, 1}
-}
-func (m *Query_Order) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Query_Order.Unmarshal(m, b)
-}
-func (m *Query_Order) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Query_Order.Marshal(b, m, deterministic)
-}
-func (dst *Query_Order) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Query_Order.Merge(dst, src)
-}
-func (m *Query_Order) XXX_Size() int {
-	return xxx_messageInfo_Query_Order.Size(m)
-}
-func (m *Query_Order) XXX_DiscardUnknown() {
-	xxx_messageInfo_Query_Order.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Query_Order proto.InternalMessageInfo
-
-const Default_Query_Order_Direction Query_Order_Direction = Query_Order_ASCENDING
-
-func (m *Query_Order) GetProperty() string {
-	if m != nil && m.Property != nil {
-		return *m.Property
-	}
-	return ""
-}
-
-func (m *Query_Order) GetDirection() Query_Order_Direction {
-	if m != nil && m.Direction != nil {
-		return *m.Direction
-	}
-	return Default_Query_Order_Direction
-}
-
-type CompiledQuery struct {
-	Primaryscan          *CompiledQuery_PrimaryScan     `protobuf:"group,1,req,name=PrimaryScan,json=primaryscan" json:"primaryscan,omitempty"`
-	Mergejoinscan        []*CompiledQuery_MergeJoinScan `protobuf:"group,7,rep,name=MergeJoinScan,json=mergejoinscan" json:"mergejoinscan,omitempty"`
-	IndexDef             *Index                         `protobuf:"bytes,21,opt,name=index_def,json=indexDef" json:"index_def,omitempty"`
-	Offset               *int32                         `protobuf:"varint,10,opt,name=offset,def=0" json:"offset,omitempty"`
-	Limit                *int32                         `protobuf:"varint,11,opt,name=limit" json:"limit,omitempty"`
-	KeysOnly             *bool                          `protobuf:"varint,12,req,name=keys_only,json=keysOnly" json:"keys_only,omitempty"`
-	PropertyName         []string                       `protobuf:"bytes,24,rep,name=property_name,json=propertyName" json:"property_name,omitempty"`
-	DistinctInfixSize    *int32                         `protobuf:"varint,25,opt,name=distinct_infix_size,json=distinctInfixSize" json:"distinct_infix_size,omitempty"`
-	Entityfilter         *CompiledQuery_EntityFilter    `protobuf:"group,13,opt,name=EntityFilter,json=entityfilter" json:"entityfilter,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                       `json:"-"`
-	XXX_unrecognized     []byte                         `json:"-"`
-	XXX_sizecache        int32                          `json:"-"`
-}
-
-func (m *CompiledQuery) Reset()         { *m = CompiledQuery{} }
-func (m *CompiledQuery) String() string { return proto.CompactTextString(m) }
-func (*CompiledQuery) ProtoMessage()    {}
-func (*CompiledQuery) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{16}
-}
-func (m *CompiledQuery) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CompiledQuery.Unmarshal(m, b)
-}
-func (m *CompiledQuery) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CompiledQuery.Marshal(b, m, deterministic)
-}
-func (dst *CompiledQuery) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CompiledQuery.Merge(dst, src)
-}
-func (m *CompiledQuery) XXX_Size() int {
-	return xxx_messageInfo_CompiledQuery.Size(m)
-}
-func (m *CompiledQuery) XXX_DiscardUnknown() {
-	xxx_messageInfo_CompiledQuery.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CompiledQuery proto.InternalMessageInfo
-
-const Default_CompiledQuery_Offset int32 = 0
-
-func (m *CompiledQuery) GetPrimaryscan() *CompiledQuery_PrimaryScan {
-	if m != nil {
-		return m.Primaryscan
-	}
-	return nil
-}
-
-func (m *CompiledQuery) GetMergejoinscan() []*CompiledQuery_MergeJoinScan {
-	if m != nil {
-		return m.Mergejoinscan
-	}
-	return nil
-}
-
-func (m *CompiledQuery) GetIndexDef() *Index {
-	if m != nil {
-		return m.IndexDef
-	}
-	return nil
-}
-
-func (m *CompiledQuery) GetOffset() int32 {
-	if m != nil && m.Offset != nil {
-		return *m.Offset
-	}
-	return Default_CompiledQuery_Offset
-}
-
-func (m *CompiledQuery) GetLimit() int32 {
-	if m != nil && m.Limit != nil {
-		return *m.Limit
-	}
-	return 0
-}
-
-func (m *CompiledQuery) GetKeysOnly() bool {
-	if m != nil && m.KeysOnly != nil {
-		return *m.KeysOnly
-	}
-	return false
-}
-
-func (m *CompiledQuery) GetPropertyName() []string {
-	if m != nil {
-		return m.PropertyName
-	}
-	return nil
-}
-
-func (m *CompiledQuery) GetDistinctInfixSize() int32 {
-	if m != nil && m.DistinctInfixSize != nil {
-		return *m.DistinctInfixSize
-	}
-	return 0
-}
-
-func (m *CompiledQuery) GetEntityfilter() *CompiledQuery_EntityFilter {
-	if m != nil {
-		return m.Entityfilter
-	}
-	return nil
-}
-
-type CompiledQuery_PrimaryScan struct {
-	IndexName                  *string  `protobuf:"bytes,2,opt,name=index_name,json=indexName" json:"index_name,omitempty"`
-	StartKey                   *string  `protobuf:"bytes,3,opt,name=start_key,json=startKey" json:"start_key,omitempty"`
-	StartInclusive             *bool    `protobuf:"varint,4,opt,name=start_inclusive,json=startInclusive" json:"start_inclusive,omitempty"`
-	EndKey                     *string  `protobuf:"bytes,5,opt,name=end_key,json=endKey" json:"end_key,omitempty"`
-	EndInclusive               *bool    `protobuf:"varint,6,opt,name=end_inclusive,json=endInclusive" json:"end_inclusive,omitempty"`
-	StartPostfixValue          []string `protobuf:"bytes,22,rep,name=start_postfix_value,json=startPostfixValue" json:"start_postfix_value,omitempty"`
-	EndPostfixValue            []string `protobuf:"bytes,23,rep,name=end_postfix_value,json=endPostfixValue" json:"end_postfix_value,omitempty"`
-	EndUnappliedLogTimestampUs *int64   `protobuf:"varint,19,opt,name=end_unapplied_log_timestamp_us,json=endUnappliedLogTimestampUs" json:"end_unapplied_log_timestamp_us,omitempty"`
-	XXX_NoUnkeyedLiteral       struct{} `json:"-"`
-	XXX_unrecognized           []byte   `json:"-"`
-	XXX_sizecache              int32    `json:"-"`
-}
-
-func (m *CompiledQuery_PrimaryScan) Reset()         { *m = CompiledQuery_PrimaryScan{} }
-func (m *CompiledQuery_PrimaryScan) String() string { return proto.CompactTextString(m) }
-func (*CompiledQuery_PrimaryScan) ProtoMessage()    {}
-func (*CompiledQuery_PrimaryScan) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{16, 0}
-}
-func (m *CompiledQuery_PrimaryScan) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CompiledQuery_PrimaryScan.Unmarshal(m, b)
-}
-func (m *CompiledQuery_PrimaryScan) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CompiledQuery_PrimaryScan.Marshal(b, m, deterministic)
-}
-func (dst *CompiledQuery_PrimaryScan) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CompiledQuery_PrimaryScan.Merge(dst, src)
-}
-func (m *CompiledQuery_PrimaryScan) XXX_Size() int {
-	return xxx_messageInfo_CompiledQuery_PrimaryScan.Size(m)
-}
-func (m *CompiledQuery_PrimaryScan) XXX_DiscardUnknown() {
-	xxx_messageInfo_CompiledQuery_PrimaryScan.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CompiledQuery_PrimaryScan proto.InternalMessageInfo
-
-func (m *CompiledQuery_PrimaryScan) GetIndexName() string {
-	if m != nil && m.IndexName != nil {
-		return *m.IndexName
-	}
-	return ""
-}
-
-func (m *CompiledQuery_PrimaryScan) GetStartKey() string {
-	if m != nil && m.StartKey != nil {
-		return *m.StartKey
-	}
-	return ""
-}
-
-func (m *CompiledQuery_PrimaryScan) GetStartInclusive() bool {
-	if m != nil && m.StartInclusive != nil {
-		return *m.StartInclusive
-	}
-	return false
-}
-
-func (m *CompiledQuery_PrimaryScan) GetEndKey() string {
-	if m != nil && m.EndKey != nil {
-		return *m.EndKey
-	}
-	return ""
-}
-
-func (m *CompiledQuery_PrimaryScan) GetEndInclusive() bool {
-	if m != nil && m.EndInclusive != nil {
-		return *m.EndInclusive
-	}
-	return false
-}
-
-func (m *CompiledQuery_PrimaryScan) GetStartPostfixValue() []string {
-	if m != nil {
-		return m.StartPostfixValue
-	}
-	return nil
-}
-
-func (m *CompiledQuery_PrimaryScan) GetEndPostfixValue() []string {
-	if m != nil {
-		return m.EndPostfixValue
-	}
-	return nil
-}
-
-func (m *CompiledQuery_PrimaryScan) GetEndUnappliedLogTimestampUs() int64 {
-	if m != nil && m.EndUnappliedLogTimestampUs != nil {
-		return *m.EndUnappliedLogTimestampUs
-	}
-	return 0
-}
-
-type CompiledQuery_MergeJoinScan struct {
-	IndexName            *string  `protobuf:"bytes,8,req,name=index_name,json=indexName" json:"index_name,omitempty"`
-	PrefixValue          []string `protobuf:"bytes,9,rep,name=prefix_value,json=prefixValue" json:"prefix_value,omitempty"`
-	ValuePrefix          *bool    `protobuf:"varint,20,opt,name=value_prefix,json=valuePrefix,def=0" json:"value_prefix,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *CompiledQuery_MergeJoinScan) Reset()         { *m = CompiledQuery_MergeJoinScan{} }
-func (m *CompiledQuery_MergeJoinScan) String() string { return proto.CompactTextString(m) }
-func (*CompiledQuery_MergeJoinScan) ProtoMessage()    {}
-func (*CompiledQuery_MergeJoinScan) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{16, 1}
-}
-func (m *CompiledQuery_MergeJoinScan) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CompiledQuery_MergeJoinScan.Unmarshal(m, b)
-}
-func (m *CompiledQuery_MergeJoinScan) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CompiledQuery_MergeJoinScan.Marshal(b, m, deterministic)
-}
-func (dst *CompiledQuery_MergeJoinScan) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CompiledQuery_MergeJoinScan.Merge(dst, src)
-}
-func (m *CompiledQuery_MergeJoinScan) XXX_Size() int {
-	return xxx_messageInfo_CompiledQuery_MergeJoinScan.Size(m)
-}
-func (m *CompiledQuery_MergeJoinScan) XXX_DiscardUnknown() {
-	xxx_messageInfo_CompiledQuery_MergeJoinScan.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CompiledQuery_MergeJoinScan proto.InternalMessageInfo
-
-const Default_CompiledQuery_MergeJoinScan_ValuePrefix bool = false
-
-func (m *CompiledQuery_MergeJoinScan) GetIndexName() string {
-	if m != nil && m.IndexName != nil {
-		return *m.IndexName
-	}
-	return ""
-}
-
-func (m *CompiledQuery_MergeJoinScan) GetPrefixValue() []string {
-	if m != nil {
-		return m.PrefixValue
-	}
-	return nil
-}
-
-func (m *CompiledQuery_MergeJoinScan) GetValuePrefix() bool {
-	if m != nil && m.ValuePrefix != nil {
-		return *m.ValuePrefix
-	}
-	return Default_CompiledQuery_MergeJoinScan_ValuePrefix
-}
-
-type CompiledQuery_EntityFilter struct {
-	Distinct             *bool      `protobuf:"varint,14,opt,name=distinct,def=0" json:"distinct,omitempty"`
-	Kind                 *string    `protobuf:"bytes,17,opt,name=kind" json:"kind,omitempty"`
-	Ancestor             *Reference `protobuf:"bytes,18,opt,name=ancestor" json:"ancestor,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
-	XXX_unrecognized     []byte     `json:"-"`
-	XXX_sizecache        int32      `json:"-"`
-}
-
-func (m *CompiledQuery_EntityFilter) Reset()         { *m = CompiledQuery_EntityFilter{} }
-func (m *CompiledQuery_EntityFilter) String() string { return proto.CompactTextString(m) }
-func (*CompiledQuery_EntityFilter) ProtoMessage()    {}
-func (*CompiledQuery_EntityFilter) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{16, 2}
-}
-func (m *CompiledQuery_EntityFilter) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CompiledQuery_EntityFilter.Unmarshal(m, b)
-}
-func (m *CompiledQuery_EntityFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CompiledQuery_EntityFilter.Marshal(b, m, deterministic)
-}
-func (dst *CompiledQuery_EntityFilter) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CompiledQuery_EntityFilter.Merge(dst, src)
-}
-func (m *CompiledQuery_EntityFilter) XXX_Size() int {
-	return xxx_messageInfo_CompiledQuery_EntityFilter.Size(m)
-}
-func (m *CompiledQuery_EntityFilter) XXX_DiscardUnknown() {
-	xxx_messageInfo_CompiledQuery_EntityFilter.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CompiledQuery_EntityFilter proto.InternalMessageInfo
-
-const Default_CompiledQuery_EntityFilter_Distinct bool = false
-
-func (m *CompiledQuery_EntityFilter) GetDistinct() bool {
-	if m != nil && m.Distinct != nil {
-		return *m.Distinct
-	}
-	return Default_CompiledQuery_EntityFilter_Distinct
-}
-
-func (m *CompiledQuery_EntityFilter) GetKind() string {
-	if m != nil && m.Kind != nil {
-		return *m.Kind
-	}
-	return ""
-}
-
-func (m *CompiledQuery_EntityFilter) GetAncestor() *Reference {
-	if m != nil {
-		return m.Ancestor
-	}
-	return nil
-}
-
-type CompiledCursor struct {
-	Position             *CompiledCursor_Position `protobuf:"group,2,opt,name=Position,json=position" json:"position,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
-	XXX_unrecognized     []byte                   `json:"-"`
-	XXX_sizecache        int32                    `json:"-"`
-}
-
-func (m *CompiledCursor) Reset()         { *m = CompiledCursor{} }
-func (m *CompiledCursor) String() string { return proto.CompactTextString(m) }
-func (*CompiledCursor) ProtoMessage()    {}
-func (*CompiledCursor) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{17}
-}
-func (m *CompiledCursor) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CompiledCursor.Unmarshal(m, b)
-}
-func (m *CompiledCursor) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CompiledCursor.Marshal(b, m, deterministic)
-}
-func (dst *CompiledCursor) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CompiledCursor.Merge(dst, src)
-}
-func (m *CompiledCursor) XXX_Size() int {
-	return xxx_messageInfo_CompiledCursor.Size(m)
-}
-func (m *CompiledCursor) XXX_DiscardUnknown() {
-	xxx_messageInfo_CompiledCursor.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CompiledCursor proto.InternalMessageInfo
-
-func (m *CompiledCursor) GetPosition() *CompiledCursor_Position {
-	if m != nil {
-		return m.Position
-	}
-	return nil
-}
-
-type CompiledCursor_Position struct {
-	StartKey             *string                               `protobuf:"bytes,27,opt,name=start_key,json=startKey" json:"start_key,omitempty"`
-	Indexvalue           []*CompiledCursor_Position_IndexValue `protobuf:"group,29,rep,name=IndexValue,json=indexvalue" json:"indexvalue,omitempty"`
-	Key                  *Reference                            `protobuf:"bytes,32,opt,name=key" json:"key,omitempty"`
-	StartInclusive       *bool                                 `protobuf:"varint,28,opt,name=start_inclusive,json=startInclusive,def=1" json:"start_inclusive,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                              `json:"-"`
-	XXX_unrecognized     []byte                                `json:"-"`
-	XXX_sizecache        int32                                 `json:"-"`
-}
-
-func (m *CompiledCursor_Position) Reset()         { *m = CompiledCursor_Position{} }
-func (m *CompiledCursor_Position) String() string { return proto.CompactTextString(m) }
-func (*CompiledCursor_Position) ProtoMessage()    {}
-func (*CompiledCursor_Position) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{17, 0}
-}
-func (m *CompiledCursor_Position) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CompiledCursor_Position.Unmarshal(m, b)
-}
-func (m *CompiledCursor_Position) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CompiledCursor_Position.Marshal(b, m, deterministic)
-}
-func (dst *CompiledCursor_Position) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CompiledCursor_Position.Merge(dst, src)
-}
-func (m *CompiledCursor_Position) XXX_Size() int {
-	return xxx_messageInfo_CompiledCursor_Position.Size(m)
-}
-func (m *CompiledCursor_Position) XXX_DiscardUnknown() {
-	xxx_messageInfo_CompiledCursor_Position.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CompiledCursor_Position proto.InternalMessageInfo
-
-const Default_CompiledCursor_Position_StartInclusive bool = true
-
-func (m *CompiledCursor_Position) GetStartKey() string {
-	if m != nil && m.StartKey != nil {
-		return *m.StartKey
-	}
-	return ""
-}
-
-func (m *CompiledCursor_Position) GetIndexvalue() []*CompiledCursor_Position_IndexValue {
-	if m != nil {
-		return m.Indexvalue
-	}
-	return nil
-}
-
-func (m *CompiledCursor_Position) GetKey() *Reference {
-	if m != nil {
-		return m.Key
-	}
-	return nil
-}
-
-func (m *CompiledCursor_Position) GetStartInclusive() bool {
-	if m != nil && m.StartInclusive != nil {
-		return *m.StartInclusive
-	}
-	return Default_CompiledCursor_Position_StartInclusive
-}
-
-type CompiledCursor_Position_IndexValue struct {
-	Property             *string        `protobuf:"bytes,30,opt,name=property" json:"property,omitempty"`
-	Value                *PropertyValue `protobuf:"bytes,31,req,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
-	XXX_unrecognized     []byte         `json:"-"`
-	XXX_sizecache        int32          `json:"-"`
-}
-
-func (m *CompiledCursor_Position_IndexValue) Reset()         { *m = CompiledCursor_Position_IndexValue{} }
-func (m *CompiledCursor_Position_IndexValue) String() string { return proto.CompactTextString(m) }
-func (*CompiledCursor_Position_IndexValue) ProtoMessage()    {}
-func (*CompiledCursor_Position_IndexValue) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{17, 0, 0}
-}
-func (m *CompiledCursor_Position_IndexValue) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CompiledCursor_Position_IndexValue.Unmarshal(m, b)
-}
-func (m *CompiledCursor_Position_IndexValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CompiledCursor_Position_IndexValue.Marshal(b, m, deterministic)
-}
-func (dst *CompiledCursor_Position_IndexValue) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CompiledCursor_Position_IndexValue.Merge(dst, src)
-}
-func (m *CompiledCursor_Position_IndexValue) XXX_Size() int {
-	return xxx_messageInfo_CompiledCursor_Position_IndexValue.Size(m)
-}
-func (m *CompiledCursor_Position_IndexValue) XXX_DiscardUnknown() {
-	xxx_messageInfo_CompiledCursor_Position_IndexValue.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CompiledCursor_Position_IndexValue proto.InternalMessageInfo
-
-func (m *CompiledCursor_Position_IndexValue) GetProperty() string {
-	if m != nil && m.Property != nil {
-		return *m.Property
-	}
-	return ""
-}
-
-func (m *CompiledCursor_Position_IndexValue) GetValue() *PropertyValue {
-	if m != nil {
-		return m.Value
-	}
-	return nil
-}
-
-type Cursor struct {
-	Cursor               *uint64  `protobuf:"fixed64,1,req,name=cursor" json:"cursor,omitempty"`
-	App                  *string  `protobuf:"bytes,2,opt,name=app" json:"app,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *Cursor) Reset()         { *m = Cursor{} }
-func (m *Cursor) String() string { return proto.CompactTextString(m) }
-func (*Cursor) ProtoMessage()    {}
-func (*Cursor) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{18}
-}
-func (m *Cursor) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Cursor.Unmarshal(m, b)
-}
-func (m *Cursor) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Cursor.Marshal(b, m, deterministic)
-}
-func (dst *Cursor) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Cursor.Merge(dst, src)
-}
-func (m *Cursor) XXX_Size() int {
-	return xxx_messageInfo_Cursor.Size(m)
-}
-func (m *Cursor) XXX_DiscardUnknown() {
-	xxx_messageInfo_Cursor.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Cursor proto.InternalMessageInfo
-
-func (m *Cursor) GetCursor() uint64 {
-	if m != nil && m.Cursor != nil {
-		return *m.Cursor
-	}
-	return 0
-}
-
-func (m *Cursor) GetApp() string {
-	if m != nil && m.App != nil {
-		return *m.App
-	}
-	return ""
-}
-
-type Error struct {
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *Error) Reset()         { *m = Error{} }
-func (m *Error) String() string { return proto.CompactTextString(m) }
-func (*Error) ProtoMessage()    {}
-func (*Error) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{19}
-}
-func (m *Error) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Error.Unmarshal(m, b)
-}
-func (m *Error) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Error.Marshal(b, m, deterministic)
-}
-func (dst *Error) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Error.Merge(dst, src)
-}
-func (m *Error) XXX_Size() int {
-	return xxx_messageInfo_Error.Size(m)
-}
-func (m *Error) XXX_DiscardUnknown() {
-	xxx_messageInfo_Error.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Error proto.InternalMessageInfo
-
-type Cost struct {
-	IndexWrites             *int32           `protobuf:"varint,1,opt,name=index_writes,json=indexWrites" json:"index_writes,omitempty"`
-	IndexWriteBytes         *int32           `protobuf:"varint,2,opt,name=index_write_bytes,json=indexWriteBytes" json:"index_write_bytes,omitempty"`
-	EntityWrites            *int32           `protobuf:"varint,3,opt,name=entity_writes,json=entityWrites" json:"entity_writes,omitempty"`
-	EntityWriteBytes        *int32           `protobuf:"varint,4,opt,name=entity_write_bytes,json=entityWriteBytes" json:"entity_write_bytes,omitempty"`
-	Commitcost              *Cost_CommitCost `protobuf:"group,5,opt,name=CommitCost,json=commitcost" json:"commitcost,omitempty"`
-	ApproximateStorageDelta *int32           `protobuf:"varint,8,opt,name=approximate_storage_delta,json=approximateStorageDelta" json:"approximate_storage_delta,omitempty"`
-	IdSequenceUpdates       *int32           `protobuf:"varint,9,opt,name=id_sequence_updates,json=idSequenceUpdates" json:"id_sequence_updates,omitempty"`
-	XXX_NoUnkeyedLiteral    struct{}         `json:"-"`
-	XXX_unrecognized        []byte           `json:"-"`
-	XXX_sizecache           int32            `json:"-"`
-}
-
-func (m *Cost) Reset()         { *m = Cost{} }
-func (m *Cost) String() string { return proto.CompactTextString(m) }
-func (*Cost) ProtoMessage()    {}
-func (*Cost) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{20}
-}
-func (m *Cost) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Cost.Unmarshal(m, b)
-}
-func (m *Cost) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Cost.Marshal(b, m, deterministic)
-}
-func (dst *Cost) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Cost.Merge(dst, src)
-}
-func (m *Cost) XXX_Size() int {
-	return xxx_messageInfo_Cost.Size(m)
-}
-func (m *Cost) XXX_DiscardUnknown() {
-	xxx_messageInfo_Cost.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Cost proto.InternalMessageInfo
-
-func (m *Cost) GetIndexWrites() int32 {
-	if m != nil && m.IndexWrites != nil {
-		return *m.IndexWrites
-	}
-	return 0
-}
-
-func (m *Cost) GetIndexWriteBytes() int32 {
-	if m != nil && m.IndexWriteBytes != nil {
-		return *m.IndexWriteBytes
-	}
-	return 0
-}
-
-func (m *Cost) GetEntityWrites() int32 {
-	if m != nil && m.EntityWrites != nil {
-		return *m.EntityWrites
-	}
-	return 0
-}
-
-func (m *Cost) GetEntityWriteBytes() int32 {
-	if m != nil && m.EntityWriteBytes != nil {
-		return *m.EntityWriteBytes
-	}
-	return 0
-}
-
-func (m *Cost) GetCommitcost() *Cost_CommitCost {
-	if m != nil {
-		return m.Commitcost
-	}
-	return nil
-}
-
-func (m *Cost) GetApproximateStorageDelta() int32 {
-	if m != nil && m.ApproximateStorageDelta != nil {
-		return *m.ApproximateStorageDelta
-	}
-	return 0
-}
-
-func (m *Cost) GetIdSequenceUpdates() int32 {
-	if m != nil && m.IdSequenceUpdates != nil {
-		return *m.IdSequenceUpdates
-	}
-	return 0
-}
-
-type Cost_CommitCost struct {
-	RequestedEntityPuts    *int32   `protobuf:"varint,6,opt,name=requested_entity_puts,json=requestedEntityPuts" json:"requested_entity_puts,omitempty"`
-	RequestedEntityDeletes *int32   `protobuf:"varint,7,opt,name=requested_entity_deletes,json=requestedEntityDeletes" json:"requested_entity_deletes,omitempty"`
-	XXX_NoUnkeyedLiteral   struct{} `json:"-"`
-	XXX_unrecognized       []byte   `json:"-"`
-	XXX_sizecache          int32    `json:"-"`
-}
-
-func (m *Cost_CommitCost) Reset()         { *m = Cost_CommitCost{} }
-func (m *Cost_CommitCost) String() string { return proto.CompactTextString(m) }
-func (*Cost_CommitCost) ProtoMessage()    {}
-func (*Cost_CommitCost) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{20, 0}
-}
-func (m *Cost_CommitCost) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Cost_CommitCost.Unmarshal(m, b)
-}
-func (m *Cost_CommitCost) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Cost_CommitCost.Marshal(b, m, deterministic)
-}
-func (dst *Cost_CommitCost) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Cost_CommitCost.Merge(dst, src)
-}
-func (m *Cost_CommitCost) XXX_Size() int {
-	return xxx_messageInfo_Cost_CommitCost.Size(m)
-}
-func (m *Cost_CommitCost) XXX_DiscardUnknown() {
-	xxx_messageInfo_Cost_CommitCost.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Cost_CommitCost proto.InternalMessageInfo
-
-func (m *Cost_CommitCost) GetRequestedEntityPuts() int32 {
-	if m != nil && m.RequestedEntityPuts != nil {
-		return *m.RequestedEntityPuts
-	}
-	return 0
-}
-
-func (m *Cost_CommitCost) GetRequestedEntityDeletes() int32 {
-	if m != nil && m.RequestedEntityDeletes != nil {
-		return *m.RequestedEntityDeletes
-	}
-	return 0
-}
-
-type GetRequest struct {
-	Header               *InternalHeader `protobuf:"bytes,6,opt,name=header" json:"header,omitempty"`
-	Key                  []*Reference    `protobuf:"bytes,1,rep,name=key" json:"key,omitempty"`
-	Transaction          *Transaction    `protobuf:"bytes,2,opt,name=transaction" json:"transaction,omitempty"`
-	FailoverMs           *int64          `protobuf:"varint,3,opt,name=failover_ms,json=failoverMs" json:"failover_ms,omitempty"`
-	Strong               *bool           `protobuf:"varint,4,opt,name=strong" json:"strong,omitempty"`
-	AllowDeferred        *bool           `protobuf:"varint,5,opt,name=allow_deferred,json=allowDeferred,def=0" json:"allow_deferred,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
-	XXX_unrecognized     []byte          `json:"-"`
-	XXX_sizecache        int32           `json:"-"`
-}
-
-func (m *GetRequest) Reset()         { *m = GetRequest{} }
-func (m *GetRequest) String() string { return proto.CompactTextString(m) }
-func (*GetRequest) ProtoMessage()    {}
-func (*GetRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{21}
-}
-func (m *GetRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_GetRequest.Unmarshal(m, b)
-}
-func (m *GetRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_GetRequest.Marshal(b, m, deterministic)
-}
-func (dst *GetRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetRequest.Merge(dst, src)
-}
-func (m *GetRequest) XXX_Size() int {
-	return xxx_messageInfo_GetRequest.Size(m)
-}
-func (m *GetRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_GetRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GetRequest proto.InternalMessageInfo
-
-const Default_GetRequest_AllowDeferred bool = false
-
-func (m *GetRequest) GetHeader() *InternalHeader {
-	if m != nil {
-		return m.Header
-	}
-	return nil
-}
-
-func (m *GetRequest) GetKey() []*Reference {
-	if m != nil {
-		return m.Key
-	}
-	return nil
-}
-
-func (m *GetRequest) GetTransaction() *Transaction {
-	if m != nil {
-		return m.Transaction
-	}
-	return nil
-}
-
-func (m *GetRequest) GetFailoverMs() int64 {
-	if m != nil && m.FailoverMs != nil {
-		return *m.FailoverMs
-	}
-	return 0
-}
-
-func (m *GetRequest) GetStrong() bool {
-	if m != nil && m.Strong != nil {
-		return *m.Strong
-	}
-	return false
-}
-
-func (m *GetRequest) GetAllowDeferred() bool {
-	if m != nil && m.AllowDeferred != nil {
-		return *m.AllowDeferred
-	}
-	return Default_GetRequest_AllowDeferred
-}
-
-type GetResponse struct {
-	Entity               []*GetResponse_Entity `protobuf:"group,1,rep,name=Entity,json=entity" json:"entity,omitempty"`
-	Deferred             []*Reference          `protobuf:"bytes,5,rep,name=deferred" json:"deferred,omitempty"`
-	InOrder              *bool                 `protobuf:"varint,6,opt,name=in_order,json=inOrder,def=1" json:"in_order,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
-	XXX_unrecognized     []byte                `json:"-"`
-	XXX_sizecache        int32                 `json:"-"`
-}
-
-func (m *GetResponse) Reset()         { *m = GetResponse{} }
-func (m *GetResponse) String() string { return proto.CompactTextString(m) }
-func (*GetResponse) ProtoMessage()    {}
-func (*GetResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{22}
-}
-func (m *GetResponse) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_GetResponse.Unmarshal(m, b)
-}
-func (m *GetResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_GetResponse.Marshal(b, m, deterministic)
-}
-func (dst *GetResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetResponse.Merge(dst, src)
-}
-func (m *GetResponse) XXX_Size() int {
-	return xxx_messageInfo_GetResponse.Size(m)
-}
-func (m *GetResponse) XXX_DiscardUnknown() {
-	xxx_messageInfo_GetResponse.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GetResponse proto.InternalMessageInfo
-
-const Default_GetResponse_InOrder bool = true
-
-func (m *GetResponse) GetEntity() []*GetResponse_Entity {
-	if m != nil {
-		return m.Entity
-	}
-	return nil
-}
-
-func (m *GetResponse) GetDeferred() []*Reference {
-	if m != nil {
-		return m.Deferred
-	}
-	return nil
-}
-
-func (m *GetResponse) GetInOrder() bool {
-	if m != nil && m.InOrder != nil {
-		return *m.InOrder
-	}
-	return Default_GetResponse_InOrder
-}
-
-type GetResponse_Entity struct {
-	Entity               *EntityProto `protobuf:"bytes,2,opt,name=entity" json:"entity,omitempty"`
-	Key                  *Reference   `protobuf:"bytes,4,opt,name=key" json:"key,omitempty"`
-	Version              *int64       `protobuf:"varint,3,opt,name=version" json:"version,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *GetResponse_Entity) Reset()         { *m = GetResponse_Entity{} }
-func (m *GetResponse_Entity) String() string { return proto.CompactTextString(m) }
-func (*GetResponse_Entity) ProtoMessage()    {}
-func (*GetResponse_Entity) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{22, 0}
-}
-func (m *GetResponse_Entity) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_GetResponse_Entity.Unmarshal(m, b)
-}
-func (m *GetResponse_Entity) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_GetResponse_Entity.Marshal(b, m, deterministic)
-}
-func (dst *GetResponse_Entity) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetResponse_Entity.Merge(dst, src)
-}
-func (m *GetResponse_Entity) XXX_Size() int {
-	return xxx_messageInfo_GetResponse_Entity.Size(m)
-}
-func (m *GetResponse_Entity) XXX_DiscardUnknown() {
-	xxx_messageInfo_GetResponse_Entity.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GetResponse_Entity proto.InternalMessageInfo
-
-func (m *GetResponse_Entity) GetEntity() *EntityProto {
-	if m != nil {
-		return m.Entity
-	}
-	return nil
-}
-
-func (m *GetResponse_Entity) GetKey() *Reference {
-	if m != nil {
-		return m.Key
-	}
-	return nil
-}
-
-func (m *GetResponse_Entity) GetVersion() int64 {
-	if m != nil && m.Version != nil {
-		return *m.Version
-	}
-	return 0
-}
-
-type PutRequest struct {
-	Header               *InternalHeader          `protobuf:"bytes,11,opt,name=header" json:"header,omitempty"`
-	Entity               []*EntityProto           `protobuf:"bytes,1,rep,name=entity" json:"entity,omitempty"`
-	Transaction          *Transaction             `protobuf:"bytes,2,opt,name=transaction" json:"transaction,omitempty"`
-	CompositeIndex       []*CompositeIndex        `protobuf:"bytes,3,rep,name=composite_index,json=compositeIndex" json:"composite_index,omitempty"`
-	Trusted              *bool                    `protobuf:"varint,4,opt,name=trusted,def=0" json:"trusted,omitempty"`
-	Force                *bool                    `protobuf:"varint,7,opt,name=force,def=0" json:"force,omitempty"`
-	MarkChanges          *bool                    `protobuf:"varint,8,opt,name=mark_changes,json=markChanges,def=0" json:"mark_changes,omitempty"`
-	Snapshot             []*Snapshot              `protobuf:"bytes,9,rep,name=snapshot" json:"snapshot,omitempty"`
-	AutoIdPolicy         *PutRequest_AutoIdPolicy `protobuf:"varint,10,opt,name=auto_id_policy,json=autoIdPolicy,enum=appengine.PutRequest_AutoIdPolicy,def=0" json:"auto_id_policy,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
-	XXX_unrecognized     []byte                   `json:"-"`
-	XXX_sizecache        int32                    `json:"-"`
-}
-
-func (m *PutRequest) Reset()         { *m = PutRequest{} }
-func (m *PutRequest) String() string { return proto.CompactTextString(m) }
-func (*PutRequest) ProtoMessage()    {}
-func (*PutRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{23}
-}
-func (m *PutRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PutRequest.Unmarshal(m, b)
-}
-func (m *PutRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PutRequest.Marshal(b, m, deterministic)
-}
-func (dst *PutRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PutRequest.Merge(dst, src)
-}
-func (m *PutRequest) XXX_Size() int {
-	return xxx_messageInfo_PutRequest.Size(m)
-}
-func (m *PutRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_PutRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PutRequest proto.InternalMessageInfo
-
-const Default_PutRequest_Trusted bool = false
-const Default_PutRequest_Force bool = false
-const Default_PutRequest_MarkChanges bool = false
-const Default_PutRequest_AutoIdPolicy PutRequest_AutoIdPolicy = PutRequest_CURRENT
-
-func (m *PutRequest) GetHeader() *InternalHeader {
-	if m != nil {
-		return m.Header
-	}
-	return nil
-}
-
-func (m *PutRequest) GetEntity() []*EntityProto {
-	if m != nil {
-		return m.Entity
-	}
-	return nil
-}
-
-func (m *PutRequest) GetTransaction() *Transaction {
-	if m != nil {
-		return m.Transaction
-	}
-	return nil
-}
-
-func (m *PutRequest) GetCompositeIndex() []*CompositeIndex {
-	if m != nil {
-		return m.CompositeIndex
-	}
-	return nil
-}
-
-func (m *PutRequest) GetTrusted() bool {
-	if m != nil && m.Trusted != nil {
-		return *m.Trusted
-	}
-	return Default_PutRequest_Trusted
-}
-
-func (m *PutRequest) GetForce() bool {
-	if m != nil && m.Force != nil {
-		return *m.Force
-	}
-	return Default_PutRequest_Force
-}
-
-func (m *PutRequest) GetMarkChanges() bool {
-	if m != nil && m.MarkChanges != nil {
-		return *m.MarkChanges
-	}
-	return Default_PutRequest_MarkChanges
-}
-
-func (m *PutRequest) GetSnapshot() []*Snapshot {
-	if m != nil {
-		return m.Snapshot
-	}
-	return nil
-}
-
-func (m *PutRequest) GetAutoIdPolicy() PutRequest_AutoIdPolicy {
-	if m != nil && m.AutoIdPolicy != nil {
-		return *m.AutoIdPolicy
-	}
-	return Default_PutRequest_AutoIdPolicy
-}
-
-type PutResponse struct {
-	Key                  []*Reference `protobuf:"bytes,1,rep,name=key" json:"key,omitempty"`
-	Cost                 *Cost        `protobuf:"bytes,2,opt,name=cost" json:"cost,omitempty"`
-	Version              []int64      `protobuf:"varint,3,rep,name=version" json:"version,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *PutResponse) Reset()         { *m = PutResponse{} }
-func (m *PutResponse) String() string { return proto.CompactTextString(m) }
-func (*PutResponse) ProtoMessage()    {}
-func (*PutResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{24}
-}
-func (m *PutResponse) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PutResponse.Unmarshal(m, b)
-}
-func (m *PutResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PutResponse.Marshal(b, m, deterministic)
-}
-func (dst *PutResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PutResponse.Merge(dst, src)
-}
-func (m *PutResponse) XXX_Size() int {
-	return xxx_messageInfo_PutResponse.Size(m)
-}
-func (m *PutResponse) XXX_DiscardUnknown() {
-	xxx_messageInfo_PutResponse.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PutResponse proto.InternalMessageInfo
-
-func (m *PutResponse) GetKey() []*Reference {
-	if m != nil {
-		return m.Key
-	}
-	return nil
-}
-
-func (m *PutResponse) GetCost() *Cost {
-	if m != nil {
-		return m.Cost
-	}
-	return nil
-}
-
-func (m *PutResponse) GetVersion() []int64 {
-	if m != nil {
-		return m.Version
-	}
-	return nil
-}
-
-type TouchRequest struct {
-	Header               *InternalHeader   `protobuf:"bytes,10,opt,name=header" json:"header,omitempty"`
-	Key                  []*Reference      `protobuf:"bytes,1,rep,name=key" json:"key,omitempty"`
-	CompositeIndex       []*CompositeIndex `protobuf:"bytes,2,rep,name=composite_index,json=compositeIndex" json:"composite_index,omitempty"`
-	Force                *bool             `protobuf:"varint,3,opt,name=force,def=0" json:"force,omitempty"`
-	Snapshot             []*Snapshot       `protobuf:"bytes,9,rep,name=snapshot" json:"snapshot,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
-	XXX_unrecognized     []byte            `json:"-"`
-	XXX_sizecache        int32             `json:"-"`
-}
-
-func (m *TouchRequest) Reset()         { *m = TouchRequest{} }
-func (m *TouchRequest) String() string { return proto.CompactTextString(m) }
-func (*TouchRequest) ProtoMessage()    {}
-func (*TouchRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{25}
-}
-func (m *TouchRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_TouchRequest.Unmarshal(m, b)
-}
-func (m *TouchRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_TouchRequest.Marshal(b, m, deterministic)
-}
-func (dst *TouchRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_TouchRequest.Merge(dst, src)
-}
-func (m *TouchRequest) XXX_Size() int {
-	return xxx_messageInfo_TouchRequest.Size(m)
-}
-func (m *TouchRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_TouchRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_TouchRequest proto.InternalMessageInfo
-
-const Default_TouchRequest_Force bool = false
-
-func (m *TouchRequest) GetHeader() *InternalHeader {
-	if m != nil {
-		return m.Header
-	}
-	return nil
-}
-
-func (m *TouchRequest) GetKey() []*Reference {
-	if m != nil {
-		return m.Key
-	}
-	return nil
-}
-
-func (m *TouchRequest) GetCompositeIndex() []*CompositeIndex {
-	if m != nil {
-		return m.CompositeIndex
-	}
-	return nil
-}
-
-func (m *TouchRequest) GetForce() bool {
-	if m != nil && m.Force != nil {
-		return *m.Force
-	}
-	return Default_TouchRequest_Force
-}
-
-func (m *TouchRequest) GetSnapshot() []*Snapshot {
-	if m != nil {
-		return m.Snapshot
-	}
-	return nil
-}
-
-type TouchResponse struct {
-	Cost                 *Cost    `protobuf:"bytes,1,opt,name=cost" json:"cost,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *TouchResponse) Reset()         { *m = TouchResponse{} }
-func (m *TouchResponse) String() string { return proto.CompactTextString(m) }
-func (*TouchResponse) ProtoMessage()    {}
-func (*TouchResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{26}
-}
-func (m *TouchResponse) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_TouchResponse.Unmarshal(m, b)
-}
-func (m *TouchResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_TouchResponse.Marshal(b, m, deterministic)
-}
-func (dst *TouchResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_TouchResponse.Merge(dst, src)
-}
-func (m *TouchResponse) XXX_Size() int {
-	return xxx_messageInfo_TouchResponse.Size(m)
-}
-func (m *TouchResponse) XXX_DiscardUnknown() {
-	xxx_messageInfo_TouchResponse.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_TouchResponse proto.InternalMessageInfo
-
-func (m *TouchResponse) GetCost() *Cost {
-	if m != nil {
-		return m.Cost
-	}
-	return nil
-}
-
-type DeleteRequest struct {
-	Header               *InternalHeader `protobuf:"bytes,10,opt,name=header" json:"header,omitempty"`
-	Key                  []*Reference    `protobuf:"bytes,6,rep,name=key" json:"key,omitempty"`
-	Transaction          *Transaction    `protobuf:"bytes,5,opt,name=transaction" json:"transaction,omitempty"`
-	Trusted              *bool           `protobuf:"varint,4,opt,name=trusted,def=0" json:"trusted,omitempty"`
-	Force                *bool           `protobuf:"varint,7,opt,name=force,def=0" json:"force,omitempty"`
-	MarkChanges          *bool           `protobuf:"varint,8,opt,name=mark_changes,json=markChanges,def=0" json:"mark_changes,omitempty"`
-	Snapshot             []*Snapshot     `protobuf:"bytes,9,rep,name=snapshot" json:"snapshot,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
-	XXX_unrecognized     []byte          `json:"-"`
-	XXX_sizecache        int32           `json:"-"`
-}
-
-func (m *DeleteRequest) Reset()         { *m = DeleteRequest{} }
-func (m *DeleteRequest) String() string { return proto.CompactTextString(m) }
-func (*DeleteRequest) ProtoMessage()    {}
-func (*DeleteRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{27}
-}
-func (m *DeleteRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_DeleteRequest.Unmarshal(m, b)
-}
-func (m *DeleteRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_DeleteRequest.Marshal(b, m, deterministic)
-}
-func (dst *DeleteRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_DeleteRequest.Merge(dst, src)
-}
-func (m *DeleteRequest) XXX_Size() int {
-	return xxx_messageInfo_DeleteRequest.Size(m)
-}
-func (m *DeleteRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_DeleteRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_DeleteRequest proto.InternalMessageInfo
-
-const Default_DeleteRequest_Trusted bool = false
-const Default_DeleteRequest_Force bool = false
-const Default_DeleteRequest_MarkChanges bool = false
-
-func (m *DeleteRequest) GetHeader() *InternalHeader {
-	if m != nil {
-		return m.Header
-	}
-	return nil
-}
-
-func (m *DeleteRequest) GetKey() []*Reference {
-	if m != nil {
-		return m.Key
-	}
-	return nil
-}
-
-func (m *DeleteRequest) GetTransaction() *Transaction {
-	if m != nil {
-		return m.Transaction
-	}
-	return nil
-}
-
-func (m *DeleteRequest) GetTrusted() bool {
-	if m != nil && m.Trusted != nil {
-		return *m.Trusted
-	}
-	return Default_DeleteRequest_Trusted
-}
-
-func (m *DeleteRequest) GetForce() bool {
-	if m != nil && m.Force != nil {
-		return *m.Force
-	}
-	return Default_DeleteRequest_Force
-}
-
-func (m *DeleteRequest) GetMarkChanges() bool {
-	if m != nil && m.MarkChanges != nil {
-		return *m.MarkChanges
-	}
-	return Default_DeleteRequest_MarkChanges
-}
-
-func (m *DeleteRequest) GetSnapshot() []*Snapshot {
-	if m != nil {
-		return m.Snapshot
-	}
-	return nil
-}
-
-type DeleteResponse struct {
-	Cost                 *Cost    `protobuf:"bytes,1,opt,name=cost" json:"cost,omitempty"`
-	Version              []int64  `protobuf:"varint,3,rep,name=version" json:"version,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *DeleteResponse) Reset()         { *m = DeleteResponse{} }
-func (m *DeleteResponse) String() string { return proto.CompactTextString(m) }
-func (*DeleteResponse) ProtoMessage()    {}
-func (*DeleteResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{28}
-}
-func (m *DeleteResponse) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_DeleteResponse.Unmarshal(m, b)
-}
-func (m *DeleteResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_DeleteResponse.Marshal(b, m, deterministic)
-}
-func (dst *DeleteResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_DeleteResponse.Merge(dst, src)
-}
-func (m *DeleteResponse) XXX_Size() int {
-	return xxx_messageInfo_DeleteResponse.Size(m)
-}
-func (m *DeleteResponse) XXX_DiscardUnknown() {
-	xxx_messageInfo_DeleteResponse.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_DeleteResponse proto.InternalMessageInfo
-
-func (m *DeleteResponse) GetCost() *Cost {
-	if m != nil {
-		return m.Cost
-	}
-	return nil
-}
-
-func (m *DeleteResponse) GetVersion() []int64 {
-	if m != nil {
-		return m.Version
-	}
-	return nil
-}
-
-type NextRequest struct {
-	Header               *InternalHeader `protobuf:"bytes,5,opt,name=header" json:"header,omitempty"`
-	Cursor               *Cursor         `protobuf:"bytes,1,req,name=cursor" json:"cursor,omitempty"`
-	Count                *int32          `protobuf:"varint,2,opt,name=count" json:"count,omitempty"`
-	Offset               *int32          `protobuf:"varint,4,opt,name=offset,def=0" json:"offset,omitempty"`
-	Compile              *bool           `protobuf:"varint,3,opt,name=compile,def=0" json:"compile,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
-	XXX_unrecognized     []byte          `json:"-"`
-	XXX_sizecache        int32           `json:"-"`
-}
-
-func (m *NextRequest) Reset()         { *m = NextRequest{} }
-func (m *NextRequest) String() string { return proto.CompactTextString(m) }
-func (*NextRequest) ProtoMessage()    {}
-func (*NextRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{29}
-}
-func (m *NextRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_NextRequest.Unmarshal(m, b)
-}
-func (m *NextRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_NextRequest.Marshal(b, m, deterministic)
-}
-func (dst *NextRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_NextRequest.Merge(dst, src)
-}
-func (m *NextRequest) XXX_Size() int {
-	return xxx_messageInfo_NextRequest.Size(m)
-}
-func (m *NextRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_NextRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_NextRequest proto.InternalMessageInfo
-
-const Default_NextRequest_Offset int32 = 0
-const Default_NextRequest_Compile bool = false
-
-func (m *NextRequest) GetHeader() *InternalHeader {
-	if m != nil {
-		return m.Header
-	}
-	return nil
-}
-
-func (m *NextRequest) GetCursor() *Cursor {
-	if m != nil {
-		return m.Cursor
-	}
-	return nil
-}
-
-func (m *NextRequest) GetCount() int32 {
-	if m != nil && m.Count != nil {
-		return *m.Count
-	}
-	return 0
-}
-
-func (m *NextRequest) GetOffset() int32 {
-	if m != nil && m.Offset != nil {
-		return *m.Offset
-	}
-	return Default_NextRequest_Offset
-}
-
-func (m *NextRequest) GetCompile() bool {
-	if m != nil && m.Compile != nil {
-		return *m.Compile
-	}
-	return Default_NextRequest_Compile
-}
-
-type QueryResult struct {
-	Cursor               *Cursor           `protobuf:"bytes,1,opt,name=cursor" json:"cursor,omitempty"`
-	Result               []*EntityProto    `protobuf:"bytes,2,rep,name=result" json:"result,omitempty"`
-	SkippedResults       *int32            `protobuf:"varint,7,opt,name=skipped_results,json=skippedResults" json:"skipped_results,omitempty"`
-	MoreResults          *bool             `protobuf:"varint,3,req,name=more_results,json=moreResults" json:"more_results,omitempty"`
-	KeysOnly             *bool             `protobuf:"varint,4,opt,name=keys_only,json=keysOnly" json:"keys_only,omitempty"`
-	IndexOnly            *bool             `protobuf:"varint,9,opt,name=index_only,json=indexOnly" json:"index_only,omitempty"`
-	SmallOps             *bool             `protobuf:"varint,10,opt,name=small_ops,json=smallOps" json:"small_ops,omitempty"`
-	CompiledQuery        *CompiledQuery    `protobuf:"bytes,5,opt,name=compiled_query,json=compiledQuery" json:"compiled_query,omitempty"`
-	CompiledCursor       *CompiledCursor   `protobuf:"bytes,6,opt,name=compiled_cursor,json=compiledCursor" json:"compiled_cursor,omitempty"`
-	Index                []*CompositeIndex `protobuf:"bytes,8,rep,name=index" json:"index,omitempty"`
-	Version              []int64           `protobuf:"varint,11,rep,name=version" json:"version,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
-	XXX_unrecognized     []byte            `json:"-"`
-	XXX_sizecache        int32             `json:"-"`
-}
-
-func (m *QueryResult) Reset()         { *m = QueryResult{} }
-func (m *QueryResult) String() string { return proto.CompactTextString(m) }
-func (*QueryResult) ProtoMessage()    {}
-func (*QueryResult) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{30}
-}
-func (m *QueryResult) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_QueryResult.Unmarshal(m, b)
-}
-func (m *QueryResult) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_QueryResult.Marshal(b, m, deterministic)
-}
-func (dst *QueryResult) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_QueryResult.Merge(dst, src)
-}
-func (m *QueryResult) XXX_Size() int {
-	return xxx_messageInfo_QueryResult.Size(m)
-}
-func (m *QueryResult) XXX_DiscardUnknown() {
-	xxx_messageInfo_QueryResult.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_QueryResult proto.InternalMessageInfo
-
-func (m *QueryResult) GetCursor() *Cursor {
-	if m != nil {
-		return m.Cursor
-	}
-	return nil
-}
-
-func (m *QueryResult) GetResult() []*EntityProto {
-	if m != nil {
-		return m.Result
-	}
-	return nil
-}
-
-func (m *QueryResult) GetSkippedResults() int32 {
-	if m != nil && m.SkippedResults != nil {
-		return *m.SkippedResults
-	}
-	return 0
-}
-
-func (m *QueryResult) GetMoreResults() bool {
-	if m != nil && m.MoreResults != nil {
-		return *m.MoreResults
-	}
-	return false
-}
-
-func (m *QueryResult) GetKeysOnly() bool {
-	if m != nil && m.KeysOnly != nil {
-		return *m.KeysOnly
-	}
-	return false
-}
-
-func (m *QueryResult) GetIndexOnly() bool {
-	if m != nil && m.IndexOnly != nil {
-		return *m.IndexOnly
-	}
-	return false
-}
-
-func (m *QueryResult) GetSmallOps() bool {
-	if m != nil && m.SmallOps != nil {
-		return *m.SmallOps
-	}
-	return false
-}
-
-func (m *QueryResult) GetCompiledQuery() *CompiledQuery {
-	if m != nil {
-		return m.CompiledQuery
-	}
-	return nil
-}
-
-func (m *QueryResult) GetCompiledCursor() *CompiledCursor {
-	if m != nil {
-		return m.CompiledCursor
-	}
-	return nil
-}
-
-func (m *QueryResult) GetIndex() []*CompositeIndex {
-	if m != nil {
-		return m.Index
-	}
-	return nil
-}
-
-func (m *QueryResult) GetVersion() []int64 {
-	if m != nil {
-		return m.Version
-	}
-	return nil
-}
-
-type AllocateIdsRequest struct {
-	Header               *InternalHeader `protobuf:"bytes,4,opt,name=header" json:"header,omitempty"`
-	ModelKey             *Reference      `protobuf:"bytes,1,opt,name=model_key,json=modelKey" json:"model_key,omitempty"`
-	Size                 *int64          `protobuf:"varint,2,opt,name=size" json:"size,omitempty"`
-	Max                  *int64          `protobuf:"varint,3,opt,name=max" json:"max,omitempty"`
-	Reserve              []*Reference    `protobuf:"bytes,5,rep,name=reserve" json:"reserve,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
-	XXX_unrecognized     []byte          `json:"-"`
-	XXX_sizecache        int32           `json:"-"`
-}
-
-func (m *AllocateIdsRequest) Reset()         { *m = AllocateIdsRequest{} }
-func (m *AllocateIdsRequest) String() string { return proto.CompactTextString(m) }
-func (*AllocateIdsRequest) ProtoMessage()    {}
-func (*AllocateIdsRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{31}
-}
-func (m *AllocateIdsRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_AllocateIdsRequest.Unmarshal(m, b)
-}
-func (m *AllocateIdsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_AllocateIdsRequest.Marshal(b, m, deterministic)
-}
-func (dst *AllocateIdsRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_AllocateIdsRequest.Merge(dst, src)
-}
-func (m *AllocateIdsRequest) XXX_Size() int {
-	return xxx_messageInfo_AllocateIdsRequest.Size(m)
-}
-func (m *AllocateIdsRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_AllocateIdsRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_AllocateIdsRequest proto.InternalMessageInfo
-
-func (m *AllocateIdsRequest) GetHeader() *InternalHeader {
-	if m != nil {
-		return m.Header
-	}
-	return nil
-}
-
-func (m *AllocateIdsRequest) GetModelKey() *Reference {
-	if m != nil {
-		return m.ModelKey
-	}
-	return nil
-}
-
-func (m *AllocateIdsRequest) GetSize() int64 {
-	if m != nil && m.Size != nil {
-		return *m.Size
-	}
-	return 0
-}
-
-func (m *AllocateIdsRequest) GetMax() int64 {
-	if m != nil && m.Max != nil {
-		return *m.Max
-	}
-	return 0
-}
-
-func (m *AllocateIdsRequest) GetReserve() []*Reference {
-	if m != nil {
-		return m.Reserve
-	}
-	return nil
-}
-
-type AllocateIdsResponse struct {
-	Start                *int64   `protobuf:"varint,1,req,name=start" json:"start,omitempty"`
-	End                  *int64   `protobuf:"varint,2,req,name=end" json:"end,omitempty"`
-	Cost                 *Cost    `protobuf:"bytes,3,opt,name=cost" json:"cost,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *AllocateIdsResponse) Reset()         { *m = AllocateIdsResponse{} }
-func (m *AllocateIdsResponse) String() string { return proto.CompactTextString(m) }
-func (*AllocateIdsResponse) ProtoMessage()    {}
-func (*AllocateIdsResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{32}
-}
-func (m *AllocateIdsResponse) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_AllocateIdsResponse.Unmarshal(m, b)
-}
-func (m *AllocateIdsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_AllocateIdsResponse.Marshal(b, m, deterministic)
-}
-func (dst *AllocateIdsResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_AllocateIdsResponse.Merge(dst, src)
-}
-func (m *AllocateIdsResponse) XXX_Size() int {
-	return xxx_messageInfo_AllocateIdsResponse.Size(m)
-}
-func (m *AllocateIdsResponse) XXX_DiscardUnknown() {
-	xxx_messageInfo_AllocateIdsResponse.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_AllocateIdsResponse proto.InternalMessageInfo
-
-func (m *AllocateIdsResponse) GetStart() int64 {
-	if m != nil && m.Start != nil {
-		return *m.Start
-	}
-	return 0
-}
-
-func (m *AllocateIdsResponse) GetEnd() int64 {
-	if m != nil && m.End != nil {
-		return *m.End
-	}
-	return 0
-}
-
-func (m *AllocateIdsResponse) GetCost() *Cost {
-	if m != nil {
-		return m.Cost
-	}
-	return nil
-}
-
-type CompositeIndices struct {
-	Index                []*CompositeIndex `protobuf:"bytes,1,rep,name=index" json:"index,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
-	XXX_unrecognized     []byte            `json:"-"`
-	XXX_sizecache        int32             `json:"-"`
-}
-
-func (m *CompositeIndices) Reset()         { *m = CompositeIndices{} }
-func (m *CompositeIndices) String() string { return proto.CompactTextString(m) }
-func (*CompositeIndices) ProtoMessage()    {}
-func (*CompositeIndices) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{33}
-}
-func (m *CompositeIndices) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CompositeIndices.Unmarshal(m, b)
-}
-func (m *CompositeIndices) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CompositeIndices.Marshal(b, m, deterministic)
-}
-func (dst *CompositeIndices) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CompositeIndices.Merge(dst, src)
-}
-func (m *CompositeIndices) XXX_Size() int {
-	return xxx_messageInfo_CompositeIndices.Size(m)
-}
-func (m *CompositeIndices) XXX_DiscardUnknown() {
-	xxx_messageInfo_CompositeIndices.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CompositeIndices proto.InternalMessageInfo
-
-func (m *CompositeIndices) GetIndex() []*CompositeIndex {
-	if m != nil {
-		return m.Index
-	}
-	return nil
-}
-
-type AddActionsRequest struct {
-	Header               *InternalHeader `protobuf:"bytes,3,opt,name=header" json:"header,omitempty"`
-	Transaction          *Transaction    `protobuf:"bytes,1,req,name=transaction" json:"transaction,omitempty"`
-	Action               []*Action       `protobuf:"bytes,2,rep,name=action" json:"action,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
-	XXX_unrecognized     []byte          `json:"-"`
-	XXX_sizecache        int32           `json:"-"`
-}
-
-func (m *AddActionsRequest) Reset()         { *m = AddActionsRequest{} }
-func (m *AddActionsRequest) String() string { return proto.CompactTextString(m) }
-func (*AddActionsRequest) ProtoMessage()    {}
-func (*AddActionsRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{34}
-}
-func (m *AddActionsRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_AddActionsRequest.Unmarshal(m, b)
-}
-func (m *AddActionsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_AddActionsRequest.Marshal(b, m, deterministic)
-}
-func (dst *AddActionsRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_AddActionsRequest.Merge(dst, src)
-}
-func (m *AddActionsRequest) XXX_Size() int {
-	return xxx_messageInfo_AddActionsRequest.Size(m)
-}
-func (m *AddActionsRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_AddActionsRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_AddActionsRequest proto.InternalMessageInfo
-
-func (m *AddActionsRequest) GetHeader() *InternalHeader {
-	if m != nil {
-		return m.Header
-	}
-	return nil
-}
-
-func (m *AddActionsRequest) GetTransaction() *Transaction {
-	if m != nil {
-		return m.Transaction
-	}
-	return nil
-}
-
-func (m *AddActionsRequest) GetAction() []*Action {
-	if m != nil {
-		return m.Action
-	}
-	return nil
-}
-
-type AddActionsResponse struct {
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *AddActionsResponse) Reset()         { *m = AddActionsResponse{} }
-func (m *AddActionsResponse) String() string { return proto.CompactTextString(m) }
-func (*AddActionsResponse) ProtoMessage()    {}
-func (*AddActionsResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{35}
-}
-func (m *AddActionsResponse) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_AddActionsResponse.Unmarshal(m, b)
-}
-func (m *AddActionsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_AddActionsResponse.Marshal(b, m, deterministic)
-}
-func (dst *AddActionsResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_AddActionsResponse.Merge(dst, src)
-}
-func (m *AddActionsResponse) XXX_Size() int {
-	return xxx_messageInfo_AddActionsResponse.Size(m)
-}
-func (m *AddActionsResponse) XXX_DiscardUnknown() {
-	xxx_messageInfo_AddActionsResponse.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_AddActionsResponse proto.InternalMessageInfo
-
-type BeginTransactionRequest struct {
-	Header               *InternalHeader                          `protobuf:"bytes,3,opt,name=header" json:"header,omitempty"`
-	App                  *string                                  `protobuf:"bytes,1,req,name=app" json:"app,omitempty"`
-	AllowMultipleEg      *bool                                    `protobuf:"varint,2,opt,name=allow_multiple_eg,json=allowMultipleEg,def=0" json:"allow_multiple_eg,omitempty"`
-	DatabaseId           *string                                  `protobuf:"bytes,4,opt,name=database_id,json=databaseId" json:"database_id,omitempty"`
-	Mode                 *BeginTransactionRequest_TransactionMode `protobuf:"varint,5,opt,name=mode,enum=appengine.BeginTransactionRequest_TransactionMode,def=0" json:"mode,omitempty"`
-	PreviousTransaction  *Transaction                             `protobuf:"bytes,7,opt,name=previous_transaction,json=previousTransaction" json:"previous_transaction,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                                 `json:"-"`
-	XXX_unrecognized     []byte                                   `json:"-"`
-	XXX_sizecache        int32                                    `json:"-"`
-}
-
-func (m *BeginTransactionRequest) Reset()         { *m = BeginTransactionRequest{} }
-func (m *BeginTransactionRequest) String() string { return proto.CompactTextString(m) }
-func (*BeginTransactionRequest) ProtoMessage()    {}
-func (*BeginTransactionRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{36}
-}
-func (m *BeginTransactionRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_BeginTransactionRequest.Unmarshal(m, b)
-}
-func (m *BeginTransactionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_BeginTransactionRequest.Marshal(b, m, deterministic)
-}
-func (dst *BeginTransactionRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_BeginTransactionRequest.Merge(dst, src)
-}
-func (m *BeginTransactionRequest) XXX_Size() int {
-	return xxx_messageInfo_BeginTransactionRequest.Size(m)
-}
-func (m *BeginTransactionRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_BeginTransactionRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_BeginTransactionRequest proto.InternalMessageInfo
-
-const Default_BeginTransactionRequest_AllowMultipleEg bool = false
-const Default_BeginTransactionRequest_Mode BeginTransactionRequest_TransactionMode = BeginTransactionRequest_UNKNOWN
-
-func (m *BeginTransactionRequest) GetHeader() *InternalHeader {
-	if m != nil {
-		return m.Header
-	}
-	return nil
-}
-
-func (m *BeginTransactionRequest) GetApp() string {
-	if m != nil && m.App != nil {
-		return *m.App
-	}
-	return ""
-}
-
-func (m *BeginTransactionRequest) GetAllowMultipleEg() bool {
-	if m != nil && m.AllowMultipleEg != nil {
-		return *m.AllowMultipleEg
-	}
-	return Default_BeginTransactionRequest_AllowMultipleEg
-}
-
-func (m *BeginTransactionRequest) GetDatabaseId() string {
-	if m != nil && m.DatabaseId != nil {
-		return *m.DatabaseId
-	}
-	return ""
-}
-
-func (m *BeginTransactionRequest) GetMode() BeginTransactionRequest_TransactionMode {
-	if m != nil && m.Mode != nil {
-		return *m.Mode
-	}
-	return Default_BeginTransactionRequest_Mode
-}
-
-func (m *BeginTransactionRequest) GetPreviousTransaction() *Transaction {
-	if m != nil {
-		return m.PreviousTransaction
-	}
-	return nil
-}
-
-type CommitResponse struct {
-	Cost                 *Cost                     `protobuf:"bytes,1,opt,name=cost" json:"cost,omitempty"`
-	Version              []*CommitResponse_Version `protobuf:"group,3,rep,name=Version,json=version" json:"version,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                  `json:"-"`
-	XXX_unrecognized     []byte                    `json:"-"`
-	XXX_sizecache        int32                     `json:"-"`
-}
-
-func (m *CommitResponse) Reset()         { *m = CommitResponse{} }
-func (m *CommitResponse) String() string { return proto.CompactTextString(m) }
-func (*CommitResponse) ProtoMessage()    {}
-func (*CommitResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{37}
-}
-func (m *CommitResponse) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CommitResponse.Unmarshal(m, b)
-}
-func (m *CommitResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CommitResponse.Marshal(b, m, deterministic)
-}
-func (dst *CommitResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CommitResponse.Merge(dst, src)
-}
-func (m *CommitResponse) XXX_Size() int {
-	return xxx_messageInfo_CommitResponse.Size(m)
-}
-func (m *CommitResponse) XXX_DiscardUnknown() {
-	xxx_messageInfo_CommitResponse.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CommitResponse proto.InternalMessageInfo
-
-func (m *CommitResponse) GetCost() *Cost {
-	if m != nil {
-		return m.Cost
-	}
-	return nil
-}
-
-func (m *CommitResponse) GetVersion() []*CommitResponse_Version {
-	if m != nil {
-		return m.Version
-	}
-	return nil
-}
-
-type CommitResponse_Version struct {
-	RootEntityKey        *Reference `protobuf:"bytes,4,req,name=root_entity_key,json=rootEntityKey" json:"root_entity_key,omitempty"`
-	Version              *int64     `protobuf:"varint,5,req,name=version" json:"version,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
-	XXX_unrecognized     []byte     `json:"-"`
-	XXX_sizecache        int32      `json:"-"`
-}
-
-func (m *CommitResponse_Version) Reset()         { *m = CommitResponse_Version{} }
-func (m *CommitResponse_Version) String() string { return proto.CompactTextString(m) }
-func (*CommitResponse_Version) ProtoMessage()    {}
-func (*CommitResponse_Version) Descriptor() ([]byte, []int) {
-	return fileDescriptor_datastore_v3_83b17b80c34f6179, []int{37, 0}
-}
-func (m *CommitResponse_Version) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CommitResponse_Version.Unmarshal(m, b)
-}
-func (m *CommitResponse_Version) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CommitResponse_Version.Marshal(b, m, deterministic)
-}
-func (dst *CommitResponse_Version) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CommitResponse_Version.Merge(dst, src)
-}
-func (m *CommitResponse_Version) XXX_Size() int {
-	return xxx_messageInfo_CommitResponse_Version.Size(m)
-}
-func (m *CommitResponse_Version) XXX_DiscardUnknown() {
-	xxx_messageInfo_CommitResponse_Version.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CommitResponse_Version proto.InternalMessageInfo
-
-func (m *CommitResponse_Version) GetRootEntityKey() *Reference {
-	if m != nil {
-		return m.RootEntityKey
-	}
-	return nil
-}
-
-func (m *CommitResponse_Version) GetVersion() int64 {
-	if m != nil && m.Version != nil {
-		return *m.Version
-	}
-	return 0
-}
-
-func init() {
-	proto.RegisterType((*Action)(nil), "appengine.Action")
-	proto.RegisterType((*PropertyValue)(nil), "appengine.PropertyValue")
-	proto.RegisterType((*PropertyValue_PointValue)(nil), "appengine.PropertyValue.PointValue")
-	proto.RegisterType((*PropertyValue_UserValue)(nil), "appengine.PropertyValue.UserValue")
-	proto.RegisterType((*PropertyValue_ReferenceValue)(nil), "appengine.PropertyValue.ReferenceValue")
-	proto.RegisterType((*PropertyValue_ReferenceValue_PathElement)(nil), "appengine.PropertyValue.ReferenceValue.PathElement")
-	proto.RegisterType((*Property)(nil), "appengine.Property")
-	proto.RegisterType((*Path)(nil), "appengine.Path")
-	proto.RegisterType((*Path_Element)(nil), "appengine.Path.Element")
-	proto.RegisterType((*Reference)(nil), "appengine.Reference")
-	proto.RegisterType((*User)(nil), "appengine.User")
-	proto.RegisterType((*EntityProto)(nil), "appengine.EntityProto")
-	proto.RegisterType((*CompositeProperty)(nil), "appengine.CompositeProperty")
-	proto.RegisterType((*Index)(nil), "appengine.Index")
-	proto.RegisterType((*Index_Property)(nil), "appengine.Index.Property")
-	proto.RegisterType((*CompositeIndex)(nil), "appengine.CompositeIndex")
-	proto.RegisterType((*IndexPostfix)(nil), "appengine.IndexPostfix")
-	proto.RegisterType((*IndexPostfix_IndexValue)(nil), "appengine.IndexPostfix.IndexValue")
-	proto.RegisterType((*IndexPosition)(nil), "appengine.IndexPosition")
-	proto.RegisterType((*Snapshot)(nil), "appengine.Snapshot")
-	proto.RegisterType((*InternalHeader)(nil), "appengine.InternalHeader")
-	proto.RegisterType((*Transaction)(nil), "appengine.Transaction")
-	proto.RegisterType((*Query)(nil), "appengine.Query")
-	proto.RegisterType((*Query_Filter)(nil), "appengine.Query.Filter")
-	proto.RegisterType((*Query_Order)(nil), "appengine.Query.Order")
-	proto.RegisterType((*CompiledQuery)(nil), "appengine.CompiledQuery")
-	proto.RegisterType((*CompiledQuery_PrimaryScan)(nil), "appengine.CompiledQuery.PrimaryScan")
-	proto.RegisterType((*CompiledQuery_MergeJoinScan)(nil), "appengine.CompiledQuery.MergeJoinScan")
-	proto.RegisterType((*CompiledQuery_EntityFilter)(nil), "appengine.CompiledQuery.EntityFilter")
-	proto.RegisterType((*CompiledCursor)(nil), "appengine.CompiledCursor")
-	proto.RegisterType((*CompiledCursor_Position)(nil), "appengine.CompiledCursor.Position")
-	proto.RegisterType((*CompiledCursor_Position_IndexValue)(nil), "appengine.CompiledCursor.Position.IndexValue")
-	proto.RegisterType((*Cursor)(nil), "appengine.Cursor")
-	proto.RegisterType((*Error)(nil), "appengine.Error")
-	proto.RegisterType((*Cost)(nil), "appengine.Cost")
-	proto.RegisterType((*Cost_CommitCost)(nil), "appengine.Cost.CommitCost")
-	proto.RegisterType((*GetRequest)(nil), "appengine.GetRequest")
-	proto.RegisterType((*GetResponse)(nil), "appengine.GetResponse")
-	proto.RegisterType((*GetResponse_Entity)(nil), "appengine.GetResponse.Entity")
-	proto.RegisterType((*PutRequest)(nil), "appengine.PutRequest")
-	proto.RegisterType((*PutResponse)(nil), "appengine.PutResponse")
-	proto.RegisterType((*TouchRequest)(nil), "appengine.TouchRequest")
-	proto.RegisterType((*TouchResponse)(nil), "appengine.TouchResponse")
-	proto.RegisterType((*DeleteRequest)(nil), "appengine.DeleteRequest")
-	proto.RegisterType((*DeleteResponse)(nil), "appengine.DeleteResponse")
-	proto.RegisterType((*NextRequest)(nil), "appengine.NextRequest")
-	proto.RegisterType((*QueryResult)(nil), "appengine.QueryResult")
-	proto.RegisterType((*AllocateIdsRequest)(nil), "appengine.AllocateIdsRequest")
-	proto.RegisterType((*AllocateIdsResponse)(nil), "appengine.AllocateIdsResponse")
-	proto.RegisterType((*CompositeIndices)(nil), "appengine.CompositeIndices")
-	proto.RegisterType((*AddActionsRequest)(nil), "appengine.AddActionsRequest")
-	proto.RegisterType((*AddActionsResponse)(nil), "appengine.AddActionsResponse")
-	proto.RegisterType((*BeginTransactionRequest)(nil), "appengine.BeginTransactionRequest")
-	proto.RegisterType((*CommitResponse)(nil), "appengine.CommitResponse")
-	proto.RegisterType((*CommitResponse_Version)(nil), "appengine.CommitResponse.Version")
-}
-
-func init() {
-	proto.RegisterFile("google.golang.org/appengine/internal/datastore/datastore_v3.proto", fileDescriptor_datastore_v3_83b17b80c34f6179)
-}
-
-var fileDescriptor_datastore_v3_83b17b80c34f6179 = []byte{
-	// 4156 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x5a, 0xcd, 0x73, 0xe3, 0x46,
-	0x76, 0x37, 0xc1, 0xef, 0x47, 0x89, 0x82, 0x5a, 0xf3, 0xc1, 0xa1, 0x3f, 0x46, 0xc6, 0xac, 0x6d,
-	0xd9, 0x6b, 0x73, 0x6c, 0xf9, 0x23, 0x5b, 0x4a, 0x76, 0x1d, 0x4a, 0xc4, 0x68, 0x90, 0xa1, 0x48,
-	0xb9, 0x09, 0xd9, 0x9e, 0x5c, 0x50, 0x18, 0xa2, 0x29, 0x21, 0x43, 0x02, 0x30, 0x00, 0x6a, 0x46,
-	0x93, 0xe4, 0x90, 0x4b, 0x2a, 0x55, 0x5b, 0xa9, 0x1c, 0x92, 0x4a, 0x25, 0xf9, 0x07, 0x72, 0xc8,
-	0x39, 0x95, 0xaa, 0x54, 0xf6, 0x98, 0x5b, 0x0e, 0x7b, 0xc9, 0x31, 0x95, 0x73, 0xf2, 0x27, 0x24,
-	0x39, 0xa4, 0xfa, 0x75, 0x03, 0x02, 0x28, 0x4a, 0x23, 0x6d, 0xf6, 0x90, 0x13, 0xd1, 0xef, 0xfd,
-	0xba, 0xf1, 0xfa, 0xf5, 0xfb, 0x6c, 0x10, 0xba, 0xc7, 0xbe, 0x7f, 0x3c, 0x65, 0x9d, 0x63, 0x7f,
-	0x6a, 0x7b, 0xc7, 0x1d, 0x3f, 0x3c, 0x7e, 0x68, 0x07, 0x01, 0xf3, 0x8e, 0x5d, 0x8f, 0x3d, 0x74,
-	0xbd, 0x98, 0x85, 0x9e, 0x3d, 0x7d, 0xe8, 0xd8, 0xb1, 0x1d, 0xc5, 0x7e, 0xc8, 0xce, 0x9f, 0xac,
-	0xd3, 0xcf, 0x3b, 0x41, 0xe8, 0xc7, 0x3e, 0xa9, 0xa7, 0x13, 0xb4, 0x1a, 0x54, 0xba, 0xe3, 0xd8,
-	0xf5, 0x3d, 0xed, 0x1f, 0x2b, 0xb0, 0x7a, 0x18, 0xfa, 0x01, 0x0b, 0xe3, 0xb3, 0x6f, 0xed, 0xe9,
-	0x9c, 0x91, 0x77, 0x00, 0x5c, 0x2f, 0xfe, 0xea, 0x0b, 0x1c, 0xb5, 0x0a, 0x9b, 0x85, 0xad, 0x22,
-	0xcd, 0x50, 0x88, 0x06, 0x2b, 0xcf, 0x7c, 0x7f, 0xca, 0x6c, 0x4f, 0x20, 0x94, 0xcd, 0xc2, 0x56,
-	0x8d, 0xe6, 0x68, 0x64, 0x13, 0x1a, 0x51, 0x1c, 0xba, 0xde, 0xb1, 0x80, 0x14, 0x37, 0x0b, 0x5b,
-	0x75, 0x9a, 0x25, 0x71, 0x84, 0xe3, 0xcf, 0x9f, 0x4d, 0x99, 0x40, 0x94, 0x36, 0x0b, 0x5b, 0x05,
-	0x9a, 0x25, 0x91, 0x3d, 0x80, 0xc0, 0x77, 0xbd, 0xf8, 0x14, 0x01, 0xe5, 0xcd, 0xc2, 0x16, 0x6c,
-	0x3f, 0xe8, 0xa4, 0x7b, 0xe8, 0xe4, 0xa4, 0xee, 0x1c, 0x72, 0x28, 0x3e, 0xd2, 0xcc, 0x34, 0xf2,
-	0xdb, 0x50, 0x9f, 0x47, 0x2c, 0x14, 0x6b, 0xd4, 0x70, 0x0d, 0xed, 0xd2, 0x35, 0x8e, 0x22, 0x16,
-	0x8a, 0x25, 0xce, 0x27, 0x91, 0x21, 0x34, 0x43, 0x36, 0x61, 0x21, 0xf3, 0xc6, 0x4c, 0x2c, 0xb3,
-	0x82, 0xcb, 0x7c, 0x70, 0xe9, 0x32, 0x34, 0x81, 0x8b, 0xb5, 0x16, 0xa6, 0xb7, 0xb7, 0x00, 0xce,
-	0x85, 0x25, 0x2b, 0x50, 0x78, 0xd9, 0xaa, 0x6c, 0x2a, 0x5b, 0x05, 0x5a, 0x78, 0xc9, 0x47, 0x67,
-	0xad, 0xaa, 0x18, 0x9d, 0xb5, 0xff, 0xa9, 0x00, 0xf5, 0x54, 0x26, 0x72, 0x0b, 0xca, 0x6c, 0x66,
-	0xbb, 0xd3, 0x56, 0x7d, 0x53, 0xd9, 0xaa, 0x53, 0x31, 0x20, 0xf7, 0xa1, 0x61, 0xcf, 0xe3, 0x13,
-	0xcb, 0xf1, 0x67, 0xb6, 0xeb, 0xb5, 0x00, 0x79, 0xc0, 0x49, 0x3d, 0xa4, 0x90, 0x36, 0xd4, 0x3c,
-	0x77, 0xfc, 0xdc, 0xb3, 0x67, 0xac, 0xd5, 0xc0, 0x73, 0x48, 0xc7, 0xe4, 0x13, 0x20, 0x13, 0xe6,
-	0xb0, 0xd0, 0x8e, 0x99, 0x63, 0xb9, 0x0e, 0xf3, 0x62, 0x37, 0x3e, 0x6b, 0xdd, 0x46, 0xd4, 0x7a,
-	0xca, 0x31, 0x24, 0x23, 0x0f, 0x0f, 0x42, 0xff, 0xd4, 0x75, 0x58, 0xd8, 0xba, 0xb3, 0x00, 0x3f,
-	0x94, 0x8c, 0xf6, 0xbf, 0x17, 0xa0, 0x99, 0xd7, 0x05, 0x51, 0xa1, 0x68, 0x07, 0x41, 0x6b, 0x15,
-	0xa5, 0xe4, 0x8f, 0xe4, 0x6d, 0x00, 0x2e, 0x8a, 0x15, 0x05, 0xf6, 0x98, 0xb5, 0x6e, 0xe1, 0x5a,
-	0x75, 0x4e, 0x19, 0x71, 0x02, 0x39, 0x82, 0x46, 0x60, 0xc7, 0x27, 0x6c, 0xca, 0x66, 0xcc, 0x8b,
-	0x5b, 0xcd, 0xcd, 0xe2, 0x16, 0x6c, 0x7f, 0x7e, 0x4d, 0xd5, 0x77, 0x0e, 0xed, 0xf8, 0x44, 0x17,
-	0x53, 0x69, 0x76, 0x9d, 0xb6, 0x0e, 0x8d, 0x0c, 0x8f, 0x10, 0x28, 0xc5, 0x67, 0x01, 0x6b, 0xad,
-	0xa1, 0x5c, 0xf8, 0x4c, 0x9a, 0xa0, 0xb8, 0x4e, 0x4b, 0x45, 0xf3, 0x57, 0x5c, 0x87, 0x63, 0x50,
-	0x87, 0xeb, 0x28, 0x22, 0x3e, 0x6b, 0xff, 0x51, 0x86, 0x5a, 0x22, 0x00, 0xe9, 0x42, 0x75, 0xc6,
-	0x6c, 0xcf, 0xf5, 0x8e, 0xd1, 0x69, 0x9a, 0xdb, 0x6f, 0x2e, 0x11, 0xb3, 0x73, 0x20, 0x20, 0x3b,
-	0x30, 0x18, 0x5a, 0x07, 0x7a, 0x77, 0x60, 0x0c, 0xf6, 0x69, 0x32, 0x8f, 0x1f, 0xa6, 0x7c, 0xb4,
-	0xe6, 0xa1, 0x8b, 0x9e, 0x55, 0xa7, 0x20, 0x49, 0x47, 0xa1, 0x9b, 0x0a, 0x51, 0x14, 0x82, 0xe2,
-	0x21, 0x76, 0xa0, 0x9c, 0xb8, 0x88, 0xb2, 0xd5, 0xd8, 0x6e, 0x5d, 0xa6, 0x1c, 0x2a, 0x60, 0xdc,
-	0x20, 0x66, 0xf3, 0x69, 0xec, 0x06, 0x53, 0xee, 0x76, 0xca, 0x56, 0x8d, 0xa6, 0x63, 0xf2, 0x1e,
-	0x40, 0xc4, 0xec, 0x70, 0x7c, 0x62, 0x3f, 0x9b, 0xb2, 0x56, 0x85, 0x7b, 0xf6, 0x4e, 0x79, 0x62,
-	0x4f, 0x23, 0x46, 0x33, 0x0c, 0x62, 0xc3, 0xdd, 0x49, 0x1c, 0x59, 0xb1, 0xff, 0x9c, 0x79, 0xee,
-	0x2b, 0x9b, 0x07, 0x12, 0xcb, 0x0f, 0xf8, 0x0f, 0xfa, 0x58, 0x73, 0xfb, 0xc3, 0x65, 0x5b, 0x7f,
-	0x14, 0x47, 0x66, 0x66, 0xc6, 0x10, 0x27, 0xd0, 0xdb, 0x93, 0x65, 0x64, 0xd2, 0x86, 0xca, 0xd4,
-	0x1f, 0xdb, 0x53, 0xd6, 0xaa, 0x73, 0x2d, 0xec, 0x28, 0xcc, 0xa3, 0x92, 0xa2, 0xfd, 0xb3, 0x02,
-	0x55, 0xa9, 0x47, 0xd2, 0x84, 0x8c, 0x26, 0xd5, 0x37, 0x48, 0x0d, 0x4a, 0xbb, 0xfd, 0xe1, 0xae,
-	0xda, 0xe4, 0x4f, 0xa6, 0xfe, 0xbd, 0xa9, 0xae, 0x71, 0xcc, 0xee, 0x53, 0x53, 0x1f, 0x99, 0x94,
-	0x63, 0x54, 0xb2, 0x0e, 0xab, 0x5d, 0x73, 0x78, 0x60, 0xed, 0x75, 0x4d, 0x7d, 0x7f, 0x48, 0x9f,
-	0xaa, 0x05, 0xb2, 0x0a, 0x75, 0x24, 0xf5, 0x8d, 0xc1, 0x13, 0x55, 0xe1, 0x33, 0x70, 0x68, 0x1a,
-	0x66, 0x5f, 0x57, 0x8b, 0x44, 0x85, 0x15, 0x31, 0x63, 0x38, 0x30, 0xf5, 0x81, 0xa9, 0x96, 0x52,
-	0xca, 0xe8, 0xe8, 0xe0, 0xa0, 0x4b, 0x9f, 0xaa, 0x65, 0xb2, 0x06, 0x0d, 0xa4, 0x74, 0x8f, 0xcc,
-	0xc7, 0x43, 0xaa, 0x56, 0x48, 0x03, 0xaa, 0xfb, 0x3d, 0xeb, 0xbb, 0xc7, 0xfa, 0x40, 0xad, 0x92,
-	0x15, 0xa8, 0xed, 0xf7, 0x2c, 0xfd, 0xa0, 0x6b, 0xf4, 0xd5, 0x1a, 0x9f, 0xbd, 0xaf, 0x0f, 0xe9,
-	0x68, 0x64, 0x1d, 0x0e, 0x8d, 0x81, 0xa9, 0xd6, 0x49, 0x1d, 0xca, 0xfb, 0x3d, 0xcb, 0x38, 0x50,
-	0x81, 0x10, 0x68, 0xee, 0xf7, 0xac, 0xc3, 0xc7, 0xc3, 0x81, 0x3e, 0x38, 0x3a, 0xd8, 0xd5, 0xa9,
-	0xda, 0x20, 0xb7, 0x40, 0xe5, 0xb4, 0xe1, 0xc8, 0xec, 0xf6, 0xbb, 0xbd, 0x1e, 0xd5, 0x47, 0x23,
-	0x75, 0x85, 0x4b, 0xbd, 0xdf, 0xb3, 0x68, 0xd7, 0xe4, 0xfb, 0x5a, 0xe5, 0x2f, 0xe4, 0x7b, 0x7f,
-	0xa2, 0x3f, 0x55, 0xd7, 0xf9, 0x2b, 0xf4, 0x81, 0x69, 0x98, 0x4f, 0xad, 0x43, 0x3a, 0x34, 0x87,
-	0xea, 0x06, 0x17, 0xd0, 0x18, 0xf4, 0xf4, 0xef, 0xad, 0x6f, 0xbb, 0xfd, 0x23, 0x5d, 0x25, 0xda,
-	0x8f, 0xe1, 0xf6, 0xd2, 0x33, 0xe1, 0xaa, 0x7b, 0x6c, 0x1e, 0xf4, 0xd5, 0x02, 0x7f, 0xe2, 0x9b,
-	0x52, 0x15, 0xed, 0x0f, 0xa0, 0xc4, 0x5d, 0x86, 0x7c, 0x06, 0xd5, 0xc4, 0x1b, 0x0b, 0xe8, 0x8d,
-	0x77, 0xb3, 0x67, 0x6d, 0xc7, 0x27, 0x9d, 0xc4, 0xe3, 0x12, 0x5c, 0xbb, 0x0b, 0xd5, 0x45, 0x4f,
-	0x53, 0x2e, 0x78, 0x5a, 0xf1, 0x82, 0xa7, 0x95, 0x32, 0x9e, 0x66, 0x43, 0x3d, 0xf5, 0xed, 0x9b,
-	0x47, 0x91, 0x07, 0x50, 0xe2, 0xde, 0xdf, 0x6a, 0xa2, 0x87, 0xac, 0x2d, 0x08, 0x4c, 0x91, 0xa9,
-	0xfd, 0x43, 0x01, 0x4a, 0x3c, 0xda, 0x9e, 0x07, 0xda, 0xc2, 0x15, 0x81, 0x56, 0xb9, 0x32, 0xd0,
-	0x16, 0xaf, 0x15, 0x68, 0x2b, 0x37, 0x0b, 0xb4, 0xd5, 0x4b, 0x02, 0xad, 0xf6, 0x67, 0x45, 0x68,
-	0xe8, 0x38, 0xf3, 0x10, 0x13, 0xfd, 0xfb, 0x50, 0x7c, 0xce, 0xce, 0x50, 0x3f, 0x8d, 0xed, 0x5b,
-	0x99, 0xdd, 0xa6, 0x2a, 0xa4, 0x1c, 0x40, 0xb6, 0x61, 0x45, 0xbc, 0xd0, 0x3a, 0x0e, 0xfd, 0x79,
-	0xd0, 0x52, 0x97, 0xab, 0xa7, 0x21, 0x40, 0xfb, 0x1c, 0x43, 0xde, 0x83, 0xb2, 0xff, 0xc2, 0x63,
-	0x21, 0xc6, 0xc1, 0x3c, 0x98, 0x2b, 0x8f, 0x0a, 0x2e, 0x79, 0x08, 0xa5, 0xe7, 0xae, 0xe7, 0xe0,
-	0x19, 0xe6, 0x23, 0x61, 0x46, 0xd0, 0xce, 0x13, 0xd7, 0x73, 0x28, 0x02, 0xc9, 0x3d, 0xa8, 0xf1,
-	0x5f, 0x8c, 0x7b, 0x65, 0xdc, 0x68, 0x95, 0x8f, 0x79, 0xd0, 0x7b, 0x08, 0xb5, 0x40, 0xc6, 0x10,
-	0x4c, 0x00, 0x8d, 0xed, 0x8d, 0x25, 0xe1, 0x85, 0xa6, 0x20, 0xf2, 0x15, 0xac, 0x84, 0xf6, 0x0b,
-	0x2b, 0x9d, 0xb4, 0x76, 0xf9, 0xa4, 0x46, 0x68, 0xbf, 0x48, 0x23, 0x38, 0x81, 0x52, 0x68, 0x7b,
-	0xcf, 0x5b, 0x64, 0xb3, 0xb0, 0x55, 0xa6, 0xf8, 0xac, 0x7d, 0x01, 0x25, 0x2e, 0x25, 0x8f, 0x08,
-	0xfb, 0x3d, 0xf4, 0xff, 0xee, 0x9e, 0xa9, 0x16, 0x12, 0x7f, 0xfe, 0x96, 0x47, 0x03, 0x45, 0x72,
-	0x0f, 0xf4, 0xd1, 0xa8, 0xbb, 0xaf, 0xab, 0x45, 0xad, 0x07, 0xeb, 0x7b, 0xfe, 0x2c, 0xf0, 0x23,
-	0x37, 0x66, 0xe9, 0xf2, 0xf7, 0xa0, 0xe6, 0x7a, 0x0e, 0x7b, 0x69, 0xb9, 0x0e, 0x9a, 0x56, 0x91,
-	0x56, 0x71, 0x6c, 0x38, 0xdc, 0xe4, 0x4e, 0x65, 0x31, 0x55, 0xe4, 0x26, 0x87, 0x03, 0xed, 0x2f,
-	0x15, 0x28, 0x1b, 0x1c, 0xc1, 0x8d, 0x4f, 0x9e, 0x14, 0x7a, 0x8f, 0x30, 0x4c, 0x10, 0x24, 0x93,
-	0xfb, 0x50, 0x1b, 0x6a, 0xb6, 0x37, 0x66, 0xbc, 0xe2, 0xc3, 0x3c, 0x50, 0xa3, 0xe9, 0x98, 0x7c,
-	0x99, 0xd1, 0x9f, 0x82, 0x2e, 0x7b, 0x2f, 0xa3, 0x0a, 0x7c, 0xc1, 0x12, 0x2d, 0xb6, 0xff, 0xaa,
-	0x90, 0x49, 0x6e, 0xcb, 0x12, 0x4f, 0x1f, 0xea, 0x8e, 0x1b, 0x32, 0xac, 0x23, 0xe5, 0x41, 0x3f,
-	0xb8, 0x74, 0xe1, 0x4e, 0x2f, 0x81, 0xee, 0xd4, 0xbb, 0xa3, 0x3d, 0x7d, 0xd0, 0xe3, 0x99, 0xef,
-	0x7c, 0x01, 0xed, 0x23, 0xa8, 0xa7, 0x10, 0x0c, 0xc7, 0x09, 0x48, 0x2d, 0x70, 0xf5, 0xf6, 0xf4,
-	0x74, 0xac, 0x68, 0x7f, 0xad, 0x40, 0x33, 0xd5, 0xaf, 0xd0, 0xd0, 0x6d, 0xa8, 0xd8, 0x41, 0x90,
-	0xa8, 0xb6, 0x4e, 0xcb, 0x76, 0x10, 0x18, 0x8e, 0x8c, 0x2d, 0x0a, 0x6a, 0x9b, 0xc7, 0x96, 0x4f,
-	0x01, 0x1c, 0x36, 0x71, 0x3d, 0x17, 0x85, 0x2e, 0xa2, 0xc1, 0xab, 0x8b, 0x42, 0xd3, 0x0c, 0x86,
-	0x7c, 0x09, 0xe5, 0x28, 0xb6, 0x63, 0x91, 0x2b, 0x9b, 0xdb, 0xf7, 0x33, 0xe0, 0xbc, 0x08, 0x9d,
-	0x11, 0x87, 0x51, 0x81, 0x26, 0x5f, 0xc1, 0x2d, 0xdf, 0x9b, 0x9e, 0x59, 0xf3, 0x88, 0x59, 0xee,
-	0xc4, 0x0a, 0xd9, 0x0f, 0x73, 0x37, 0x64, 0x4e, 0x3e, 0xa7, 0xae, 0x73, 0xc8, 0x51, 0xc4, 0x8c,
-	0x09, 0x95, 0x7c, 0xed, 0x6b, 0x28, 0xe3, 0x3a, 0x7c, 0xcf, 0xdf, 0x51, 0xc3, 0xd4, 0xad, 0xe1,
-	0xa0, 0xff, 0x54, 0xe8, 0x80, 0xea, 0xdd, 0x9e, 0x85, 0x44, 0x55, 0xe1, 0xc1, 0xbe, 0xa7, 0xf7,
-	0x75, 0x53, 0xef, 0xa9, 0x45, 0x9e, 0x3d, 0x74, 0x4a, 0x87, 0x54, 0x2d, 0x69, 0xff, 0x53, 0x80,
-	0x15, 0x94, 0xe7, 0xd0, 0x8f, 0xe2, 0x89, 0xfb, 0x92, 0xec, 0x41, 0x43, 0x98, 0xdd, 0xa9, 0x2c,
-	0xe8, 0xb9, 0x33, 0x68, 0x8b, 0x7b, 0x96, 0x68, 0x31, 0x90, 0x75, 0xb4, 0x9b, 0x3e, 0x27, 0x21,
-	0x45, 0x41, 0xa7, 0xbf, 0x22, 0xa4, 0xbc, 0x05, 0x95, 0x67, 0x6c, 0xe2, 0x87, 0x22, 0x04, 0xd6,
-	0x76, 0x4a, 0x71, 0x38, 0x67, 0x54, 0xd2, 0xda, 0x36, 0xc0, 0xf9, 0xfa, 0xe4, 0x01, 0xac, 0x26,
-	0xc6, 0x66, 0xa1, 0x71, 0x89, 0x93, 0x5b, 0x49, 0x88, 0x83, 0x5c, 0x75, 0xa3, 0x5c, 0xab, 0xba,
-	0xd1, 0xbe, 0x86, 0xd5, 0x64, 0x3f, 0xe2, 0xfc, 0x54, 0x21, 0x79, 0x01, 0x63, 0xca, 0x82, 0x8c,
-	0xca, 0x45, 0x19, 0xb5, 0x9f, 0x41, 0x6d, 0xe4, 0xd9, 0x41, 0x74, 0xe2, 0xc7, 0xdc, 0x7a, 0xe2,
-	0x48, 0xfa, 0xaa, 0x12, 0x47, 0x9a, 0x06, 0x15, 0x7e, 0x38, 0xf3, 0x88, 0xbb, 0xbf, 0x31, 0xe8,
-	0xee, 0x99, 0xc6, 0xb7, 0xba, 0xfa, 0x06, 0x01, 0xa8, 0xc8, 0xe7, 0x82, 0xa6, 0x41, 0xd3, 0x90,
-	0xed, 0xd8, 0x63, 0x66, 0x3b, 0x2c, 0xe4, 0x12, 0xfc, 0xe0, 0x47, 0x89, 0x04, 0x3f, 0xf8, 0x91,
-	0xf6, 0x17, 0x05, 0x68, 0x98, 0xa1, 0xed, 0x45, 0xb6, 0x30, 0xf7, 0xcf, 0xa0, 0x72, 0x82, 0x58,
-	0x74, 0xa3, 0xc6, 0x82, 0x7f, 0x66, 0x17, 0xa3, 0x12, 0x48, 0xee, 0x40, 0xe5, 0xc4, 0xf6, 0x9c,
-	0xa9, 0xd0, 0x5a, 0x85, 0xca, 0x51, 0x92, 0x1b, 0x95, 0xf3, 0xdc, 0xb8, 0x05, 0x2b, 0x33, 0x3b,
-	0x7c, 0x6e, 0x8d, 0x4f, 0x6c, 0xef, 0x98, 0x45, 0xf2, 0x60, 0xa4, 0x05, 0x36, 0x38, 0x6b, 0x4f,
-	0x70, 0xb4, 0xbf, 0x5f, 0x81, 0xf2, 0x37, 0x73, 0x16, 0x9e, 0x65, 0x04, 0xfa, 0xe0, 0xba, 0x02,
-	0xc9, 0x17, 0x17, 0x2e, 0x4b, 0xca, 0x6f, 0x2f, 0x26, 0x65, 0x22, 0x53, 0x84, 0xc8, 0x95, 0x22,
-	0x0b, 0x7c, 0x9a, 0x09, 0x63, 0xeb, 0x57, 0xd8, 0xda, 0x79, 0x70, 0x7b, 0x08, 0x95, 0x89, 0x3b,
-	0x8d, 0x51, 0x75, 0x8b, 0xd5, 0x08, 0xee, 0xa5, 0xf3, 0x08, 0xd9, 0x54, 0xc2, 0xc8, 0xbb, 0xb0,
-	0x22, 0x2a, 0x59, 0xeb, 0x07, 0xce, 0xc6, 0x82, 0x95, 0xf7, 0xa6, 0x48, 0x13, 0xbb, 0xff, 0x18,
-	0xca, 0x7e, 0xc8, 0x37, 0x5f, 0xc7, 0x25, 0xef, 0x5c, 0x58, 0x72, 0xc8, 0xb9, 0x54, 0x80, 0xc8,
-	0x87, 0x50, 0x3a, 0x71, 0xbd, 0x18, 0xb3, 0x46, 0x73, 0xfb, 0xf6, 0x05, 0xf0, 0x63, 0xd7, 0x8b,
-	0x29, 0x42, 0x78, 0x98, 0x1f, 0xfb, 0x73, 0x2f, 0x6e, 0xdd, 0xc5, 0x0c, 0x23, 0x06, 0xe4, 0x1e,
-	0x54, 0xfc, 0xc9, 0x24, 0x62, 0x31, 0x76, 0x96, 0xe5, 0x9d, 0xc2, 0xa7, 0x54, 0x12, 0xf8, 0x84,
-	0xa9, 0x3b, 0x73, 0x63, 0xec, 0x43, 0xca, 0x54, 0x0c, 0xc8, 0x2e, 0xac, 0x8d, 0xfd, 0x59, 0xe0,
-	0x4e, 0x99, 0x63, 0x8d, 0xe7, 0x61, 0xe4, 0x87, 0xad, 0x77, 0x2e, 0x1c, 0xd3, 0x9e, 0x44, 0xec,
-	0x21, 0x80, 0x36, 0xc7, 0xb9, 0x31, 0x31, 0x60, 0x83, 0x79, 0x8e, 0xb5, 0xb8, 0xce, 0xfd, 0xd7,
-	0xad, 0xb3, 0xce, 0x3c, 0x27, 0x4f, 0x4a, 0xc4, 0xc1, 0x48, 0x68, 0x61, 0xcc, 0x68, 0x6d, 0x60,
-	0x90, 0xb9, 0x77, 0x69, 0xac, 0x14, 0xe2, 0x64, 0xc2, 0xf7, 0x6f, 0xc0, 0x2d, 0x19, 0x22, 0xad,
-	0x80, 0x85, 0x13, 0x36, 0x8e, 0xad, 0x60, 0x6a, 0x7b, 0x58, 0xca, 0xa5, 0xc6, 0x4a, 0x24, 0xe4,
-	0x50, 0x20, 0x0e, 0xa7, 0xb6, 0x47, 0x34, 0xa8, 0x3f, 0x67, 0x67, 0x91, 0xc5, 0x23, 0x29, 0x76,
-	0xae, 0x29, 0xba, 0xc6, 0xe9, 0x43, 0x6f, 0x7a, 0x46, 0x7e, 0x02, 0x8d, 0xf8, 0xdc, 0xdb, 0xb0,
-	0x61, 0x6d, 0xe4, 0x4e, 0x35, 0xe3, 0x8b, 0x34, 0x0b, 0x25, 0xf7, 0xa1, 0x2a, 0x35, 0xd4, 0xba,
-	0x97, 0x5d, 0x3b, 0xa1, 0xf2, 0xc4, 0x3c, 0xb1, 0xdd, 0xa9, 0x7f, 0xca, 0x42, 0x6b, 0x16, 0xb5,
-	0xda, 0xe2, 0xb6, 0x24, 0x21, 0x1d, 0x44, 0xdc, 0x4f, 0xa3, 0x38, 0xf4, 0xbd, 0xe3, 0xd6, 0x26,
-	0xde, 0x93, 0xc8, 0xd1, 0xc5, 0xe0, 0xf7, 0x2e, 0x66, 0xfe, 0x7c, 0xf0, 0xfb, 0x1c, 0xee, 0x60,
-	0x65, 0x66, 0x3d, 0x3b, 0xb3, 0xf2, 0x68, 0x0d, 0xd1, 0x1b, 0xc8, 0xdd, 0x3d, 0x3b, 0xcc, 0x4e,
-	0x6a, 0x43, 0xcd, 0x71, 0xa3, 0xd8, 0xf5, 0xc6, 0x71, 0xab, 0x85, 0xef, 0x4c, 0xc7, 0xe4, 0x33,
-	0xb8, 0x3d, 0x73, 0x3d, 0x2b, 0xb2, 0x27, 0xcc, 0x8a, 0x5d, 0xee, 0x9b, 0x6c, 0xec, 0x7b, 0x4e,
-	0xd4, 0x7a, 0x80, 0x82, 0x93, 0x99, 0xeb, 0x8d, 0xec, 0x09, 0x33, 0xdd, 0x19, 0x1b, 0x09, 0x0e,
-	0xf9, 0x08, 0xd6, 0x11, 0x1e, 0xb2, 0x60, 0xea, 0x8e, 0x6d, 0xf1, 0xfa, 0x1f, 0xe1, 0xeb, 0xd7,
-	0x38, 0x83, 0x0a, 0x3a, 0xbe, 0xfa, 0x63, 0x68, 0x06, 0x2c, 0x8c, 0xdc, 0x28, 0xb6, 0xa4, 0x45,
-	0xbf, 0x97, 0xd5, 0xda, 0xaa, 0x64, 0x0e, 0x91, 0xd7, 0xfe, 0xcf, 0x02, 0x54, 0x84, 0x73, 0x92,
-	0x4f, 0x41, 0xf1, 0x03, 0xbc, 0x06, 0x69, 0x6e, 0x6f, 0x5e, 0xe2, 0xc1, 0x9d, 0x61, 0xc0, 0xeb,
-	0x5e, 0x3f, 0xa4, 0x8a, 0x1f, 0xdc, 0xb8, 0x28, 0xd4, 0xfe, 0x10, 0x6a, 0xc9, 0x02, 0xbc, 0xbc,
-	0xe8, 0xeb, 0xa3, 0x91, 0x65, 0x3e, 0xee, 0x0e, 0xd4, 0x02, 0xb9, 0x03, 0x24, 0x1d, 0x5a, 0x43,
-	0x6a, 0xe9, 0xdf, 0x1c, 0x75, 0xfb, 0xaa, 0x82, 0x5d, 0x1a, 0xd5, 0xbb, 0xa6, 0x4e, 0x05, 0xb2,
-	0x48, 0xee, 0xc1, 0xed, 0x2c, 0xe5, 0x1c, 0x5c, 0xc2, 0x14, 0x8c, 0x8f, 0x65, 0x52, 0x01, 0xc5,
-	0x18, 0xa8, 0x15, 0x9e, 0x16, 0xf4, 0xef, 0x8d, 0x91, 0x39, 0x52, 0xab, 0xed, 0xbf, 0x29, 0x40,
-	0x19, 0xc3, 0x06, 0x3f, 0x9f, 0x54, 0x72, 0x71, 0x5d, 0x73, 0x5e, 0xb9, 0x1a, 0xd9, 0x92, 0xaa,
-	0x81, 0x01, 0x65, 0x73, 0x79, 0xf4, 0xf9, 0xb5, 0xd6, 0x53, 0x3f, 0x85, 0x12, 0x8f, 0x52, 0xbc,
-	0x43, 0x1c, 0xd2, 0x9e, 0x4e, 0xad, 0x47, 0x06, 0x1d, 0xf1, 0x2a, 0x97, 0x40, 0xb3, 0x3b, 0xd8,
-	0xd3, 0x47, 0xe6, 0x30, 0xa1, 0xa1, 0x56, 0x1e, 0x19, 0x7d, 0x33, 0x45, 0x15, 0xb5, 0x9f, 0xd7,
-	0x60, 0x35, 0x89, 0x09, 0x22, 0x82, 0x3e, 0x82, 0x46, 0x10, 0xba, 0x33, 0x3b, 0x3c, 0x8b, 0xc6,
-	0xb6, 0x87, 0x49, 0x01, 0xb6, 0x7f, 0xb4, 0x24, 0xaa, 0x88, 0x1d, 0x1d, 0x0a, 0xec, 0x68, 0x6c,
-	0x7b, 0x34, 0x3b, 0x91, 0xf4, 0x61, 0x75, 0xc6, 0xc2, 0x63, 0xf6, 0x7b, 0xbe, 0xeb, 0xe1, 0x4a,
-	0x55, 0x8c, 0xc8, 0xef, 0x5f, 0xba, 0xd2, 0x01, 0x47, 0xff, 0x8e, 0xef, 0x7a, 0xb8, 0x56, 0x7e,
-	0x32, 0xf9, 0x04, 0xea, 0xa2, 0x12, 0x72, 0xd8, 0x04, 0x63, 0xc5, 0xb2, 0xda, 0x4f, 0xd4, 0xe8,
-	0x3d, 0x36, 0xc9, 0xc4, 0x65, 0xb8, 0x34, 0x2e, 0x37, 0xb2, 0x71, 0xf9, 0xcd, 0x6c, 0x2c, 0x5a,
-	0x11, 0x55, 0x78, 0x1a, 0x84, 0x2e, 0x38, 0x7c, 0x6b, 0x89, 0xc3, 0x77, 0x60, 0x23, 0xf1, 0x55,
-	0xcb, 0xf5, 0x26, 0xee, 0x4b, 0x2b, 0x72, 0x5f, 0x89, 0xd8, 0x53, 0xa6, 0xeb, 0x09, 0xcb, 0xe0,
-	0x9c, 0x91, 0xfb, 0x8a, 0x11, 0x23, 0xe9, 0xe0, 0x64, 0x0e, 0x5c, 0xc5, 0xab, 0xc9, 0xf7, 0x2e,
-	0x55, 0x8f, 0x68, 0xbe, 0x64, 0x46, 0xcc, 0x4d, 0x6d, 0xff, 0x52, 0x81, 0x46, 0xe6, 0x1c, 0x78,
-	0xf6, 0x16, 0xca, 0x42, 0x61, 0xc5, 0x55, 0x94, 0x50, 0x1f, 0x4a, 0xfa, 0x26, 0xd4, 0xa3, 0xd8,
-	0x0e, 0x63, 0x8b, 0x17, 0x57, 0xb2, 0xdd, 0x45, 0xc2, 0x13, 0x76, 0x46, 0x3e, 0x80, 0x35, 0xc1,
-	0x74, 0xbd, 0xf1, 0x74, 0x1e, 0xb9, 0xa7, 0xa2, 0x99, 0xaf, 0xd1, 0x26, 0x92, 0x8d, 0x84, 0x4a,
-	0xee, 0x42, 0x95, 0x67, 0x21, 0xbe, 0x86, 0x68, 0xfa, 0x2a, 0xcc, 0x73, 0xf8, 0x0a, 0x0f, 0x60,
-	0x95, 0x33, 0xce, 0xe7, 0x57, 0xc4, 0x2d, 0x33, 0xf3, 0x9c, 0xf3, 0xd9, 0x1d, 0xd8, 0x10, 0xaf,
-	0x09, 0x44, 0xf1, 0x2a, 0x2b, 0xdc, 0x3b, 0xa8, 0xd8, 0x75, 0x64, 0xc9, 0xb2, 0x56, 0x14, 0x9c,
-	0x1f, 0x01, 0xcf, 0x5e, 0x0b, 0xe8, 0xbb, 0x22, 0x94, 0x31, 0xcf, 0xc9, 0x61, 0x77, 0xe1, 0x1d,
-	0x8e, 0x9d, 0x7b, 0x76, 0x10, 0x4c, 0x5d, 0xe6, 0x58, 0x53, 0xff, 0x18, 0x43, 0x66, 0x14, 0xdb,
-	0xb3, 0xc0, 0x9a, 0x47, 0xad, 0x0d, 0x0c, 0x99, 0x6d, 0xe6, 0x39, 0x47, 0x09, 0xa8, 0xef, 0x1f,
-	0x9b, 0x09, 0xe4, 0x28, 0x6a, 0xff, 0x3e, 0xac, 0xe6, 0xec, 0x71, 0x41, 0xa7, 0x35, 0x74, 0xfe,
-	0x8c, 0x4e, 0xdf, 0x85, 0x95, 0x20, 0x64, 0xe7, 0xa2, 0xd5, 0x51, 0xb4, 0x86, 0xa0, 0x09, 0xb1,
-	0xb6, 0x60, 0x05, 0x79, 0x96, 0x20, 0xe6, 0xf3, 0x63, 0x03, 0x59, 0x87, 0xc8, 0x69, 0xbf, 0x80,
-	0x95, 0xec, 0x69, 0x93, 0x77, 0x33, 0x69, 0xa1, 0x99, 0xcb, 0x93, 0x69, 0x76, 0x48, 0x2a, 0xb2,
-	0xf5, 0x4b, 0x2a, 0x32, 0x72, 0x9d, 0x8a, 0x4c, 0xfb, 0x2f, 0xd9, 0x9c, 0x65, 0x2a, 0x84, 0x9f,
-	0x41, 0x2d, 0x90, 0xf5, 0x38, 0x5a, 0x52, 0xfe, 0x12, 0x3e, 0x0f, 0xee, 0x24, 0x95, 0x3b, 0x4d,
-	0xe7, 0xb4, 0xff, 0x56, 0x81, 0x5a, 0x5a, 0xd0, 0xe7, 0x2c, 0xef, 0xcd, 0x05, 0xcb, 0x3b, 0x90,
-	0x1a, 0x16, 0x0a, 0x7c, 0x1b, 0xa3, 0xc5, 0x27, 0xaf, 0x7f, 0xd7, 0xc5, 0xb6, 0xe7, 0x34, 0xdb,
-	0xf6, 0x6c, 0xbe, 0xae, 0xed, 0xf9, 0xe4, 0xa2, 0xc1, 0xbf, 0x95, 0xe9, 0x2d, 0x16, 0xcc, 0xbe,
-	0xfd, 0x7d, 0xae, 0x0f, 0xca, 0x26, 0x84, 0x77, 0xc4, 0x7e, 0xd2, 0x84, 0x90, 0xb6, 0x3f, 0xf7,
-	0xaf, 0xd7, 0xfe, 0x6c, 0x43, 0x45, 0xea, 0xfc, 0x0e, 0x54, 0x64, 0x4d, 0x27, 0x1b, 0x04, 0x31,
-	0x3a, 0x6f, 0x10, 0x0a, 0xb2, 0x4e, 0xd7, 0x7e, 0xae, 0x40, 0x59, 0x0f, 0x43, 0x3f, 0xd4, 0xfe,
-	0x48, 0x81, 0x3a, 0x3e, 0xed, 0xf9, 0x0e, 0xe3, 0xd9, 0x60, 0xb7, 0xdb, 0xb3, 0xa8, 0xfe, 0xcd,
-	0x91, 0x8e, 0xd9, 0xa0, 0x0d, 0x77, 0xf6, 0x86, 0x83, 0xbd, 0x23, 0x4a, 0xf5, 0x81, 0x69, 0x99,
-	0xb4, 0x3b, 0x18, 0xf1, 0xb6, 0x67, 0x38, 0x50, 0x15, 0x9e, 0x29, 0x8c, 0x81, 0xa9, 0xd3, 0x41,
-	0xb7, 0x6f, 0x89, 0x56, 0xb4, 0x88, 0x77, 0xb3, 0xba, 0xde, 0xb3, 0xf0, 0xd6, 0x51, 0x2d, 0xf1,
-	0x96, 0xd5, 0x34, 0x0e, 0xf4, 0xe1, 0x91, 0xa9, 0x96, 0xc9, 0x6d, 0x58, 0x3f, 0xd4, 0xe9, 0x81,
-	0x31, 0x1a, 0x19, 0xc3, 0x81, 0xd5, 0xd3, 0x07, 0x86, 0xde, 0x53, 0x2b, 0x7c, 0x9d, 0x5d, 0x63,
-	0xdf, 0xec, 0xee, 0xf6, 0x75, 0xb9, 0x4e, 0x95, 0x6c, 0xc2, 0x5b, 0x7b, 0xc3, 0x83, 0x03, 0xc3,
-	0x34, 0xf5, 0x9e, 0xb5, 0x7b, 0x64, 0x5a, 0x23, 0xd3, 0xe8, 0xf7, 0xad, 0xee, 0xe1, 0x61, 0xff,
-	0x29, 0x4f, 0x60, 0x35, 0x72, 0x17, 0x36, 0xf6, 0xba, 0x87, 0xdd, 0x5d, 0xa3, 0x6f, 0x98, 0x4f,
-	0xad, 0x9e, 0x31, 0xe2, 0xf3, 0x7b, 0x6a, 0x9d, 0x27, 0x6c, 0x93, 0x3e, 0xb5, 0xba, 0x7d, 0x14,
-	0xcd, 0xd4, 0xad, 0xdd, 0xee, 0xde, 0x13, 0x7d, 0xd0, 0x53, 0x81, 0x0b, 0x30, 0xea, 0x3e, 0xd2,
-	0x2d, 0x2e, 0x92, 0x65, 0x0e, 0x87, 0xd6, 0xb0, 0xdf, 0x53, 0x1b, 0xda, 0xbf, 0x14, 0xa1, 0xb4,
-	0xe7, 0x47, 0x31, 0xf7, 0x46, 0xe1, 0xac, 0x2f, 0x42, 0x37, 0x66, 0xa2, 0x7f, 0x2b, 0x53, 0xd1,
-	0x4b, 0x7f, 0x87, 0x24, 0x1e, 0x50, 0x32, 0x10, 0xeb, 0xd9, 0x19, 0xc7, 0x29, 0x88, 0x5b, 0x3b,
-	0xc7, 0xed, 0x72, 0xb2, 0x88, 0x68, 0x78, 0x85, 0x23, 0xd7, 0x2b, 0x22, 0x4e, 0x06, 0x61, 0xb9,
-	0xe0, 0xc7, 0x40, 0xb2, 0x20, 0xb9, 0x62, 0x09, 0x91, 0x6a, 0x06, 0x29, 0x96, 0xdc, 0x01, 0x18,
-	0xfb, 0xb3, 0x99, 0x1b, 0x8f, 0xfd, 0x28, 0x96, 0x5f, 0xc8, 0xda, 0x39, 0x63, 0x8f, 0x62, 0x6e,
-	0xf1, 0x33, 0x37, 0xe6, 0x8f, 0x34, 0x83, 0x26, 0x3b, 0x70, 0xcf, 0x0e, 0x82, 0xd0, 0x7f, 0xe9,
-	0xce, 0xec, 0x98, 0x59, 0xdc, 0x73, 0xed, 0x63, 0x66, 0x39, 0x6c, 0x1a, 0xdb, 0xd8, 0x13, 0x95,
-	0xe9, 0xdd, 0x0c, 0x60, 0x24, 0xf8, 0x3d, 0xce, 0xe6, 0x71, 0xd7, 0x75, 0xac, 0x88, 0xfd, 0x30,
-	0xe7, 0x1e, 0x60, 0xcd, 0x03, 0xc7, 0xe6, 0x62, 0xd6, 0x45, 0x96, 0x72, 0x9d, 0x91, 0xe4, 0x1c,
-	0x09, 0x46, 0xfb, 0x15, 0xc0, 0xb9, 0x14, 0x64, 0x1b, 0x6e, 0xf3, 0x3a, 0x9e, 0x45, 0x31, 0x73,
-	0x2c, 0xb9, 0xdb, 0x60, 0x1e, 0x47, 0x18, 0xe2, 0xcb, 0x74, 0x23, 0x65, 0xca, 0x9b, 0xc2, 0x79,
-	0x1c, 0x91, 0x9f, 0x40, 0xeb, 0xc2, 0x1c, 0x87, 0x4d, 0x19, 0x7f, 0x6d, 0x15, 0xa7, 0xdd, 0x59,
-	0x98, 0xd6, 0x13, 0x5c, 0xed, 0x4f, 0x14, 0x80, 0x7d, 0x16, 0x53, 0xc1, 0xcd, 0x34, 0xb6, 0x95,
-	0xeb, 0x36, 0xb6, 0xef, 0x27, 0x17, 0x08, 0xc5, 0xab, 0x63, 0xc0, 0x42, 0x97, 0xa1, 0xdc, 0xa4,
-	0xcb, 0xc8, 0x35, 0x11, 0xc5, 0x2b, 0x9a, 0x88, 0x52, 0xae, 0x89, 0xf8, 0x18, 0x9a, 0xf6, 0x74,
-	0xea, 0xbf, 0xe0, 0x05, 0x0d, 0x0b, 0x43, 0xe6, 0xa0, 0x11, 0x9c, 0xd7, 0xdb, 0xc8, 0xec, 0x49,
-	0x9e, 0xf6, 0xe7, 0x0a, 0x34, 0x50, 0x15, 0x51, 0xe0, 0x7b, 0x11, 0x23, 0x5f, 0x42, 0x45, 0x5e,
-	0x44, 0x8b, 0x8b, 0xfc, 0xb7, 0x33, 0xb2, 0x66, 0x70, 0xb2, 0x68, 0xa0, 0x12, 0xcc, 0x33, 0x42,
-	0xe6, 0x75, 0x97, 0x2b, 0x25, 0x45, 0x91, 0xfb, 0x50, 0x73, 0x3d, 0x4b, 0xb4, 0xd4, 0x95, 0x4c,
-	0x58, 0xac, 0xba, 0x1e, 0xd6, 0xb2, 0xed, 0x57, 0x50, 0x11, 0x2f, 0x21, 0x9d, 0x54, 0xa6, 0x8b,
-	0xfa, 0xcb, 0xdc, 0x1c, 0xa7, 0xc2, 0xc8, 0xc3, 0x29, 0xbd, 0x2e, 0x40, 0xb7, 0xa0, 0x7a, 0xca,
-	0x9b, 0x0f, 0xbc, 0xf4, 0xe3, 0xea, 0x4d, 0x86, 0xda, 0x1f, 0x97, 0x00, 0x0e, 0xe7, 0x4b, 0x0c,
-	0xa4, 0x71, 0x5d, 0x03, 0xe9, 0xe4, 0xf4, 0xf8, 0x7a, 0x99, 0x7f, 0x75, 0x43, 0x59, 0xd2, 0x69,
-	0x17, 0x6f, 0xda, 0x69, 0xdf, 0x87, 0x6a, 0x1c, 0xce, 0xb9, 0xa3, 0x08, 0x63, 0x4a, 0x5b, 0x5a,
-	0x49, 0x25, 0x6f, 0x42, 0x79, 0xe2, 0x87, 0x63, 0x86, 0x8e, 0x95, 0xb2, 0x05, 0xed, 0xc2, 0x65,
-	0x52, 0xed, 0xb2, 0xcb, 0x24, 0xde, 0xa0, 0x45, 0xf2, 0x1e, 0x0d, 0x0b, 0x99, 0x7c, 0x83, 0x96,
-	0x5c, 0xb1, 0xd1, 0x14, 0x44, 0xbe, 0x81, 0xa6, 0x3d, 0x8f, 0x7d, 0xcb, 0xe5, 0x15, 0xda, 0xd4,
-	0x1d, 0x9f, 0x61, 0xd9, 0xdd, 0xcc, 0x7f, 0xaf, 0x4f, 0x0f, 0xaa, 0xd3, 0x9d, 0xc7, 0xbe, 0xe1,
-	0x1c, 0x22, 0x72, 0xa7, 0x2a, 0x93, 0x12, 0x5d, 0xb1, 0x33, 0x64, 0xed, 0xc7, 0xb0, 0x92, 0x85,
-	0xf1, 0x04, 0x24, 0x81, 0xea, 0x1b, 0x3c, 0x3b, 0x8d, 0x78, 0x6a, 0x1b, 0x98, 0x46, 0xb7, 0xaf,
-	0x16, 0xb4, 0x18, 0x1a, 0xb8, 0xbc, 0xf4, 0x8e, 0xeb, 0xba, 0xfd, 0x03, 0x28, 0x61, 0xf8, 0x55,
-	0x2e, 0x7c, 0x0f, 0xc1, 0x98, 0x8b, 0xcc, 0xbc, 0xf9, 0x15, 0xb3, 0xe6, 0xf7, 0xdf, 0x05, 0x58,
-	0x31, 0xfd, 0xf9, 0xf8, 0xe4, 0xa2, 0x01, 0xc2, 0xaf, 0x3b, 0x42, 0x2d, 0x31, 0x1f, 0xe5, 0xa6,
-	0xe6, 0x93, 0x5a, 0x47, 0x71, 0x89, 0x75, 0xdc, 0xf4, 0xcc, 0xb5, 0x2f, 0x60, 0x55, 0x6e, 0x5e,
-	0x6a, 0x3d, 0xd1, 0x66, 0xe1, 0x0a, 0x6d, 0x6a, 0xbf, 0x50, 0x60, 0x55, 0xc4, 0xf7, 0xff, 0xbb,
-	0xd2, 0x2a, 0x37, 0x0c, 0xeb, 0xe5, 0x1b, 0x5d, 0x1e, 0xfd, 0xbf, 0xf4, 0x34, 0x6d, 0x08, 0xcd,
-	0x44, 0x7d, 0x37, 0x50, 0xfb, 0x15, 0x46, 0xfc, 0x8b, 0x02, 0x34, 0x06, 0xec, 0xe5, 0x92, 0x20,
-	0x5a, 0xbe, 0xee, 0x71, 0x7c, 0x98, 0x2b, 0x57, 0x1b, 0xdb, 0xeb, 0x59, 0x19, 0xc4, 0xd5, 0x63,
-	0x52, 0xc1, 0xa6, 0xb7, 0xa8, 0xca, 0xf2, 0x5b, 0xd4, 0xd2, 0x62, 0xb7, 0x9e, 0xb9, 0xc5, 0x2b,
-	0x2e, 0xbb, 0xc5, 0xd3, 0xfe, 0xad, 0x08, 0x0d, 0x6c, 0x90, 0x29, 0x8b, 0xe6, 0xd3, 0x38, 0x27,
-	0x4c, 0xe1, 0x6a, 0x61, 0x3a, 0x50, 0x09, 0x71, 0x92, 0x74, 0xa5, 0x4b, 0x83, 0xbf, 0x40, 0x61,
-	0x6b, 0xfc, 0xdc, 0x0d, 0x02, 0xe6, 0x58, 0x82, 0x92, 0x14, 0x30, 0x4d, 0x49, 0x16, 0x22, 0x44,
-	0xbc, 0xfc, 0x9c, 0xf9, 0x21, 0x4b, 0x51, 0x45, 0xbc, 0x4f, 0x68, 0x70, 0x5a, 0x02, 0xc9, 0xdd,
-	0x37, 0x88, 0xca, 0xe0, 0xfc, 0xbe, 0x21, 0xed, 0x35, 0x91, 0x5b, 0x47, 0xae, 0xe8, 0x35, 0x91,
-	0xcd, 0xbb, 0xa8, 0x99, 0x3d, 0x9d, 0x5a, 0x7e, 0x10, 0xa1, 0xd3, 0xd4, 0x68, 0x0d, 0x09, 0xc3,
-	0x20, 0x22, 0x5f, 0x43, 0x7a, 0x5d, 0x2c, 0x6f, 0xc9, 0xc5, 0x39, 0xb6, 0x2e, 0xbb, 0x58, 0xa0,
-	0xab, 0xe3, 0xdc, 0xfd, 0xcf, 0x92, 0x1b, 0xea, 0xca, 0x4d, 0x6f, 0xa8, 0x1f, 0x42, 0x59, 0xc4,
-	0xa8, 0xda, 0xeb, 0x62, 0x94, 0xc0, 0x65, 0xed, 0xb3, 0x91, 0xb7, 0xcf, 0x5f, 0x16, 0x80, 0x74,
-	0xa7, 0x53, 0x7f, 0x6c, 0xc7, 0xcc, 0x70, 0xa2, 0x8b, 0x66, 0x7a, 0xed, 0xcf, 0x2e, 0x9f, 0x41,
-	0x7d, 0xe6, 0x3b, 0x6c, 0x6a, 0x25, 0xdf, 0x94, 0x2e, 0xad, 0x7e, 0x10, 0xc6, 0x5b, 0x52, 0x02,
-	0x25, 0xbc, 0xc4, 0x51, 0xb0, 0xee, 0xc0, 0x67, 0xde, 0x84, 0xcd, 0xec, 0x97, 0xb2, 0x14, 0xe1,
-	0x8f, 0xa4, 0x03, 0xd5, 0x90, 0x45, 0x2c, 0x3c, 0x65, 0x57, 0x16, 0x55, 0x09, 0x48, 0x7b, 0x06,
-	0x1b, 0xb9, 0x1d, 0x49, 0x47, 0xbe, 0x85, 0x5f, 0x2b, 0xc3, 0x58, 0x7e, 0xb4, 0x12, 0x03, 0xfe,
-	0x3a, 0xe6, 0x25, 0x9f, 0x41, 0xf9, 0x63, 0xea, 0xf0, 0xc5, 0xab, 0xe2, 0xec, 0x1e, 0xa8, 0x59,
-	0x4d, 0xbb, 0x63, 0x0c, 0x36, 0xf2, 0x54, 0x0a, 0xd7, 0x3b, 0x15, 0xed, 0xef, 0x0a, 0xb0, 0xde,
-	0x75, 0x1c, 0xf1, 0x77, 0xc3, 0x25, 0xaa, 0x2f, 0x5e, 0x57, 0xf5, 0x0b, 0x81, 0x58, 0x84, 0x89,
-	0x6b, 0x05, 0xe2, 0x0f, 0xa1, 0x92, 0xd6, 0x5a, 0xc5, 0x05, 0x77, 0x16, 0x72, 0x51, 0x09, 0xd0,
-	0x6e, 0x01, 0xc9, 0x0a, 0x2b, 0xb4, 0xaa, 0xfd, 0x69, 0x11, 0xee, 0xee, 0xb2, 0x63, 0xd7, 0xcb,
-	0xbe, 0xe2, 0x57, 0xdf, 0xc9, 0xc5, 0x4f, 0x65, 0x9f, 0xc1, 0xba, 0x28, 0xe4, 0x93, 0x7f, 0x62,
-	0x59, 0xec, 0x58, 0x7e, 0x9d, 0x94, 0xb1, 0x6a, 0x0d, 0xf9, 0x07, 0x92, 0xad, 0xe3, 0x7f, 0xc5,
-	0x1c, 0x3b, 0xb6, 0x9f, 0xd9, 0x11, 0xb3, 0x5c, 0x47, 0xfe, 0x59, 0x06, 0x12, 0x92, 0xe1, 0x90,
-	0x21, 0x94, 0xb8, 0x0d, 0xa2, 0xeb, 0x36, 0xb7, 0xb7, 0x33, 0x62, 0x5d, 0xb2, 0x95, 0xac, 0x02,
-	0x0f, 0x7c, 0x87, 0xed, 0x54, 0x8f, 0x06, 0x4f, 0x06, 0xc3, 0xef, 0x06, 0x14, 0x17, 0x22, 0x06,
-	0xdc, 0x0a, 0x42, 0x76, 0xea, 0xfa, 0xf3, 0xc8, 0xca, 0x9e, 0x44, 0xf5, 0xca, 0x94, 0xb8, 0x91,
-	0xcc, 0xc9, 0x10, 0xb5, 0x9f, 0xc2, 0xda, 0xc2, 0xcb, 0x78, 0x6d, 0x26, 0x5f, 0xa7, 0xbe, 0x41,
-	0x56, 0xa1, 0x8e, 0x1f, 0xbb, 0x97, 0x7f, 0xfb, 0xd6, 0xfe, 0xb5, 0x80, 0x57, 0x4c, 0x33, 0x37,
-	0xbe, 0x59, 0x06, 0xfb, 0xcd, 0x7c, 0x06, 0x83, 0xed, 0x77, 0xf3, 0xe6, 0x9b, 0x59, 0xb0, 0xf3,
-	0xad, 0x00, 0xa6, 0x41, 0xa4, 0x6d, 0x43, 0x55, 0xd2, 0xc8, 0x6f, 0xc1, 0x5a, 0xe8, 0xfb, 0x71,
-	0xd2, 0x89, 0x8a, 0x0e, 0xe4, 0xf2, 0x3f, 0xdb, 0xac, 0x72, 0xb0, 0x48, 0x06, 0x4f, 0xf2, 0xbd,
-	0x48, 0x59, 0xfc, 0x0d, 0x44, 0x0e, 0x77, 0x1b, 0xbf, 0x5b, 0x4f, 0xff, 0xb7, 0xfb, 0xbf, 0x01,
-	0x00, 0x00, 0xff, 0xff, 0x35, 0x9f, 0x30, 0x98, 0xf2, 0x2b, 0x00, 0x00,
-}
diff --git a/vendor/google.golang.org/appengine/internal/datastore/datastore_v3.proto b/vendor/google.golang.org/appengine/internal/datastore/datastore_v3.proto
deleted file mode 100644
index 497b4d9a9a..0000000000
--- a/vendor/google.golang.org/appengine/internal/datastore/datastore_v3.proto
+++ /dev/null
@@ -1,551 +0,0 @@
-syntax = "proto2";
-option go_package = "datastore";
-
-package appengine;
-
-message Action{}
-
-message PropertyValue {
-  optional int64 int64Value = 1;
-  optional bool booleanValue = 2;
-  optional string stringValue = 3;
-  optional double doubleValue = 4;
-
-  optional group PointValue = 5 {
-    required double x = 6;
-    required double y = 7;
-  }
-
-  optional group UserValue = 8 {
-    required string email = 9;
-    required string auth_domain = 10;
-    optional string nickname = 11;
-    optional string federated_identity = 21;
-    optional string federated_provider = 22;
-  }
-
-  optional group ReferenceValue = 12 {
-    required string app = 13;
-    optional string name_space = 20;
-    repeated group PathElement = 14 {
-      required string type = 15;
-      optional int64 id = 16;
-      optional string name = 17;
-    }
-  }
-}
-
-message Property {
-  enum Meaning {
-    NO_MEANING = 0;
-    BLOB = 14;
-    TEXT = 15;
-    BYTESTRING = 16;
-
-    ATOM_CATEGORY = 1;
-    ATOM_LINK = 2;
-    ATOM_TITLE = 3;
-    ATOM_CONTENT = 4;
-    ATOM_SUMMARY = 5;
-    ATOM_AUTHOR = 6;
-
-    GD_WHEN = 7;
-    GD_EMAIL = 8;
-    GEORSS_POINT = 9;
-    GD_IM = 10;
-
-    GD_PHONENUMBER = 11;
-    GD_POSTALADDRESS = 12;
-
-    GD_RATING = 13;
-
-    BLOBKEY = 17;
-    ENTITY_PROTO = 19;
-
-    INDEX_VALUE = 18;
-  };
-
-  optional Meaning meaning = 1 [default = NO_MEANING];
-  optional string meaning_uri = 2;
-
-  required string name = 3;
-
-  required PropertyValue value = 5;
-
-  required bool multiple = 4;
-
-  optional bool searchable = 6 [default=false];
-
-  enum FtsTokenizationOption {
-    HTML = 1;
-    ATOM = 2;
-  }
-
-  optional FtsTokenizationOption fts_tokenization_option = 8;
-
-  optional string locale = 9 [default = "en"];
-}
-
-message Path {
-  repeated group Element = 1 {
-    required string type = 2;
-    optional int64 id = 3;
-    optional string name = 4;
-  }
-}
-
-message Reference {
-  required string app = 13;
-  optional string name_space = 20;
-  required Path path = 14;
-}
-
-message User {
-  required string email = 1;
-  required string auth_domain = 2;
-  optional string nickname = 3;
-  optional string federated_identity = 6;
-  optional string federated_provider = 7;
-}
-
-message EntityProto {
-  required Reference key = 13;
-  required Path entity_group = 16;
-  optional User owner = 17;
-
-  enum Kind {
-    GD_CONTACT = 1;
-    GD_EVENT = 2;
-    GD_MESSAGE = 3;
-  }
-  optional Kind kind = 4;
-  optional string kind_uri = 5;
-
-  repeated Property property = 14;
-  repeated Property raw_property = 15;
-
-  optional int32 rank = 18;
-}
-
-message CompositeProperty {
-  required int64 index_id = 1;
-  repeated string value = 2;
-}
-
-message Index {
-  required string entity_type = 1;
-  required bool ancestor = 5;
-  repeated group Property = 2 {
-    required string name = 3;
-    enum Direction {
-      ASCENDING = 1;
-      DESCENDING = 2;
-    }
-    optional Direction direction = 4 [default = ASCENDING];
-  }
-}
-
-message CompositeIndex {
-  required string app_id = 1;
-  required int64 id = 2;
-  required Index definition = 3;
-
-  enum State {
-    WRITE_ONLY = 1;
-    READ_WRITE = 2;
-    DELETED = 3;
-    ERROR = 4;
-  }
-  required State state = 4;
-
-  optional bool only_use_if_required = 6 [default = false];
-}
-
-message IndexPostfix {
-  message IndexValue {
-    required string property_name = 1;
-    required PropertyValue value = 2;
-  }
-
-  repeated IndexValue index_value = 1;
-
-  optional Reference key = 2;
-
-  optional bool before = 3 [default=true];
-}
-
-message IndexPosition {
-  optional string key = 1;
-
-  optional bool before = 2 [default=true];
-}
-
-message Snapshot {
-  enum Status {
-    INACTIVE = 0;
-    ACTIVE = 1;
-  }
-
-  required int64 ts = 1;
-}
-
-message InternalHeader {
-  optional string qos = 1;
-}
-
-message Transaction {
-  optional InternalHeader header = 4;
-  required fixed64 handle = 1;
-  required string app = 2;
-  optional bool mark_changes = 3 [default = false];
-}
-
-message Query {
-  optional InternalHeader header = 39;
-
-  required string app = 1;
-  optional string name_space = 29;
-
-  optional string kind = 3;
-  optional Reference ancestor = 17;
-
-  repeated group Filter = 4 {
-    enum Operator {
-      LESS_THAN = 1;
-      LESS_THAN_OR_EQUAL = 2;
-      GREATER_THAN = 3;
-      GREATER_THAN_OR_EQUAL = 4;
-      EQUAL = 5;
-      IN = 6;
-      EXISTS = 7;
-    }
-
-    required Operator op = 6;
-    repeated Property property = 14;
-  }
-
-  optional string search_query = 8;
-
-  repeated group Order = 9 {
-    enum Direction {
-      ASCENDING = 1;
-      DESCENDING = 2;
-    }
-
-    required string property = 10;
-    optional Direction direction = 11 [default = ASCENDING];
-  }
-
-  enum Hint {
-    ORDER_FIRST = 1;
-    ANCESTOR_FIRST = 2;
-    FILTER_FIRST = 3;
-  }
-  optional Hint hint = 18;
-
-  optional int32 count = 23;
-
-  optional int32 offset = 12 [default = 0];
-
-  optional int32 limit = 16;
-
-  optional CompiledCursor compiled_cursor = 30;
-  optional CompiledCursor end_compiled_cursor = 31;
-
-  repeated CompositeIndex composite_index = 19;
-
-  optional bool require_perfect_plan = 20 [default = false];
-
-  optional bool keys_only = 21 [default = false];
-
-  optional Transaction transaction = 22;
-
-  optional bool compile = 25 [default = false];
-
-  optional int64 failover_ms = 26;
-
-  optional bool strong = 32;
-
-  repeated string property_name = 33;
-
-  repeated string group_by_property_name = 34;
-
-  optional bool distinct = 24;
-
-  optional int64 min_safe_time_seconds = 35;
-
-  repeated string safe_replica_name = 36;
-
-  optional bool persist_offset = 37 [default=false];
-}
-
-message CompiledQuery {
-  required group PrimaryScan = 1 {
-    optional string index_name = 2;
-
-    optional string start_key = 3;
-    optional bool start_inclusive = 4;
-    optional string end_key = 5;
-    optional bool end_inclusive = 6;
-
-    repeated string start_postfix_value = 22;
-    repeated string end_postfix_value = 23;
-
-    optional int64 end_unapplied_log_timestamp_us = 19;
-  }
-
-  repeated group MergeJoinScan = 7 {
-    required string index_name = 8;
-
-    repeated string prefix_value = 9;
-
-    optional bool value_prefix = 20 [default=false];
-  }
-
-  optional Index index_def = 21;
-
-  optional int32 offset = 10 [default = 0];
-
-  optional int32 limit = 11;
-
-  required bool keys_only = 12;
-
-  repeated string property_name = 24;
-
-  optional int32 distinct_infix_size = 25;
-
-  optional group EntityFilter = 13 {
-    optional bool distinct = 14 [default=false];
-
-    optional string kind = 17;
-    optional Reference ancestor = 18;
-  }
-}
-
-message CompiledCursor {
-  optional group Position = 2 {
-    optional string start_key = 27;
-
-    repeated group IndexValue = 29 {
-      optional string property = 30;
-      required PropertyValue value = 31;
-    }
-
-    optional Reference key = 32;
-
-    optional bool start_inclusive = 28 [default=true];
-  }
-}
-
-message Cursor {
-  required fixed64 cursor = 1;
-
-  optional string app = 2;
-}
-
-message Error {
-  enum ErrorCode {
-    BAD_REQUEST = 1;
-    CONCURRENT_TRANSACTION = 2;
-    INTERNAL_ERROR = 3;
-    NEED_INDEX = 4;
-    TIMEOUT = 5;
-    PERMISSION_DENIED = 6;
-    BIGTABLE_ERROR = 7;
-    COMMITTED_BUT_STILL_APPLYING = 8;
-    CAPABILITY_DISABLED = 9;
-    TRY_ALTERNATE_BACKEND = 10;
-    SAFE_TIME_TOO_OLD = 11;
-  }
-}
-
-message Cost {
-  optional int32 index_writes = 1;
-  optional int32 index_write_bytes = 2;
-  optional int32 entity_writes = 3;
-  optional int32 entity_write_bytes = 4;
-  optional group CommitCost = 5 {
-    optional int32 requested_entity_puts = 6;
-    optional int32 requested_entity_deletes = 7;
-  };
-  optional int32 approximate_storage_delta = 8;
-  optional int32 id_sequence_updates = 9;
-}
-
-message GetRequest {
-  optional InternalHeader header = 6;
-
-  repeated Reference key = 1;
-  optional Transaction transaction = 2;
-
-  optional int64 failover_ms = 3;
-
-  optional bool strong = 4;
-
-  optional bool allow_deferred = 5 [default=false];
-}
-
-message GetResponse {
-  repeated group Entity = 1 {
-    optional EntityProto entity = 2;
-    optional Reference key = 4;
-
-    optional int64 version = 3;
-  }
-
-  repeated Reference deferred = 5;
-
-  optional bool in_order = 6 [default=true];
-}
-
-message PutRequest {
-  optional InternalHeader header = 11;
-
-  repeated EntityProto entity = 1;
-  optional Transaction transaction = 2;
-  repeated CompositeIndex composite_index = 3;
-
-  optional bool trusted = 4 [default = false];
-
-  optional bool force = 7 [default = false];
-
-  optional bool mark_changes = 8 [default = false];
-  repeated Snapshot snapshot = 9;
-
-  enum AutoIdPolicy {
-    CURRENT = 0;
-    SEQUENTIAL = 1;
-  }
-  optional AutoIdPolicy auto_id_policy = 10 [default = CURRENT];
-}
-
-message PutResponse {
-  repeated Reference key = 1;
-  optional Cost cost = 2;
-  repeated int64 version = 3;
-}
-
-message TouchRequest {
-  optional InternalHeader header = 10;
-
-  repeated Reference key = 1;
-  repeated CompositeIndex composite_index = 2;
-  optional bool force = 3 [default = false];
-  repeated Snapshot snapshot = 9;
-}
-
-message TouchResponse {
-  optional Cost cost = 1;
-}
-
-message DeleteRequest {
-  optional InternalHeader header = 10;
-
-  repeated Reference key = 6;
-  optional Transaction transaction = 5;
-
-  optional bool trusted = 4 [default = false];
-
-  optional bool force = 7 [default = false];
-
-  optional bool mark_changes = 8 [default = false];
-  repeated Snapshot snapshot = 9;
-}
-
-message DeleteResponse {
-  optional Cost cost = 1;
-  repeated int64 version = 3;
-}
-
-message NextRequest {
-  optional InternalHeader header = 5;
-
-  required Cursor cursor = 1;
-  optional int32 count = 2;
-
-  optional int32 offset = 4 [default = 0];
-
-  optional bool compile = 3 [default = false];
-}
-
-message QueryResult {
-  optional Cursor cursor = 1;
-
-  repeated EntityProto result = 2;
-
-  optional int32 skipped_results = 7;
-
-  required bool more_results = 3;
-
-  optional bool keys_only = 4;
-
-  optional bool index_only = 9;
-
-  optional bool small_ops = 10;
-
-  optional CompiledQuery compiled_query = 5;
-
-  optional CompiledCursor compiled_cursor = 6;
-
-  repeated CompositeIndex index = 8;
-
-  repeated int64 version = 11;
-}
-
-message AllocateIdsRequest {
-  optional InternalHeader header = 4;
-
-  optional Reference model_key = 1;
-
-  optional int64 size = 2;
-
-  optional int64 max = 3;
-
-  repeated Reference reserve = 5;
-}
-
-message AllocateIdsResponse {
-  required int64 start = 1;
-  required int64 end = 2;
-  optional Cost cost = 3;
-}
-
-message CompositeIndices {
-  repeated CompositeIndex index = 1;
-}
-
-message AddActionsRequest {
-  optional InternalHeader header = 3;
-
-  required Transaction transaction = 1;
-  repeated Action action = 2;
-}
-
-message AddActionsResponse {
-}
-
-message BeginTransactionRequest {
-  optional InternalHeader header = 3;
-
-  required string app = 1;
-  optional bool allow_multiple_eg = 2 [default = false];
-  optional string database_id = 4;
-
-  enum TransactionMode {
-    UNKNOWN = 0;
-    READ_ONLY = 1;
-    READ_WRITE = 2;
-  }
-  optional TransactionMode mode = 5 [default = UNKNOWN];
-
-  optional Transaction previous_transaction = 7;
-}
-
-message CommitResponse {
-  optional Cost cost = 1;
-
-  repeated group Version = 3 {
-    required Reference root_entity_key = 4;
-    required int64 version = 5;
-  }
-}
diff --git a/vendor/google.golang.org/appengine/internal/identity.go b/vendor/google.golang.org/appengine/internal/identity.go
deleted file mode 100644
index 0f95aa91d5..0000000000
--- a/vendor/google.golang.org/appengine/internal/identity.go
+++ /dev/null
@@ -1,54 +0,0 @@
-// Copyright 2011 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-package internal
-
-import (
-	"context"
-	"os"
-)
-
-var (
-	// This is set to true in identity_classic.go, which is behind the appengine build tag.
-	// The appengine build tag is set for the first generation runtimes (<= Go 1.9) but not
-	// the second generation runtimes (>= Go 1.11), so this indicates whether we're on a
-	// first-gen runtime. See IsStandard below for the second-gen check.
-	appengineStandard bool
-
-	// This is set to true in identity_flex.go, which is behind the appenginevm build tag.
-	appengineFlex bool
-)
-
-// AppID is the implementation of the wrapper function of the same name in
-// ../identity.go. See that file for commentary.
-func AppID(c context.Context) string {
-	return appID(FullyQualifiedAppID(c))
-}
-
-// IsStandard is the implementation of the wrapper function of the same name in
-// ../appengine.go. See that file for commentary.
-func IsStandard() bool {
-	// appengineStandard will be true for first-gen runtimes (<= Go 1.9) but not
-	// second-gen (>= Go 1.11).
-	return appengineStandard || IsSecondGen()
-}
-
-// IsSecondGen is the implementation of the wrapper function of the same name in
-// ../appengine.go. See that file for commentary.
-func IsSecondGen() bool {
-	// Second-gen runtimes set $GAE_ENV so we use that to check if we're on a second-gen runtime.
-	return os.Getenv("GAE_ENV") == "standard"
-}
-
-// IsFlex is the implementation of the wrapper function of the same name in
-// ../appengine.go. See that file for commentary.
-func IsFlex() bool {
-	return appengineFlex
-}
-
-// IsAppEngine is the implementation of the wrapper function of the same name in
-// ../appengine.go. See that file for commentary.
-func IsAppEngine() bool {
-	return IsStandard() || IsFlex()
-}
diff --git a/vendor/google.golang.org/appengine/internal/identity_classic.go b/vendor/google.golang.org/appengine/internal/identity_classic.go
deleted file mode 100644
index 5ad3548bf7..0000000000
--- a/vendor/google.golang.org/appengine/internal/identity_classic.go
+++ /dev/null
@@ -1,62 +0,0 @@
-// Copyright 2015 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-//go:build appengine
-// +build appengine
-
-package internal
-
-import (
-	"context"
-
-	"appengine"
-)
-
-func init() {
-	appengineStandard = true
-}
-
-func DefaultVersionHostname(ctx context.Context) string {
-	c := fromContext(ctx)
-	if c == nil {
-		panic(errNotAppEngineContext)
-	}
-	return appengine.DefaultVersionHostname(c)
-}
-
-func Datacenter(_ context.Context) string { return appengine.Datacenter() }
-func ServerSoftware() string              { return appengine.ServerSoftware() }
-func InstanceID() string                  { return appengine.InstanceID() }
-func IsDevAppServer() bool                { return appengine.IsDevAppServer() }
-
-func RequestID(ctx context.Context) string {
-	c := fromContext(ctx)
-	if c == nil {
-		panic(errNotAppEngineContext)
-	}
-	return appengine.RequestID(c)
-}
-
-func ModuleName(ctx context.Context) string {
-	c := fromContext(ctx)
-	if c == nil {
-		panic(errNotAppEngineContext)
-	}
-	return appengine.ModuleName(c)
-}
-func VersionID(ctx context.Context) string {
-	c := fromContext(ctx)
-	if c == nil {
-		panic(errNotAppEngineContext)
-	}
-	return appengine.VersionID(c)
-}
-
-func fullyQualifiedAppID(ctx context.Context) string {
-	c := fromContext(ctx)
-	if c == nil {
-		panic(errNotAppEngineContext)
-	}
-	return c.FullyQualifiedAppID()
-}
diff --git a/vendor/google.golang.org/appengine/internal/identity_flex.go b/vendor/google.golang.org/appengine/internal/identity_flex.go
deleted file mode 100644
index 4201b6b585..0000000000
--- a/vendor/google.golang.org/appengine/internal/identity_flex.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright 2018 Google LLC. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-//go:build appenginevm
-// +build appenginevm
-
-package internal
-
-func init() {
-	appengineFlex = true
-}
diff --git a/vendor/google.golang.org/appengine/internal/identity_vm.go b/vendor/google.golang.org/appengine/internal/identity_vm.go
deleted file mode 100644
index 18ddda3a42..0000000000
--- a/vendor/google.golang.org/appengine/internal/identity_vm.go
+++ /dev/null
@@ -1,134 +0,0 @@
-// Copyright 2011 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-//go:build !appengine
-// +build !appengine
-
-package internal
-
-import (
-	"context"
-	"log"
-	"net/http"
-	"os"
-	"strings"
-)
-
-// These functions are implementations of the wrapper functions
-// in ../appengine/identity.go. See that file for commentary.
-
-const (
-	hDefaultVersionHostname = "X-AppEngine-Default-Version-Hostname"
-	hRequestLogId           = "X-AppEngine-Request-Log-Id"
-	hDatacenter             = "X-AppEngine-Datacenter"
-)
-
-func ctxHeaders(ctx context.Context) http.Header {
-	c := fromContext(ctx)
-	if c == nil {
-		return nil
-	}
-	return c.Request().Header
-}
-
-func DefaultVersionHostname(ctx context.Context) string {
-	return ctxHeaders(ctx).Get(hDefaultVersionHostname)
-}
-
-func RequestID(ctx context.Context) string {
-	return ctxHeaders(ctx).Get(hRequestLogId)
-}
-
-func Datacenter(ctx context.Context) string {
-	if dc := ctxHeaders(ctx).Get(hDatacenter); dc != "" {
-		return dc
-	}
-	// If the header isn't set, read zone from the metadata service.
-	// It has the format projects/[NUMERIC_PROJECT_ID]/zones/[ZONE]
-	zone, err := getMetadata("instance/zone")
-	if err != nil {
-		log.Printf("Datacenter: %v", err)
-		return ""
-	}
-	parts := strings.Split(string(zone), "/")
-	if len(parts) == 0 {
-		return ""
-	}
-	return parts[len(parts)-1]
-}
-
-func ServerSoftware() string {
-	// TODO(dsymonds): Remove fallback when we've verified this.
-	if s := os.Getenv("SERVER_SOFTWARE"); s != "" {
-		return s
-	}
-	if s := os.Getenv("GAE_ENV"); s != "" {
-		return s
-	}
-	return "Google App Engine/1.x.x"
-}
-
-// TODO(dsymonds): Remove the metadata fetches.
-
-func ModuleName(_ context.Context) string {
-	if s := os.Getenv("GAE_MODULE_NAME"); s != "" {
-		return s
-	}
-	if s := os.Getenv("GAE_SERVICE"); s != "" {
-		return s
-	}
-	return string(mustGetMetadata("instance/attributes/gae_backend_name"))
-}
-
-func VersionID(_ context.Context) string {
-	if s1, s2 := os.Getenv("GAE_MODULE_VERSION"), os.Getenv("GAE_MINOR_VERSION"); s1 != "" && s2 != "" {
-		return s1 + "." + s2
-	}
-	if s1, s2 := os.Getenv("GAE_VERSION"), os.Getenv("GAE_DEPLOYMENT_ID"); s1 != "" && s2 != "" {
-		return s1 + "." + s2
-	}
-	return string(mustGetMetadata("instance/attributes/gae_backend_version")) + "." + string(mustGetMetadata("instance/attributes/gae_backend_minor_version"))
-}
-
-func InstanceID() string {
-	if s := os.Getenv("GAE_MODULE_INSTANCE"); s != "" {
-		return s
-	}
-	if s := os.Getenv("GAE_INSTANCE"); s != "" {
-		return s
-	}
-	return string(mustGetMetadata("instance/attributes/gae_backend_instance"))
-}
-
-func partitionlessAppID() string {
-	// gae_project has everything except the partition prefix.
-	if appID := os.Getenv("GAE_LONG_APP_ID"); appID != "" {
-		return appID
-	}
-	if project := os.Getenv("GOOGLE_CLOUD_PROJECT"); project != "" {
-		return project
-	}
-	return string(mustGetMetadata("instance/attributes/gae_project"))
-}
-
-func fullyQualifiedAppID(_ context.Context) string {
-	if s := os.Getenv("GAE_APPLICATION"); s != "" {
-		return s
-	}
-	appID := partitionlessAppID()
-
-	part := os.Getenv("GAE_PARTITION")
-	if part == "" {
-		part = string(mustGetMetadata("instance/attributes/gae_partition"))
-	}
-
-	if part != "" {
-		appID = part + "~" + appID
-	}
-	return appID
-}
-
-func IsDevAppServer() bool {
-	return os.Getenv("RUN_WITH_DEVAPPSERVER") != "" || os.Getenv("GAE_ENV") == "localdev"
-}
diff --git a/vendor/google.golang.org/appengine/internal/internal.go b/vendor/google.golang.org/appengine/internal/internal.go
deleted file mode 100644
index 051ea3980a..0000000000
--- a/vendor/google.golang.org/appengine/internal/internal.go
+++ /dev/null
@@ -1,110 +0,0 @@
-// Copyright 2011 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-// Package internal provides support for package appengine.
-//
-// Programs should not use this package directly. Its API is not stable.
-// Use packages appengine and appengine/* instead.
-package internal
-
-import (
-	"fmt"
-
-	"github.com/golang/protobuf/proto"
-
-	remotepb "google.golang.org/appengine/internal/remote_api"
-)
-
-// errorCodeMaps is a map of service name to the error code map for the service.
-var errorCodeMaps = make(map[string]map[int32]string)
-
-// RegisterErrorCodeMap is called from API implementations to register their
-// error code map. This should only be called from init functions.
-func RegisterErrorCodeMap(service string, m map[int32]string) {
-	errorCodeMaps[service] = m
-}
-
-type timeoutCodeKey struct {
-	service string
-	code    int32
-}
-
-// timeoutCodes is the set of service+code pairs that represent timeouts.
-var timeoutCodes = make(map[timeoutCodeKey]bool)
-
-func RegisterTimeoutErrorCode(service string, code int32) {
-	timeoutCodes[timeoutCodeKey{service, code}] = true
-}
-
-// APIError is the type returned by appengine.Context's Call method
-// when an API call fails in an API-specific way. This may be, for instance,
-// a taskqueue API call failing with TaskQueueServiceError::UNKNOWN_QUEUE.
-type APIError struct {
-	Service string
-	Detail  string
-	Code    int32 // API-specific error code
-}
-
-func (e *APIError) Error() string {
-	if e.Code == 0 {
-		if e.Detail == "" {
-			return "APIError <empty>"
-		}
-		return e.Detail
-	}
-	s := fmt.Sprintf("API error %d", e.Code)
-	if m, ok := errorCodeMaps[e.Service]; ok {
-		s += " (" + e.Service + ": " + m[e.Code] + ")"
-	} else {
-		// Shouldn't happen, but provide a bit more detail if it does.
-		s = e.Service + " " + s
-	}
-	if e.Detail != "" {
-		s += ": " + e.Detail
-	}
-	return s
-}
-
-func (e *APIError) IsTimeout() bool {
-	return timeoutCodes[timeoutCodeKey{e.Service, e.Code}]
-}
-
-// CallError is the type returned by appengine.Context's Call method when an
-// API call fails in a generic way, such as RpcError::CAPABILITY_DISABLED.
-type CallError struct {
-	Detail string
-	Code   int32
-	// TODO: Remove this if we get a distinguishable error code.
-	Timeout bool
-}
-
-func (e *CallError) Error() string {
-	var msg string
-	switch remotepb.RpcError_ErrorCode(e.Code) {
-	case remotepb.RpcError_UNKNOWN:
-		return e.Detail
-	case remotepb.RpcError_OVER_QUOTA:
-		msg = "Over quota"
-	case remotepb.RpcError_CAPABILITY_DISABLED:
-		msg = "Capability disabled"
-	case remotepb.RpcError_CANCELLED:
-		msg = "Canceled"
-	default:
-		msg = fmt.Sprintf("Call error %d", e.Code)
-	}
-	s := msg + ": " + e.Detail
-	if e.Timeout {
-		s += " (timeout)"
-	}
-	return s
-}
-
-func (e *CallError) IsTimeout() bool {
-	return e.Timeout
-}
-
-// NamespaceMods is a map from API service to a function that will mutate an RPC request to attach a namespace.
-// The function should be prepared to be called on the same message more than once; it should only modify the
-// RPC request the first time.
-var NamespaceMods = make(map[string]func(m proto.Message, namespace string))
diff --git a/vendor/google.golang.org/appengine/internal/log/log_service.pb.go b/vendor/google.golang.org/appengine/internal/log/log_service.pb.go
deleted file mode 100644
index 8545ac4ad6..0000000000
--- a/vendor/google.golang.org/appengine/internal/log/log_service.pb.go
+++ /dev/null
@@ -1,1313 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// source: google.golang.org/appengine/internal/log/log_service.proto
-
-package log
-
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
-
-type LogServiceError_ErrorCode int32
-
-const (
-	LogServiceError_OK              LogServiceError_ErrorCode = 0
-	LogServiceError_INVALID_REQUEST LogServiceError_ErrorCode = 1
-	LogServiceError_STORAGE_ERROR   LogServiceError_ErrorCode = 2
-)
-
-var LogServiceError_ErrorCode_name = map[int32]string{
-	0: "OK",
-	1: "INVALID_REQUEST",
-	2: "STORAGE_ERROR",
-}
-var LogServiceError_ErrorCode_value = map[string]int32{
-	"OK":              0,
-	"INVALID_REQUEST": 1,
-	"STORAGE_ERROR":   2,
-}
-
-func (x LogServiceError_ErrorCode) Enum() *LogServiceError_ErrorCode {
-	p := new(LogServiceError_ErrorCode)
-	*p = x
-	return p
-}
-func (x LogServiceError_ErrorCode) String() string {
-	return proto.EnumName(LogServiceError_ErrorCode_name, int32(x))
-}
-func (x *LogServiceError_ErrorCode) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(LogServiceError_ErrorCode_value, data, "LogServiceError_ErrorCode")
-	if err != nil {
-		return err
-	}
-	*x = LogServiceError_ErrorCode(value)
-	return nil
-}
-func (LogServiceError_ErrorCode) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_log_service_f054fd4b5012319d, []int{0, 0}
-}
-
-type LogServiceError struct {
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *LogServiceError) Reset()         { *m = LogServiceError{} }
-func (m *LogServiceError) String() string { return proto.CompactTextString(m) }
-func (*LogServiceError) ProtoMessage()    {}
-func (*LogServiceError) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_service_f054fd4b5012319d, []int{0}
-}
-func (m *LogServiceError) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_LogServiceError.Unmarshal(m, b)
-}
-func (m *LogServiceError) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_LogServiceError.Marshal(b, m, deterministic)
-}
-func (dst *LogServiceError) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogServiceError.Merge(dst, src)
-}
-func (m *LogServiceError) XXX_Size() int {
-	return xxx_messageInfo_LogServiceError.Size(m)
-}
-func (m *LogServiceError) XXX_DiscardUnknown() {
-	xxx_messageInfo_LogServiceError.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_LogServiceError proto.InternalMessageInfo
-
-type UserAppLogLine struct {
-	TimestampUsec        *int64   `protobuf:"varint,1,req,name=timestamp_usec,json=timestampUsec" json:"timestamp_usec,omitempty"`
-	Level                *int64   `protobuf:"varint,2,req,name=level" json:"level,omitempty"`
-	Message              *string  `protobuf:"bytes,3,req,name=message" json:"message,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *UserAppLogLine) Reset()         { *m = UserAppLogLine{} }
-func (m *UserAppLogLine) String() string { return proto.CompactTextString(m) }
-func (*UserAppLogLine) ProtoMessage()    {}
-func (*UserAppLogLine) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_service_f054fd4b5012319d, []int{1}
-}
-func (m *UserAppLogLine) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_UserAppLogLine.Unmarshal(m, b)
-}
-func (m *UserAppLogLine) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_UserAppLogLine.Marshal(b, m, deterministic)
-}
-func (dst *UserAppLogLine) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_UserAppLogLine.Merge(dst, src)
-}
-func (m *UserAppLogLine) XXX_Size() int {
-	return xxx_messageInfo_UserAppLogLine.Size(m)
-}
-func (m *UserAppLogLine) XXX_DiscardUnknown() {
-	xxx_messageInfo_UserAppLogLine.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_UserAppLogLine proto.InternalMessageInfo
-
-func (m *UserAppLogLine) GetTimestampUsec() int64 {
-	if m != nil && m.TimestampUsec != nil {
-		return *m.TimestampUsec
-	}
-	return 0
-}
-
-func (m *UserAppLogLine) GetLevel() int64 {
-	if m != nil && m.Level != nil {
-		return *m.Level
-	}
-	return 0
-}
-
-func (m *UserAppLogLine) GetMessage() string {
-	if m != nil && m.Message != nil {
-		return *m.Message
-	}
-	return ""
-}
-
-type UserAppLogGroup struct {
-	LogLine              []*UserAppLogLine `protobuf:"bytes,2,rep,name=log_line,json=logLine" json:"log_line,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
-	XXX_unrecognized     []byte            `json:"-"`
-	XXX_sizecache        int32             `json:"-"`
-}
-
-func (m *UserAppLogGroup) Reset()         { *m = UserAppLogGroup{} }
-func (m *UserAppLogGroup) String() string { return proto.CompactTextString(m) }
-func (*UserAppLogGroup) ProtoMessage()    {}
-func (*UserAppLogGroup) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_service_f054fd4b5012319d, []int{2}
-}
-func (m *UserAppLogGroup) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_UserAppLogGroup.Unmarshal(m, b)
-}
-func (m *UserAppLogGroup) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_UserAppLogGroup.Marshal(b, m, deterministic)
-}
-func (dst *UserAppLogGroup) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_UserAppLogGroup.Merge(dst, src)
-}
-func (m *UserAppLogGroup) XXX_Size() int {
-	return xxx_messageInfo_UserAppLogGroup.Size(m)
-}
-func (m *UserAppLogGroup) XXX_DiscardUnknown() {
-	xxx_messageInfo_UserAppLogGroup.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_UserAppLogGroup proto.InternalMessageInfo
-
-func (m *UserAppLogGroup) GetLogLine() []*UserAppLogLine {
-	if m != nil {
-		return m.LogLine
-	}
-	return nil
-}
-
-type FlushRequest struct {
-	Logs                 []byte   `protobuf:"bytes,1,opt,name=logs" json:"logs,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *FlushRequest) Reset()         { *m = FlushRequest{} }
-func (m *FlushRequest) String() string { return proto.CompactTextString(m) }
-func (*FlushRequest) ProtoMessage()    {}
-func (*FlushRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_service_f054fd4b5012319d, []int{3}
-}
-func (m *FlushRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_FlushRequest.Unmarshal(m, b)
-}
-func (m *FlushRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_FlushRequest.Marshal(b, m, deterministic)
-}
-func (dst *FlushRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_FlushRequest.Merge(dst, src)
-}
-func (m *FlushRequest) XXX_Size() int {
-	return xxx_messageInfo_FlushRequest.Size(m)
-}
-func (m *FlushRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_FlushRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_FlushRequest proto.InternalMessageInfo
-
-func (m *FlushRequest) GetLogs() []byte {
-	if m != nil {
-		return m.Logs
-	}
-	return nil
-}
-
-type SetStatusRequest struct {
-	Status               *string  `protobuf:"bytes,1,req,name=status" json:"status,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *SetStatusRequest) Reset()         { *m = SetStatusRequest{} }
-func (m *SetStatusRequest) String() string { return proto.CompactTextString(m) }
-func (*SetStatusRequest) ProtoMessage()    {}
-func (*SetStatusRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_service_f054fd4b5012319d, []int{4}
-}
-func (m *SetStatusRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_SetStatusRequest.Unmarshal(m, b)
-}
-func (m *SetStatusRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_SetStatusRequest.Marshal(b, m, deterministic)
-}
-func (dst *SetStatusRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_SetStatusRequest.Merge(dst, src)
-}
-func (m *SetStatusRequest) XXX_Size() int {
-	return xxx_messageInfo_SetStatusRequest.Size(m)
-}
-func (m *SetStatusRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_SetStatusRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_SetStatusRequest proto.InternalMessageInfo
-
-func (m *SetStatusRequest) GetStatus() string {
-	if m != nil && m.Status != nil {
-		return *m.Status
-	}
-	return ""
-}
-
-type LogOffset struct {
-	RequestId            []byte   `protobuf:"bytes,1,opt,name=request_id,json=requestId" json:"request_id,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *LogOffset) Reset()         { *m = LogOffset{} }
-func (m *LogOffset) String() string { return proto.CompactTextString(m) }
-func (*LogOffset) ProtoMessage()    {}
-func (*LogOffset) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_service_f054fd4b5012319d, []int{5}
-}
-func (m *LogOffset) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_LogOffset.Unmarshal(m, b)
-}
-func (m *LogOffset) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_LogOffset.Marshal(b, m, deterministic)
-}
-func (dst *LogOffset) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogOffset.Merge(dst, src)
-}
-func (m *LogOffset) XXX_Size() int {
-	return xxx_messageInfo_LogOffset.Size(m)
-}
-func (m *LogOffset) XXX_DiscardUnknown() {
-	xxx_messageInfo_LogOffset.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_LogOffset proto.InternalMessageInfo
-
-func (m *LogOffset) GetRequestId() []byte {
-	if m != nil {
-		return m.RequestId
-	}
-	return nil
-}
-
-type LogLine struct {
-	Time                 *int64   `protobuf:"varint,1,req,name=time" json:"time,omitempty"`
-	Level                *int32   `protobuf:"varint,2,req,name=level" json:"level,omitempty"`
-	LogMessage           *string  `protobuf:"bytes,3,req,name=log_message,json=logMessage" json:"log_message,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *LogLine) Reset()         { *m = LogLine{} }
-func (m *LogLine) String() string { return proto.CompactTextString(m) }
-func (*LogLine) ProtoMessage()    {}
-func (*LogLine) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_service_f054fd4b5012319d, []int{6}
-}
-func (m *LogLine) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_LogLine.Unmarshal(m, b)
-}
-func (m *LogLine) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_LogLine.Marshal(b, m, deterministic)
-}
-func (dst *LogLine) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogLine.Merge(dst, src)
-}
-func (m *LogLine) XXX_Size() int {
-	return xxx_messageInfo_LogLine.Size(m)
-}
-func (m *LogLine) XXX_DiscardUnknown() {
-	xxx_messageInfo_LogLine.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_LogLine proto.InternalMessageInfo
-
-func (m *LogLine) GetTime() int64 {
-	if m != nil && m.Time != nil {
-		return *m.Time
-	}
-	return 0
-}
-
-func (m *LogLine) GetLevel() int32 {
-	if m != nil && m.Level != nil {
-		return *m.Level
-	}
-	return 0
-}
-
-func (m *LogLine) GetLogMessage() string {
-	if m != nil && m.LogMessage != nil {
-		return *m.LogMessage
-	}
-	return ""
-}
-
-type RequestLog struct {
-	AppId                   *string    `protobuf:"bytes,1,req,name=app_id,json=appId" json:"app_id,omitempty"`
-	ModuleId                *string    `protobuf:"bytes,37,opt,name=module_id,json=moduleId,def=default" json:"module_id,omitempty"`
-	VersionId               *string    `protobuf:"bytes,2,req,name=version_id,json=versionId" json:"version_id,omitempty"`
-	RequestId               []byte     `protobuf:"bytes,3,req,name=request_id,json=requestId" json:"request_id,omitempty"`
-	Offset                  *LogOffset `protobuf:"bytes,35,opt,name=offset" json:"offset,omitempty"`
-	Ip                      *string    `protobuf:"bytes,4,req,name=ip" json:"ip,omitempty"`
-	Nickname                *string    `protobuf:"bytes,5,opt,name=nickname" json:"nickname,omitempty"`
-	StartTime               *int64     `protobuf:"varint,6,req,name=start_time,json=startTime" json:"start_time,omitempty"`
-	EndTime                 *int64     `protobuf:"varint,7,req,name=end_time,json=endTime" json:"end_time,omitempty"`
-	Latency                 *int64     `protobuf:"varint,8,req,name=latency" json:"latency,omitempty"`
-	Mcycles                 *int64     `protobuf:"varint,9,req,name=mcycles" json:"mcycles,omitempty"`
-	Method                  *string    `protobuf:"bytes,10,req,name=method" json:"method,omitempty"`
-	Resource                *string    `protobuf:"bytes,11,req,name=resource" json:"resource,omitempty"`
-	HttpVersion             *string    `protobuf:"bytes,12,req,name=http_version,json=httpVersion" json:"http_version,omitempty"`
-	Status                  *int32     `protobuf:"varint,13,req,name=status" json:"status,omitempty"`
-	ResponseSize            *int64     `protobuf:"varint,14,req,name=response_size,json=responseSize" json:"response_size,omitempty"`
-	Referrer                *string    `protobuf:"bytes,15,opt,name=referrer" json:"referrer,omitempty"`
-	UserAgent               *string    `protobuf:"bytes,16,opt,name=user_agent,json=userAgent" json:"user_agent,omitempty"`
-	UrlMapEntry             *string    `protobuf:"bytes,17,req,name=url_map_entry,json=urlMapEntry" json:"url_map_entry,omitempty"`
-	Combined                *string    `protobuf:"bytes,18,req,name=combined" json:"combined,omitempty"`
-	ApiMcycles              *int64     `protobuf:"varint,19,opt,name=api_mcycles,json=apiMcycles" json:"api_mcycles,omitempty"`
-	Host                    *string    `protobuf:"bytes,20,opt,name=host" json:"host,omitempty"`
-	Cost                    *float64   `protobuf:"fixed64,21,opt,name=cost" json:"cost,omitempty"`
-	TaskQueueName           *string    `protobuf:"bytes,22,opt,name=task_queue_name,json=taskQueueName" json:"task_queue_name,omitempty"`
-	TaskName                *string    `protobuf:"bytes,23,opt,name=task_name,json=taskName" json:"task_name,omitempty"`
-	WasLoadingRequest       *bool      `protobuf:"varint,24,opt,name=was_loading_request,json=wasLoadingRequest" json:"was_loading_request,omitempty"`
-	PendingTime             *int64     `protobuf:"varint,25,opt,name=pending_time,json=pendingTime" json:"pending_time,omitempty"`
-	ReplicaIndex            *int32     `protobuf:"varint,26,opt,name=replica_index,json=replicaIndex,def=-1" json:"replica_index,omitempty"`
-	Finished                *bool      `protobuf:"varint,27,opt,name=finished,def=1" json:"finished,omitempty"`
-	CloneKey                []byte     `protobuf:"bytes,28,opt,name=clone_key,json=cloneKey" json:"clone_key,omitempty"`
-	Line                    []*LogLine `protobuf:"bytes,29,rep,name=line" json:"line,omitempty"`
-	LinesIncomplete         *bool      `protobuf:"varint,36,opt,name=lines_incomplete,json=linesIncomplete" json:"lines_incomplete,omitempty"`
-	AppEngineRelease        []byte     `protobuf:"bytes,38,opt,name=app_engine_release,json=appEngineRelease" json:"app_engine_release,omitempty"`
-	ExitReason              *int32     `protobuf:"varint,30,opt,name=exit_reason,json=exitReason" json:"exit_reason,omitempty"`
-	WasThrottledForTime     *bool      `protobuf:"varint,31,opt,name=was_throttled_for_time,json=wasThrottledForTime" json:"was_throttled_for_time,omitempty"`
-	WasThrottledForRequests *bool      `protobuf:"varint,32,opt,name=was_throttled_for_requests,json=wasThrottledForRequests" json:"was_throttled_for_requests,omitempty"`
-	ThrottledTime           *int64     `protobuf:"varint,33,opt,name=throttled_time,json=throttledTime" json:"throttled_time,omitempty"`
-	ServerName              []byte     `protobuf:"bytes,34,opt,name=server_name,json=serverName" json:"server_name,omitempty"`
-	XXX_NoUnkeyedLiteral    struct{}   `json:"-"`
-	XXX_unrecognized        []byte     `json:"-"`
-	XXX_sizecache           int32      `json:"-"`
-}
-
-func (m *RequestLog) Reset()         { *m = RequestLog{} }
-func (m *RequestLog) String() string { return proto.CompactTextString(m) }
-func (*RequestLog) ProtoMessage()    {}
-func (*RequestLog) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_service_f054fd4b5012319d, []int{7}
-}
-func (m *RequestLog) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_RequestLog.Unmarshal(m, b)
-}
-func (m *RequestLog) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_RequestLog.Marshal(b, m, deterministic)
-}
-func (dst *RequestLog) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_RequestLog.Merge(dst, src)
-}
-func (m *RequestLog) XXX_Size() int {
-	return xxx_messageInfo_RequestLog.Size(m)
-}
-func (m *RequestLog) XXX_DiscardUnknown() {
-	xxx_messageInfo_RequestLog.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_RequestLog proto.InternalMessageInfo
-
-const Default_RequestLog_ModuleId string = "default"
-const Default_RequestLog_ReplicaIndex int32 = -1
-const Default_RequestLog_Finished bool = true
-
-func (m *RequestLog) GetAppId() string {
-	if m != nil && m.AppId != nil {
-		return *m.AppId
-	}
-	return ""
-}
-
-func (m *RequestLog) GetModuleId() string {
-	if m != nil && m.ModuleId != nil {
-		return *m.ModuleId
-	}
-	return Default_RequestLog_ModuleId
-}
-
-func (m *RequestLog) GetVersionId() string {
-	if m != nil && m.VersionId != nil {
-		return *m.VersionId
-	}
-	return ""
-}
-
-func (m *RequestLog) GetRequestId() []byte {
-	if m != nil {
-		return m.RequestId
-	}
-	return nil
-}
-
-func (m *RequestLog) GetOffset() *LogOffset {
-	if m != nil {
-		return m.Offset
-	}
-	return nil
-}
-
-func (m *RequestLog) GetIp() string {
-	if m != nil && m.Ip != nil {
-		return *m.Ip
-	}
-	return ""
-}
-
-func (m *RequestLog) GetNickname() string {
-	if m != nil && m.Nickname != nil {
-		return *m.Nickname
-	}
-	return ""
-}
-
-func (m *RequestLog) GetStartTime() int64 {
-	if m != nil && m.StartTime != nil {
-		return *m.StartTime
-	}
-	return 0
-}
-
-func (m *RequestLog) GetEndTime() int64 {
-	if m != nil && m.EndTime != nil {
-		return *m.EndTime
-	}
-	return 0
-}
-
-func (m *RequestLog) GetLatency() int64 {
-	if m != nil && m.Latency != nil {
-		return *m.Latency
-	}
-	return 0
-}
-
-func (m *RequestLog) GetMcycles() int64 {
-	if m != nil && m.Mcycles != nil {
-		return *m.Mcycles
-	}
-	return 0
-}
-
-func (m *RequestLog) GetMethod() string {
-	if m != nil && m.Method != nil {
-		return *m.Method
-	}
-	return ""
-}
-
-func (m *RequestLog) GetResource() string {
-	if m != nil && m.Resource != nil {
-		return *m.Resource
-	}
-	return ""
-}
-
-func (m *RequestLog) GetHttpVersion() string {
-	if m != nil && m.HttpVersion != nil {
-		return *m.HttpVersion
-	}
-	return ""
-}
-
-func (m *RequestLog) GetStatus() int32 {
-	if m != nil && m.Status != nil {
-		return *m.Status
-	}
-	return 0
-}
-
-func (m *RequestLog) GetResponseSize() int64 {
-	if m != nil && m.ResponseSize != nil {
-		return *m.ResponseSize
-	}
-	return 0
-}
-
-func (m *RequestLog) GetReferrer() string {
-	if m != nil && m.Referrer != nil {
-		return *m.Referrer
-	}
-	return ""
-}
-
-func (m *RequestLog) GetUserAgent() string {
-	if m != nil && m.UserAgent != nil {
-		return *m.UserAgent
-	}
-	return ""
-}
-
-func (m *RequestLog) GetUrlMapEntry() string {
-	if m != nil && m.UrlMapEntry != nil {
-		return *m.UrlMapEntry
-	}
-	return ""
-}
-
-func (m *RequestLog) GetCombined() string {
-	if m != nil && m.Combined != nil {
-		return *m.Combined
-	}
-	return ""
-}
-
-func (m *RequestLog) GetApiMcycles() int64 {
-	if m != nil && m.ApiMcycles != nil {
-		return *m.ApiMcycles
-	}
-	return 0
-}
-
-func (m *RequestLog) GetHost() string {
-	if m != nil && m.Host != nil {
-		return *m.Host
-	}
-	return ""
-}
-
-func (m *RequestLog) GetCost() float64 {
-	if m != nil && m.Cost != nil {
-		return *m.Cost
-	}
-	return 0
-}
-
-func (m *RequestLog) GetTaskQueueName() string {
-	if m != nil && m.TaskQueueName != nil {
-		return *m.TaskQueueName
-	}
-	return ""
-}
-
-func (m *RequestLog) GetTaskName() string {
-	if m != nil && m.TaskName != nil {
-		return *m.TaskName
-	}
-	return ""
-}
-
-func (m *RequestLog) GetWasLoadingRequest() bool {
-	if m != nil && m.WasLoadingRequest != nil {
-		return *m.WasLoadingRequest
-	}
-	return false
-}
-
-func (m *RequestLog) GetPendingTime() int64 {
-	if m != nil && m.PendingTime != nil {
-		return *m.PendingTime
-	}
-	return 0
-}
-
-func (m *RequestLog) GetReplicaIndex() int32 {
-	if m != nil && m.ReplicaIndex != nil {
-		return *m.ReplicaIndex
-	}
-	return Default_RequestLog_ReplicaIndex
-}
-
-func (m *RequestLog) GetFinished() bool {
-	if m != nil && m.Finished != nil {
-		return *m.Finished
-	}
-	return Default_RequestLog_Finished
-}
-
-func (m *RequestLog) GetCloneKey() []byte {
-	if m != nil {
-		return m.CloneKey
-	}
-	return nil
-}
-
-func (m *RequestLog) GetLine() []*LogLine {
-	if m != nil {
-		return m.Line
-	}
-	return nil
-}
-
-func (m *RequestLog) GetLinesIncomplete() bool {
-	if m != nil && m.LinesIncomplete != nil {
-		return *m.LinesIncomplete
-	}
-	return false
-}
-
-func (m *RequestLog) GetAppEngineRelease() []byte {
-	if m != nil {
-		return m.AppEngineRelease
-	}
-	return nil
-}
-
-func (m *RequestLog) GetExitReason() int32 {
-	if m != nil && m.ExitReason != nil {
-		return *m.ExitReason
-	}
-	return 0
-}
-
-func (m *RequestLog) GetWasThrottledForTime() bool {
-	if m != nil && m.WasThrottledForTime != nil {
-		return *m.WasThrottledForTime
-	}
-	return false
-}
-
-func (m *RequestLog) GetWasThrottledForRequests() bool {
-	if m != nil && m.WasThrottledForRequests != nil {
-		return *m.WasThrottledForRequests
-	}
-	return false
-}
-
-func (m *RequestLog) GetThrottledTime() int64 {
-	if m != nil && m.ThrottledTime != nil {
-		return *m.ThrottledTime
-	}
-	return 0
-}
-
-func (m *RequestLog) GetServerName() []byte {
-	if m != nil {
-		return m.ServerName
-	}
-	return nil
-}
-
-type LogModuleVersion struct {
-	ModuleId             *string  `protobuf:"bytes,1,opt,name=module_id,json=moduleId,def=default" json:"module_id,omitempty"`
-	VersionId            *string  `protobuf:"bytes,2,opt,name=version_id,json=versionId" json:"version_id,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *LogModuleVersion) Reset()         { *m = LogModuleVersion{} }
-func (m *LogModuleVersion) String() string { return proto.CompactTextString(m) }
-func (*LogModuleVersion) ProtoMessage()    {}
-func (*LogModuleVersion) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_service_f054fd4b5012319d, []int{8}
-}
-func (m *LogModuleVersion) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_LogModuleVersion.Unmarshal(m, b)
-}
-func (m *LogModuleVersion) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_LogModuleVersion.Marshal(b, m, deterministic)
-}
-func (dst *LogModuleVersion) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogModuleVersion.Merge(dst, src)
-}
-func (m *LogModuleVersion) XXX_Size() int {
-	return xxx_messageInfo_LogModuleVersion.Size(m)
-}
-func (m *LogModuleVersion) XXX_DiscardUnknown() {
-	xxx_messageInfo_LogModuleVersion.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_LogModuleVersion proto.InternalMessageInfo
-
-const Default_LogModuleVersion_ModuleId string = "default"
-
-func (m *LogModuleVersion) GetModuleId() string {
-	if m != nil && m.ModuleId != nil {
-		return *m.ModuleId
-	}
-	return Default_LogModuleVersion_ModuleId
-}
-
-func (m *LogModuleVersion) GetVersionId() string {
-	if m != nil && m.VersionId != nil {
-		return *m.VersionId
-	}
-	return ""
-}
-
-type LogReadRequest struct {
-	AppId                *string             `protobuf:"bytes,1,req,name=app_id,json=appId" json:"app_id,omitempty"`
-	VersionId            []string            `protobuf:"bytes,2,rep,name=version_id,json=versionId" json:"version_id,omitempty"`
-	ModuleVersion        []*LogModuleVersion `protobuf:"bytes,19,rep,name=module_version,json=moduleVersion" json:"module_version,omitempty"`
-	StartTime            *int64              `protobuf:"varint,3,opt,name=start_time,json=startTime" json:"start_time,omitempty"`
-	EndTime              *int64              `protobuf:"varint,4,opt,name=end_time,json=endTime" json:"end_time,omitempty"`
-	Offset               *LogOffset          `protobuf:"bytes,5,opt,name=offset" json:"offset,omitempty"`
-	RequestId            [][]byte            `protobuf:"bytes,6,rep,name=request_id,json=requestId" json:"request_id,omitempty"`
-	MinimumLogLevel      *int32              `protobuf:"varint,7,opt,name=minimum_log_level,json=minimumLogLevel" json:"minimum_log_level,omitempty"`
-	IncludeIncomplete    *bool               `protobuf:"varint,8,opt,name=include_incomplete,json=includeIncomplete" json:"include_incomplete,omitempty"`
-	Count                *int64              `protobuf:"varint,9,opt,name=count" json:"count,omitempty"`
-	CombinedLogRegex     *string             `protobuf:"bytes,14,opt,name=combined_log_regex,json=combinedLogRegex" json:"combined_log_regex,omitempty"`
-	HostRegex            *string             `protobuf:"bytes,15,opt,name=host_regex,json=hostRegex" json:"host_regex,omitempty"`
-	ReplicaIndex         *int32              `protobuf:"varint,16,opt,name=replica_index,json=replicaIndex" json:"replica_index,omitempty"`
-	IncludeAppLogs       *bool               `protobuf:"varint,10,opt,name=include_app_logs,json=includeAppLogs" json:"include_app_logs,omitempty"`
-	AppLogsPerRequest    *int32              `protobuf:"varint,17,opt,name=app_logs_per_request,json=appLogsPerRequest" json:"app_logs_per_request,omitempty"`
-	IncludeHost          *bool               `protobuf:"varint,11,opt,name=include_host,json=includeHost" json:"include_host,omitempty"`
-	IncludeAll           *bool               `protobuf:"varint,12,opt,name=include_all,json=includeAll" json:"include_all,omitempty"`
-	CacheIterator        *bool               `protobuf:"varint,13,opt,name=cache_iterator,json=cacheIterator" json:"cache_iterator,omitempty"`
-	NumShards            *int32              `protobuf:"varint,18,opt,name=num_shards,json=numShards" json:"num_shards,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
-	XXX_unrecognized     []byte              `json:"-"`
-	XXX_sizecache        int32               `json:"-"`
-}
-
-func (m *LogReadRequest) Reset()         { *m = LogReadRequest{} }
-func (m *LogReadRequest) String() string { return proto.CompactTextString(m) }
-func (*LogReadRequest) ProtoMessage()    {}
-func (*LogReadRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_service_f054fd4b5012319d, []int{9}
-}
-func (m *LogReadRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_LogReadRequest.Unmarshal(m, b)
-}
-func (m *LogReadRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_LogReadRequest.Marshal(b, m, deterministic)
-}
-func (dst *LogReadRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogReadRequest.Merge(dst, src)
-}
-func (m *LogReadRequest) XXX_Size() int {
-	return xxx_messageInfo_LogReadRequest.Size(m)
-}
-func (m *LogReadRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_LogReadRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_LogReadRequest proto.InternalMessageInfo
-
-func (m *LogReadRequest) GetAppId() string {
-	if m != nil && m.AppId != nil {
-		return *m.AppId
-	}
-	return ""
-}
-
-func (m *LogReadRequest) GetVersionId() []string {
-	if m != nil {
-		return m.VersionId
-	}
-	return nil
-}
-
-func (m *LogReadRequest) GetModuleVersion() []*LogModuleVersion {
-	if m != nil {
-		return m.ModuleVersion
-	}
-	return nil
-}
-
-func (m *LogReadRequest) GetStartTime() int64 {
-	if m != nil && m.StartTime != nil {
-		return *m.StartTime
-	}
-	return 0
-}
-
-func (m *LogReadRequest) GetEndTime() int64 {
-	if m != nil && m.EndTime != nil {
-		return *m.EndTime
-	}
-	return 0
-}
-
-func (m *LogReadRequest) GetOffset() *LogOffset {
-	if m != nil {
-		return m.Offset
-	}
-	return nil
-}
-
-func (m *LogReadRequest) GetRequestId() [][]byte {
-	if m != nil {
-		return m.RequestId
-	}
-	return nil
-}
-
-func (m *LogReadRequest) GetMinimumLogLevel() int32 {
-	if m != nil && m.MinimumLogLevel != nil {
-		return *m.MinimumLogLevel
-	}
-	return 0
-}
-
-func (m *LogReadRequest) GetIncludeIncomplete() bool {
-	if m != nil && m.IncludeIncomplete != nil {
-		return *m.IncludeIncomplete
-	}
-	return false
-}
-
-func (m *LogReadRequest) GetCount() int64 {
-	if m != nil && m.Count != nil {
-		return *m.Count
-	}
-	return 0
-}
-
-func (m *LogReadRequest) GetCombinedLogRegex() string {
-	if m != nil && m.CombinedLogRegex != nil {
-		return *m.CombinedLogRegex
-	}
-	return ""
-}
-
-func (m *LogReadRequest) GetHostRegex() string {
-	if m != nil && m.HostRegex != nil {
-		return *m.HostRegex
-	}
-	return ""
-}
-
-func (m *LogReadRequest) GetReplicaIndex() int32 {
-	if m != nil && m.ReplicaIndex != nil {
-		return *m.ReplicaIndex
-	}
-	return 0
-}
-
-func (m *LogReadRequest) GetIncludeAppLogs() bool {
-	if m != nil && m.IncludeAppLogs != nil {
-		return *m.IncludeAppLogs
-	}
-	return false
-}
-
-func (m *LogReadRequest) GetAppLogsPerRequest() int32 {
-	if m != nil && m.AppLogsPerRequest != nil {
-		return *m.AppLogsPerRequest
-	}
-	return 0
-}
-
-func (m *LogReadRequest) GetIncludeHost() bool {
-	if m != nil && m.IncludeHost != nil {
-		return *m.IncludeHost
-	}
-	return false
-}
-
-func (m *LogReadRequest) GetIncludeAll() bool {
-	if m != nil && m.IncludeAll != nil {
-		return *m.IncludeAll
-	}
-	return false
-}
-
-func (m *LogReadRequest) GetCacheIterator() bool {
-	if m != nil && m.CacheIterator != nil {
-		return *m.CacheIterator
-	}
-	return false
-}
-
-func (m *LogReadRequest) GetNumShards() int32 {
-	if m != nil && m.NumShards != nil {
-		return *m.NumShards
-	}
-	return 0
-}
-
-type LogReadResponse struct {
-	Log                  []*RequestLog `protobuf:"bytes,1,rep,name=log" json:"log,omitempty"`
-	Offset               *LogOffset    `protobuf:"bytes,2,opt,name=offset" json:"offset,omitempty"`
-	LastEndTime          *int64        `protobuf:"varint,3,opt,name=last_end_time,json=lastEndTime" json:"last_end_time,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
-	XXX_unrecognized     []byte        `json:"-"`
-	XXX_sizecache        int32         `json:"-"`
-}
-
-func (m *LogReadResponse) Reset()         { *m = LogReadResponse{} }
-func (m *LogReadResponse) String() string { return proto.CompactTextString(m) }
-func (*LogReadResponse) ProtoMessage()    {}
-func (*LogReadResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_service_f054fd4b5012319d, []int{10}
-}
-func (m *LogReadResponse) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_LogReadResponse.Unmarshal(m, b)
-}
-func (m *LogReadResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_LogReadResponse.Marshal(b, m, deterministic)
-}
-func (dst *LogReadResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogReadResponse.Merge(dst, src)
-}
-func (m *LogReadResponse) XXX_Size() int {
-	return xxx_messageInfo_LogReadResponse.Size(m)
-}
-func (m *LogReadResponse) XXX_DiscardUnknown() {
-	xxx_messageInfo_LogReadResponse.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_LogReadResponse proto.InternalMessageInfo
-
-func (m *LogReadResponse) GetLog() []*RequestLog {
-	if m != nil {
-		return m.Log
-	}
-	return nil
-}
-
-func (m *LogReadResponse) GetOffset() *LogOffset {
-	if m != nil {
-		return m.Offset
-	}
-	return nil
-}
-
-func (m *LogReadResponse) GetLastEndTime() int64 {
-	if m != nil && m.LastEndTime != nil {
-		return *m.LastEndTime
-	}
-	return 0
-}
-
-type LogUsageRecord struct {
-	VersionId            *string  `protobuf:"bytes,1,opt,name=version_id,json=versionId" json:"version_id,omitempty"`
-	StartTime            *int32   `protobuf:"varint,2,opt,name=start_time,json=startTime" json:"start_time,omitempty"`
-	EndTime              *int32   `protobuf:"varint,3,opt,name=end_time,json=endTime" json:"end_time,omitempty"`
-	Count                *int64   `protobuf:"varint,4,opt,name=count" json:"count,omitempty"`
-	TotalSize            *int64   `protobuf:"varint,5,opt,name=total_size,json=totalSize" json:"total_size,omitempty"`
-	Records              *int32   `protobuf:"varint,6,opt,name=records" json:"records,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *LogUsageRecord) Reset()         { *m = LogUsageRecord{} }
-func (m *LogUsageRecord) String() string { return proto.CompactTextString(m) }
-func (*LogUsageRecord) ProtoMessage()    {}
-func (*LogUsageRecord) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_service_f054fd4b5012319d, []int{11}
-}
-func (m *LogUsageRecord) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_LogUsageRecord.Unmarshal(m, b)
-}
-func (m *LogUsageRecord) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_LogUsageRecord.Marshal(b, m, deterministic)
-}
-func (dst *LogUsageRecord) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogUsageRecord.Merge(dst, src)
-}
-func (m *LogUsageRecord) XXX_Size() int {
-	return xxx_messageInfo_LogUsageRecord.Size(m)
-}
-func (m *LogUsageRecord) XXX_DiscardUnknown() {
-	xxx_messageInfo_LogUsageRecord.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_LogUsageRecord proto.InternalMessageInfo
-
-func (m *LogUsageRecord) GetVersionId() string {
-	if m != nil && m.VersionId != nil {
-		return *m.VersionId
-	}
-	return ""
-}
-
-func (m *LogUsageRecord) GetStartTime() int32 {
-	if m != nil && m.StartTime != nil {
-		return *m.StartTime
-	}
-	return 0
-}
-
-func (m *LogUsageRecord) GetEndTime() int32 {
-	if m != nil && m.EndTime != nil {
-		return *m.EndTime
-	}
-	return 0
-}
-
-func (m *LogUsageRecord) GetCount() int64 {
-	if m != nil && m.Count != nil {
-		return *m.Count
-	}
-	return 0
-}
-
-func (m *LogUsageRecord) GetTotalSize() int64 {
-	if m != nil && m.TotalSize != nil {
-		return *m.TotalSize
-	}
-	return 0
-}
-
-func (m *LogUsageRecord) GetRecords() int32 {
-	if m != nil && m.Records != nil {
-		return *m.Records
-	}
-	return 0
-}
-
-type LogUsageRequest struct {
-	AppId                *string  `protobuf:"bytes,1,req,name=app_id,json=appId" json:"app_id,omitempty"`
-	VersionId            []string `protobuf:"bytes,2,rep,name=version_id,json=versionId" json:"version_id,omitempty"`
-	StartTime            *int32   `protobuf:"varint,3,opt,name=start_time,json=startTime" json:"start_time,omitempty"`
-	EndTime              *int32   `protobuf:"varint,4,opt,name=end_time,json=endTime" json:"end_time,omitempty"`
-	ResolutionHours      *uint32  `protobuf:"varint,5,opt,name=resolution_hours,json=resolutionHours,def=1" json:"resolution_hours,omitempty"`
-	CombineVersions      *bool    `protobuf:"varint,6,opt,name=combine_versions,json=combineVersions" json:"combine_versions,omitempty"`
-	UsageVersion         *int32   `protobuf:"varint,7,opt,name=usage_version,json=usageVersion" json:"usage_version,omitempty"`
-	VersionsOnly         *bool    `protobuf:"varint,8,opt,name=versions_only,json=versionsOnly" json:"versions_only,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *LogUsageRequest) Reset()         { *m = LogUsageRequest{} }
-func (m *LogUsageRequest) String() string { return proto.CompactTextString(m) }
-func (*LogUsageRequest) ProtoMessage()    {}
-func (*LogUsageRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_service_f054fd4b5012319d, []int{12}
-}
-func (m *LogUsageRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_LogUsageRequest.Unmarshal(m, b)
-}
-func (m *LogUsageRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_LogUsageRequest.Marshal(b, m, deterministic)
-}
-func (dst *LogUsageRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogUsageRequest.Merge(dst, src)
-}
-func (m *LogUsageRequest) XXX_Size() int {
-	return xxx_messageInfo_LogUsageRequest.Size(m)
-}
-func (m *LogUsageRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_LogUsageRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_LogUsageRequest proto.InternalMessageInfo
-
-const Default_LogUsageRequest_ResolutionHours uint32 = 1
-
-func (m *LogUsageRequest) GetAppId() string {
-	if m != nil && m.AppId != nil {
-		return *m.AppId
-	}
-	return ""
-}
-
-func (m *LogUsageRequest) GetVersionId() []string {
-	if m != nil {
-		return m.VersionId
-	}
-	return nil
-}
-
-func (m *LogUsageRequest) GetStartTime() int32 {
-	if m != nil && m.StartTime != nil {
-		return *m.StartTime
-	}
-	return 0
-}
-
-func (m *LogUsageRequest) GetEndTime() int32 {
-	if m != nil && m.EndTime != nil {
-		return *m.EndTime
-	}
-	return 0
-}
-
-func (m *LogUsageRequest) GetResolutionHours() uint32 {
-	if m != nil && m.ResolutionHours != nil {
-		return *m.ResolutionHours
-	}
-	return Default_LogUsageRequest_ResolutionHours
-}
-
-func (m *LogUsageRequest) GetCombineVersions() bool {
-	if m != nil && m.CombineVersions != nil {
-		return *m.CombineVersions
-	}
-	return false
-}
-
-func (m *LogUsageRequest) GetUsageVersion() int32 {
-	if m != nil && m.UsageVersion != nil {
-		return *m.UsageVersion
-	}
-	return 0
-}
-
-func (m *LogUsageRequest) GetVersionsOnly() bool {
-	if m != nil && m.VersionsOnly != nil {
-		return *m.VersionsOnly
-	}
-	return false
-}
-
-type LogUsageResponse struct {
-	Usage                []*LogUsageRecord `protobuf:"bytes,1,rep,name=usage" json:"usage,omitempty"`
-	Summary              *LogUsageRecord   `protobuf:"bytes,2,opt,name=summary" json:"summary,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
-	XXX_unrecognized     []byte            `json:"-"`
-	XXX_sizecache        int32             `json:"-"`
-}
-
-func (m *LogUsageResponse) Reset()         { *m = LogUsageResponse{} }
-func (m *LogUsageResponse) String() string { return proto.CompactTextString(m) }
-func (*LogUsageResponse) ProtoMessage()    {}
-func (*LogUsageResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_log_service_f054fd4b5012319d, []int{13}
-}
-func (m *LogUsageResponse) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_LogUsageResponse.Unmarshal(m, b)
-}
-func (m *LogUsageResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_LogUsageResponse.Marshal(b, m, deterministic)
-}
-func (dst *LogUsageResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LogUsageResponse.Merge(dst, src)
-}
-func (m *LogUsageResponse) XXX_Size() int {
-	return xxx_messageInfo_LogUsageResponse.Size(m)
-}
-func (m *LogUsageResponse) XXX_DiscardUnknown() {
-	xxx_messageInfo_LogUsageResponse.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_LogUsageResponse proto.InternalMessageInfo
-
-func (m *LogUsageResponse) GetUsage() []*LogUsageRecord {
-	if m != nil {
-		return m.Usage
-	}
-	return nil
-}
-
-func (m *LogUsageResponse) GetSummary() *LogUsageRecord {
-	if m != nil {
-		return m.Summary
-	}
-	return nil
-}
-
-func init() {
-	proto.RegisterType((*LogServiceError)(nil), "appengine.LogServiceError")
-	proto.RegisterType((*UserAppLogLine)(nil), "appengine.UserAppLogLine")
-	proto.RegisterType((*UserAppLogGroup)(nil), "appengine.UserAppLogGroup")
-	proto.RegisterType((*FlushRequest)(nil), "appengine.FlushRequest")
-	proto.RegisterType((*SetStatusRequest)(nil), "appengine.SetStatusRequest")
-	proto.RegisterType((*LogOffset)(nil), "appengine.LogOffset")
-	proto.RegisterType((*LogLine)(nil), "appengine.LogLine")
-	proto.RegisterType((*RequestLog)(nil), "appengine.RequestLog")
-	proto.RegisterType((*LogModuleVersion)(nil), "appengine.LogModuleVersion")
-	proto.RegisterType((*LogReadRequest)(nil), "appengine.LogReadRequest")
-	proto.RegisterType((*LogReadResponse)(nil), "appengine.LogReadResponse")
-	proto.RegisterType((*LogUsageRecord)(nil), "appengine.LogUsageRecord")
-	proto.RegisterType((*LogUsageRequest)(nil), "appengine.LogUsageRequest")
-	proto.RegisterType((*LogUsageResponse)(nil), "appengine.LogUsageResponse")
-}
-
-func init() {
-	proto.RegisterFile("google.golang.org/appengine/internal/log/log_service.proto", fileDescriptor_log_service_f054fd4b5012319d)
-}
-
-var fileDescriptor_log_service_f054fd4b5012319d = []byte{
-	// 1553 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x56, 0xdd, 0x72, 0xdb, 0xc6,
-	0x15, 0x2e, 0x48, 0x51, 0x24, 0x0f, 0x49, 0x91, 0x5a, 0xcb, 0xce, 0xda, 0xae, 0x6b, 0x1a, 0x4e,
-	0x1c, 0xd6, 0x93, 0x48, 0x93, 0xa4, 0x57, 0xca, 0x95, 0xd3, 0x2a, 0x8e, 0x26, 0xb4, 0xd5, 0x40,
-	0x72, 0x3a, 0xd3, 0x1b, 0x0c, 0x0a, 0x1c, 0x81, 0x18, 0x2f, 0xb1, 0xc8, 0xee, 0xc2, 0x91, 0x72,
-	0xdb, 0xdb, 0x3e, 0x46, 0x1f, 0xa2, 0xaf, 0xd2, 0xb7, 0xe9, 0xec, 0xd9, 0x05, 0x44, 0x2a, 0x4d,
-	0xc6, 0x33, 0xb9, 0xe0, 0x10, 0xfb, 0x9d, 0x83, 0xdd, 0xf3, 0xf3, 0x9d, 0x6f, 0x01, 0xc7, 0xb9,
-	0x94, 0xb9, 0xc0, 0xc3, 0x5c, 0x8a, 0xa4, 0xcc, 0x0f, 0xa5, 0xca, 0x8f, 0x92, 0xaa, 0xc2, 0x32,
-	0x2f, 0x4a, 0x3c, 0x2a, 0x4a, 0x83, 0xaa, 0x4c, 0xc4, 0x91, 0x90, 0xb9, 0xfd, 0xc5, 0x1a, 0xd5,
-	0xbb, 0x22, 0xc5, 0xc3, 0x4a, 0x49, 0x23, 0xd9, 0xb0, 0xf5, 0x0c, 0x5f, 0xc3, 0x74, 0x29, 0xf3,
-	0x73, 0x67, 0x3e, 0x51, 0x4a, 0xaa, 0xf0, 0x4b, 0x18, 0xd2, 0xc3, 0x9f, 0x65, 0x86, 0x6c, 0x17,
-	0x3a, 0x67, 0xdf, 0xce, 0x7e, 0xc7, 0xee, 0xc0, 0xf4, 0xf4, 0xf5, 0xf7, 0x2f, 0x96, 0xa7, 0x7f,
-	0x89, 0xa3, 0x93, 0xef, 0xde, 0x9c, 0x9c, 0x5f, 0xcc, 0x02, 0xb6, 0x0f, 0x93, 0xf3, 0x8b, 0xb3,
-	0xe8, 0xc5, 0xcb, 0x93, 0xf8, 0x24, 0x8a, 0xce, 0xa2, 0x59, 0x27, 0xcc, 0x61, 0xef, 0x8d, 0x46,
-	0xf5, 0xa2, 0xaa, 0x96, 0x32, 0x5f, 0x16, 0x25, 0xb2, 0x8f, 0x60, 0xcf, 0x14, 0x6b, 0xd4, 0x26,
-	0x59, 0x57, 0x71, 0xad, 0x31, 0xe5, 0xc1, 0xbc, 0xb3, 0xe8, 0x46, 0x93, 0x16, 0x7d, 0xa3, 0x31,
-	0x65, 0x07, 0xd0, 0x13, 0xf8, 0x0e, 0x05, 0xef, 0x90, 0xd5, 0x2d, 0x18, 0x87, 0xfe, 0x1a, 0xb5,
-	0x4e, 0x72, 0xe4, 0xdd, 0x79, 0x67, 0x31, 0x8c, 0x9a, 0x65, 0xf8, 0x12, 0xa6, 0x37, 0x07, 0xbd,
-	0x54, 0xb2, 0xae, 0xd8, 0x9f, 0x60, 0x60, 0x73, 0x15, 0x45, 0x89, 0xbc, 0x33, 0xef, 0x2e, 0x46,
-	0x9f, 0xdf, 0x3f, 0x6c, 0x33, 0x3d, 0xdc, 0x0e, 0x2b, 0xea, 0x0b, 0xf7, 0x10, 0x86, 0x30, 0xfe,
-	0x5a, 0xd4, 0x7a, 0x15, 0xe1, 0x0f, 0x35, 0x6a, 0xc3, 0x18, 0xec, 0x08, 0x99, 0x6b, 0x1e, 0xcc,
-	0x83, 0xc5, 0x38, 0xa2, 0xe7, 0xf0, 0x39, 0xcc, 0xce, 0xd1, 0x9c, 0x9b, 0xc4, 0xd4, 0xba, 0xf1,
-	0xbb, 0x07, 0xbb, 0x9a, 0x00, 0xca, 0x67, 0x18, 0xf9, 0x55, 0xf8, 0x1c, 0x86, 0x4b, 0x99, 0x9f,
-	0x5d, 0x5e, 0x6a, 0x34, 0xec, 0x11, 0x80, 0x72, 0xfe, 0x71, 0x91, 0xf9, 0x2d, 0x87, 0x1e, 0x39,
-	0xcd, 0xc2, 0x0b, 0xe8, 0x37, 0x65, 0x62, 0xb0, 0x63, 0x0b, 0xe2, 0x8b, 0x43, 0xcf, 0xdb, 0x35,
-	0xe9, 0x35, 0x35, 0x79, 0x0c, 0x23, 0x9b, 0xe6, 0x76, 0x5d, 0x40, 0xc8, 0xfc, 0x95, 0x2f, 0xcd,
-	0x3f, 0x01, 0xc0, 0x47, 0xb9, 0x94, 0x39, 0xbb, 0x0b, 0xbb, 0x49, 0x55, 0xb9, 0xf3, 0xad, 0x6b,
-	0x2f, 0xa9, 0xaa, 0xd3, 0x8c, 0x7d, 0x08, 0xc3, 0xb5, 0xcc, 0x6a, 0x81, 0xd6, 0xf2, 0xd1, 0x3c,
-	0x58, 0x0c, 0x8f, 0xfb, 0x19, 0x5e, 0x26, 0xb5, 0x30, 0xd1, 0xc0, 0x59, 0x4e, 0x33, 0x9b, 0xc0,
-	0x3b, 0x54, 0xba, 0x90, 0xa5, 0x75, 0xeb, 0xd0, 0x06, 0x43, 0x8f, 0x38, 0xf3, 0x46, 0x7e, 0x36,
-	0x94, 0xcd, 0xfc, 0xd8, 0x27, 0xb0, 0x2b, 0xa9, 0x10, 0xfc, 0xe9, 0x3c, 0x58, 0x8c, 0x3e, 0x3f,
-	0xd8, 0xe8, 0x47, 0x5b, 0xa4, 0xc8, 0xfb, 0xb0, 0x3d, 0xe8, 0x14, 0x15, 0xdf, 0xa1, 0x33, 0x3a,
-	0x45, 0xc5, 0x1e, 0xc0, 0xa0, 0x2c, 0xd2, 0xb7, 0x65, 0xb2, 0x46, 0xde, 0xb3, 0x01, 0x46, 0xed,
-	0xda, 0x1e, 0xac, 0x4d, 0xa2, 0x4c, 0x4c, 0x45, 0xdb, 0xa5, 0xa2, 0x0d, 0x09, 0xb9, 0xb0, 0x95,
-	0xbb, 0x0f, 0x03, 0x2c, 0x33, 0x67, 0xec, 0x93, 0xb1, 0x8f, 0x65, 0x46, 0x26, 0x0e, 0x7d, 0x91,
-	0x18, 0x2c, 0xd3, 0x6b, 0x3e, 0x70, 0x16, 0xbf, 0x24, 0xb2, 0xa5, 0xd7, 0xa9, 0x40, 0xcd, 0x87,
-	0xce, 0xe2, 0x97, 0xb6, 0xd7, 0x6b, 0x34, 0x2b, 0x99, 0x71, 0x70, 0xbd, 0x76, 0x2b, 0x1b, 0xa1,
-	0x42, 0x2d, 0x6b, 0x95, 0x22, 0x1f, 0x91, 0xa5, 0x5d, 0xb3, 0x27, 0x30, 0x5e, 0x19, 0x53, 0xc5,
-	0xbe, 0x58, 0x7c, 0x4c, 0xf6, 0x91, 0xc5, 0xbe, 0x77, 0xd0, 0x06, 0x85, 0x26, 0xd4, 0x60, 0xbf,
-	0x62, 0x4f, 0x61, 0xa2, 0x50, 0x57, 0xb2, 0xd4, 0x18, 0xeb, 0xe2, 0x27, 0xe4, 0x7b, 0x14, 0xce,
-	0xb8, 0x01, 0xcf, 0x8b, 0x9f, 0xd0, 0x9d, 0x7d, 0x89, 0x4a, 0xa1, 0xe2, 0x53, 0x57, 0x9d, 0x66,
-	0x6d, 0xab, 0x53, 0x6b, 0x54, 0x71, 0x92, 0x63, 0x69, 0xf8, 0x8c, 0xac, 0x43, 0x8b, 0xbc, 0xb0,
-	0x00, 0x0b, 0x61, 0x52, 0x2b, 0x11, 0xaf, 0x93, 0x2a, 0xc6, 0xd2, 0xa8, 0x6b, 0xbe, 0xef, 0x62,
-	0xab, 0x95, 0x78, 0x95, 0x54, 0x27, 0x16, 0xb2, 0xdb, 0xa7, 0x72, 0xfd, 0x8f, 0xa2, 0xc4, 0x8c,
-	0x33, 0x97, 0x5a, 0xb3, 0xb6, 0x0c, 0x4c, 0xaa, 0x22, 0x6e, 0x8a, 0x75, 0x67, 0x1e, 0x2c, 0xba,
-	0x11, 0x24, 0x55, 0xf1, 0xca, 0xd7, 0x8b, 0xc1, 0xce, 0x4a, 0x6a, 0xc3, 0x0f, 0xe8, 0x64, 0x7a,
-	0xb6, 0x58, 0x6a, 0xb1, 0xbb, 0xf3, 0x60, 0x11, 0x44, 0xf4, 0xcc, 0x9e, 0xc1, 0xd4, 0x24, 0xfa,
-	0x6d, 0xfc, 0x43, 0x8d, 0x35, 0xc6, 0xd4, 0xe8, 0x7b, 0xf4, 0xca, 0xc4, 0xc2, 0xdf, 0x59, 0xf4,
-	0xb5, 0xed, 0xf6, 0x43, 0x18, 0x92, 0x1f, 0x79, 0x7c, 0xe0, 0x92, 0xb5, 0x00, 0x19, 0x0f, 0xe1,
-	0xce, 0x8f, 0x89, 0x8e, 0x85, 0x4c, 0xb2, 0xa2, 0xcc, 0x63, 0xcf, 0x3e, 0xce, 0xe7, 0xc1, 0x62,
-	0x10, 0xed, 0xff, 0x98, 0xe8, 0xa5, 0xb3, 0x34, 0x83, 0xfb, 0x04, 0xc6, 0x15, 0x96, 0xe4, 0x4b,
-	0xfc, 0xb8, 0x4f, 0xe1, 0x8f, 0x3c, 0x46, 0x1c, 0xf9, 0xd8, 0x36, 0xa0, 0x12, 0x45, 0x9a, 0xc4,
-	0x45, 0x99, 0xe1, 0x15, 0x7f, 0x30, 0x0f, 0x16, 0xbd, 0xe3, 0xce, 0xa7, 0x9f, 0xd9, 0x26, 0x90,
-	0xe1, 0xd4, 0xe2, 0x6c, 0x0e, 0x83, 0xcb, 0xa2, 0x2c, 0xf4, 0x0a, 0x33, 0xfe, 0xd0, 0x1e, 0x78,
-	0xbc, 0x63, 0x54, 0x8d, 0x51, 0x8b, 0xda, 0xd0, 0x53, 0x21, 0x4b, 0x8c, 0xdf, 0xe2, 0x35, 0xff,
-	0x3d, 0x09, 0xc0, 0x80, 0x80, 0x6f, 0xf1, 0x9a, 0x3d, 0x83, 0x1d, 0x52, 0xab, 0x47, 0xa4, 0x56,
-	0x6c, 0x7b, 0x3a, 0x48, 0xa6, 0xc8, 0xce, 0xfe, 0x08, 0x33, 0xfb, 0xaf, 0xe3, 0xa2, 0x4c, 0xe5,
-	0xba, 0x12, 0x68, 0x90, 0x7f, 0x48, 0xf9, 0x4d, 0x09, 0x3f, 0x6d, 0x61, 0xf6, 0x09, 0x30, 0x3b,
-	0xed, 0x6e, 0x9b, 0x58, 0xa1, 0xc0, 0x44, 0x23, 0x7f, 0x46, 0x07, 0xcf, 0x92, 0xaa, 0x3a, 0x21,
-	0x43, 0xe4, 0x70, 0xdb, 0x49, 0xbc, 0x2a, 0x4c, 0xac, 0x30, 0xd1, 0xb2, 0xe4, 0x7f, 0xb0, 0x69,
-	0x46, 0x60, 0xa1, 0x88, 0x10, 0xf6, 0x05, 0xdc, 0xb3, 0xc5, 0x35, 0x2b, 0x25, 0x8d, 0x11, 0x98,
-	0xc5, 0x97, 0x52, 0xb9, 0xb2, 0x3d, 0xa6, 0xf3, 0x6d, 0xe9, 0x2f, 0x1a, 0xe3, 0xd7, 0x52, 0x51,
-	0xf9, 0xbe, 0x84, 0x07, 0x3f, 0x7f, 0xc9, 0xf7, 0x45, 0xf3, 0x39, 0xbd, 0xf8, 0xc1, 0xad, 0x17,
-	0x7d, 0x77, 0x34, 0xdd, 0x17, 0xed, 0x8b, 0x74, 0xd2, 0x13, 0x6a, 0xd0, 0xa4, 0x45, 0xe9, 0x8c,
-	0xc7, 0x30, 0xb2, 0x97, 0x1a, 0x2a, 0x47, 0x8a, 0x90, 0x12, 0x04, 0x07, 0x59, 0x5a, 0x84, 0x7f,
-	0x83, 0xd9, 0x52, 0xe6, 0xaf, 0x48, 0xc8, 0x9a, 0x81, 0xdb, 0xd2, 0xbc, 0xe0, 0x7d, 0x35, 0x2f,
-	0xd8, 0xd2, 0xbc, 0xf0, 0xbf, 0x3d, 0xd8, 0x5b, 0xca, 0x3c, 0xc2, 0x24, 0x6b, 0x28, 0xf5, 0x0b,
-	0x12, 0x7b, 0x7b, 0xa3, 0xee, 0xb6, 0x78, 0x7e, 0x05, 0x7b, 0x3e, 0x9a, 0x46, 0x23, 0xee, 0x10,
-	0x0f, 0x1e, 0x6e, 0xf3, 0x60, 0x2b, 0x85, 0x68, 0xb2, 0xde, 0xca, 0x68, 0x5b, 0x07, 0xbb, 0x54,
-	0xa9, 0x5f, 0xd0, 0xc1, 0x1d, 0x32, 0xb6, 0x3a, 0x78, 0xa3, 0xcd, 0xbd, 0xf7, 0xd0, 0xe6, 0x6d,
-	0xa1, 0xdf, 0x9d, 0x77, 0xb7, 0x85, 0xfe, 0x39, 0xec, 0xaf, 0x8b, 0xb2, 0x58, 0xd7, 0xeb, 0x98,
-	0xae, 0x60, 0xba, 0xb5, 0xfa, 0xc4, 0xa6, 0xa9, 0x37, 0x58, 0x46, 0xd3, 0xfd, 0xf5, 0x29, 0xb0,
-	0xa2, 0x4c, 0x45, 0x9d, 0xe1, 0x26, 0x9d, 0x07, 0x6e, 0x5c, 0xbd, 0x65, 0x83, 0xd0, 0x07, 0xd0,
-	0x4b, 0x65, 0x5d, 0x1a, 0x3e, 0xa4, 0xf8, 0xdd, 0xc2, 0xd2, 0xbc, 0x91, 0x23, 0x3a, 0x51, 0x61,
-	0x8e, 0x57, 0x7c, 0x8f, 0x7a, 0x35, 0x6b, 0x2c, 0xd4, 0xa5, 0x1c, 0xaf, 0x6c, 0xf4, 0x56, 0x83,
-	0xbc, 0x97, 0x53, 0xcb, 0xa1, 0x45, 0x9c, 0xf9, 0xe9, 0xed, 0x71, 0x9f, 0x51, 0xe4, 0xdb, 0xa3,
-	0xbe, 0x80, 0x59, 0x13, 0xb6, 0xed, 0x35, 0x7d, 0x23, 0x00, 0x05, 0xbd, 0xe7, 0x71, 0xf7, 0x75,
-	0xa1, 0xd9, 0x11, 0x1c, 0x34, 0x1e, 0x71, 0x85, 0x2d, 0xf3, 0xf9, 0x3e, 0xed, 0xba, 0x9f, 0x38,
-	0xb7, 0xbf, 0xa2, 0xda, 0x50, 0xa4, 0x66, 0x6b, 0x92, 0xcd, 0x11, 0x6d, 0x3b, 0xf2, 0xd8, 0x37,
-	0x56, 0x29, 0x1f, 0xc3, 0xa8, 0x3d, 0x5d, 0x08, 0x3e, 0x26, 0x0f, 0x68, 0x0e, 0x16, 0xc2, 0x8e,
-	0x4d, 0x9a, 0xa4, 0x2b, 0x8c, 0x0b, 0x83, 0x2a, 0x31, 0x52, 0xf1, 0x09, 0xf9, 0x4c, 0x08, 0x3d,
-	0xf5, 0xa0, 0xad, 0x44, 0x59, 0xaf, 0x63, 0xbd, 0x4a, 0x54, 0xa6, 0x39, 0xa3, 0x88, 0x86, 0x65,
-	0xbd, 0x3e, 0x27, 0x20, 0xfc, 0x57, 0x40, 0xdf, 0x83, 0x8e, 0xdb, 0xee, 0xb2, 0x61, 0x1f, 0x43,
-	0x57, 0xc8, 0x9c, 0x07, 0xc4, 0xcd, 0xbb, 0x1b, 0x2c, 0xb9, 0xf9, 0xc6, 0x88, 0xac, 0xc7, 0x06,
-	0xa3, 0x3a, 0xef, 0xc1, 0xa8, 0x10, 0x26, 0x22, 0xd1, 0x26, 0x6e, 0xf9, 0xe9, 0xc8, 0x3b, 0xb2,
-	0xe0, 0x89, 0xe3, 0x68, 0xf8, 0x9f, 0x80, 0x46, 0xed, 0x8d, 0xfd, 0xac, 0x89, 0x30, 0x95, 0xea,
-	0xf6, 0x4c, 0x05, 0xb7, 0x86, 0xf3, 0xd6, 0x3c, 0x74, 0x5c, 0x7e, 0xff, 0x7f, 0x1e, 0xba, 0x64,
-	0x6c, 0xe7, 0xa1, 0xe5, 0xd9, 0xce, 0x26, 0xcf, 0x1e, 0x01, 0x18, 0x69, 0x12, 0xe1, 0xee, 0xe1,
-	0x9e, 0x9b, 0x2f, 0x42, 0xe8, 0x12, 0xe6, 0xd0, 0x57, 0x14, 0x97, 0xe6, 0xbb, 0x6e, 0x3b, 0xbf,
-	0x0c, 0xff, 0xdd, 0xa1, 0x4a, 0xfa, 0xd0, 0x7f, 0x8b, 0x4c, 0xfc, 0x7c, 0xc4, 0x7b, 0xbf, 0x36,
-	0xe2, 0xbd, 0xcd, 0x11, 0x9f, 0xd9, 0xcf, 0x11, 0x51, 0x1b, 0xbb, 0xf7, 0x4a, 0xd6, 0x4a, 0x53,
-	0x0a, 0x93, 0xe3, 0xe0, 0xb3, 0x68, 0x7a, 0x63, 0xfa, 0xc6, 0x5a, 0xec, 0x25, 0xe3, 0x07, 0xa7,
-	0xd1, 0x23, 0x97, 0xd4, 0x20, 0x9a, 0x7a, 0xdc, 0x8b, 0x0e, 0x7d, 0xa0, 0xd4, 0x36, 0xb1, 0x56,
-	0xb8, 0xdc, 0xa8, 0x8f, 0x09, 0x6c, 0xa4, 0xe9, 0x29, 0x4c, 0x9a, 0x7d, 0x62, 0x59, 0x8a, 0x6b,
-	0x3f, 0xe2, 0xe3, 0x06, 0x3c, 0x2b, 0xc5, 0x75, 0x78, 0x45, 0x2a, 0xed, 0xab, 0xe4, 0x09, 0x77,
-	0x04, 0x3d, 0xda, 0xc8, 0x53, 0xee, 0xfe, 0x36, 0x8d, 0x36, 0xc8, 0x10, 0x39, 0x3f, 0xf6, 0x05,
-	0xf4, 0x75, 0xbd, 0x5e, 0x27, 0xea, 0xda, 0x33, 0xef, 0x57, 0x5e, 0x69, 0x3c, 0xbf, 0xea, 0xfd,
-	0xdd, 0x92, 0xf6, 0x7f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x70, 0xd9, 0xa0, 0xf8, 0x48, 0x0d, 0x00,
-	0x00,
-}
diff --git a/vendor/google.golang.org/appengine/internal/log/log_service.proto b/vendor/google.golang.org/appengine/internal/log/log_service.proto
deleted file mode 100644
index 8981dc4757..0000000000
--- a/vendor/google.golang.org/appengine/internal/log/log_service.proto
+++ /dev/null
@@ -1,150 +0,0 @@
-syntax = "proto2";
-option go_package = "log";
-
-package appengine;
-
-message LogServiceError {
-  enum ErrorCode {
-    OK  = 0;
-    INVALID_REQUEST = 1;
-    STORAGE_ERROR = 2;
-  }
-}
-
-message UserAppLogLine {
-  required int64 timestamp_usec = 1;
-  required int64 level = 2;
-  required string message = 3;
-}
-
-message UserAppLogGroup {
-  repeated UserAppLogLine log_line = 2;
-}
-
-message FlushRequest {
-  optional bytes logs = 1;
-}
-
-message SetStatusRequest {
-  required string status = 1;
-}
-
-
-message LogOffset {
-  optional bytes request_id = 1;
-}
-
-message LogLine {
-  required int64 time = 1;
-  required int32 level = 2;
-  required string log_message = 3;
-}
-
-message RequestLog {
-  required string app_id = 1;
-  optional string module_id = 37 [default="default"];
-  required string version_id = 2;
-  required bytes request_id = 3;
-  optional LogOffset offset = 35;
-  required string ip = 4;
-  optional string nickname = 5;
-  required int64 start_time = 6;
-  required int64 end_time = 7;
-  required int64 latency = 8;
-  required int64 mcycles = 9;
-  required string method = 10;
-  required string resource = 11;
-  required string http_version = 12;
-  required int32 status = 13;
-  required int64 response_size = 14;
-  optional string referrer = 15;
-  optional string user_agent = 16;
-  required string url_map_entry = 17;
-  required string combined = 18;
-  optional int64 api_mcycles = 19;
-  optional string host = 20;
-  optional double cost = 21;
-
-  optional string task_queue_name = 22;
-  optional string task_name = 23;
-
-  optional bool was_loading_request = 24;
-  optional int64 pending_time = 25;
-  optional int32 replica_index = 26 [default = -1];
-  optional bool finished = 27 [default = true];
-  optional bytes clone_key = 28;
-
-  repeated LogLine line = 29;
-
-  optional bool lines_incomplete = 36;
-  optional bytes app_engine_release = 38;
-
-  optional int32 exit_reason = 30;
-  optional bool was_throttled_for_time = 31;
-  optional bool was_throttled_for_requests = 32;
-  optional int64 throttled_time = 33;
-
-  optional bytes server_name = 34;
-}
-
-message LogModuleVersion {
-  optional string module_id = 1 [default="default"];
-  optional string version_id = 2;
-}
-
-message LogReadRequest {
-  required string app_id = 1;
-  repeated string version_id = 2;
-  repeated LogModuleVersion module_version = 19;
-
-  optional int64 start_time = 3;
-  optional int64 end_time = 4;
-  optional LogOffset offset = 5;
-  repeated bytes request_id = 6;
-
-  optional int32 minimum_log_level = 7;
-  optional bool include_incomplete = 8;
-  optional int64 count = 9;
-
-  optional string combined_log_regex = 14;
-  optional string host_regex = 15;
-  optional int32 replica_index = 16;
-
-  optional bool include_app_logs = 10;
-  optional int32 app_logs_per_request = 17;
-  optional bool include_host = 11;
-  optional bool include_all = 12;
-  optional bool cache_iterator = 13;
-  optional int32 num_shards = 18;
-}
-
-message LogReadResponse {
-  repeated RequestLog log = 1;
-  optional LogOffset offset = 2;
-  optional int64 last_end_time = 3;
-}
-
-message LogUsageRecord {
-  optional string version_id = 1;
-  optional int32 start_time = 2;
-  optional int32 end_time = 3;
-  optional int64 count = 4;
-  optional int64 total_size = 5;
-  optional int32 records = 6;
-}
-
-message LogUsageRequest {
-  required string app_id = 1;
-  repeated string version_id = 2;
-  optional int32 start_time = 3;
-  optional int32 end_time = 4;
-  optional uint32 resolution_hours = 5 [default = 1];
-  optional bool combine_versions = 6;
-  optional int32 usage_version = 7;
-  optional bool versions_only = 8;
-}
-
-message LogUsageResponse {
-  repeated LogUsageRecord usage = 1;
-  optional LogUsageRecord summary = 2;
-}
diff --git a/vendor/google.golang.org/appengine/internal/main.go b/vendor/google.golang.org/appengine/internal/main.go
deleted file mode 100644
index afd0ae84fd..0000000000
--- a/vendor/google.golang.org/appengine/internal/main.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright 2011 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-//go:build appengine
-// +build appengine
-
-package internal
-
-import (
-	"appengine_internal"
-)
-
-func Main() {
-	MainPath = ""
-	appengine_internal.Main()
-}
diff --git a/vendor/google.golang.org/appengine/internal/main_common.go b/vendor/google.golang.org/appengine/internal/main_common.go
deleted file mode 100644
index 357dce4dd0..0000000000
--- a/vendor/google.golang.org/appengine/internal/main_common.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package internal
-
-// MainPath stores the file path of the main package. On App Engine Standard
-// using Go version 1.9 and below, this will be unset. On App Engine Flex and
-// App Engine Standard second-gen (Go 1.11 and above), this will be the
-// filepath to package main.
-var MainPath string
diff --git a/vendor/google.golang.org/appengine/internal/main_vm.go b/vendor/google.golang.org/appengine/internal/main_vm.go
deleted file mode 100644
index 86a8caf06f..0000000000
--- a/vendor/google.golang.org/appengine/internal/main_vm.go
+++ /dev/null
@@ -1,70 +0,0 @@
-// Copyright 2011 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-//go:build !appengine
-// +build !appengine
-
-package internal
-
-import (
-	"io"
-	"log"
-	"net/http"
-	"net/url"
-	"os"
-	"path/filepath"
-	"runtime"
-)
-
-func Main() {
-	MainPath = filepath.Dir(findMainPath())
-	installHealthChecker(http.DefaultServeMux)
-
-	port := "8080"
-	if s := os.Getenv("PORT"); s != "" {
-		port = s
-	}
-
-	host := ""
-	if IsDevAppServer() {
-		host = "127.0.0.1"
-	}
-	if err := http.ListenAndServe(host+":"+port, Middleware(http.DefaultServeMux)); err != nil {
-		log.Fatalf("http.ListenAndServe: %v", err)
-	}
-}
-
-// Find the path to package main by looking at the root Caller.
-func findMainPath() string {
-	pc := make([]uintptr, 100)
-	n := runtime.Callers(2, pc)
-	frames := runtime.CallersFrames(pc[:n])
-	for {
-		frame, more := frames.Next()
-		// Tests won't have package main, instead they have testing.tRunner
-		if frame.Function == "main.main" || frame.Function == "testing.tRunner" {
-			return frame.File
-		}
-		if !more {
-			break
-		}
-	}
-	return ""
-}
-
-func installHealthChecker(mux *http.ServeMux) {
-	// If no health check handler has been installed by this point, add a trivial one.
-	const healthPath = "/_ah/health"
-	hreq := &http.Request{
-		Method: "GET",
-		URL: &url.URL{
-			Path: healthPath,
-		},
-	}
-	if _, pat := mux.Handler(hreq); pat != healthPath {
-		mux.HandleFunc(healthPath, func(w http.ResponseWriter, r *http.Request) {
-			io.WriteString(w, "ok")
-		})
-	}
-}
diff --git a/vendor/google.golang.org/appengine/internal/metadata.go b/vendor/google.golang.org/appengine/internal/metadata.go
deleted file mode 100644
index c4ba63bb48..0000000000
--- a/vendor/google.golang.org/appengine/internal/metadata.go
+++ /dev/null
@@ -1,60 +0,0 @@
-// Copyright 2014 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-package internal
-
-// This file has code for accessing metadata.
-//
-// References:
-//	https://cloud.google.com/compute/docs/metadata
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-)
-
-const (
-	metadataHost = "metadata"
-	metadataPath = "/computeMetadata/v1/"
-)
-
-var (
-	metadataRequestHeaders = http.Header{
-		"Metadata-Flavor": []string{"Google"},
-	}
-)
-
-// TODO(dsymonds): Do we need to support default values, like Python?
-func mustGetMetadata(key string) []byte {
-	b, err := getMetadata(key)
-	if err != nil {
-		panic(fmt.Sprintf("Metadata fetch failed for '%s': %v", key, err))
-	}
-	return b
-}
-
-func getMetadata(key string) ([]byte, error) {
-	// TODO(dsymonds): May need to use url.Parse to support keys with query args.
-	req := &http.Request{
-		Method: "GET",
-		URL: &url.URL{
-			Scheme: "http",
-			Host:   metadataHost,
-			Path:   metadataPath + key,
-		},
-		Header: metadataRequestHeaders,
-		Host:   metadataHost,
-	}
-	resp, err := http.DefaultClient.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode != 200 {
-		return nil, fmt.Errorf("metadata server returned HTTP %d", resp.StatusCode)
-	}
-	return ioutil.ReadAll(resp.Body)
-}
diff --git a/vendor/google.golang.org/appengine/internal/net.go b/vendor/google.golang.org/appengine/internal/net.go
deleted file mode 100644
index fe429720e1..0000000000
--- a/vendor/google.golang.org/appengine/internal/net.go
+++ /dev/null
@@ -1,56 +0,0 @@
-// Copyright 2014 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-package internal
-
-// This file implements a network dialer that limits the number of concurrent connections.
-// It is only used for API calls.
-
-import (
-	"log"
-	"net"
-	"runtime"
-	"sync"
-	"time"
-)
-
-var limitSem = make(chan int, 100) // TODO(dsymonds): Use environment variable.
-
-func limitRelease() {
-	// non-blocking
-	select {
-	case <-limitSem:
-	default:
-		// This should not normally happen.
-		log.Print("appengine: unbalanced limitSem release!")
-	}
-}
-
-func limitDial(network, addr string) (net.Conn, error) {
-	limitSem <- 1
-
-	// Dial with a timeout in case the API host is MIA.
-	// The connection should normally be very fast.
-	conn, err := net.DialTimeout(network, addr, 10*time.Second)
-	if err != nil {
-		limitRelease()
-		return nil, err
-	}
-	lc := &limitConn{Conn: conn}
-	runtime.SetFinalizer(lc, (*limitConn).Close) // shouldn't usually be required
-	return lc, nil
-}
-
-type limitConn struct {
-	close sync.Once
-	net.Conn
-}
-
-func (lc *limitConn) Close() error {
-	defer lc.close.Do(func() {
-		limitRelease()
-		runtime.SetFinalizer(lc, nil)
-	})
-	return lc.Conn.Close()
-}
diff --git a/vendor/google.golang.org/appengine/internal/regen.sh b/vendor/google.golang.org/appengine/internal/regen.sh
deleted file mode 100644
index 2fdb546a63..0000000000
--- a/vendor/google.golang.org/appengine/internal/regen.sh
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/bash -e
-#
-# This script rebuilds the generated code for the protocol buffers.
-# To run this you will need protoc and goprotobuf installed;
-# see https://github.com/golang/protobuf for instructions.
-
-PKG=google.golang.org/appengine
-
-function die() {
-	echo 1>&2 $*
-	exit 1
-}
-
-# Sanity check that the right tools are accessible.
-for tool in go protoc protoc-gen-go; do
-	q=$(which $tool) || die "didn't find $tool"
-	echo 1>&2 "$tool: $q"
-done
-
-echo -n 1>&2 "finding package dir... "
-pkgdir=$(go list -f '{{.Dir}}' $PKG)
-echo 1>&2 $pkgdir
-base=$(echo $pkgdir | sed "s,/$PKG\$,,")
-echo 1>&2 "base: $base"
-cd $base
-
-# Run protoc once per package.
-for dir in $(find $PKG/internal -name '*.proto' | xargs dirname | sort | uniq); do
-	echo 1>&2 "* $dir"
-	protoc --go_out=. $dir/*.proto
-done
-
-for f in $(find $PKG/internal -name '*.pb.go'); do
-  # Remove proto.RegisterEnum calls.
-  # These cause duplicate registration panics when these packages
-  # are used on classic App Engine. proto.RegisterEnum only affects
-  # parsing the text format; we don't care about that.
-  # https://code.google.com/p/googleappengine/issues/detail?id=11670#c17
-  sed -i '/proto.RegisterEnum/d' $f
-done
diff --git a/vendor/google.golang.org/appengine/internal/remote_api/remote_api.pb.go b/vendor/google.golang.org/appengine/internal/remote_api/remote_api.pb.go
deleted file mode 100644
index 8d782a38e1..0000000000
--- a/vendor/google.golang.org/appengine/internal/remote_api/remote_api.pb.go
+++ /dev/null
@@ -1,361 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// source: google.golang.org/appengine/internal/remote_api/remote_api.proto
-
-package remote_api
-
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
-
-type RpcError_ErrorCode int32
-
-const (
-	RpcError_UNKNOWN             RpcError_ErrorCode = 0
-	RpcError_CALL_NOT_FOUND      RpcError_ErrorCode = 1
-	RpcError_PARSE_ERROR         RpcError_ErrorCode = 2
-	RpcError_SECURITY_VIOLATION  RpcError_ErrorCode = 3
-	RpcError_OVER_QUOTA          RpcError_ErrorCode = 4
-	RpcError_REQUEST_TOO_LARGE   RpcError_ErrorCode = 5
-	RpcError_CAPABILITY_DISABLED RpcError_ErrorCode = 6
-	RpcError_FEATURE_DISABLED    RpcError_ErrorCode = 7
-	RpcError_BAD_REQUEST         RpcError_ErrorCode = 8
-	RpcError_RESPONSE_TOO_LARGE  RpcError_ErrorCode = 9
-	RpcError_CANCELLED           RpcError_ErrorCode = 10
-	RpcError_REPLAY_ERROR        RpcError_ErrorCode = 11
-	RpcError_DEADLINE_EXCEEDED   RpcError_ErrorCode = 12
-)
-
-var RpcError_ErrorCode_name = map[int32]string{
-	0:  "UNKNOWN",
-	1:  "CALL_NOT_FOUND",
-	2:  "PARSE_ERROR",
-	3:  "SECURITY_VIOLATION",
-	4:  "OVER_QUOTA",
-	5:  "REQUEST_TOO_LARGE",
-	6:  "CAPABILITY_DISABLED",
-	7:  "FEATURE_DISABLED",
-	8:  "BAD_REQUEST",
-	9:  "RESPONSE_TOO_LARGE",
-	10: "CANCELLED",
-	11: "REPLAY_ERROR",
-	12: "DEADLINE_EXCEEDED",
-}
-var RpcError_ErrorCode_value = map[string]int32{
-	"UNKNOWN":             0,
-	"CALL_NOT_FOUND":      1,
-	"PARSE_ERROR":         2,
-	"SECURITY_VIOLATION":  3,
-	"OVER_QUOTA":          4,
-	"REQUEST_TOO_LARGE":   5,
-	"CAPABILITY_DISABLED": 6,
-	"FEATURE_DISABLED":    7,
-	"BAD_REQUEST":         8,
-	"RESPONSE_TOO_LARGE":  9,
-	"CANCELLED":           10,
-	"REPLAY_ERROR":        11,
-	"DEADLINE_EXCEEDED":   12,
-}
-
-func (x RpcError_ErrorCode) Enum() *RpcError_ErrorCode {
-	p := new(RpcError_ErrorCode)
-	*p = x
-	return p
-}
-func (x RpcError_ErrorCode) String() string {
-	return proto.EnumName(RpcError_ErrorCode_name, int32(x))
-}
-func (x *RpcError_ErrorCode) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(RpcError_ErrorCode_value, data, "RpcError_ErrorCode")
-	if err != nil {
-		return err
-	}
-	*x = RpcError_ErrorCode(value)
-	return nil
-}
-func (RpcError_ErrorCode) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_remote_api_1978114ec33a273d, []int{2, 0}
-}
-
-type Request struct {
-	ServiceName          *string  `protobuf:"bytes,2,req,name=service_name,json=serviceName" json:"service_name,omitempty"`
-	Method               *string  `protobuf:"bytes,3,req,name=method" json:"method,omitempty"`
-	Request              []byte   `protobuf:"bytes,4,req,name=request" json:"request,omitempty"`
-	RequestId            *string  `protobuf:"bytes,5,opt,name=request_id,json=requestId" json:"request_id,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *Request) Reset()         { *m = Request{} }
-func (m *Request) String() string { return proto.CompactTextString(m) }
-func (*Request) ProtoMessage()    {}
-func (*Request) Descriptor() ([]byte, []int) {
-	return fileDescriptor_remote_api_1978114ec33a273d, []int{0}
-}
-func (m *Request) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Request.Unmarshal(m, b)
-}
-func (m *Request) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Request.Marshal(b, m, deterministic)
-}
-func (dst *Request) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Request.Merge(dst, src)
-}
-func (m *Request) XXX_Size() int {
-	return xxx_messageInfo_Request.Size(m)
-}
-func (m *Request) XXX_DiscardUnknown() {
-	xxx_messageInfo_Request.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Request proto.InternalMessageInfo
-
-func (m *Request) GetServiceName() string {
-	if m != nil && m.ServiceName != nil {
-		return *m.ServiceName
-	}
-	return ""
-}
-
-func (m *Request) GetMethod() string {
-	if m != nil && m.Method != nil {
-		return *m.Method
-	}
-	return ""
-}
-
-func (m *Request) GetRequest() []byte {
-	if m != nil {
-		return m.Request
-	}
-	return nil
-}
-
-func (m *Request) GetRequestId() string {
-	if m != nil && m.RequestId != nil {
-		return *m.RequestId
-	}
-	return ""
-}
-
-type ApplicationError struct {
-	Code                 *int32   `protobuf:"varint,1,req,name=code" json:"code,omitempty"`
-	Detail               *string  `protobuf:"bytes,2,req,name=detail" json:"detail,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *ApplicationError) Reset()         { *m = ApplicationError{} }
-func (m *ApplicationError) String() string { return proto.CompactTextString(m) }
-func (*ApplicationError) ProtoMessage()    {}
-func (*ApplicationError) Descriptor() ([]byte, []int) {
-	return fileDescriptor_remote_api_1978114ec33a273d, []int{1}
-}
-func (m *ApplicationError) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ApplicationError.Unmarshal(m, b)
-}
-func (m *ApplicationError) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ApplicationError.Marshal(b, m, deterministic)
-}
-func (dst *ApplicationError) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ApplicationError.Merge(dst, src)
-}
-func (m *ApplicationError) XXX_Size() int {
-	return xxx_messageInfo_ApplicationError.Size(m)
-}
-func (m *ApplicationError) XXX_DiscardUnknown() {
-	xxx_messageInfo_ApplicationError.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ApplicationError proto.InternalMessageInfo
-
-func (m *ApplicationError) GetCode() int32 {
-	if m != nil && m.Code != nil {
-		return *m.Code
-	}
-	return 0
-}
-
-func (m *ApplicationError) GetDetail() string {
-	if m != nil && m.Detail != nil {
-		return *m.Detail
-	}
-	return ""
-}
-
-type RpcError struct {
-	Code                 *int32   `protobuf:"varint,1,req,name=code" json:"code,omitempty"`
-	Detail               *string  `protobuf:"bytes,2,opt,name=detail" json:"detail,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *RpcError) Reset()         { *m = RpcError{} }
-func (m *RpcError) String() string { return proto.CompactTextString(m) }
-func (*RpcError) ProtoMessage()    {}
-func (*RpcError) Descriptor() ([]byte, []int) {
-	return fileDescriptor_remote_api_1978114ec33a273d, []int{2}
-}
-func (m *RpcError) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_RpcError.Unmarshal(m, b)
-}
-func (m *RpcError) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_RpcError.Marshal(b, m, deterministic)
-}
-func (dst *RpcError) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_RpcError.Merge(dst, src)
-}
-func (m *RpcError) XXX_Size() int {
-	return xxx_messageInfo_RpcError.Size(m)
-}
-func (m *RpcError) XXX_DiscardUnknown() {
-	xxx_messageInfo_RpcError.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_RpcError proto.InternalMessageInfo
-
-func (m *RpcError) GetCode() int32 {
-	if m != nil && m.Code != nil {
-		return *m.Code
-	}
-	return 0
-}
-
-func (m *RpcError) GetDetail() string {
-	if m != nil && m.Detail != nil {
-		return *m.Detail
-	}
-	return ""
-}
-
-type Response struct {
-	Response             []byte            `protobuf:"bytes,1,opt,name=response" json:"response,omitempty"`
-	Exception            []byte            `protobuf:"bytes,2,opt,name=exception" json:"exception,omitempty"`
-	ApplicationError     *ApplicationError `protobuf:"bytes,3,opt,name=application_error,json=applicationError" json:"application_error,omitempty"`
-	JavaException        []byte            `protobuf:"bytes,4,opt,name=java_exception,json=javaException" json:"java_exception,omitempty"`
-	RpcError             *RpcError         `protobuf:"bytes,5,opt,name=rpc_error,json=rpcError" json:"rpc_error,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
-	XXX_unrecognized     []byte            `json:"-"`
-	XXX_sizecache        int32             `json:"-"`
-}
-
-func (m *Response) Reset()         { *m = Response{} }
-func (m *Response) String() string { return proto.CompactTextString(m) }
-func (*Response) ProtoMessage()    {}
-func (*Response) Descriptor() ([]byte, []int) {
-	return fileDescriptor_remote_api_1978114ec33a273d, []int{3}
-}
-func (m *Response) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Response.Unmarshal(m, b)
-}
-func (m *Response) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Response.Marshal(b, m, deterministic)
-}
-func (dst *Response) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Response.Merge(dst, src)
-}
-func (m *Response) XXX_Size() int {
-	return xxx_messageInfo_Response.Size(m)
-}
-func (m *Response) XXX_DiscardUnknown() {
-	xxx_messageInfo_Response.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Response proto.InternalMessageInfo
-
-func (m *Response) GetResponse() []byte {
-	if m != nil {
-		return m.Response
-	}
-	return nil
-}
-
-func (m *Response) GetException() []byte {
-	if m != nil {
-		return m.Exception
-	}
-	return nil
-}
-
-func (m *Response) GetApplicationError() *ApplicationError {
-	if m != nil {
-		return m.ApplicationError
-	}
-	return nil
-}
-
-func (m *Response) GetJavaException() []byte {
-	if m != nil {
-		return m.JavaException
-	}
-	return nil
-}
-
-func (m *Response) GetRpcError() *RpcError {
-	if m != nil {
-		return m.RpcError
-	}
-	return nil
-}
-
-func init() {
-	proto.RegisterType((*Request)(nil), "remote_api.Request")
-	proto.RegisterType((*ApplicationError)(nil), "remote_api.ApplicationError")
-	proto.RegisterType((*RpcError)(nil), "remote_api.RpcError")
-	proto.RegisterType((*Response)(nil), "remote_api.Response")
-}
-
-func init() {
-	proto.RegisterFile("google.golang.org/appengine/internal/remote_api/remote_api.proto", fileDescriptor_remote_api_1978114ec33a273d)
-}
-
-var fileDescriptor_remote_api_1978114ec33a273d = []byte{
-	// 531 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x93, 0x51, 0x6e, 0xd3, 0x40,
-	0x10, 0x86, 0xb1, 0x9b, 0x34, 0xf1, 0xc4, 0x2d, 0xdb, 0xa5, 0x14, 0x0b, 0x15, 0x29, 0x44, 0x42,
-	0xca, 0x53, 0x2a, 0x38, 0x00, 0x62, 0x63, 0x6f, 0x91, 0x85, 0x65, 0xa7, 0x6b, 0xbb, 0x50, 0x5e,
-	0x56, 0x2b, 0x67, 0x65, 0x8c, 0x12, 0xaf, 0xd9, 0x98, 0x8a, 0x17, 0x6e, 0xc0, 0xb5, 0x38, 0x0c,
-	0xb7, 0x40, 0x36, 0x6e, 0x63, 0xf5, 0x89, 0xb7, 0x7f, 0x7e, 0x7b, 0xe6, 0x1b, 0xcd, 0xcc, 0xc2,
-	0xbb, 0x5c, 0xa9, 0x7c, 0x23, 0x17, 0xb9, 0xda, 0x88, 0x32, 0x5f, 0x28, 0x9d, 0x5f, 0x88, 0xaa,
-	0x92, 0x65, 0x5e, 0x94, 0xf2, 0xa2, 0x28, 0x6b, 0xa9, 0x4b, 0xb1, 0xb9, 0xd0, 0x72, 0xab, 0x6a,
-	0xc9, 0x45, 0x55, 0xf4, 0xe4, 0xa2, 0xd2, 0xaa, 0x56, 0x18, 0xf6, 0xce, 0xec, 0x27, 0x8c, 0x98,
-	0xfc, 0xf6, 0x5d, 0xee, 0x6a, 0xfc, 0x12, 0xec, 0x9d, 0xd4, 0xb7, 0x45, 0x26, 0x79, 0x29, 0xb6,
-	0xd2, 0x31, 0xa7, 0xe6, 0xdc, 0x62, 0x93, 0xce, 0x0b, 0xc5, 0x56, 0xe2, 0x33, 0x38, 0xdc, 0xca,
-	0xfa, 0x8b, 0x5a, 0x3b, 0x07, 0xed, 0xc7, 0x2e, 0xc2, 0x0e, 0x8c, 0xf4, 0xbf, 0x2a, 0xce, 0x60,
-	0x6a, 0xce, 0x6d, 0x76, 0x17, 0xe2, 0x17, 0x00, 0x9d, 0xe4, 0xc5, 0xda, 0x19, 0x4e, 0x8d, 0xb9,
-	0xc5, 0xac, 0xce, 0xf1, 0xd7, 0xb3, 0xb7, 0x80, 0x48, 0x55, 0x6d, 0x8a, 0x4c, 0xd4, 0x85, 0x2a,
-	0xa9, 0xd6, 0x4a, 0x63, 0x0c, 0x83, 0x4c, 0xad, 0xa5, 0x63, 0x4c, 0xcd, 0xf9, 0x90, 0xb5, 0xba,
-	0x01, 0xaf, 0x65, 0x2d, 0x8a, 0x4d, 0xd7, 0x55, 0x17, 0xcd, 0x7e, 0x9b, 0x30, 0x66, 0x55, 0xf6,
-	0x7f, 0x89, 0x46, 0x2f, 0xf1, 0x97, 0x09, 0x56, 0x9b, 0xe5, 0x36, 0x7f, 0x4d, 0x60, 0x94, 0x86,
-	0x1f, 0xc2, 0xe8, 0x63, 0x88, 0x1e, 0x61, 0x0c, 0xc7, 0x2e, 0x09, 0x02, 0x1e, 0x46, 0x09, 0xbf,
-	0x8c, 0xd2, 0xd0, 0x43, 0x06, 0x7e, 0x0c, 0x93, 0x15, 0x61, 0x31, 0xe5, 0x94, 0xb1, 0x88, 0x21,
-	0x13, 0x9f, 0x01, 0x8e, 0xa9, 0x9b, 0x32, 0x3f, 0xb9, 0xe1, 0xd7, 0x7e, 0x14, 0x90, 0xc4, 0x8f,
-	0x42, 0x74, 0x80, 0x8f, 0x01, 0xa2, 0x6b, 0xca, 0xf8, 0x55, 0x1a, 0x25, 0x04, 0x0d, 0xf0, 0x53,
-	0x38, 0x61, 0xf4, 0x2a, 0xa5, 0x71, 0xc2, 0x93, 0x28, 0xe2, 0x01, 0x61, 0xef, 0x29, 0x1a, 0xe2,
-	0x67, 0xf0, 0xc4, 0x25, 0x2b, 0xb2, 0xf4, 0x83, 0xa6, 0x80, 0xe7, 0xc7, 0x64, 0x19, 0x50, 0x0f,
-	0x1d, 0xe2, 0x53, 0x40, 0x97, 0x94, 0x24, 0x29, 0xa3, 0x7b, 0x77, 0xd4, 0xe0, 0x97, 0xc4, 0xe3,
-	0x5d, 0x25, 0x34, 0x6e, 0xf0, 0x8c, 0xc6, 0xab, 0x28, 0x8c, 0x69, 0xaf, 0xae, 0x85, 0x8f, 0xc0,
-	0x72, 0x49, 0xe8, 0xd2, 0xa0, 0xc9, 0x03, 0x8c, 0xc0, 0x66, 0x74, 0x15, 0x90, 0x9b, 0xae, 0xef,
-	0x49, 0xd3, 0x8f, 0x47, 0x89, 0x17, 0xf8, 0x21, 0xe5, 0xf4, 0x93, 0x4b, 0xa9, 0x47, 0x3d, 0x64,
-	0xcf, 0xfe, 0x18, 0x30, 0x66, 0x72, 0x57, 0xa9, 0x72, 0x27, 0xf1, 0x73, 0x18, 0xeb, 0x4e, 0x3b,
-	0xc6, 0xd4, 0x98, 0xdb, 0xec, 0x3e, 0xc6, 0xe7, 0x60, 0xc9, 0x1f, 0x99, 0xac, 0x9a, 0x75, 0xb5,
-	0x23, 0xb5, 0xd9, 0xde, 0xc0, 0x3e, 0x9c, 0x88, 0xfd, 0x3a, 0xb9, 0x6c, 0x06, 0xec, 0x1c, 0x4c,
-	0x8d, 0xf9, 0xe4, 0xcd, 0xf9, 0xa2, 0x77, 0x87, 0x0f, 0x77, 0xce, 0x90, 0x78, 0x78, 0x05, 0xaf,
-	0xe0, 0xf8, 0xab, 0xb8, 0x15, 0x7c, 0x4f, 0x1b, 0xb4, 0xb4, 0xa3, 0xc6, 0xa5, 0xf7, 0xc4, 0xd7,
-	0x60, 0xe9, 0x2a, 0xeb, 0x48, 0xc3, 0x96, 0x74, 0xda, 0x27, 0xdd, 0x1d, 0x07, 0x1b, 0xeb, 0x4e,
-	0x2d, 0xed, 0xcf, 0xbd, 0x07, 0xf0, 0x37, 0x00, 0x00, 0xff, 0xff, 0x38, 0xd1, 0x0f, 0x22, 0x4f,
-	0x03, 0x00, 0x00,
-}
diff --git a/vendor/google.golang.org/appengine/internal/remote_api/remote_api.proto b/vendor/google.golang.org/appengine/internal/remote_api/remote_api.proto
deleted file mode 100644
index f21763a4e2..0000000000
--- a/vendor/google.golang.org/appengine/internal/remote_api/remote_api.proto
+++ /dev/null
@@ -1,44 +0,0 @@
-syntax = "proto2";
-option go_package = "remote_api";
-
-package remote_api;
-
-message Request {
-  required string service_name = 2;
-  required string method = 3;
-  required bytes request = 4;
-  optional string request_id = 5;
-}
-
-message ApplicationError {
-  required int32 code = 1;
-  required string detail = 2;
-}
-
-message RpcError {
-  enum ErrorCode {
-    UNKNOWN = 0;
-    CALL_NOT_FOUND = 1;
-    PARSE_ERROR = 2;
-    SECURITY_VIOLATION = 3;
-    OVER_QUOTA = 4;
-    REQUEST_TOO_LARGE = 5;
-    CAPABILITY_DISABLED = 6;
-    FEATURE_DISABLED = 7;
-    BAD_REQUEST = 8;
-    RESPONSE_TOO_LARGE = 9;
-    CANCELLED = 10;
-    REPLAY_ERROR = 11;
-    DEADLINE_EXCEEDED = 12;
-  }
-  required int32 code = 1;
-  optional string detail = 2;
-}
-
-message Response {
-  optional bytes response = 1;
-  optional bytes exception = 2;
-  optional ApplicationError application_error = 3;
-  optional bytes java_exception = 4;
-  optional RpcError rpc_error = 5;
-}
diff --git a/vendor/google.golang.org/appengine/internal/transaction.go b/vendor/google.golang.org/appengine/internal/transaction.go
deleted file mode 100644
index 2ae8ab9fa4..0000000000
--- a/vendor/google.golang.org/appengine/internal/transaction.go
+++ /dev/null
@@ -1,115 +0,0 @@
-// Copyright 2014 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-package internal
-
-// This file implements hooks for applying datastore transactions.
-
-import (
-	"context"
-	"errors"
-	"reflect"
-
-	"github.com/golang/protobuf/proto"
-
-	basepb "google.golang.org/appengine/internal/base"
-	pb "google.golang.org/appengine/internal/datastore"
-)
-
-var transactionSetters = make(map[reflect.Type]reflect.Value)
-
-// RegisterTransactionSetter registers a function that sets transaction information
-// in a protocol buffer message. f should be a function with two arguments,
-// the first being a protocol buffer type, and the second being *datastore.Transaction.
-func RegisterTransactionSetter(f interface{}) {
-	v := reflect.ValueOf(f)
-	transactionSetters[v.Type().In(0)] = v
-}
-
-// applyTransaction applies the transaction t to message pb
-// by using the relevant setter passed to RegisterTransactionSetter.
-func applyTransaction(pb proto.Message, t *pb.Transaction) {
-	v := reflect.ValueOf(pb)
-	if f, ok := transactionSetters[v.Type()]; ok {
-		f.Call([]reflect.Value{v, reflect.ValueOf(t)})
-	}
-}
-
-var transactionKey = "used for *Transaction"
-
-func transactionFromContext(ctx context.Context) *transaction {
-	t, _ := ctx.Value(&transactionKey).(*transaction)
-	return t
-}
-
-func withTransaction(ctx context.Context, t *transaction) context.Context {
-	return context.WithValue(ctx, &transactionKey, t)
-}
-
-type transaction struct {
-	transaction pb.Transaction
-	finished    bool
-}
-
-var ErrConcurrentTransaction = errors.New("internal: concurrent transaction")
-
-func RunTransactionOnce(c context.Context, f func(context.Context) error, xg bool, readOnly bool, previousTransaction *pb.Transaction) (*pb.Transaction, error) {
-	if transactionFromContext(c) != nil {
-		return nil, errors.New("nested transactions are not supported")
-	}
-
-	// Begin the transaction.
-	t := &transaction{}
-	req := &pb.BeginTransactionRequest{
-		App: proto.String(FullyQualifiedAppID(c)),
-	}
-	if xg {
-		req.AllowMultipleEg = proto.Bool(true)
-	}
-	if previousTransaction != nil {
-		req.PreviousTransaction = previousTransaction
-	}
-	if readOnly {
-		req.Mode = pb.BeginTransactionRequest_READ_ONLY.Enum()
-	} else {
-		req.Mode = pb.BeginTransactionRequest_READ_WRITE.Enum()
-	}
-	if err := Call(c, "datastore_v3", "BeginTransaction", req, &t.transaction); err != nil {
-		return nil, err
-	}
-
-	// Call f, rolling back the transaction if f returns a non-nil error, or panics.
-	// The panic is not recovered.
-	defer func() {
-		if t.finished {
-			return
-		}
-		t.finished = true
-		// Ignore the error return value, since we are already returning a non-nil
-		// error (or we're panicking).
-		Call(c, "datastore_v3", "Rollback", &t.transaction, &basepb.VoidProto{})
-	}()
-	if err := f(withTransaction(c, t)); err != nil {
-		return &t.transaction, err
-	}
-	t.finished = true
-
-	// Commit the transaction.
-	res := &pb.CommitResponse{}
-	err := Call(c, "datastore_v3", "Commit", &t.transaction, res)
-	if ae, ok := err.(*APIError); ok {
-		/* TODO: restore this conditional
-		if appengine.IsDevAppServer() {
-		*/
-		// The Python Dev AppServer raises an ApplicationError with error code 2 (which is
-		// Error.CONCURRENT_TRANSACTION) and message "Concurrency exception.".
-		if ae.Code == int32(pb.Error_BAD_REQUEST) && ae.Detail == "ApplicationError: 2 Concurrency exception." {
-			return &t.transaction, ErrConcurrentTransaction
-		}
-		if ae.Code == int32(pb.Error_CONCURRENT_TRANSACTION) {
-			return &t.transaction, ErrConcurrentTransaction
-		}
-	}
-	return &t.transaction, err
-}
diff --git a/vendor/google.golang.org/appengine/internal/urlfetch/urlfetch_service.pb.go b/vendor/google.golang.org/appengine/internal/urlfetch/urlfetch_service.pb.go
deleted file mode 100644
index 5f727750ad..0000000000
--- a/vendor/google.golang.org/appengine/internal/urlfetch/urlfetch_service.pb.go
+++ /dev/null
@@ -1,527 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// source: google.golang.org/appengine/internal/urlfetch/urlfetch_service.proto
-
-package urlfetch
-
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
-
-type URLFetchServiceError_ErrorCode int32
-
-const (
-	URLFetchServiceError_OK                       URLFetchServiceError_ErrorCode = 0
-	URLFetchServiceError_INVALID_URL              URLFetchServiceError_ErrorCode = 1
-	URLFetchServiceError_FETCH_ERROR              URLFetchServiceError_ErrorCode = 2
-	URLFetchServiceError_UNSPECIFIED_ERROR        URLFetchServiceError_ErrorCode = 3
-	URLFetchServiceError_RESPONSE_TOO_LARGE       URLFetchServiceError_ErrorCode = 4
-	URLFetchServiceError_DEADLINE_EXCEEDED        URLFetchServiceError_ErrorCode = 5
-	URLFetchServiceError_SSL_CERTIFICATE_ERROR    URLFetchServiceError_ErrorCode = 6
-	URLFetchServiceError_DNS_ERROR                URLFetchServiceError_ErrorCode = 7
-	URLFetchServiceError_CLOSED                   URLFetchServiceError_ErrorCode = 8
-	URLFetchServiceError_INTERNAL_TRANSIENT_ERROR URLFetchServiceError_ErrorCode = 9
-	URLFetchServiceError_TOO_MANY_REDIRECTS       URLFetchServiceError_ErrorCode = 10
-	URLFetchServiceError_MALFORMED_REPLY          URLFetchServiceError_ErrorCode = 11
-	URLFetchServiceError_CONNECTION_ERROR         URLFetchServiceError_ErrorCode = 12
-)
-
-var URLFetchServiceError_ErrorCode_name = map[int32]string{
-	0:  "OK",
-	1:  "INVALID_URL",
-	2:  "FETCH_ERROR",
-	3:  "UNSPECIFIED_ERROR",
-	4:  "RESPONSE_TOO_LARGE",
-	5:  "DEADLINE_EXCEEDED",
-	6:  "SSL_CERTIFICATE_ERROR",
-	7:  "DNS_ERROR",
-	8:  "CLOSED",
-	9:  "INTERNAL_TRANSIENT_ERROR",
-	10: "TOO_MANY_REDIRECTS",
-	11: "MALFORMED_REPLY",
-	12: "CONNECTION_ERROR",
-}
-var URLFetchServiceError_ErrorCode_value = map[string]int32{
-	"OK":                       0,
-	"INVALID_URL":              1,
-	"FETCH_ERROR":              2,
-	"UNSPECIFIED_ERROR":        3,
-	"RESPONSE_TOO_LARGE":       4,
-	"DEADLINE_EXCEEDED":        5,
-	"SSL_CERTIFICATE_ERROR":    6,
-	"DNS_ERROR":                7,
-	"CLOSED":                   8,
-	"INTERNAL_TRANSIENT_ERROR": 9,
-	"TOO_MANY_REDIRECTS":       10,
-	"MALFORMED_REPLY":          11,
-	"CONNECTION_ERROR":         12,
-}
-
-func (x URLFetchServiceError_ErrorCode) Enum() *URLFetchServiceError_ErrorCode {
-	p := new(URLFetchServiceError_ErrorCode)
-	*p = x
-	return p
-}
-func (x URLFetchServiceError_ErrorCode) String() string {
-	return proto.EnumName(URLFetchServiceError_ErrorCode_name, int32(x))
-}
-func (x *URLFetchServiceError_ErrorCode) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(URLFetchServiceError_ErrorCode_value, data, "URLFetchServiceError_ErrorCode")
-	if err != nil {
-		return err
-	}
-	*x = URLFetchServiceError_ErrorCode(value)
-	return nil
-}
-func (URLFetchServiceError_ErrorCode) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_urlfetch_service_b245a7065f33bced, []int{0, 0}
-}
-
-type URLFetchRequest_RequestMethod int32
-
-const (
-	URLFetchRequest_GET    URLFetchRequest_RequestMethod = 1
-	URLFetchRequest_POST   URLFetchRequest_RequestMethod = 2
-	URLFetchRequest_HEAD   URLFetchRequest_RequestMethod = 3
-	URLFetchRequest_PUT    URLFetchRequest_RequestMethod = 4
-	URLFetchRequest_DELETE URLFetchRequest_RequestMethod = 5
-	URLFetchRequest_PATCH  URLFetchRequest_RequestMethod = 6
-)
-
-var URLFetchRequest_RequestMethod_name = map[int32]string{
-	1: "GET",
-	2: "POST",
-	3: "HEAD",
-	4: "PUT",
-	5: "DELETE",
-	6: "PATCH",
-}
-var URLFetchRequest_RequestMethod_value = map[string]int32{
-	"GET":    1,
-	"POST":   2,
-	"HEAD":   3,
-	"PUT":    4,
-	"DELETE": 5,
-	"PATCH":  6,
-}
-
-func (x URLFetchRequest_RequestMethod) Enum() *URLFetchRequest_RequestMethod {
-	p := new(URLFetchRequest_RequestMethod)
-	*p = x
-	return p
-}
-func (x URLFetchRequest_RequestMethod) String() string {
-	return proto.EnumName(URLFetchRequest_RequestMethod_name, int32(x))
-}
-func (x *URLFetchRequest_RequestMethod) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(URLFetchRequest_RequestMethod_value, data, "URLFetchRequest_RequestMethod")
-	if err != nil {
-		return err
-	}
-	*x = URLFetchRequest_RequestMethod(value)
-	return nil
-}
-func (URLFetchRequest_RequestMethod) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_urlfetch_service_b245a7065f33bced, []int{1, 0}
-}
-
-type URLFetchServiceError struct {
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *URLFetchServiceError) Reset()         { *m = URLFetchServiceError{} }
-func (m *URLFetchServiceError) String() string { return proto.CompactTextString(m) }
-func (*URLFetchServiceError) ProtoMessage()    {}
-func (*URLFetchServiceError) Descriptor() ([]byte, []int) {
-	return fileDescriptor_urlfetch_service_b245a7065f33bced, []int{0}
-}
-func (m *URLFetchServiceError) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_URLFetchServiceError.Unmarshal(m, b)
-}
-func (m *URLFetchServiceError) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_URLFetchServiceError.Marshal(b, m, deterministic)
-}
-func (dst *URLFetchServiceError) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_URLFetchServiceError.Merge(dst, src)
-}
-func (m *URLFetchServiceError) XXX_Size() int {
-	return xxx_messageInfo_URLFetchServiceError.Size(m)
-}
-func (m *URLFetchServiceError) XXX_DiscardUnknown() {
-	xxx_messageInfo_URLFetchServiceError.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_URLFetchServiceError proto.InternalMessageInfo
-
-type URLFetchRequest struct {
-	Method                        *URLFetchRequest_RequestMethod `protobuf:"varint,1,req,name=Method,enum=appengine.URLFetchRequest_RequestMethod" json:"Method,omitempty"`
-	Url                           *string                        `protobuf:"bytes,2,req,name=Url" json:"Url,omitempty"`
-	Header                        []*URLFetchRequest_Header      `protobuf:"group,3,rep,name=Header,json=header" json:"header,omitempty"`
-	Payload                       []byte                         `protobuf:"bytes,6,opt,name=Payload" json:"Payload,omitempty"`
-	FollowRedirects               *bool                          `protobuf:"varint,7,opt,name=FollowRedirects,def=1" json:"FollowRedirects,omitempty"`
-	Deadline                      *float64                       `protobuf:"fixed64,8,opt,name=Deadline" json:"Deadline,omitempty"`
-	MustValidateServerCertificate *bool                          `protobuf:"varint,9,opt,name=MustValidateServerCertificate,def=1" json:"MustValidateServerCertificate,omitempty"`
-	XXX_NoUnkeyedLiteral          struct{}                       `json:"-"`
-	XXX_unrecognized              []byte                         `json:"-"`
-	XXX_sizecache                 int32                          `json:"-"`
-}
-
-func (m *URLFetchRequest) Reset()         { *m = URLFetchRequest{} }
-func (m *URLFetchRequest) String() string { return proto.CompactTextString(m) }
-func (*URLFetchRequest) ProtoMessage()    {}
-func (*URLFetchRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_urlfetch_service_b245a7065f33bced, []int{1}
-}
-func (m *URLFetchRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_URLFetchRequest.Unmarshal(m, b)
-}
-func (m *URLFetchRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_URLFetchRequest.Marshal(b, m, deterministic)
-}
-func (dst *URLFetchRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_URLFetchRequest.Merge(dst, src)
-}
-func (m *URLFetchRequest) XXX_Size() int {
-	return xxx_messageInfo_URLFetchRequest.Size(m)
-}
-func (m *URLFetchRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_URLFetchRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_URLFetchRequest proto.InternalMessageInfo
-
-const Default_URLFetchRequest_FollowRedirects bool = true
-const Default_URLFetchRequest_MustValidateServerCertificate bool = true
-
-func (m *URLFetchRequest) GetMethod() URLFetchRequest_RequestMethod {
-	if m != nil && m.Method != nil {
-		return *m.Method
-	}
-	return URLFetchRequest_GET
-}
-
-func (m *URLFetchRequest) GetUrl() string {
-	if m != nil && m.Url != nil {
-		return *m.Url
-	}
-	return ""
-}
-
-func (m *URLFetchRequest) GetHeader() []*URLFetchRequest_Header {
-	if m != nil {
-		return m.Header
-	}
-	return nil
-}
-
-func (m *URLFetchRequest) GetPayload() []byte {
-	if m != nil {
-		return m.Payload
-	}
-	return nil
-}
-
-func (m *URLFetchRequest) GetFollowRedirects() bool {
-	if m != nil && m.FollowRedirects != nil {
-		return *m.FollowRedirects
-	}
-	return Default_URLFetchRequest_FollowRedirects
-}
-
-func (m *URLFetchRequest) GetDeadline() float64 {
-	if m != nil && m.Deadline != nil {
-		return *m.Deadline
-	}
-	return 0
-}
-
-func (m *URLFetchRequest) GetMustValidateServerCertificate() bool {
-	if m != nil && m.MustValidateServerCertificate != nil {
-		return *m.MustValidateServerCertificate
-	}
-	return Default_URLFetchRequest_MustValidateServerCertificate
-}
-
-type URLFetchRequest_Header struct {
-	Key                  *string  `protobuf:"bytes,4,req,name=Key" json:"Key,omitempty"`
-	Value                *string  `protobuf:"bytes,5,req,name=Value" json:"Value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *URLFetchRequest_Header) Reset()         { *m = URLFetchRequest_Header{} }
-func (m *URLFetchRequest_Header) String() string { return proto.CompactTextString(m) }
-func (*URLFetchRequest_Header) ProtoMessage()    {}
-func (*URLFetchRequest_Header) Descriptor() ([]byte, []int) {
-	return fileDescriptor_urlfetch_service_b245a7065f33bced, []int{1, 0}
-}
-func (m *URLFetchRequest_Header) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_URLFetchRequest_Header.Unmarshal(m, b)
-}
-func (m *URLFetchRequest_Header) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_URLFetchRequest_Header.Marshal(b, m, deterministic)
-}
-func (dst *URLFetchRequest_Header) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_URLFetchRequest_Header.Merge(dst, src)
-}
-func (m *URLFetchRequest_Header) XXX_Size() int {
-	return xxx_messageInfo_URLFetchRequest_Header.Size(m)
-}
-func (m *URLFetchRequest_Header) XXX_DiscardUnknown() {
-	xxx_messageInfo_URLFetchRequest_Header.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_URLFetchRequest_Header proto.InternalMessageInfo
-
-func (m *URLFetchRequest_Header) GetKey() string {
-	if m != nil && m.Key != nil {
-		return *m.Key
-	}
-	return ""
-}
-
-func (m *URLFetchRequest_Header) GetValue() string {
-	if m != nil && m.Value != nil {
-		return *m.Value
-	}
-	return ""
-}
-
-type URLFetchResponse struct {
-	Content               []byte                     `protobuf:"bytes,1,opt,name=Content" json:"Content,omitempty"`
-	StatusCode            *int32                     `protobuf:"varint,2,req,name=StatusCode" json:"StatusCode,omitempty"`
-	Header                []*URLFetchResponse_Header `protobuf:"group,3,rep,name=Header,json=header" json:"header,omitempty"`
-	ContentWasTruncated   *bool                      `protobuf:"varint,6,opt,name=ContentWasTruncated,def=0" json:"ContentWasTruncated,omitempty"`
-	ExternalBytesSent     *int64                     `protobuf:"varint,7,opt,name=ExternalBytesSent" json:"ExternalBytesSent,omitempty"`
-	ExternalBytesReceived *int64                     `protobuf:"varint,8,opt,name=ExternalBytesReceived" json:"ExternalBytesReceived,omitempty"`
-	FinalUrl              *string                    `protobuf:"bytes,9,opt,name=FinalUrl" json:"FinalUrl,omitempty"`
-	ApiCpuMilliseconds    *int64                     `protobuf:"varint,10,opt,name=ApiCpuMilliseconds,def=0" json:"ApiCpuMilliseconds,omitempty"`
-	ApiBytesSent          *int64                     `protobuf:"varint,11,opt,name=ApiBytesSent,def=0" json:"ApiBytesSent,omitempty"`
-	ApiBytesReceived      *int64                     `protobuf:"varint,12,opt,name=ApiBytesReceived,def=0" json:"ApiBytesReceived,omitempty"`
-	XXX_NoUnkeyedLiteral  struct{}                   `json:"-"`
-	XXX_unrecognized      []byte                     `json:"-"`
-	XXX_sizecache         int32                      `json:"-"`
-}
-
-func (m *URLFetchResponse) Reset()         { *m = URLFetchResponse{} }
-func (m *URLFetchResponse) String() string { return proto.CompactTextString(m) }
-func (*URLFetchResponse) ProtoMessage()    {}
-func (*URLFetchResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_urlfetch_service_b245a7065f33bced, []int{2}
-}
-func (m *URLFetchResponse) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_URLFetchResponse.Unmarshal(m, b)
-}
-func (m *URLFetchResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_URLFetchResponse.Marshal(b, m, deterministic)
-}
-func (dst *URLFetchResponse) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_URLFetchResponse.Merge(dst, src)
-}
-func (m *URLFetchResponse) XXX_Size() int {
-	return xxx_messageInfo_URLFetchResponse.Size(m)
-}
-func (m *URLFetchResponse) XXX_DiscardUnknown() {
-	xxx_messageInfo_URLFetchResponse.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_URLFetchResponse proto.InternalMessageInfo
-
-const Default_URLFetchResponse_ContentWasTruncated bool = false
-const Default_URLFetchResponse_ApiCpuMilliseconds int64 = 0
-const Default_URLFetchResponse_ApiBytesSent int64 = 0
-const Default_URLFetchResponse_ApiBytesReceived int64 = 0
-
-func (m *URLFetchResponse) GetContent() []byte {
-	if m != nil {
-		return m.Content
-	}
-	return nil
-}
-
-func (m *URLFetchResponse) GetStatusCode() int32 {
-	if m != nil && m.StatusCode != nil {
-		return *m.StatusCode
-	}
-	return 0
-}
-
-func (m *URLFetchResponse) GetHeader() []*URLFetchResponse_Header {
-	if m != nil {
-		return m.Header
-	}
-	return nil
-}
-
-func (m *URLFetchResponse) GetContentWasTruncated() bool {
-	if m != nil && m.ContentWasTruncated != nil {
-		return *m.ContentWasTruncated
-	}
-	return Default_URLFetchResponse_ContentWasTruncated
-}
-
-func (m *URLFetchResponse) GetExternalBytesSent() int64 {
-	if m != nil && m.ExternalBytesSent != nil {
-		return *m.ExternalBytesSent
-	}
-	return 0
-}
-
-func (m *URLFetchResponse) GetExternalBytesReceived() int64 {
-	if m != nil && m.ExternalBytesReceived != nil {
-		return *m.ExternalBytesReceived
-	}
-	return 0
-}
-
-func (m *URLFetchResponse) GetFinalUrl() string {
-	if m != nil && m.FinalUrl != nil {
-		return *m.FinalUrl
-	}
-	return ""
-}
-
-func (m *URLFetchResponse) GetApiCpuMilliseconds() int64 {
-	if m != nil && m.ApiCpuMilliseconds != nil {
-		return *m.ApiCpuMilliseconds
-	}
-	return Default_URLFetchResponse_ApiCpuMilliseconds
-}
-
-func (m *URLFetchResponse) GetApiBytesSent() int64 {
-	if m != nil && m.ApiBytesSent != nil {
-		return *m.ApiBytesSent
-	}
-	return Default_URLFetchResponse_ApiBytesSent
-}
-
-func (m *URLFetchResponse) GetApiBytesReceived() int64 {
-	if m != nil && m.ApiBytesReceived != nil {
-		return *m.ApiBytesReceived
-	}
-	return Default_URLFetchResponse_ApiBytesReceived
-}
-
-type URLFetchResponse_Header struct {
-	Key                  *string  `protobuf:"bytes,4,req,name=Key" json:"Key,omitempty"`
-	Value                *string  `protobuf:"bytes,5,req,name=Value" json:"Value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *URLFetchResponse_Header) Reset()         { *m = URLFetchResponse_Header{} }
-func (m *URLFetchResponse_Header) String() string { return proto.CompactTextString(m) }
-func (*URLFetchResponse_Header) ProtoMessage()    {}
-func (*URLFetchResponse_Header) Descriptor() ([]byte, []int) {
-	return fileDescriptor_urlfetch_service_b245a7065f33bced, []int{2, 0}
-}
-func (m *URLFetchResponse_Header) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_URLFetchResponse_Header.Unmarshal(m, b)
-}
-func (m *URLFetchResponse_Header) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_URLFetchResponse_Header.Marshal(b, m, deterministic)
-}
-func (dst *URLFetchResponse_Header) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_URLFetchResponse_Header.Merge(dst, src)
-}
-func (m *URLFetchResponse_Header) XXX_Size() int {
-	return xxx_messageInfo_URLFetchResponse_Header.Size(m)
-}
-func (m *URLFetchResponse_Header) XXX_DiscardUnknown() {
-	xxx_messageInfo_URLFetchResponse_Header.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_URLFetchResponse_Header proto.InternalMessageInfo
-
-func (m *URLFetchResponse_Header) GetKey() string {
-	if m != nil && m.Key != nil {
-		return *m.Key
-	}
-	return ""
-}
-
-func (m *URLFetchResponse_Header) GetValue() string {
-	if m != nil && m.Value != nil {
-		return *m.Value
-	}
-	return ""
-}
-
-func init() {
-	proto.RegisterType((*URLFetchServiceError)(nil), "appengine.URLFetchServiceError")
-	proto.RegisterType((*URLFetchRequest)(nil), "appengine.URLFetchRequest")
-	proto.RegisterType((*URLFetchRequest_Header)(nil), "appengine.URLFetchRequest.Header")
-	proto.RegisterType((*URLFetchResponse)(nil), "appengine.URLFetchResponse")
-	proto.RegisterType((*URLFetchResponse_Header)(nil), "appengine.URLFetchResponse.Header")
-}
-
-func init() {
-	proto.RegisterFile("google.golang.org/appengine/internal/urlfetch/urlfetch_service.proto", fileDescriptor_urlfetch_service_b245a7065f33bced)
-}
-
-var fileDescriptor_urlfetch_service_b245a7065f33bced = []byte{
-	// 770 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x54, 0xdd, 0x6e, 0xe3, 0x54,
-	0x10, 0xc6, 0x76, 0x7e, 0xa7, 0x5d, 0x7a, 0x76, 0xb6, 0x45, 0x66, 0xb5, 0xa0, 0x10, 0x09, 0x29,
-	0x17, 0x90, 0x2e, 0x2b, 0x24, 0x44, 0xaf, 0x70, 0xed, 0x93, 0xad, 0xa9, 0x63, 0x47, 0xc7, 0x4e,
-	0x61, 0xb9, 0xb1, 0xac, 0x78, 0x9a, 0x5a, 0xb2, 0xec, 0x60, 0x9f, 0x2c, 0xf4, 0x35, 0x78, 0x0d,
-	0xde, 0x87, 0xa7, 0xe1, 0x02, 0x9d, 0xc4, 0xc9, 0x6e, 0xbb, 0xd1, 0x4a, 0x5c, 0x65, 0xe6, 0x9b,
-	0xef, 0xcc, 0x99, 0x7c, 0xdf, 0xf8, 0x80, 0xb3, 0x2c, 0xcb, 0x65, 0x4e, 0xe3, 0x65, 0x99, 0x27,
-	0xc5, 0x72, 0x5c, 0x56, 0xcb, 0xf3, 0x64, 0xb5, 0xa2, 0x62, 0x99, 0x15, 0x74, 0x9e, 0x15, 0x92,
-	0xaa, 0x22, 0xc9, 0xcf, 0xd7, 0x55, 0x7e, 0x4b, 0x72, 0x71, 0xb7, 0x0f, 0xe2, 0x9a, 0xaa, 0xb7,
-	0xd9, 0x82, 0xc6, 0xab, 0xaa, 0x94, 0x25, 0xf6, 0xf7, 0x67, 0x86, 0x7f, 0xeb, 0x70, 0x3a, 0x17,
-	0xde, 0x44, 0xb1, 0xc2, 0x2d, 0x89, 0x57, 0x55, 0x59, 0x0d, 0xff, 0xd2, 0xa1, 0xbf, 0x89, 0xec,
-	0x32, 0x25, 0xec, 0x80, 0x1e, 0x5c, 0xb3, 0x4f, 0xf0, 0x04, 0x8e, 0x5c, 0xff, 0xc6, 0xf2, 0x5c,
-	0x27, 0x9e, 0x0b, 0x8f, 0x69, 0x0a, 0x98, 0xf0, 0xc8, 0xbe, 0x8a, 0xb9, 0x10, 0x81, 0x60, 0x3a,
-	0x9e, 0xc1, 0xd3, 0xb9, 0x1f, 0xce, 0xb8, 0xed, 0x4e, 0x5c, 0xee, 0x34, 0xb0, 0x81, 0x9f, 0x01,
-	0x0a, 0x1e, 0xce, 0x02, 0x3f, 0xe4, 0x71, 0x14, 0x04, 0xb1, 0x67, 0x89, 0xd7, 0x9c, 0xb5, 0x14,
-	0xdd, 0xe1, 0x96, 0xe3, 0xb9, 0x3e, 0x8f, 0xf9, 0xaf, 0x36, 0xe7, 0x0e, 0x77, 0x58, 0x1b, 0x3f,
-	0x87, 0xb3, 0x30, 0xf4, 0x62, 0x9b, 0x8b, 0xc8, 0x9d, 0xb8, 0xb6, 0x15, 0xf1, 0xa6, 0x53, 0x07,
-	0x9f, 0x40, 0xdf, 0xf1, 0xc3, 0x26, 0xed, 0x22, 0x40, 0xc7, 0xf6, 0x82, 0x90, 0x3b, 0xac, 0x87,
-	0x2f, 0xc0, 0x74, 0xfd, 0x88, 0x0b, 0xdf, 0xf2, 0xe2, 0x48, 0x58, 0x7e, 0xe8, 0x72, 0x3f, 0x6a,
-	0x98, 0x7d, 0x35, 0x82, 0xba, 0x79, 0x6a, 0xf9, 0x6f, 0x62, 0xc1, 0x1d, 0x57, 0x70, 0x3b, 0x0a,
-	0x19, 0xe0, 0x33, 0x38, 0x99, 0x5a, 0xde, 0x24, 0x10, 0x53, 0xee, 0xc4, 0x82, 0xcf, 0xbc, 0x37,
-	0xec, 0x08, 0x4f, 0x81, 0xd9, 0x81, 0xef, 0x73, 0x3b, 0x72, 0x03, 0xbf, 0x69, 0x71, 0x3c, 0xfc,
-	0xc7, 0x80, 0x93, 0x9d, 0x5a, 0x82, 0x7e, 0x5f, 0x53, 0x2d, 0xf1, 0x27, 0xe8, 0x4c, 0x49, 0xde,
-	0x95, 0xa9, 0xa9, 0x0d, 0xf4, 0xd1, 0xa7, 0xaf, 0x46, 0xe3, 0xbd, 0xba, 0xe3, 0x47, 0xdc, 0x71,
-	0xf3, 0xbb, 0xe5, 0x8b, 0xe6, 0x1c, 0x32, 0x30, 0xe6, 0x55, 0x6e, 0xea, 0x03, 0x7d, 0xd4, 0x17,
-	0x2a, 0xc4, 0x1f, 0xa1, 0x73, 0x47, 0x49, 0x4a, 0x95, 0x69, 0x0c, 0x8c, 0x11, 0xbc, 0xfa, 0xea,
-	0x23, 0x3d, 0xaf, 0x36, 0x44, 0xd1, 0x1c, 0xc0, 0x17, 0xd0, 0x9d, 0x25, 0xf7, 0x79, 0x99, 0xa4,
-	0x66, 0x67, 0xa0, 0x8d, 0x8e, 0x2f, 0xf5, 0x9e, 0x26, 0x76, 0x10, 0x8e, 0xe1, 0x64, 0x52, 0xe6,
-	0x79, 0xf9, 0x87, 0xa0, 0x34, 0xab, 0x68, 0x21, 0x6b, 0xb3, 0x3b, 0xd0, 0x46, 0xbd, 0x8b, 0x96,
-	0xac, 0xd6, 0x24, 0x1e, 0x17, 0xf1, 0x39, 0xf4, 0x1c, 0x4a, 0xd2, 0x3c, 0x2b, 0xc8, 0xec, 0x0d,
-	0xb4, 0x91, 0x26, 0xf6, 0x39, 0xfe, 0x0c, 0x5f, 0x4c, 0xd7, 0xb5, 0xbc, 0x49, 0xf2, 0x2c, 0x4d,
-	0x24, 0xa9, 0xed, 0xa1, 0xca, 0xa6, 0x4a, 0x66, 0xb7, 0xd9, 0x22, 0x91, 0x64, 0xf6, 0xdf, 0xeb,
-	0xfc, 0x71, 0xea, 0xf3, 0x97, 0xd0, 0xd9, 0xfe, 0x0f, 0x25, 0xc6, 0x35, 0xdd, 0x9b, 0xad, 0xad,
-	0x18, 0xd7, 0x74, 0x8f, 0xa7, 0xd0, 0xbe, 0x49, 0xf2, 0x35, 0x99, 0xed, 0x0d, 0xb6, 0x4d, 0x86,
-	0x1e, 0x3c, 0x79, 0xa0, 0x26, 0x76, 0xc1, 0x78, 0xcd, 0x23, 0xa6, 0x61, 0x0f, 0x5a, 0xb3, 0x20,
-	0x8c, 0x98, 0xae, 0xa2, 0x2b, 0x6e, 0x39, 0xcc, 0x50, 0xc5, 0xd9, 0x3c, 0x62, 0x2d, 0xb5, 0x2e,
-	0x0e, 0xf7, 0x78, 0xc4, 0x59, 0x1b, 0xfb, 0xd0, 0x9e, 0x59, 0x91, 0x7d, 0xc5, 0x3a, 0xc3, 0x7f,
-	0x0d, 0x60, 0xef, 0x84, 0xad, 0x57, 0x65, 0x51, 0x13, 0x9a, 0xd0, 0xb5, 0xcb, 0x42, 0x52, 0x21,
-	0x4d, 0x4d, 0x49, 0x29, 0x76, 0x29, 0x7e, 0x09, 0x10, 0xca, 0x44, 0xae, 0x6b, 0xf5, 0x71, 0x6c,
-	0x8c, 0x6b, 0x8b, 0xf7, 0x10, 0xbc, 0x78, 0xe4, 0xdf, 0xf0, 0xa0, 0x7f, 0xdb, 0x6b, 0x1e, 0x1b,
-	0xf8, 0x03, 0x3c, 0x6b, 0xae, 0xf9, 0x25, 0xa9, 0xa3, 0x6a, 0x5d, 0x28, 0x81, 0xb6, 0x66, 0xf6,
-	0x2e, 0xda, 0xb7, 0x49, 0x5e, 0x93, 0x38, 0xc4, 0xc0, 0x6f, 0xe0, 0x29, 0xff, 0x73, 0xfb, 0x02,
-	0x5c, 0xde, 0x4b, 0xaa, 0x43, 0x35, 0xb8, 0x72, 0xd7, 0x10, 0x1f, 0x16, 0xf0, 0x7b, 0x38, 0x7b,
-	0x00, 0x0a, 0x5a, 0x50, 0xf6, 0x96, 0xd2, 0x8d, 0xcd, 0x86, 0x38, 0x5c, 0x54, 0xfb, 0x30, 0xc9,
-	0x8a, 0x24, 0x57, 0xfb, 0xaa, 0xec, 0xed, 0x8b, 0x7d, 0x8e, 0xdf, 0x01, 0x5a, 0xab, 0xcc, 0x5e,
-	0xad, 0xa7, 0x59, 0x9e, 0x67, 0x35, 0x2d, 0xca, 0x22, 0xad, 0x4d, 0x50, 0xed, 0x2e, 0xb4, 0x97,
-	0xe2, 0x40, 0x11, 0xbf, 0x86, 0x63, 0x6b, 0x95, 0xbd, 0x9b, 0xf6, 0x68, 0x47, 0x7e, 0x00, 0xe3,
-	0xb7, 0xc0, 0x76, 0xf9, 0x7e, 0xcc, 0xe3, 0x1d, 0xf5, 0x83, 0xd2, 0xff, 0x5f, 0xa6, 0x4b, 0xf8,
-	0xad, 0xb7, 0x7b, 0x2a, 0xff, 0x0b, 0x00, 0x00, 0xff, 0xff, 0x1d, 0x9f, 0x6d, 0x24, 0x63, 0x05,
-	0x00, 0x00,
-}
diff --git a/vendor/google.golang.org/appengine/internal/urlfetch/urlfetch_service.proto b/vendor/google.golang.org/appengine/internal/urlfetch/urlfetch_service.proto
deleted file mode 100644
index f695edf6a9..0000000000
--- a/vendor/google.golang.org/appengine/internal/urlfetch/urlfetch_service.proto
+++ /dev/null
@@ -1,64 +0,0 @@
-syntax = "proto2";
-option go_package = "urlfetch";
-
-package appengine;
-
-message URLFetchServiceError {
-  enum ErrorCode {
-    OK = 0;
-    INVALID_URL = 1;
-    FETCH_ERROR = 2;
-    UNSPECIFIED_ERROR = 3;
-    RESPONSE_TOO_LARGE = 4;
-    DEADLINE_EXCEEDED = 5;
-    SSL_CERTIFICATE_ERROR = 6;
-    DNS_ERROR = 7;
-    CLOSED = 8;
-    INTERNAL_TRANSIENT_ERROR = 9;
-    TOO_MANY_REDIRECTS = 10;
-    MALFORMED_REPLY = 11;
-    CONNECTION_ERROR = 12;
-  }
-}
-
-message URLFetchRequest {
-  enum RequestMethod {
-    GET = 1;
-    POST = 2;
-    HEAD = 3;
-    PUT = 4;
-    DELETE = 5;
-    PATCH = 6;
-  }
-  required RequestMethod Method = 1;
-  required string Url = 2;
-  repeated group Header = 3 {
-    required string Key = 4;
-    required string Value = 5;
-  }
-  optional bytes Payload = 6 [ctype=CORD];
-
-  optional bool FollowRedirects = 7 [default=true];
-
-  optional double Deadline = 8;
-
-  optional bool MustValidateServerCertificate = 9 [default=true];
-}
-
-message URLFetchResponse {
-  optional bytes Content = 1;
-  required int32 StatusCode = 2;
-  repeated group Header = 3 {
-    required string Key = 4;
-    required string Value = 5;
-  }
-  optional bool ContentWasTruncated = 6 [default=false];
-  optional int64 ExternalBytesSent = 7;
-  optional int64 ExternalBytesReceived = 8;
-
-  optional string FinalUrl = 9;
-
-  optional int64 ApiCpuMilliseconds = 10 [default=0];
-  optional int64 ApiBytesSent = 11 [default=0];
-  optional int64 ApiBytesReceived = 12 [default=0];
-}
diff --git a/vendor/google.golang.org/appengine/urlfetch/urlfetch.go b/vendor/google.golang.org/appengine/urlfetch/urlfetch.go
deleted file mode 100644
index 6c0d72418d..0000000000
--- a/vendor/google.golang.org/appengine/urlfetch/urlfetch.go
+++ /dev/null
@@ -1,209 +0,0 @@
-// Copyright 2011 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-// Package urlfetch provides an http.RoundTripper implementation
-// for fetching URLs via App Engine's urlfetch service.
-package urlfetch // import "google.golang.org/appengine/urlfetch"
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/golang/protobuf/proto"
-
-	"google.golang.org/appengine/internal"
-	pb "google.golang.org/appengine/internal/urlfetch"
-)
-
-// Transport is an implementation of http.RoundTripper for
-// App Engine. Users should generally create an http.Client using
-// this transport and use the Client rather than using this transport
-// directly.
-type Transport struct {
-	Context context.Context
-
-	// Controls whether the application checks the validity of SSL certificates
-	// over HTTPS connections. A value of false (the default) instructs the
-	// application to send a request to the server only if the certificate is
-	// valid and signed by a trusted certificate authority (CA), and also
-	// includes a hostname that matches the certificate. A value of true
-	// instructs the application to perform no certificate validation.
-	AllowInvalidServerCertificate bool
-}
-
-// Verify statically that *Transport implements http.RoundTripper.
-var _ http.RoundTripper = (*Transport)(nil)
-
-// Client returns an *http.Client using a default urlfetch Transport. This
-// client will check the validity of SSL certificates.
-//
-// Any deadline of the provided context will be used for requests through this client.
-// If the client does not have a deadline, then an App Engine default of 60 second is used.
-func Client(ctx context.Context) *http.Client {
-	return &http.Client{
-		Transport: &Transport{
-			Context: ctx,
-		},
-	}
-}
-
-type bodyReader struct {
-	content   []byte
-	truncated bool
-	closed    bool
-}
-
-// ErrTruncatedBody is the error returned after the final Read() from a
-// response's Body if the body has been truncated by App Engine's proxy.
-var ErrTruncatedBody = errors.New("urlfetch: truncated body")
-
-func statusCodeToText(code int) string {
-	if t := http.StatusText(code); t != "" {
-		return t
-	}
-	return strconv.Itoa(code)
-}
-
-func (br *bodyReader) Read(p []byte) (n int, err error) {
-	if br.closed {
-		if br.truncated {
-			return 0, ErrTruncatedBody
-		}
-		return 0, io.EOF
-	}
-	n = copy(p, br.content)
-	if n > 0 {
-		br.content = br.content[n:]
-		return
-	}
-	if br.truncated {
-		br.closed = true
-		return 0, ErrTruncatedBody
-	}
-	return 0, io.EOF
-}
-
-func (br *bodyReader) Close() error {
-	br.closed = true
-	br.content = nil
-	return nil
-}
-
-// A map of the URL Fetch-accepted methods that take a request body.
-var methodAcceptsRequestBody = map[string]bool{
-	"POST":  true,
-	"PUT":   true,
-	"PATCH": true,
-}
-
-// urlString returns a valid string given a URL. This function is necessary because
-// the String method of URL doesn't correctly handle URLs with non-empty Opaque values.
-// See http://code.google.com/p/go/issues/detail?id=4860.
-func urlString(u *url.URL) string {
-	if u.Opaque == "" || strings.HasPrefix(u.Opaque, "//") {
-		return u.String()
-	}
-	aux := *u
-	aux.Opaque = "//" + aux.Host + aux.Opaque
-	return aux.String()
-}
-
-// RoundTrip issues a single HTTP request and returns its response. Per the
-// http.RoundTripper interface, RoundTrip only returns an error if there
-// was an unsupported request or the URL Fetch proxy fails.
-// Note that HTTP response codes such as 5xx, 403, 404, etc are not
-// errors as far as the transport is concerned and will be returned
-// with err set to nil.
-func (t *Transport) RoundTrip(req *http.Request) (res *http.Response, err error) {
-	methNum, ok := pb.URLFetchRequest_RequestMethod_value[req.Method]
-	if !ok {
-		return nil, fmt.Errorf("urlfetch: unsupported HTTP method %q", req.Method)
-	}
-
-	method := pb.URLFetchRequest_RequestMethod(methNum)
-
-	freq := &pb.URLFetchRequest{
-		Method:                        &method,
-		Url:                           proto.String(urlString(req.URL)),
-		FollowRedirects:               proto.Bool(false), // http.Client's responsibility
-		MustValidateServerCertificate: proto.Bool(!t.AllowInvalidServerCertificate),
-	}
-	if deadline, ok := t.Context.Deadline(); ok {
-		freq.Deadline = proto.Float64(deadline.Sub(time.Now()).Seconds())
-	}
-
-	for k, vals := range req.Header {
-		for _, val := range vals {
-			freq.Header = append(freq.Header, &pb.URLFetchRequest_Header{
-				Key:   proto.String(k),
-				Value: proto.String(val),
-			})
-		}
-	}
-	if methodAcceptsRequestBody[req.Method] && req.Body != nil {
-		// Avoid a []byte copy if req.Body has a Bytes method.
-		switch b := req.Body.(type) {
-		case interface {
-			Bytes() []byte
-		}:
-			freq.Payload = b.Bytes()
-		default:
-			freq.Payload, err = ioutil.ReadAll(req.Body)
-			if err != nil {
-				return nil, err
-			}
-		}
-	}
-
-	fres := &pb.URLFetchResponse{}
-	if err := internal.Call(t.Context, "urlfetch", "Fetch", freq, fres); err != nil {
-		return nil, err
-	}
-
-	res = &http.Response{}
-	res.StatusCode = int(*fres.StatusCode)
-	res.Status = fmt.Sprintf("%d %s", res.StatusCode, statusCodeToText(res.StatusCode))
-	res.Header = make(http.Header)
-	res.Request = req
-
-	// Faked:
-	res.ProtoMajor = 1
-	res.ProtoMinor = 1
-	res.Proto = "HTTP/1.1"
-	res.Close = true
-
-	for _, h := range fres.Header {
-		hkey := http.CanonicalHeaderKey(*h.Key)
-		hval := *h.Value
-		if hkey == "Content-Length" {
-			// Will get filled in below for all but HEAD requests.
-			if req.Method == "HEAD" {
-				res.ContentLength, _ = strconv.ParseInt(hval, 10, 64)
-			}
-			continue
-		}
-		res.Header.Add(hkey, hval)
-	}
-
-	if req.Method != "HEAD" {
-		res.ContentLength = int64(len(fres.Content))
-	}
-
-	truncated := fres.GetContentWasTruncated()
-	res.Body = &bodyReader{content: fres.Content, truncated: truncated}
-	return
-}
-
-func init() {
-	internal.RegisterErrorCodeMap("urlfetch", pb.URLFetchServiceError_ErrorCode_name)
-	internal.RegisterTimeoutErrorCode("urlfetch", int32(pb.URLFetchServiceError_DEADLINE_EXCEEDED))
-}
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go
index 191bea48c8..8b462f3dfe 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2015 Google LLC
+// Copyright 2024 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.12.2
+// 	protoc        v4.24.4
 // source: google/api/annotations.proto
 
 package annotations
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go
index 83774fbcbe..636edb460a 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Google LLC
+// Copyright 2024 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.12
+// 	protoc        v4.24.4
 // source: google/api/client.proto
 
 package annotations
@@ -409,6 +409,9 @@ type Publishing struct {
 	// Optional link to proto reference documentation.  Example:
 	// https://cloud.google.com/pubsub/lite/docs/reference/rpc
 	ProtoReferenceDocumentationUri string `protobuf:"bytes,110,opt,name=proto_reference_documentation_uri,json=protoReferenceDocumentationUri,proto3" json:"proto_reference_documentation_uri,omitempty"`
+	// Optional link to REST reference documentation.  Example:
+	// https://cloud.google.com/pubsub/lite/docs/reference/rest
+	RestReferenceDocumentationUri string `protobuf:"bytes,111,opt,name=rest_reference_documentation_uri,json=restReferenceDocumentationUri,proto3" json:"rest_reference_documentation_uri,omitempty"`
 }
 
 func (x *Publishing) Reset() {
@@ -513,6 +516,13 @@ func (x *Publishing) GetProtoReferenceDocumentationUri() string {
 	return ""
 }
 
+func (x *Publishing) GetRestReferenceDocumentationUri() string {
+	if x != nil {
+		return x.RestReferenceDocumentationUri
+	}
+	return ""
+}
+
 // Settings for Java client libraries.
 type JavaSettings struct {
 	state         protoimpl.MessageState
@@ -1033,6 +1043,18 @@ type MethodSettings struct {
 	//	        total_poll_timeout:
 	//	           seconds: 54000 # 90 minutes
 	LongRunning *MethodSettings_LongRunning `protobuf:"bytes,2,opt,name=long_running,json=longRunning,proto3" json:"long_running,omitempty"`
+	// List of top-level fields of the request message, that should be
+	// automatically populated by the client libraries based on their
+	// (google.api.field_info).format. Currently supported format: UUID4.
+	//
+	// Example of a YAML configuration:
+	//
+	//	publishing:
+	//	  method_settings:
+	//	    - selector: google.example.v1.ExampleService.CreateExample
+	//	      auto_populated_fields:
+	//	      - request_id
+	AutoPopulatedFields []string `protobuf:"bytes,3,rep,name=auto_populated_fields,json=autoPopulatedFields,proto3" json:"auto_populated_fields,omitempty"`
 }
 
 func (x *MethodSettings) Reset() {
@@ -1081,6 +1103,13 @@ func (x *MethodSettings) GetLongRunning() *MethodSettings_LongRunning {
 	return nil
 }
 
+func (x *MethodSettings) GetAutoPopulatedFields() []string {
+	if x != nil {
+		return x.AutoPopulatedFields
+	}
+	return nil
+}
+
 // Describes settings to use when generating API methods that use the
 // long-running operation pattern.
 // All default values below are from those used in the client library
@@ -1191,6 +1220,14 @@ var file_google_api_client_proto_extTypes = []protoimpl.ExtensionInfo{
 		Tag:           "bytes,1050,opt,name=oauth_scopes",
 		Filename:      "google/api/client.proto",
 	},
+	{
+		ExtendedType:  (*descriptorpb.ServiceOptions)(nil),
+		ExtensionType: (*string)(nil),
+		Field:         525000001,
+		Name:          "google.api.api_version",
+		Tag:           "bytes,525000001,opt,name=api_version",
+		Filename:      "google/api/client.proto",
+	},
 }
 
 // Extension fields to descriptorpb.MethodOptions.
@@ -1272,6 +1309,23 @@ var (
 	//
 	// optional string oauth_scopes = 1050;
 	E_OauthScopes = &file_google_api_client_proto_extTypes[2]
+	// The API version of this service, which should be sent by version-aware
+	// clients to the service. This allows services to abide by the schema and
+	// behavior of the service at the time this API version was deployed.
+	// The format of the API version must be treated as opaque by clients.
+	// Services may use a format with an apparent structure, but clients must
+	// not rely on this to determine components within an API version, or attempt
+	// to construct other valid API versions. Note that this is for upcoming
+	// functionality and may not be implemented for all services.
+	//
+	// Example:
+	//
+	//	service Foo {
+	//	  option (google.api.api_version) = "v1_20230821_preview";
+	//	}
+	//
+	// optional string api_version = 525000001;
+	E_ApiVersion = &file_google_api_client_proto_extTypes[3]
 )
 
 var File_google_api_client_proto protoreflect.FileDescriptor
@@ -1336,7 +1390,7 @@ var file_google_api_client_proto_rawDesc = []byte{
 	0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x0b, 0x32,
 	0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x47, 0x6f, 0x53,
 	0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0a, 0x67, 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69,
-	0x6e, 0x67, 0x73, 0x22, 0xab, 0x04, 0x0a, 0x0a, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x69,
+	0x6e, 0x67, 0x73, 0x22, 0xf4, 0x04, 0x0a, 0x0a, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x69,
 	0x6e, 0x67, 0x12, 0x43, 0x0a, 0x0f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x73, 0x65, 0x74,
 	0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f,
 	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53,
@@ -1371,150 +1425,163 @@ var file_google_api_client_proto_rawDesc = []byte{
 	0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x6e, 0x20, 0x01, 0x28,
 	0x09, 0x52, 0x1e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63,
 	0x65, 0x44, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72,
-	0x69, 0x22, 0x9a, 0x02, 0x0a, 0x0c, 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e,
-	0x67, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x5f, 0x70, 0x61,
-	0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6c, 0x69, 0x62,
-	0x72, 0x61, 0x72, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x5f, 0x0a, 0x13, 0x73,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x6e, 0x61, 0x6d,
-	0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e,
-	0x67, 0x73, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e,
-	0x61, 0x6d, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x06,
-	0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
-	0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73,
-	0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x1a, 0x44, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76,
+	0x69, 0x12, 0x47, 0x0a, 0x20, 0x72, 0x65, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65,
+	0x6e, 0x63, 0x65, 0x5f, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x6f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1d, 0x72, 0x65, 0x73,
+	0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x44, 0x6f, 0x63, 0x75, 0x6d, 0x65,
+	0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x69, 0x22, 0x9a, 0x02, 0x0a, 0x0c, 0x4a,
+	0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6c,
+	0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x50, 0x61, 0x63,
+	0x6b, 0x61, 0x67, 0x65, 0x12, 0x5f, 0x0a, 0x13, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f,
+	0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4a,
+	0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x53, 0x65, 0x72, 0x76,
 	0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x45, 0x6e, 0x74,
-	0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x49,
-	0x0a, 0x0b, 0x43, 0x70, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a,
-	0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f,
-	0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67,
-	0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x49, 0x0a, 0x0b, 0x50, 0x68, 0x70,
-	0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d,
-	0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67,
-	0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f,
-	0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x4c, 0x0a, 0x0e, 0x50, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x53, 0x65,
+	0x72, 0x79, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73,
+	0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61,
+	0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67,
+	0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f,
+	0x6e, 0x1a, 0x44, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73,
+	0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b,
+	0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x49, 0x0a, 0x0b, 0x43, 0x70, 0x70, 0x53, 0x65,
 	0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
 	0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
 	0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61,
 	0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d,
-	0x6f, 0x6e, 0x22, 0x4a, 0x0a, 0x0c, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e,
-	0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e,
-	0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65,
-	0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0xae,
-	0x04, 0x0a, 0x0e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67,
+	0x6f, 0x6e, 0x22, 0x49, 0x0a, 0x0b, 0x50, 0x68, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67,
 	0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28,
 	0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43,
 	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74,
-	0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x12, 0x5a, 0x0a,
-	0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
-	0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69,
-	0x6e, 0x67, 0x73, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65,
-	0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x5d, 0x0a, 0x11, 0x72, 0x65, 0x6e,
-	0x61, 0x6d, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x03,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70,
-	0x69, 0x2e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73,
-	0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
-	0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52,
-	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x69, 0x67, 0x6e, 0x6f,
-	0x72, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x04, 0x20,
-	0x03, 0x28, 0x09, 0x52, 0x10, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f,
-	0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x18, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x5f,
-	0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x65,
-	0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x16, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x4e,
-	0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x65, 0x73, 0x12,
-	0x35, 0x0a, 0x16, 0x68, 0x61, 0x6e, 0x64, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x5f, 0x73,
-	0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52,
-	0x15, 0x68, 0x61, 0x6e, 0x64, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x53, 0x69, 0x67, 0x6e,
-	0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x1a, 0x42, 0x0a, 0x14, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65,
-	0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
-	0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
-	0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x43, 0x0a, 0x15, 0x52, 0x65,
-	0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x45, 0x6e,
-	0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22,
-	0x4a, 0x0a, 0x0c, 0x52, 0x75, 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12,
+	0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x4c, 0x0a,
+	0x0e, 0x50, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12,
 	0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
 	0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d,
 	0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69,
-	0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x48, 0x0a, 0x0a, 0x47,
-	0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d,
-	0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e,
-	0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63,
-	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x8e, 0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
-	0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65,
-	0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65,
-	0x63, 0x74, 0x6f, 0x72, 0x12, 0x49, 0x0a, 0x0c, 0x6c, 0x6f, 0x6e, 0x67, 0x5f, 0x72, 0x75, 0x6e,
-	0x6e, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x65,
-	0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69,
-	0x6e, 0x67, 0x52, 0x0b, 0x6c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x1a,
-	0x94, 0x02, 0x0a, 0x0b, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12,
-	0x47, 0x0a, 0x12, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f,
-	0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x50,
-	0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x6f, 0x6c, 0x6c,
-	0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65,
-	0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x02, 0x52, 0x13, 0x70, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c,
-	0x61, 0x79, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, 0x72, 0x12, 0x3f, 0x0a, 0x0e,
-	0x6d, 0x61, 0x78, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x0c, 0x6d, 0x61, 0x78, 0x50, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x47, 0x0a,
-	0x12, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x74, 0x69, 0x6d, 0x65,
-	0x6f, 0x75, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x6f, 0x6c, 0x6c, 0x54,
-	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x2a, 0xa3, 0x01, 0x0a, 0x19, 0x43, 0x6c, 0x69, 0x65, 0x6e,
-	0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x27, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x4c,
-	0x49, 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, 0x4f, 0x52, 0x47, 0x41, 0x4e, 0x49, 0x5a, 0x41, 0x54,
+	0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x4a, 0x0a, 0x0c, 0x4e,
+	0x6f, 0x64, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63,
+	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c,
+	0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52,
+	0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0xae, 0x04, 0x0a, 0x0e, 0x44, 0x6f, 0x74, 0x6e,
+	0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f,
+	0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61,
+	0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06,
+	0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x12, 0x5a, 0x0a, 0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65,
+	0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x6f,
+	0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x52, 0x65, 0x6e,
+	0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x52, 0x0f, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x73, 0x12, 0x5d, 0x0a, 0x11, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x5f, 0x72, 0x65,
+	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x6f, 0x74, 0x6e, 0x65,
+	0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65,
+	0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52,
+	0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x73, 0x12, 0x2b, 0x0a, 0x11, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x69, 0x67,
+	0x6e, 0x6f, 0x72, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x38,
+	0x0a, 0x18, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61,
+	0x63, 0x65, 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09,
+	0x52, 0x16, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63,
+	0x65, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x65, 0x73, 0x12, 0x35, 0x0a, 0x16, 0x68, 0x61, 0x6e, 0x64,
+	0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72,
+	0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x68, 0x61, 0x6e, 0x64, 0x77, 0x72,
+	0x69, 0x74, 0x74, 0x65, 0x6e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x1a,
+	0x42, 0x0a, 0x14, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a,
+	0x02, 0x38, 0x01, 0x1a, 0x43, 0x0a, 0x15, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65,
+	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
+	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14,
+	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76,
+	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x4a, 0x0a, 0x0c, 0x52, 0x75, 0x62, 0x79,
+	0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d,
+	0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67,
+	0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f,
+	0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x48, 0x0a, 0x0a, 0x47, 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e,
+	0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e,
+	0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65,
+	0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0xc2,
+	0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67,
+	0x73, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x49, 0x0a,
+	0x0c, 0x6c, 0x6f, 0x6e, 0x67, 0x5f, 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69,
+	0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e,
+	0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x0b, 0x6c, 0x6f, 0x6e,
+	0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x32, 0x0a, 0x15, 0x61, 0x75, 0x74, 0x6f,
+	0x5f, 0x70, 0x6f, 0x70, 0x75, 0x6c, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x65, 0x6c, 0x64,
+	0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x13, 0x61, 0x75, 0x74, 0x6f, 0x50, 0x6f, 0x70,
+	0x75, 0x6c, 0x61, 0x74, 0x65, 0x64, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x73, 0x1a, 0x94, 0x02, 0x0a,
+	0x0b, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x47, 0x0a, 0x12,
+	0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65, 0x6c,
+	0x61, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x10, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x50, 0x6f, 0x6c, 0x6c,
+	0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65,
+	0x6c, 0x61, 0x79, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, 0x72, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x02, 0x52, 0x13, 0x70, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x4d,
+	0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, 0x72, 0x12, 0x3f, 0x0a, 0x0e, 0x6d, 0x61, 0x78,
+	0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x6d, 0x61,
+	0x78, 0x50, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x47, 0x0a, 0x12, 0x74, 0x6f,
+	0x74, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x10, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x6f, 0x6c, 0x6c, 0x54, 0x69, 0x6d, 0x65,
+	0x6f, 0x75, 0x74, 0x2a, 0xa3, 0x01, 0x0a, 0x19, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69,
+	0x62, 0x72, 0x61, 0x72, 0x79, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x12, 0x2b, 0x0a, 0x27, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x4c, 0x49, 0x42, 0x52,
+	0x41, 0x52, 0x59, 0x5f, 0x4f, 0x52, 0x47, 0x41, 0x4e, 0x49, 0x5a, 0x41, 0x54, 0x49, 0x4f, 0x4e,
+	0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09,
+	0x0a, 0x05, 0x43, 0x4c, 0x4f, 0x55, 0x44, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x44, 0x53,
+	0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x48, 0x4f, 0x54, 0x4f, 0x53, 0x10, 0x03, 0x12, 0x0f,
+	0x0a, 0x0b, 0x53, 0x54, 0x52, 0x45, 0x45, 0x54, 0x5f, 0x56, 0x49, 0x45, 0x57, 0x10, 0x04, 0x12,
+	0x0c, 0x0a, 0x08, 0x53, 0x48, 0x4f, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x10, 0x05, 0x12, 0x07, 0x0a,
+	0x03, 0x47, 0x45, 0x4f, 0x10, 0x06, 0x12, 0x11, 0x0a, 0x0d, 0x47, 0x45, 0x4e, 0x45, 0x52, 0x41,
+	0x54, 0x49, 0x56, 0x45, 0x5f, 0x41, 0x49, 0x10, 0x07, 0x2a, 0x67, 0x0a, 0x18, 0x43, 0x6c, 0x69,
+	0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x26, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f,
+	0x4c, 0x49, 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, 0x44, 0x45, 0x53, 0x54, 0x49, 0x4e, 0x41, 0x54,
 	0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
-	0x00, 0x12, 0x09, 0x0a, 0x05, 0x43, 0x4c, 0x4f, 0x55, 0x44, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03,
-	0x41, 0x44, 0x53, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x48, 0x4f, 0x54, 0x4f, 0x53, 0x10,
-	0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x53, 0x54, 0x52, 0x45, 0x45, 0x54, 0x5f, 0x56, 0x49, 0x45, 0x57,
-	0x10, 0x04, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x4f, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x10, 0x05,
-	0x12, 0x07, 0x0a, 0x03, 0x47, 0x45, 0x4f, 0x10, 0x06, 0x12, 0x11, 0x0a, 0x0d, 0x47, 0x45, 0x4e,
-	0x45, 0x52, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, 0x41, 0x49, 0x10, 0x07, 0x2a, 0x67, 0x0a, 0x18,
-	0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x44, 0x65, 0x73,
-	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x26, 0x43, 0x4c, 0x49, 0x45,
-	0x4e, 0x54, 0x5f, 0x4c, 0x49, 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, 0x44, 0x45, 0x53, 0x54, 0x49,
-	0x4e, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
-	0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x47, 0x49, 0x54, 0x48, 0x55, 0x42, 0x10, 0x0a,
-	0x12, 0x13, 0x0a, 0x0f, 0x50, 0x41, 0x43, 0x4b, 0x41, 0x47, 0x45, 0x5f, 0x4d, 0x41, 0x4e, 0x41,
-	0x47, 0x45, 0x52, 0x10, 0x14, 0x3a, 0x4a, 0x0a, 0x10, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f,
-	0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68,
-	0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9b, 0x08, 0x20, 0x03, 0x28, 0x09,
-	0x52, 0x0f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72,
-	0x65, 0x3a, 0x43, 0x0a, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x68, 0x6f, 0x73,
-	0x74, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x18, 0x99, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x66, 0x61, 0x75,
-	0x6c, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x43, 0x0a, 0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x5f,
-	0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
-	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9a, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
-	0x6f, 0x61, 0x75, 0x74, 0x68, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x42, 0x69, 0x0a, 0x0e, 0x63,
-	0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x0b, 0x43,
-	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x41, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f,
-	0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61,
-	0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0xa2,
-	0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x00, 0x12, 0x0a, 0x0a, 0x06, 0x47, 0x49, 0x54, 0x48, 0x55, 0x42, 0x10, 0x0a, 0x12, 0x13, 0x0a,
+	0x0f, 0x50, 0x41, 0x43, 0x4b, 0x41, 0x47, 0x45, 0x5f, 0x4d, 0x41, 0x4e, 0x41, 0x47, 0x45, 0x52,
+	0x10, 0x14, 0x3a, 0x4a, 0x0a, 0x10, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x73, 0x69, 0x67,
+	0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9b, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x6d,
+	0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x3a, 0x43,
+	0x0a, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x1f,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
+	0x99, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x48,
+	0x6f, 0x73, 0x74, 0x3a, 0x43, 0x0a, 0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x63, 0x6f,
+	0x70, 0x65, 0x73, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9a, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6f, 0x61, 0x75,
+	0x74, 0x68, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x3a, 0x44, 0x0a, 0x0b, 0x61, 0x70, 0x69, 0x5f,
+	0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xc1, 0xba, 0xab, 0xfa, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0a, 0x61, 0x70, 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x69,
+	0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69,
+	0x42, 0x0b, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
+	0x41, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f,
+	0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x33,
 }
 
 var (
@@ -1587,10 +1654,11 @@ var file_google_api_client_proto_depIdxs = []int32{
 	20, // 28: google.api.method_signature:extendee -> google.protobuf.MethodOptions
 	21, // 29: google.api.default_host:extendee -> google.protobuf.ServiceOptions
 	21, // 30: google.api.oauth_scopes:extendee -> google.protobuf.ServiceOptions
-	31, // [31:31] is the sub-list for method output_type
-	31, // [31:31] is the sub-list for method input_type
-	31, // [31:31] is the sub-list for extension type_name
-	28, // [28:31] is the sub-list for extension extendee
+	21, // 31: google.api.api_version:extendee -> google.protobuf.ServiceOptions
+	32, // [32:32] is the sub-list for method output_type
+	32, // [32:32] is the sub-list for method input_type
+	32, // [32:32] is the sub-list for extension type_name
+	28, // [28:32] is the sub-list for extension extendee
 	0,  // [0:28] is the sub-list for field type_name
 }
 
@@ -1764,7 +1832,7 @@ func file_google_api_client_proto_init() {
 			RawDescriptor: file_google_api_client_proto_rawDesc,
 			NumEnums:      2,
 			NumMessages:   16,
-			NumExtensions: 3,
+			NumExtensions: 4,
 			NumServices:   0,
 		},
 		GoTypes:           file_google_api_client_proto_goTypes,
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go
index 6ce01ac9a6..08505ba3fe 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Google LLC
+// Copyright 2024 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.12
+// 	protoc        v4.24.4
 // source: google/api/field_behavior.proto
 
 package annotations
@@ -195,21 +195,21 @@ var file_google_api_field_behavior_proto_rawDesc = []byte{
 	0x0e, 0x55, 0x4e, 0x4f, 0x52, 0x44, 0x45, 0x52, 0x45, 0x44, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10,
 	0x06, 0x12, 0x15, 0x0a, 0x11, 0x4e, 0x4f, 0x4e, 0x5f, 0x45, 0x4d, 0x50, 0x54, 0x59, 0x5f, 0x44,
 	0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x07, 0x12, 0x0e, 0x0a, 0x0a, 0x49, 0x44, 0x45, 0x4e,
-	0x54, 0x49, 0x46, 0x49, 0x45, 0x52, 0x10, 0x08, 0x3a, 0x60, 0x0a, 0x0e, 0x66, 0x69, 0x65, 0x6c,
+	0x54, 0x49, 0x46, 0x49, 0x45, 0x52, 0x10, 0x08, 0x3a, 0x64, 0x0a, 0x0e, 0x66, 0x69, 0x65, 0x6c,
 	0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x12, 0x1d, 0x2e, 0x67, 0x6f, 0x6f,
 	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65,
 	0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9c, 0x08, 0x20, 0x03, 0x28, 0x0e,
 	0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x46, 0x69,
-	0x65, 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x52, 0x0d, 0x66, 0x69, 0x65,
-	0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x42, 0x70, 0x0a, 0x0e, 0x63, 0x6f,
-	0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x12, 0x46, 0x69,
-	0x65, 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f,
-	0x50, 0x01, 0x5a, 0x41, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e,
-	0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e,
-	0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x33,
+	0x65, 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x42, 0x02, 0x10, 0x00, 0x52,
+	0x0d, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x42, 0x70,
+	0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69,
+	0x42, 0x12, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x41, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67,
+	0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70,
+	0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e,
+	0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49,
+	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/field_info.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_info.pb.go
index d02e6bbc89..d339dfb02a 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/annotations/field_info.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_info.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Google LLC
+// Copyright 2024 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.12
+// 	protoc        v4.24.4
 // source: google/api/field_info.proto
 
 package annotations
@@ -56,9 +56,9 @@ const (
 	FieldInfo_IPV4 FieldInfo_Format = 2
 	// Internet Protocol v6 value as defined by [RFC
 	// 2460](https://datatracker.ietf.org/doc/html/rfc2460). The value may be
-	// normalized to entirely lowercase letters, and zero-padded partial and
-	// empty octets. For example, the value `2001:DB8::` would be normalized to
-	// `2001:0db8:0:0`.
+	// normalized to entirely lowercase letters with zeros compressed, following
+	// [RFC 5952](https://datatracker.ietf.org/doc/html/rfc5952). For example,
+	// the value `2001:0DB8:0::0` would be normalized to `2001:db8::`.
 	FieldInfo_IPV6 FieldInfo_Format = 3
 	// An IP address in either v4 or v6 format as described by the individual
 	// values defined herein. See the comments on the IPV4 and IPV6 types for
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go
index 8a0e1c345b..76ea76df33 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Google LLC
+// Copyright 2024 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.9
+// 	protoc        v4.24.4
 // source: google/api/http.proto
 
 package annotations
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go
index bbcc12d29c..7a3fd93fcd 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Google LLC
+// Copyright 2024 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.9
+// 	protoc        v4.24.4
 // source: google/api/resource.proto
 
 package annotations
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go
index 9a9ae04c29..1d8397b02b 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Google LLC
+// Copyright 2024 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.9
+// 	protoc        v4.24.4
 // source: google/api/routing.proto
 
 package annotations
diff --git a/vendor/google.golang.org/genproto/googleapis/api/httpbody/httpbody.pb.go b/vendor/google.golang.org/genproto/googleapis/api/httpbody/httpbody.pb.go
index 3543268f84..e7d3805e36 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/httpbody/httpbody.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/httpbody/httpbody.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Google LLC
+// Copyright 2024 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.9
+// 	protoc        v4.24.4
 // source: google/api/httpbody.proto
 
 package httpbody
diff --git a/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go b/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go
index 454948669d..498020e33c 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Google LLC
+// Copyright 2024 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.9
+// 	protoc        v4.24.4
 // source: google/api/launch_stage.proto
 
 package api
diff --git a/vendor/google.golang.org/genproto/googleapis/api/tidyfix.go b/vendor/google.golang.org/genproto/googleapis/api/tidyfix.go
deleted file mode 100644
index 1d3f1b5b7e..0000000000
--- a/vendor/google.golang.org/genproto/googleapis/api/tidyfix.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright 2023 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// This file, and the {{.RootMod}} import, won't actually become part of
-// the resultant binary.
-//go:build modhack
-// +build modhack
-
-package api
-
-// Necessary for safely adding multi-module repo. See: https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository
-import _ "google.golang.org/genproto/internal"
diff --git a/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go b/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go
index a6b5081888..6ad1b1c1df 100644
--- a/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2022 Google LLC
+// Copyright 2024 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.9
+// 	protoc        v4.24.4
 // source: google/rpc/status.proto
 
 package status
diff --git a/vendor/google.golang.org/grpc/health/client.go b/vendor/google.golang.org/grpc/health/client.go
new file mode 100644
index 0000000000..b5bee48380
--- /dev/null
+++ b/vendor/google.golang.org/grpc/health/client.go
@@ -0,0 +1,117 @@
+/*
+ *
+ * Copyright 2018 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package health
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"time"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/connectivity"
+	healthpb "google.golang.org/grpc/health/grpc_health_v1"
+	"google.golang.org/grpc/internal"
+	"google.golang.org/grpc/internal/backoff"
+	"google.golang.org/grpc/status"
+)
+
+var (
+	backoffStrategy = backoff.DefaultExponential
+	backoffFunc     = func(ctx context.Context, retries int) bool {
+		d := backoffStrategy.Backoff(retries)
+		timer := time.NewTimer(d)
+		select {
+		case <-timer.C:
+			return true
+		case <-ctx.Done():
+			timer.Stop()
+			return false
+		}
+	}
+)
+
+func init() {
+	internal.HealthCheckFunc = clientHealthCheck
+}
+
+const healthCheckMethod = "/grpc.health.v1.Health/Watch"
+
+// This function implements the protocol defined at:
+// https://github.com/grpc/grpc/blob/master/doc/health-checking.md
+func clientHealthCheck(ctx context.Context, newStream func(string) (interface{}, error), setConnectivityState func(connectivity.State, error), service string) error {
+	tryCnt := 0
+
+retryConnection:
+	for {
+		// Backs off if the connection has failed in some way without receiving a message in the previous retry.
+		if tryCnt > 0 && !backoffFunc(ctx, tryCnt-1) {
+			return nil
+		}
+		tryCnt++
+
+		if ctx.Err() != nil {
+			return nil
+		}
+		setConnectivityState(connectivity.Connecting, nil)
+		rawS, err := newStream(healthCheckMethod)
+		if err != nil {
+			continue retryConnection
+		}
+
+		s, ok := rawS.(grpc.ClientStream)
+		// Ideally, this should never happen. But if it happens, the server is marked as healthy for LBing purposes.
+		if !ok {
+			setConnectivityState(connectivity.Ready, nil)
+			return fmt.Errorf("newStream returned %v (type %T); want grpc.ClientStream", rawS, rawS)
+		}
+
+		if err = s.SendMsg(&healthpb.HealthCheckRequest{Service: service}); err != nil && err != io.EOF {
+			// Stream should have been closed, so we can safely continue to create a new stream.
+			continue retryConnection
+		}
+		s.CloseSend()
+
+		resp := new(healthpb.HealthCheckResponse)
+		for {
+			err = s.RecvMsg(resp)
+
+			// Reports healthy for the LBing purposes if health check is not implemented in the server.
+			if status.Code(err) == codes.Unimplemented {
+				setConnectivityState(connectivity.Ready, nil)
+				return err
+			}
+
+			// Reports unhealthy if server's Watch method gives an error other than UNIMPLEMENTED.
+			if err != nil {
+				setConnectivityState(connectivity.TransientFailure, fmt.Errorf("connection active but received health check RPC error: %v", err))
+				continue retryConnection
+			}
+
+			// As a message has been received, removes the need for backoff for the next retry by resetting the try count.
+			tryCnt = 0
+			if resp.Status == healthpb.HealthCheckResponse_SERVING {
+				setConnectivityState(connectivity.Ready, nil)
+			} else {
+				setConnectivityState(connectivity.TransientFailure, fmt.Errorf("connection active but health check failed. status=%s", resp.Status))
+			}
+		}
+	}
+}
diff --git a/vendor/google.golang.org/grpc/health/regenerate.sh b/vendor/google.golang.org/grpc/health/regenerate.sh
new file mode 100644
index 0000000000..b11eccb295
--- /dev/null
+++ b/vendor/google.golang.org/grpc/health/regenerate.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+# Copyright 2018 gRPC authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -eux -o pipefail
+
+TMP=$(mktemp -d)
+
+function finish {
+  rm -rf "$TMP"
+}
+trap finish EXIT
+
+pushd "$TMP"
+mkdir -p grpc/health/v1
+curl https://raw.githubusercontent.com/grpc/grpc-proto/master/grpc/health/v1/health.proto > grpc/health/v1/health.proto
+
+protoc --go_out=plugins=grpc,paths=source_relative:. -I. grpc/health/v1/*.proto
+popd
+rm -f grpc_health_v1/*.pb.go
+cp "$TMP"/grpc/health/v1/*.pb.go grpc_health_v1/
+
diff --git a/vendor/google.golang.org/grpc/health/server.go b/vendor/google.golang.org/grpc/health/server.go
new file mode 100644
index 0000000000..2262607f88
--- /dev/null
+++ b/vendor/google.golang.org/grpc/health/server.go
@@ -0,0 +1,165 @@
+/*
+ *
+ * Copyright 2017 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+//go:generate ./regenerate.sh
+
+// Package health provides a service that exposes server's health and it must be
+// imported to enable support for client-side health checks.
+package health
+
+import (
+	"context"
+	"sync"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
+	healthgrpc "google.golang.org/grpc/health/grpc_health_v1"
+	healthpb "google.golang.org/grpc/health/grpc_health_v1"
+	"google.golang.org/grpc/status"
+)
+
+// Server implements `service Health`.
+type Server struct {
+	mu sync.RWMutex
+	// If shutdown is true, it's expected all serving status is NOT_SERVING, and
+	// will stay in NOT_SERVING.
+	shutdown bool
+	// statusMap stores the serving status of the services this Server monitors.
+	statusMap map[string]healthpb.HealthCheckResponse_ServingStatus
+	updates   map[string]map[healthgrpc.Health_WatchServer]chan healthpb.HealthCheckResponse_ServingStatus
+}
+
+// NewServer returns a new Server.
+func NewServer() *Server {
+	return &Server{
+		statusMap: map[string]healthpb.HealthCheckResponse_ServingStatus{"": healthpb.HealthCheckResponse_SERVING},
+		updates:   make(map[string]map[healthgrpc.Health_WatchServer]chan healthpb.HealthCheckResponse_ServingStatus),
+	}
+}
+
+// Check implements `service Health`.
+func (s *Server) Check(ctx context.Context, in *healthpb.HealthCheckRequest) (*healthpb.HealthCheckResponse, error) {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	if servingStatus, ok := s.statusMap[in.Service]; ok {
+		return &healthpb.HealthCheckResponse{
+			Status: servingStatus,
+		}, nil
+	}
+	return nil, status.Error(codes.NotFound, "unknown service")
+}
+
+// Watch implements `service Health`.
+func (s *Server) Watch(in *healthpb.HealthCheckRequest, stream healthgrpc.Health_WatchServer) error {
+	service := in.Service
+	// update channel is used for getting service status updates.
+	update := make(chan healthpb.HealthCheckResponse_ServingStatus, 1)
+	s.mu.Lock()
+	// Puts the initial status to the channel.
+	if servingStatus, ok := s.statusMap[service]; ok {
+		update <- servingStatus
+	} else {
+		update <- healthpb.HealthCheckResponse_SERVICE_UNKNOWN
+	}
+
+	// Registers the update channel to the correct place in the updates map.
+	if _, ok := s.updates[service]; !ok {
+		s.updates[service] = make(map[healthgrpc.Health_WatchServer]chan healthpb.HealthCheckResponse_ServingStatus)
+	}
+	s.updates[service][stream] = update
+	defer func() {
+		s.mu.Lock()
+		delete(s.updates[service], stream)
+		s.mu.Unlock()
+	}()
+	s.mu.Unlock()
+
+	var lastSentStatus healthpb.HealthCheckResponse_ServingStatus = -1
+	for {
+		select {
+		// Status updated. Sends the up-to-date status to the client.
+		case servingStatus := <-update:
+			if lastSentStatus == servingStatus {
+				continue
+			}
+			lastSentStatus = servingStatus
+			err := stream.Send(&healthpb.HealthCheckResponse{Status: servingStatus})
+			if err != nil {
+				return status.Error(codes.Canceled, "Stream has ended.")
+			}
+		// Context done. Removes the update channel from the updates map.
+		case <-stream.Context().Done():
+			return status.Error(codes.Canceled, "Stream has ended.")
+		}
+	}
+}
+
+// SetServingStatus is called when need to reset the serving status of a service
+// or insert a new service entry into the statusMap.
+func (s *Server) SetServingStatus(service string, servingStatus healthpb.HealthCheckResponse_ServingStatus) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	if s.shutdown {
+		grpclog.Infof("health: status changing for %s to %v is ignored because health service is shutdown", service, servingStatus)
+		return
+	}
+
+	s.setServingStatusLocked(service, servingStatus)
+}
+
+func (s *Server) setServingStatusLocked(service string, servingStatus healthpb.HealthCheckResponse_ServingStatus) {
+	s.statusMap[service] = servingStatus
+	for _, update := range s.updates[service] {
+		// Clears previous updates, that are not sent to the client, from the channel.
+		// This can happen if the client is not reading and the server gets flow control limited.
+		select {
+		case <-update:
+		default:
+		}
+		// Puts the most recent update to the channel.
+		update <- servingStatus
+	}
+}
+
+// Shutdown sets all serving status to NOT_SERVING, and configures the server to
+// ignore all future status changes.
+//
+// This changes serving status for all services. To set status for a particular
+// services, call SetServingStatus().
+func (s *Server) Shutdown() {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	s.shutdown = true
+	for service := range s.statusMap {
+		s.setServingStatusLocked(service, healthpb.HealthCheckResponse_NOT_SERVING)
+	}
+}
+
+// Resume sets all serving status to SERVING, and configures the server to
+// accept all future status changes.
+//
+// This changes serving status for all services. To set status for a particular
+// services, call SetServingStatus().
+func (s *Server) Resume() {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	s.shutdown = false
+	for service := range s.statusMap {
+		s.setServingStatusLocked(service, healthpb.HealthCheckResponse_SERVING)
+	}
+}
diff --git a/vendor/google.golang.org/protobuf/encoding/protodelim/protodelim.go b/vendor/google.golang.org/protobuf/encoding/protodelim/protodelim.go
new file mode 100644
index 0000000000..2ef36bbcf9
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/encoding/protodelim/protodelim.go
@@ -0,0 +1,160 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package protodelim marshals and unmarshals varint size-delimited messages.
+package protodelim
+
+import (
+	"bufio"
+	"encoding/binary"
+	"fmt"
+	"io"
+
+	"google.golang.org/protobuf/encoding/protowire"
+	"google.golang.org/protobuf/internal/errors"
+	"google.golang.org/protobuf/proto"
+)
+
+// MarshalOptions is a configurable varint size-delimited marshaler.
+type MarshalOptions struct{ proto.MarshalOptions }
+
+// MarshalTo writes a varint size-delimited wire-format message to w.
+// If w returns an error, MarshalTo returns it unchanged.
+func (o MarshalOptions) MarshalTo(w io.Writer, m proto.Message) (int, error) {
+	msgBytes, err := o.MarshalOptions.Marshal(m)
+	if err != nil {
+		return 0, err
+	}
+
+	sizeBytes := protowire.AppendVarint(nil, uint64(len(msgBytes)))
+	sizeWritten, err := w.Write(sizeBytes)
+	if err != nil {
+		return sizeWritten, err
+	}
+	msgWritten, err := w.Write(msgBytes)
+	if err != nil {
+		return sizeWritten + msgWritten, err
+	}
+	return sizeWritten + msgWritten, nil
+}
+
+// MarshalTo writes a varint size-delimited wire-format message to w
+// with the default options.
+//
+// See the documentation for [MarshalOptions.MarshalTo].
+func MarshalTo(w io.Writer, m proto.Message) (int, error) {
+	return MarshalOptions{}.MarshalTo(w, m)
+}
+
+// UnmarshalOptions is a configurable varint size-delimited unmarshaler.
+type UnmarshalOptions struct {
+	proto.UnmarshalOptions
+
+	// MaxSize is the maximum size in wire-format bytes of a single message.
+	// Unmarshaling a message larger than MaxSize will return an error.
+	// A zero MaxSize will default to 4 MiB.
+	// Setting MaxSize to -1 disables the limit.
+	MaxSize int64
+}
+
+const defaultMaxSize = 4 << 20 // 4 MiB, corresponds to the default gRPC max request/response size
+
+// SizeTooLargeError is an error that is returned when the unmarshaler encounters a message size
+// that is larger than its configured [UnmarshalOptions.MaxSize].
+type SizeTooLargeError struct {
+	// Size is the varint size of the message encountered
+	// that was larger than the provided MaxSize.
+	Size uint64
+
+	// MaxSize is the MaxSize limit configured in UnmarshalOptions, which Size exceeded.
+	MaxSize uint64
+}
+
+func (e *SizeTooLargeError) Error() string {
+	return fmt.Sprintf("message size %d exceeded unmarshaler's maximum configured size %d", e.Size, e.MaxSize)
+}
+
+// Reader is the interface expected by [UnmarshalFrom].
+// It is implemented by *[bufio.Reader].
+type Reader interface {
+	io.Reader
+	io.ByteReader
+}
+
+// UnmarshalFrom parses and consumes a varint size-delimited wire-format message
+// from r.
+// The provided message must be mutable (e.g., a non-nil pointer to a message).
+//
+// The error is [io.EOF] error only if no bytes are read.
+// If an EOF happens after reading some but not all the bytes,
+// UnmarshalFrom returns a non-io.EOF error.
+// In particular if r returns a non-io.EOF error, UnmarshalFrom returns it unchanged,
+// and if only a size is read with no subsequent message, [io.ErrUnexpectedEOF] is returned.
+func (o UnmarshalOptions) UnmarshalFrom(r Reader, m proto.Message) error {
+	var sizeArr [binary.MaxVarintLen64]byte
+	sizeBuf := sizeArr[:0]
+	for i := range sizeArr {
+		b, err := r.ReadByte()
+		if err != nil {
+			// Immediate EOF is unexpected.
+			if err == io.EOF && i != 0 {
+				break
+			}
+			return err
+		}
+		sizeBuf = append(sizeBuf, b)
+		if b < 0x80 {
+			break
+		}
+	}
+	size, n := protowire.ConsumeVarint(sizeBuf)
+	if n < 0 {
+		return protowire.ParseError(n)
+	}
+
+	maxSize := o.MaxSize
+	if maxSize == 0 {
+		maxSize = defaultMaxSize
+	}
+	if maxSize != -1 && size > uint64(maxSize) {
+		return errors.Wrap(&SizeTooLargeError{Size: size, MaxSize: uint64(maxSize)}, "")
+	}
+
+	var b []byte
+	var err error
+	if br, ok := r.(*bufio.Reader); ok {
+		// Use the []byte from the bufio.Reader instead of having to allocate one.
+		// This reduces CPU usage and allocated bytes.
+		b, err = br.Peek(int(size))
+		if err == nil {
+			defer br.Discard(int(size))
+		} else {
+			b = nil
+		}
+	}
+	if b == nil {
+		b = make([]byte, size)
+		_, err = io.ReadFull(r, b)
+	}
+
+	if err == io.EOF {
+		return io.ErrUnexpectedEOF
+	}
+	if err != nil {
+		return err
+	}
+	if err := o.Unmarshal(b, m); err != nil {
+		return err
+	}
+	return nil
+}
+
+// UnmarshalFrom parses and consumes a varint size-delimited wire-format message
+// from r with the default options.
+// The provided message must be mutable (e.g., a non-nil pointer to a message).
+//
+// See the documentation for [UnmarshalOptions.UnmarshalFrom].
+func UnmarshalFrom(r Reader, m proto.Message) error {
+	return UnmarshalOptions{}.UnmarshalFrom(r, m)
+}
diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/decode.go b/vendor/google.golang.org/protobuf/encoding/protojson/decode.go
index f47902371a..bb2966e3b4 100644
--- a/vendor/google.golang.org/protobuf/encoding/protojson/decode.go
+++ b/vendor/google.golang.org/protobuf/encoding/protojson/decode.go
@@ -102,7 +102,7 @@ type decoder struct {
 }
 
 // newError returns an error object with position info.
-func (d decoder) newError(pos int, f string, x ...interface{}) error {
+func (d decoder) newError(pos int, f string, x ...any) error {
 	line, column := d.Position(pos)
 	head := fmt.Sprintf("(line %d:%d): ", line, column)
 	return errors.New(head+f, x...)
@@ -114,7 +114,7 @@ func (d decoder) unexpectedTokenError(tok json.Token) error {
 }
 
 // syntaxError returns a syntax error for given position.
-func (d decoder) syntaxError(pos int, f string, x ...interface{}) error {
+func (d decoder) syntaxError(pos int, f string, x ...any) error {
 	line, column := d.Position(pos)
 	head := fmt.Sprintf("syntax error (line %d:%d): ", line, column)
 	return errors.New(head+f, x...)
diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/encode.go b/vendor/google.golang.org/protobuf/encoding/protojson/encode.go
index 3f75098b6f..29846df222 100644
--- a/vendor/google.golang.org/protobuf/encoding/protojson/encode.go
+++ b/vendor/google.golang.org/protobuf/encoding/protojson/encode.go
@@ -25,15 +25,17 @@ const defaultIndent = "  "
 
 // Format formats the message as a multiline string.
 // This function is only intended for human consumption and ignores errors.
-// Do not depend on the output being stable. It may change over time across
-// different versions of the program.
+// Do not depend on the output being stable. Its output will change across
+// different builds of your program, even when using the same version of the
+// protobuf module.
 func Format(m proto.Message) string {
 	return MarshalOptions{Multiline: true}.Format(m)
 }
 
 // Marshal writes the given [proto.Message] in JSON format using default options.
-// Do not depend on the output being stable. It may change over time across
-// different versions of the program.
+// Do not depend on the output being stable. Its output will change across
+// different builds of your program, even when using the same version of the
+// protobuf module.
 func Marshal(m proto.Message) ([]byte, error) {
 	return MarshalOptions{}.Marshal(m)
 }
@@ -110,8 +112,9 @@ type MarshalOptions struct {
 
 // Format formats the message as a string.
 // This method is only intended for human consumption and ignores errors.
-// Do not depend on the output being stable. It may change over time across
-// different versions of the program.
+// Do not depend on the output being stable. Its output will change across
+// different builds of your program, even when using the same version of the
+// protobuf module.
 func (o MarshalOptions) Format(m proto.Message) string {
 	if m == nil || !m.ProtoReflect().IsValid() {
 		return "<nil>" // invalid syntax, but okay since this is for debugging
@@ -122,8 +125,9 @@ func (o MarshalOptions) Format(m proto.Message) string {
 }
 
 // Marshal marshals the given [proto.Message] in the JSON format using options in
-// MarshalOptions. Do not depend on the output being stable. It may change over
-// time across different versions of the program.
+// Do not depend on the output being stable. Its output will change across
+// different builds of your program, even when using the same version of the
+// protobuf module.
 func (o MarshalOptions) Marshal(m proto.Message) ([]byte, error) {
 	return o.marshal(nil, m)
 }
diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
index 25329b7692..4b177c8206 100644
--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
+++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
@@ -322,6 +322,10 @@ func (d decoder) skipJSONValue() error {
 			if open > d.opts.RecursionLimit {
 				return errors.New("exceeded max recursion depth")
 			}
+		case json.EOF:
+			// This can only happen if there's a bug in Decoder.Read.
+			// Avoid an infinite loop if this does happen.
+			return errors.New("unexpected EOF")
 		}
 		if open == 0 {
 			return nil
diff --git a/vendor/google.golang.org/protobuf/encoding/prototext/decode.go b/vendor/google.golang.org/protobuf/encoding/prototext/decode.go
index a45f112bce..24bc98ac42 100644
--- a/vendor/google.golang.org/protobuf/encoding/prototext/decode.go
+++ b/vendor/google.golang.org/protobuf/encoding/prototext/decode.go
@@ -84,7 +84,7 @@ type decoder struct {
 }
 
 // newError returns an error object with position info.
-func (d decoder) newError(pos int, f string, x ...interface{}) error {
+func (d decoder) newError(pos int, f string, x ...any) error {
 	line, column := d.Position(pos)
 	head := fmt.Sprintf("(line %d:%d): ", line, column)
 	return errors.New(head+f, x...)
@@ -96,7 +96,7 @@ func (d decoder) unexpectedTokenError(tok text.Token) error {
 }
 
 // syntaxError returns a syntax error for given position.
-func (d decoder) syntaxError(pos int, f string, x ...interface{}) error {
+func (d decoder) syntaxError(pos int, f string, x ...any) error {
 	line, column := d.Position(pos)
 	head := fmt.Sprintf("syntax error (line %d:%d): ", line, column)
 	return errors.New(head+f, x...)
diff --git a/vendor/google.golang.org/protobuf/encoding/prototext/encode.go b/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
index 95967e8112..1f57e6610a 100644
--- a/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
+++ b/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
@@ -27,15 +27,17 @@ const defaultIndent = "  "
 
 // Format formats the message as a multiline string.
 // This function is only intended for human consumption and ignores errors.
-// Do not depend on the output being stable. It may change over time across
-// different versions of the program.
+// Do not depend on the output being stable. Its output will change across
+// different builds of your program, even when using the same version of the
+// protobuf module.
 func Format(m proto.Message) string {
 	return MarshalOptions{Multiline: true}.Format(m)
 }
 
 // Marshal writes the given [proto.Message] in textproto format using default
-// options. Do not depend on the output being stable. It may change over time
-// across different versions of the program.
+// options. Do not depend on the output being stable. Its output will change
+// across different builds of your program, even when using the same version of
+// the protobuf module.
 func Marshal(m proto.Message) ([]byte, error) {
 	return MarshalOptions{}.Marshal(m)
 }
@@ -84,8 +86,9 @@ type MarshalOptions struct {
 
 // Format formats the message as a string.
 // This method is only intended for human consumption and ignores errors.
-// Do not depend on the output being stable. It may change over time across
-// different versions of the program.
+// Do not depend on the output being stable. Its output will change across
+// different builds of your program, even when using the same version of the
+// protobuf module.
 func (o MarshalOptions) Format(m proto.Message) string {
 	if m == nil || !m.ProtoReflect().IsValid() {
 		return "<nil>" // invalid syntax, but okay since this is for debugging
@@ -98,8 +101,9 @@ func (o MarshalOptions) Format(m proto.Message) string {
 }
 
 // Marshal writes the given [proto.Message] in textproto format using options in
-// MarshalOptions object. Do not depend on the output being stable. It may
-// change over time across different versions of the program.
+// MarshalOptions object. Do not depend on the output being stable. Its output
+// will change across different builds of your program, even when using the
+// same version of the protobuf module.
 func (o MarshalOptions) Marshal(m proto.Message) ([]byte, error) {
 	return o.marshal(nil, m)
 }
diff --git a/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go b/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go
index a45625c8d1..87e46bd4df 100644
--- a/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go
+++ b/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go
@@ -252,6 +252,7 @@ func formatDescOpt(t protoreflect.Descriptor, isRoot, allowMulti bool, record fu
 				{rv.MethodByName("Values"), "Values"},
 				{rv.MethodByName("ReservedNames"), "ReservedNames"},
 				{rv.MethodByName("ReservedRanges"), "ReservedRanges"},
+				{rv.MethodByName("IsClosed"), "IsClosed"},
 			}...)
 
 		case protoreflect.EnumValueDescriptor:
diff --git a/vendor/google.golang.org/protobuf/internal/editiondefaults/defaults.go b/vendor/google.golang.org/protobuf/internal/editiondefaults/defaults.go
new file mode 100644
index 0000000000..14656b65ab
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/editiondefaults/defaults.go
@@ -0,0 +1,12 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package editiondefaults contains the binary representation of the editions
+// defaults.
+package editiondefaults
+
+import _ "embed"
+
+//go:embed editions_defaults.binpb
+var Defaults []byte
diff --git a/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb b/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb
new file mode 100644
index 0000000000..ff6a38360a
Binary files /dev/null and b/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb differ
diff --git a/vendor/google.golang.org/protobuf/internal/editionssupport/editions.go b/vendor/google.golang.org/protobuf/internal/editionssupport/editions.go
new file mode 100644
index 0000000000..029a6a12d7
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/editionssupport/editions.go
@@ -0,0 +1,13 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package editionssupport defines constants for editions that are supported.
+package editionssupport
+
+import descriptorpb "google.golang.org/protobuf/types/descriptorpb"
+
+const (
+	Minimum = descriptorpb.Edition_EDITION_PROTO2
+	Maximum = descriptorpb.Edition_EDITION_2023
+)
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
index d043a6ebe0..ea1d3e65a5 100644
--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
+++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) {
 
 	case ObjectClose:
 		if len(d.openStack) == 0 ||
-			d.lastToken.kind == comma ||
+			d.lastToken.kind&(Name|comma) != 0 ||
 			d.openStack[len(d.openStack)-1] != ObjectOpen {
 			return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString())
 		}
@@ -214,7 +214,7 @@ func (d *Decoder) parseNext() (Token, error) {
 
 // newSyntaxError returns an error with line and column information useful for
 // syntax errors.
-func (d *Decoder) newSyntaxError(pos int, f string, x ...interface{}) error {
+func (d *Decoder) newSyntaxError(pos int, f string, x ...any) error {
 	e := errors.New(f, x...)
 	line, column := d.Position(pos)
 	return errors.New("syntax error (line %d:%d): %v", line, column, e)
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go b/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go
index 373d208374..7e87c76044 100644
--- a/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go
+++ b/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go
@@ -32,6 +32,7 @@ var byteType = reflect.TypeOf(byte(0))
 func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescriptors) protoreflect.FieldDescriptor {
 	f := new(filedesc.Field)
 	f.L0.ParentFile = filedesc.SurrogateProto2
+	f.L1.EditionFeatures = f.L0.ParentFile.L1.EditionFeatures
 	for len(tag) > 0 {
 		i := strings.IndexByte(tag, ',')
 		if i < 0 {
@@ -107,8 +108,7 @@ func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescri
 				f.L1.StringName.InitJSON(jsonName)
 			}
 		case s == "packed":
-			f.L1.HasPacked = true
-			f.L1.IsPacked = true
+			f.L1.EditionFeatures.IsPacked = true
 		case strings.HasPrefix(s, "weak="):
 			f.L1.IsWeak = true
 			f.L1.Message = filedesc.PlaceholderMessage(protoreflect.FullName(s[len("weak="):]))
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go
index 87853e786d..099b2bf451 100644
--- a/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go
+++ b/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go
@@ -601,7 +601,7 @@ func (d *Decoder) consumeToken(kind Kind, size int, attrs uint8) Token {
 
 // newSyntaxError returns a syntax error with line and column information for
 // current position.
-func (d *Decoder) newSyntaxError(f string, x ...interface{}) error {
+func (d *Decoder) newSyntaxError(f string, x ...any) error {
 	e := errors.New(f, x...)
 	line, column := d.Position(len(d.orig) - len(d.in))
 	return errors.New("syntax error (line %d:%d): %v", line, column, e)
diff --git a/vendor/google.golang.org/protobuf/internal/errors/errors.go b/vendor/google.golang.org/protobuf/internal/errors/errors.go
index 20c17b35e3..c2d6bd5265 100644
--- a/vendor/google.golang.org/protobuf/internal/errors/errors.go
+++ b/vendor/google.golang.org/protobuf/internal/errors/errors.go
@@ -17,7 +17,7 @@ var Error = errors.New("protobuf error")
 
 // New formats a string according to the format specifier and arguments and
 // returns an error that has a "proto" prefix.
-func New(f string, x ...interface{}) error {
+func New(f string, x ...any) error {
 	return &prefixError{s: format(f, x...)}
 }
 
@@ -43,7 +43,7 @@ func (e *prefixError) Unwrap() error {
 
 // Wrap returns an error that has a "proto" prefix, the formatted string described
 // by the format specifier and arguments, and a suffix of err. The error wraps err.
-func Wrap(err error, f string, x ...interface{}) error {
+func Wrap(err error, f string, x ...any) error {
 	return &wrapError{
 		s:   format(f, x...),
 		err: err,
@@ -67,7 +67,7 @@ func (e *wrapError) Is(target error) bool {
 	return target == Error
 }
 
-func format(f string, x ...interface{}) string {
+func format(f string, x ...any) string {
 	// avoid "proto: " prefix when chaining
 	for i := 0; i < len(x); i++ {
 		switch e := x[i].(type) {
@@ -87,3 +87,18 @@ func InvalidUTF8(name string) error {
 func RequiredNotSet(name string) error {
 	return New("required field %v not set", name)
 }
+
+type SizeMismatchError struct {
+	Calculated, Measured int
+}
+
+func (e *SizeMismatchError) Error() string {
+	return fmt.Sprintf("size mismatch (see https://github.com/golang/protobuf/issues/1609): calculated=%d, measured=%d", e.Calculated, e.Measured)
+}
+
+func MismatchedSizeCalculation(calculated, measured int) error {
+	return &SizeMismatchError{
+		Calculated: calculated,
+		Measured:   measured,
+	}
+}
diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go
index 193c68e8f9..df53ff40b2 100644
--- a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go
+++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go
@@ -7,6 +7,7 @@ package filedesc
 import (
 	"bytes"
 	"fmt"
+	"strings"
 	"sync"
 	"sync/atomic"
 
@@ -68,7 +69,7 @@ type (
 		Extensions Extensions
 		Services   Services
 
-		EditionFeatures FileEditionFeatures
+		EditionFeatures EditionFeatures
 	}
 	FileL2 struct {
 		Options   func() protoreflect.ProtoMessage
@@ -76,10 +77,13 @@ type (
 		Locations SourceLocations
 	}
 
-	FileEditionFeatures struct {
+	EditionFeatures struct {
 		// IsFieldPresence is true if field_presence is EXPLICIT
 		// https://protobuf.dev/editions/features/#field_presence
 		IsFieldPresence bool
+		// IsFieldPresence is true if field_presence is LEGACY_REQUIRED
+		// https://protobuf.dev/editions/features/#field_presence
+		IsLegacyRequired bool
 		// IsOpenEnum is true if enum_type is OPEN
 		// https://protobuf.dev/editions/features/#enum_type
 		IsOpenEnum bool
@@ -95,6 +99,9 @@ type (
 		// IsJSONCompliant is true if json_format is ALLOW
 		// https://protobuf.dev/editions/features/#json_format
 		IsJSONCompliant bool
+		// GenerateLegacyUnmarshalJSON determines if the plugin generates the
+		// UnmarshalJSON([]byte) error method for enums.
+		GenerateLegacyUnmarshalJSON bool
 	}
 )
 
@@ -102,9 +109,12 @@ func (fd *File) ParentFile() protoreflect.FileDescriptor { return fd }
 func (fd *File) Parent() protoreflect.Descriptor         { return nil }
 func (fd *File) Index() int                              { return 0 }
 func (fd *File) Syntax() protoreflect.Syntax             { return fd.L1.Syntax }
-func (fd *File) Name() protoreflect.Name                 { return fd.L1.Package.Name() }
-func (fd *File) FullName() protoreflect.FullName         { return fd.L1.Package }
-func (fd *File) IsPlaceholder() bool                     { return false }
+
+// Not exported and just used to reconstruct the original FileDescriptor proto
+func (fd *File) Edition() int32                  { return int32(fd.L1.Edition) }
+func (fd *File) Name() protoreflect.Name         { return fd.L1.Package.Name() }
+func (fd *File) FullName() protoreflect.FullName { return fd.L1.Package }
+func (fd *File) IsPlaceholder() bool             { return false }
 func (fd *File) Options() protoreflect.ProtoMessage {
 	if f := fd.lazyInit().Options; f != nil {
 		return f()
@@ -156,6 +166,8 @@ type (
 	}
 	EnumL1 struct {
 		eagerValues bool // controls whether EnumL2.Values is already populated
+
+		EditionFeatures EditionFeatures
 	}
 	EnumL2 struct {
 		Options        func() protoreflect.ProtoMessage
@@ -194,6 +206,9 @@ func (ed *Enum) lazyInit() *EnumL2 {
 	ed.L0.ParentFile.lazyInit() // implicitly initializes L2
 	return ed.L2
 }
+func (ed *Enum) IsClosed() bool {
+	return !ed.L1.EditionFeatures.IsOpenEnum
+}
 
 func (ed *EnumValue) Options() protoreflect.ProtoMessage {
 	if f := ed.L1.Options; f != nil {
@@ -217,6 +232,8 @@ type (
 		Extensions   Extensions
 		IsMapEntry   bool // promoted from google.protobuf.MessageOptions
 		IsMessageSet bool // promoted from google.protobuf.MessageOptions
+
+		EditionFeatures EditionFeatures
 	}
 	MessageL2 struct {
 		Options               func() protoreflect.ProtoMessage
@@ -241,17 +258,12 @@ type (
 		StringName       stringName
 		IsProto3Optional bool // promoted from google.protobuf.FieldDescriptorProto
 		IsWeak           bool // promoted from google.protobuf.FieldOptions
-		HasPacked        bool // promoted from google.protobuf.FieldOptions
-		IsPacked         bool // promoted from google.protobuf.FieldOptions
-		HasEnforceUTF8   bool // promoted from google.protobuf.FieldOptions
-		EnforceUTF8      bool // promoted from google.protobuf.FieldOptions
 		Default          defaultValue
 		ContainingOneof  protoreflect.OneofDescriptor // must be consistent with Message.Oneofs.Fields
 		Enum             protoreflect.EnumDescriptor
 		Message          protoreflect.MessageDescriptor
 
-		// Edition features.
-		Presence bool
+		EditionFeatures EditionFeatures
 	}
 
 	Oneof struct {
@@ -261,6 +273,8 @@ type (
 	OneofL1 struct {
 		Options func() protoreflect.ProtoMessage
 		Fields  OneofFields // must be consistent with Message.Fields.ContainingOneof
+
+		EditionFeatures EditionFeatures
 	}
 )
 
@@ -310,28 +324,30 @@ func (fd *Field) Options() protoreflect.ProtoMessage {
 }
 func (fd *Field) Number() protoreflect.FieldNumber      { return fd.L1.Number }
 func (fd *Field) Cardinality() protoreflect.Cardinality { return fd.L1.Cardinality }
-func (fd *Field) Kind() protoreflect.Kind               { return fd.L1.Kind }
-func (fd *Field) HasJSONName() bool                     { return fd.L1.StringName.hasJSON }
-func (fd *Field) JSONName() string                      { return fd.L1.StringName.getJSON(fd) }
-func (fd *Field) TextName() string                      { return fd.L1.StringName.getText(fd) }
+func (fd *Field) Kind() protoreflect.Kind {
+	return fd.L1.Kind
+}
+func (fd *Field) HasJSONName() bool { return fd.L1.StringName.hasJSON }
+func (fd *Field) JSONName() string  { return fd.L1.StringName.getJSON(fd) }
+func (fd *Field) TextName() string  { return fd.L1.StringName.getText(fd) }
 func (fd *Field) HasPresence() bool {
-	if fd.L0.ParentFile.L1.Syntax == protoreflect.Editions {
-		return fd.L1.Presence || fd.L1.Message != nil || fd.L1.ContainingOneof != nil
+	if fd.L1.Cardinality == protoreflect.Repeated {
+		return false
 	}
-	return fd.L1.Cardinality != protoreflect.Repeated && (fd.L0.ParentFile.L1.Syntax == protoreflect.Proto2 || fd.L1.Message != nil || fd.L1.ContainingOneof != nil)
+	return fd.IsExtension() || fd.L1.EditionFeatures.IsFieldPresence || fd.L1.Message != nil || fd.L1.ContainingOneof != nil
 }
 func (fd *Field) HasOptionalKeyword() bool {
 	return (fd.L0.ParentFile.L1.Syntax == protoreflect.Proto2 && fd.L1.Cardinality == protoreflect.Optional && fd.L1.ContainingOneof == nil) || fd.L1.IsProto3Optional
 }
 func (fd *Field) IsPacked() bool {
-	if !fd.L1.HasPacked && fd.L0.ParentFile.L1.Syntax != protoreflect.Proto2 && fd.L1.Cardinality == protoreflect.Repeated {
-		switch fd.L1.Kind {
-		case protoreflect.StringKind, protoreflect.BytesKind, protoreflect.MessageKind, protoreflect.GroupKind:
-		default:
-			return true
-		}
+	if fd.L1.Cardinality != protoreflect.Repeated {
+		return false
+	}
+	switch fd.L1.Kind {
+	case protoreflect.StringKind, protoreflect.BytesKind, protoreflect.MessageKind, protoreflect.GroupKind:
+		return false
 	}
-	return fd.L1.IsPacked
+	return fd.L1.EditionFeatures.IsPacked
 }
 func (fd *Field) IsExtension() bool { return false }
 func (fd *Field) IsWeak() bool      { return fd.L1.IsWeak }
@@ -367,6 +383,10 @@ func (fd *Field) Message() protoreflect.MessageDescriptor {
 	}
 	return fd.L1.Message
 }
+func (fd *Field) IsMapEntry() bool {
+	parent, ok := fd.L0.Parent.(protoreflect.MessageDescriptor)
+	return ok && parent.IsMapEntry()
+}
 func (fd *Field) Format(s fmt.State, r rune)             { descfmt.FormatDesc(s, r, fd) }
 func (fd *Field) ProtoType(protoreflect.FieldDescriptor) {}
 
@@ -378,10 +398,7 @@ func (fd *Field) ProtoType(protoreflect.FieldDescriptor) {}
 // WARNING: This method is exempt from the compatibility promise and may be
 // removed in the future without warning.
 func (fd *Field) EnforceUTF8() bool {
-	if fd.L1.HasEnforceUTF8 {
-		return fd.L1.EnforceUTF8
-	}
-	return fd.L0.ParentFile.L1.Syntax == protoreflect.Proto3
+	return fd.L1.EditionFeatures.IsUTF8Validated
 }
 
 func (od *Oneof) IsSynthetic() bool {
@@ -404,16 +421,16 @@ type (
 		L2 *ExtensionL2 // protected by fileDesc.once
 	}
 	ExtensionL1 struct {
-		Number      protoreflect.FieldNumber
-		Extendee    protoreflect.MessageDescriptor
-		Cardinality protoreflect.Cardinality
-		Kind        protoreflect.Kind
+		Number          protoreflect.FieldNumber
+		Extendee        protoreflect.MessageDescriptor
+		Cardinality     protoreflect.Cardinality
+		Kind            protoreflect.Kind
+		EditionFeatures EditionFeatures
 	}
 	ExtensionL2 struct {
 		Options          func() protoreflect.ProtoMessage
 		StringName       stringName
 		IsProto3Optional bool // promoted from google.protobuf.FieldDescriptorProto
-		IsPacked         bool // promoted from google.protobuf.FieldOptions
 		Default          defaultValue
 		Enum             protoreflect.EnumDescriptor
 		Message          protoreflect.MessageDescriptor
@@ -436,7 +453,16 @@ func (xd *Extension) HasPresence() bool                     { return xd.L1.Cardi
 func (xd *Extension) HasOptionalKeyword() bool {
 	return (xd.L0.ParentFile.L1.Syntax == protoreflect.Proto2 && xd.L1.Cardinality == protoreflect.Optional) || xd.lazyInit().IsProto3Optional
 }
-func (xd *Extension) IsPacked() bool                         { return xd.lazyInit().IsPacked }
+func (xd *Extension) IsPacked() bool {
+	if xd.L1.Cardinality != protoreflect.Repeated {
+		return false
+	}
+	switch xd.L1.Kind {
+	case protoreflect.StringKind, protoreflect.BytesKind, protoreflect.MessageKind, protoreflect.GroupKind:
+		return false
+	}
+	return xd.L1.EditionFeatures.IsPacked
+}
 func (xd *Extension) IsExtension() bool                      { return true }
 func (xd *Extension) IsWeak() bool                           { return false }
 func (xd *Extension) IsList() bool                           { return xd.Cardinality() == protoreflect.Repeated }
@@ -517,8 +543,9 @@ func (md *Method) ProtoInternal(pragma.DoNotImplement)     {}
 // Surrogate files are can be used to create standalone descriptors
 // where the syntax is only information derived from the parent file.
 var (
-	SurrogateProto2 = &File{L1: FileL1{Syntax: protoreflect.Proto2}, L2: &FileL2{}}
-	SurrogateProto3 = &File{L1: FileL1{Syntax: protoreflect.Proto3}, L2: &FileL2{}}
+	SurrogateProto2      = &File{L1: FileL1{Syntax: protoreflect.Proto2}, L2: &FileL2{}}
+	SurrogateProto3      = &File{L1: FileL1{Syntax: protoreflect.Proto3}, L2: &FileL2{}}
+	SurrogateEdition2023 = &File{L1: FileL1{Syntax: protoreflect.Editions, Edition: Edition2023}, L2: &FileL2{}}
 )
 
 type (
@@ -560,6 +587,34 @@ func (s *stringName) InitJSON(name string) {
 	s.nameJSON = name
 }
 
+// Returns true if this field is structured like the synthetic field of a proto2
+// group. This allows us to expand our treatment of delimited fields without
+// breaking proto2 files that have been upgraded to editions.
+func isGroupLike(fd protoreflect.FieldDescriptor) bool {
+	// Groups are always group types.
+	if fd.Kind() != protoreflect.GroupKind {
+		return false
+	}
+
+	// Group fields are always the lowercase type name.
+	if strings.ToLower(string(fd.Message().Name())) != string(fd.Name()) {
+		return false
+	}
+
+	// Groups could only be defined in the same file they're used.
+	if fd.Message().ParentFile() != fd.ParentFile() {
+		return false
+	}
+
+	// Group messages are always defined in the same scope as the field.  File
+	// level extensions will compare NULL == NULL here, which is why the file
+	// comparison above is necessary to ensure both come from the same file.
+	if fd.IsExtension() {
+		return fd.Parent() == fd.Message().Parent()
+	}
+	return fd.ContainingMessage() == fd.Message().Parent()
+}
+
 func (s *stringName) lazyInit(fd protoreflect.FieldDescriptor) *stringName {
 	s.once.Do(func() {
 		if fd.IsExtension() {
@@ -580,7 +635,7 @@ func (s *stringName) lazyInit(fd protoreflect.FieldDescriptor) *stringName {
 
 			// Format the text name.
 			s.nameText = string(fd.Name())
-			if fd.Kind() == protoreflect.GroupKind {
+			if isGroupLike(fd) {
 				s.nameText = string(fd.Message().Name())
 			}
 		}
diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go
index 4a1584c9d2..8a57d60b08 100644
--- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go
+++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go
@@ -5,6 +5,7 @@
 package filedesc
 
 import (
+	"fmt"
 	"sync"
 
 	"google.golang.org/protobuf/encoding/protowire"
@@ -98,6 +99,7 @@ func (fd *File) unmarshalSeed(b []byte) {
 	var prevField protoreflect.FieldNumber
 	var numEnums, numMessages, numExtensions, numServices int
 	var posEnums, posMessages, posExtensions, posServices int
+	var options []byte
 	b0 := b
 	for len(b) > 0 {
 		num, typ, n := protowire.ConsumeTag(b)
@@ -111,8 +113,12 @@ func (fd *File) unmarshalSeed(b []byte) {
 				switch string(v) {
 				case "proto2":
 					fd.L1.Syntax = protoreflect.Proto2
+					fd.L1.Edition = EditionProto2
 				case "proto3":
 					fd.L1.Syntax = protoreflect.Proto3
+					fd.L1.Edition = EditionProto3
+				case "editions":
+					fd.L1.Syntax = protoreflect.Editions
 				default:
 					panic("invalid syntax")
 				}
@@ -120,6 +126,8 @@ func (fd *File) unmarshalSeed(b []byte) {
 				fd.L1.Path = sb.MakeString(v)
 			case genid.FileDescriptorProto_Package_field_number:
 				fd.L1.Package = protoreflect.FullName(sb.MakeString(v))
+			case genid.FileDescriptorProto_Options_field_number:
+				options = v
 			case genid.FileDescriptorProto_EnumType_field_number:
 				if prevField != genid.FileDescriptorProto_EnumType_field_number {
 					if numEnums > 0 {
@@ -154,6 +162,13 @@ func (fd *File) unmarshalSeed(b []byte) {
 				numServices++
 			}
 			prevField = num
+		case protowire.VarintType:
+			v, m := protowire.ConsumeVarint(b)
+			b = b[m:]
+			switch num {
+			case genid.FileDescriptorProto_Edition_field_number:
+				fd.L1.Edition = Edition(v)
+			}
 		default:
 			m := protowire.ConsumeFieldValue(num, typ, b)
 			b = b[m:]
@@ -164,6 +179,14 @@ func (fd *File) unmarshalSeed(b []byte) {
 	// If syntax is missing, it is assumed to be proto2.
 	if fd.L1.Syntax == 0 {
 		fd.L1.Syntax = protoreflect.Proto2
+		fd.L1.Edition = EditionProto2
+	}
+
+	fd.L1.EditionFeatures = getFeaturesFor(fd.L1.Edition)
+
+	// Parse editions features from options if any
+	if options != nil {
+		fd.unmarshalSeedOptions(options)
 	}
 
 	// Must allocate all declarations before parsing each descriptor type
@@ -219,10 +242,33 @@ func (fd *File) unmarshalSeed(b []byte) {
 	}
 }
 
+func (fd *File) unmarshalSeedOptions(b []byte) {
+	for b := b; len(b) > 0; {
+		num, typ, n := protowire.ConsumeTag(b)
+		b = b[n:]
+		switch typ {
+		case protowire.BytesType:
+			v, m := protowire.ConsumeBytes(b)
+			b = b[m:]
+			switch num {
+			case genid.FileOptions_Features_field_number:
+				if fd.Syntax() != protoreflect.Editions {
+					panic(fmt.Sprintf("invalid descriptor: using edition features in a proto with syntax %s", fd.Syntax()))
+				}
+				fd.L1.EditionFeatures = unmarshalFeatureSet(v, fd.L1.EditionFeatures)
+			}
+		default:
+			m := protowire.ConsumeFieldValue(num, typ, b)
+			b = b[m:]
+		}
+	}
+}
+
 func (ed *Enum) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd protoreflect.Descriptor, i int) {
 	ed.L0.ParentFile = pf
 	ed.L0.Parent = pd
 	ed.L0.Index = i
+	ed.L1.EditionFeatures = featuresFromParentDesc(ed.Parent())
 
 	var numValues int
 	for b := b; len(b) > 0; {
@@ -275,6 +321,7 @@ func (md *Message) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd protor
 	md.L0.ParentFile = pf
 	md.L0.Parent = pd
 	md.L0.Index = i
+	md.L1.EditionFeatures = featuresFromParentDesc(md.Parent())
 
 	var prevField protoreflect.FieldNumber
 	var numEnums, numMessages, numExtensions int
@@ -380,6 +427,13 @@ func (md *Message) unmarshalSeedOptions(b []byte) {
 			case genid.MessageOptions_MessageSetWireFormat_field_number:
 				md.L1.IsMessageSet = protowire.DecodeBool(v)
 			}
+		case protowire.BytesType:
+			v, m := protowire.ConsumeBytes(b)
+			b = b[m:]
+			switch num {
+			case genid.MessageOptions_Features_field_number:
+				md.L1.EditionFeatures = unmarshalFeatureSet(v, md.L1.EditionFeatures)
+			}
 		default:
 			m := protowire.ConsumeFieldValue(num, typ, b)
 			b = b[m:]
@@ -391,6 +445,7 @@ func (xd *Extension) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd prot
 	xd.L0.ParentFile = pf
 	xd.L0.Parent = pd
 	xd.L0.Index = i
+	xd.L1.EditionFeatures = featuresFromParentDesc(pd)
 
 	for len(b) > 0 {
 		num, typ, n := protowire.ConsumeTag(b)
@@ -415,6 +470,38 @@ func (xd *Extension) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd prot
 				xd.L0.FullName = appendFullName(sb, pd.FullName(), v)
 			case genid.FieldDescriptorProto_Extendee_field_number:
 				xd.L1.Extendee = PlaceholderMessage(makeFullName(sb, v))
+			case genid.FieldDescriptorProto_Options_field_number:
+				xd.unmarshalOptions(v)
+			}
+		default:
+			m := protowire.ConsumeFieldValue(num, typ, b)
+			b = b[m:]
+		}
+	}
+
+	if xd.L1.Kind == protoreflect.MessageKind && xd.L1.EditionFeatures.IsDelimitedEncoded {
+		xd.L1.Kind = protoreflect.GroupKind
+	}
+}
+
+func (xd *Extension) unmarshalOptions(b []byte) {
+	for len(b) > 0 {
+		num, typ, n := protowire.ConsumeTag(b)
+		b = b[n:]
+		switch typ {
+		case protowire.VarintType:
+			v, m := protowire.ConsumeVarint(b)
+			b = b[m:]
+			switch num {
+			case genid.FieldOptions_Packed_field_number:
+				xd.L1.EditionFeatures.IsPacked = protowire.DecodeBool(v)
+			}
+		case protowire.BytesType:
+			v, m := protowire.ConsumeBytes(b)
+			b = b[m:]
+			switch num {
+			case genid.FieldOptions_Features_field_number:
+				xd.L1.EditionFeatures = unmarshalFeatureSet(v, xd.L1.EditionFeatures)
 			}
 		default:
 			m := protowire.ConsumeFieldValue(num, typ, b)
@@ -447,7 +534,7 @@ func (sd *Service) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd protor
 }
 
 var nameBuilderPool = sync.Pool{
-	New: func() interface{} { return new(strs.Builder) },
+	New: func() any { return new(strs.Builder) },
 }
 
 func getBuilder() *strs.Builder {
diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go
index 736a19a75b..e56c91a8db 100644
--- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go
+++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go
@@ -45,6 +45,11 @@ func (file *File) resolveMessages() {
 			case protoreflect.MessageKind, protoreflect.GroupKind:
 				fd.L1.Message = file.resolveMessageDependency(fd.L1.Message, listFieldDeps, depIdx)
 				depIdx++
+				if fd.L1.Kind == protoreflect.GroupKind && (fd.IsMap() || fd.IsMapEntry()) {
+					// A map field might inherit delimited encoding from a file-wide default feature.
+					// But maps never actually use delimited encoding. (At least for now...)
+					fd.L1.Kind = protoreflect.MessageKind
+				}
 			}
 
 			// Default is resolved here since it depends on Enum being resolved.
@@ -414,6 +419,7 @@ func (fd *Field) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd protoref
 	fd.L0.ParentFile = pf
 	fd.L0.Parent = pd
 	fd.L0.Index = i
+	fd.L1.EditionFeatures = featuresFromParentDesc(fd.Parent())
 
 	var rawTypeName []byte
 	var rawOptions []byte
@@ -465,6 +471,12 @@ func (fd *Field) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd protoref
 			b = b[m:]
 		}
 	}
+	if fd.L1.Kind == protoreflect.MessageKind && fd.L1.EditionFeatures.IsDelimitedEncoded {
+		fd.L1.Kind = protoreflect.GroupKind
+	}
+	if fd.L1.EditionFeatures.IsLegacyRequired {
+		fd.L1.Cardinality = protoreflect.Required
+	}
 	if rawTypeName != nil {
 		name := makeFullName(sb, rawTypeName)
 		switch fd.L1.Kind {
@@ -489,13 +501,18 @@ func (fd *Field) unmarshalOptions(b []byte) {
 			b = b[m:]
 			switch num {
 			case genid.FieldOptions_Packed_field_number:
-				fd.L1.HasPacked = true
-				fd.L1.IsPacked = protowire.DecodeBool(v)
+				fd.L1.EditionFeatures.IsPacked = protowire.DecodeBool(v)
 			case genid.FieldOptions_Weak_field_number:
 				fd.L1.IsWeak = protowire.DecodeBool(v)
 			case FieldOptions_EnforceUTF8:
-				fd.L1.HasEnforceUTF8 = true
-				fd.L1.EnforceUTF8 = protowire.DecodeBool(v)
+				fd.L1.EditionFeatures.IsUTF8Validated = protowire.DecodeBool(v)
+			}
+		case protowire.BytesType:
+			v, m := protowire.ConsumeBytes(b)
+			b = b[m:]
+			switch num {
+			case genid.FieldOptions_Features_field_number:
+				fd.L1.EditionFeatures = unmarshalFeatureSet(v, fd.L1.EditionFeatures)
 			}
 		default:
 			m := protowire.ConsumeFieldValue(num, typ, b)
@@ -557,7 +574,6 @@ func (xd *Extension) unmarshalFull(b []byte, sb *strs.Builder) {
 			case genid.FieldDescriptorProto_TypeName_field_number:
 				rawTypeName = v
 			case genid.FieldDescriptorProto_Options_field_number:
-				xd.unmarshalOptions(v)
 				rawOptions = appendOptions(rawOptions, v)
 			}
 		default:
@@ -577,25 +593,6 @@ func (xd *Extension) unmarshalFull(b []byte, sb *strs.Builder) {
 	xd.L2.Options = xd.L0.ParentFile.builder.optionsUnmarshaler(&descopts.Field, rawOptions)
 }
 
-func (xd *Extension) unmarshalOptions(b []byte) {
-	for len(b) > 0 {
-		num, typ, n := protowire.ConsumeTag(b)
-		b = b[n:]
-		switch typ {
-		case protowire.VarintType:
-			v, m := protowire.ConsumeVarint(b)
-			b = b[m:]
-			switch num {
-			case genid.FieldOptions_Packed_field_number:
-				xd.L2.IsPacked = protowire.DecodeBool(v)
-			}
-		default:
-			m := protowire.ConsumeFieldValue(num, typ, b)
-			b = b[m:]
-		}
-	}
-}
-
 func (sd *Service) unmarshalFull(b []byte, sb *strs.Builder) {
 	var rawMethods [][]byte
 	var rawOptions []byte
diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_list_gen.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_list_gen.go
index 30db19fdc7..f4107c05f4 100644
--- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_list_gen.go
+++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_list_gen.go
@@ -8,6 +8,7 @@ package filedesc
 
 import (
 	"fmt"
+	"strings"
 	"sync"
 
 	"google.golang.org/protobuf/internal/descfmt"
@@ -198,6 +199,16 @@ func (p *Fields) lazyInit() *Fields {
 				if _, ok := p.byText[d.TextName()]; !ok {
 					p.byText[d.TextName()] = d
 				}
+				if isGroupLike(d) {
+					lowerJSONName := strings.ToLower(d.JSONName())
+					if _, ok := p.byJSON[lowerJSONName]; !ok {
+						p.byJSON[lowerJSONName] = d
+					}
+					lowerTextName := strings.ToLower(d.TextName())
+					if _, ok := p.byText[lowerTextName]; !ok {
+						p.byText[lowerTextName] = d
+					}
+				}
 				if _, ok := p.byNum[d.Number()]; !ok {
 					p.byNum[d.Number()] = d
 				}
diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go
new file mode 100644
index 0000000000..11f5f356b6
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go
@@ -0,0 +1,156 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package filedesc
+
+import (
+	"fmt"
+
+	"google.golang.org/protobuf/encoding/protowire"
+	"google.golang.org/protobuf/internal/editiondefaults"
+	"google.golang.org/protobuf/internal/genid"
+	"google.golang.org/protobuf/reflect/protoreflect"
+)
+
+var defaultsCache = make(map[Edition]EditionFeatures)
+var defaultsKeys = []Edition{}
+
+func init() {
+	unmarshalEditionDefaults(editiondefaults.Defaults)
+	SurrogateProto2.L1.EditionFeatures = getFeaturesFor(EditionProto2)
+	SurrogateProto3.L1.EditionFeatures = getFeaturesFor(EditionProto3)
+	SurrogateEdition2023.L1.EditionFeatures = getFeaturesFor(Edition2023)
+}
+
+func unmarshalGoFeature(b []byte, parent EditionFeatures) EditionFeatures {
+	for len(b) > 0 {
+		num, _, n := protowire.ConsumeTag(b)
+		b = b[n:]
+		switch num {
+		case genid.GoFeatures_LegacyUnmarshalJsonEnum_field_number:
+			v, m := protowire.ConsumeVarint(b)
+			b = b[m:]
+			parent.GenerateLegacyUnmarshalJSON = protowire.DecodeBool(v)
+		default:
+			panic(fmt.Sprintf("unkown field number %d while unmarshalling GoFeatures", num))
+		}
+	}
+	return parent
+}
+
+func unmarshalFeatureSet(b []byte, parent EditionFeatures) EditionFeatures {
+	for len(b) > 0 {
+		num, typ, n := protowire.ConsumeTag(b)
+		b = b[n:]
+		switch typ {
+		case protowire.VarintType:
+			v, m := protowire.ConsumeVarint(b)
+			b = b[m:]
+			switch num {
+			case genid.FeatureSet_FieldPresence_field_number:
+				parent.IsFieldPresence = v == genid.FeatureSet_EXPLICIT_enum_value || v == genid.FeatureSet_LEGACY_REQUIRED_enum_value
+				parent.IsLegacyRequired = v == genid.FeatureSet_LEGACY_REQUIRED_enum_value
+			case genid.FeatureSet_EnumType_field_number:
+				parent.IsOpenEnum = v == genid.FeatureSet_OPEN_enum_value
+			case genid.FeatureSet_RepeatedFieldEncoding_field_number:
+				parent.IsPacked = v == genid.FeatureSet_PACKED_enum_value
+			case genid.FeatureSet_Utf8Validation_field_number:
+				parent.IsUTF8Validated = v == genid.FeatureSet_VERIFY_enum_value
+			case genid.FeatureSet_MessageEncoding_field_number:
+				parent.IsDelimitedEncoded = v == genid.FeatureSet_DELIMITED_enum_value
+			case genid.FeatureSet_JsonFormat_field_number:
+				parent.IsJSONCompliant = v == genid.FeatureSet_ALLOW_enum_value
+			default:
+				panic(fmt.Sprintf("unkown field number %d while unmarshalling FeatureSet", num))
+			}
+		case protowire.BytesType:
+			v, m := protowire.ConsumeBytes(b)
+			b = b[m:]
+			switch num {
+			case genid.GoFeatures_LegacyUnmarshalJsonEnum_field_number:
+				parent = unmarshalGoFeature(v, parent)
+			}
+		}
+	}
+
+	return parent
+}
+
+func featuresFromParentDesc(parentDesc protoreflect.Descriptor) EditionFeatures {
+	var parentFS EditionFeatures
+	switch p := parentDesc.(type) {
+	case *File:
+		parentFS = p.L1.EditionFeatures
+	case *Message:
+		parentFS = p.L1.EditionFeatures
+	default:
+		panic(fmt.Sprintf("unknown parent type %T", parentDesc))
+	}
+	return parentFS
+}
+
+func unmarshalEditionDefault(b []byte) {
+	var ed Edition
+	var fs EditionFeatures
+	for len(b) > 0 {
+		num, typ, n := protowire.ConsumeTag(b)
+		b = b[n:]
+		switch typ {
+		case protowire.VarintType:
+			v, m := protowire.ConsumeVarint(b)
+			b = b[m:]
+			switch num {
+			case genid.FeatureSetDefaults_FeatureSetEditionDefault_Edition_field_number:
+				ed = Edition(v)
+			}
+		case protowire.BytesType:
+			v, m := protowire.ConsumeBytes(b)
+			b = b[m:]
+			switch num {
+			case genid.FeatureSetDefaults_FeatureSetEditionDefault_FixedFeatures_field_number:
+				fs = unmarshalFeatureSet(v, fs)
+			case genid.FeatureSetDefaults_FeatureSetEditionDefault_OverridableFeatures_field_number:
+				fs = unmarshalFeatureSet(v, fs)
+			}
+		}
+	}
+	defaultsCache[ed] = fs
+	defaultsKeys = append(defaultsKeys, ed)
+}
+
+func unmarshalEditionDefaults(b []byte) {
+	for len(b) > 0 {
+		num, _, n := protowire.ConsumeTag(b)
+		b = b[n:]
+		switch num {
+		case genid.FeatureSetDefaults_Defaults_field_number:
+			def, m := protowire.ConsumeBytes(b)
+			b = b[m:]
+			unmarshalEditionDefault(def)
+		case genid.FeatureSetDefaults_MinimumEdition_field_number,
+			genid.FeatureSetDefaults_MaximumEdition_field_number:
+			// We don't care about the minimum and maximum editions. If the
+			// edition we are looking for later on is not in the cache we know
+			// it is outside of the range between minimum and maximum edition.
+			_, m := protowire.ConsumeVarint(b)
+			b = b[m:]
+		default:
+			panic(fmt.Sprintf("unkown field number %d while unmarshalling EditionDefault", num))
+		}
+	}
+}
+
+func getFeaturesFor(ed Edition) EditionFeatures {
+	match := EditionUnknown
+	for _, key := range defaultsKeys {
+		if key > ed {
+			break
+		}
+		match = key
+	}
+	if match == EditionUnknown {
+		panic(fmt.Sprintf("unsupported edition: %v", ed))
+	}
+	return defaultsCache[match]
+}
diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/placeholder.go b/vendor/google.golang.org/protobuf/internal/filedesc/placeholder.go
index 28240ebc5c..bfb3b84170 100644
--- a/vendor/google.golang.org/protobuf/internal/filedesc/placeholder.go
+++ b/vendor/google.golang.org/protobuf/internal/filedesc/placeholder.go
@@ -63,6 +63,7 @@ func (e PlaceholderEnum) Options() protoreflect.ProtoMessage        { return des
 func (e PlaceholderEnum) Values() protoreflect.EnumValueDescriptors { return emptyEnumValues }
 func (e PlaceholderEnum) ReservedNames() protoreflect.Names         { return emptyNames }
 func (e PlaceholderEnum) ReservedRanges() protoreflect.EnumRanges   { return emptyEnumRanges }
+func (e PlaceholderEnum) IsClosed() bool                            { return false }
 func (e PlaceholderEnum) ProtoType(protoreflect.EnumDescriptor)     { return }
 func (e PlaceholderEnum) ProtoInternal(pragma.DoNotImplement)       { return }
 
diff --git a/vendor/google.golang.org/protobuf/internal/filetype/build.go b/vendor/google.golang.org/protobuf/internal/filetype/build.go
index f0e38c4ef4..ba83fea44c 100644
--- a/vendor/google.golang.org/protobuf/internal/filetype/build.go
+++ b/vendor/google.golang.org/protobuf/internal/filetype/build.go
@@ -68,7 +68,7 @@ type Builder struct {
 	// and for input and output messages referenced by service methods.
 	// Dependencies must come after declarations, but the ordering of
 	// dependencies themselves is unspecified.
-	GoTypes []interface{}
+	GoTypes []any
 
 	// DependencyIndexes is an ordered list of indexes into GoTypes for the
 	// dependencies of messages, extensions, or services.
@@ -268,7 +268,7 @@ func (x depIdxs) Get(i, j int32) int32 {
 
 type (
 	resolverByIndex struct {
-		goTypes []interface{}
+		goTypes []any
 		depIdxs depIdxs
 		fileRegistry
 	}
diff --git a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
index 8f94230ea1..f30ab6b586 100644
--- a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
+++ b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
@@ -18,6 +18,22 @@ const (
 	Edition_enum_name     = "Edition"
 )
 
+// Enum values for google.protobuf.Edition.
+const (
+	Edition_EDITION_UNKNOWN_enum_value         = 0
+	Edition_EDITION_LEGACY_enum_value          = 900
+	Edition_EDITION_PROTO2_enum_value          = 998
+	Edition_EDITION_PROTO3_enum_value          = 999
+	Edition_EDITION_2023_enum_value            = 1000
+	Edition_EDITION_2024_enum_value            = 1001
+	Edition_EDITION_1_TEST_ONLY_enum_value     = 1
+	Edition_EDITION_2_TEST_ONLY_enum_value     = 2
+	Edition_EDITION_99997_TEST_ONLY_enum_value = 99997
+	Edition_EDITION_99998_TEST_ONLY_enum_value = 99998
+	Edition_EDITION_99999_TEST_ONLY_enum_value = 99999
+	Edition_EDITION_MAX_enum_value             = 2147483647
+)
+
 // Names for google.protobuf.FileDescriptorSet.
 const (
 	FileDescriptorSet_message_name     protoreflect.Name     = "FileDescriptorSet"
@@ -213,6 +229,12 @@ const (
 	ExtensionRangeOptions_VerificationState_enum_name     = "VerificationState"
 )
 
+// Enum values for google.protobuf.ExtensionRangeOptions.VerificationState.
+const (
+	ExtensionRangeOptions_DECLARATION_enum_value = 0
+	ExtensionRangeOptions_UNVERIFIED_enum_value  = 1
+)
+
 // Names for google.protobuf.ExtensionRangeOptions.Declaration.
 const (
 	ExtensionRangeOptions_Declaration_message_name     protoreflect.Name     = "Declaration"
@@ -297,12 +319,41 @@ const (
 	FieldDescriptorProto_Type_enum_name     = "Type"
 )
 
+// Enum values for google.protobuf.FieldDescriptorProto.Type.
+const (
+	FieldDescriptorProto_TYPE_DOUBLE_enum_value   = 1
+	FieldDescriptorProto_TYPE_FLOAT_enum_value    = 2
+	FieldDescriptorProto_TYPE_INT64_enum_value    = 3
+	FieldDescriptorProto_TYPE_UINT64_enum_value   = 4
+	FieldDescriptorProto_TYPE_INT32_enum_value    = 5
+	FieldDescriptorProto_TYPE_FIXED64_enum_value  = 6
+	FieldDescriptorProto_TYPE_FIXED32_enum_value  = 7
+	FieldDescriptorProto_TYPE_BOOL_enum_value     = 8
+	FieldDescriptorProto_TYPE_STRING_enum_value   = 9
+	FieldDescriptorProto_TYPE_GROUP_enum_value    = 10
+	FieldDescriptorProto_TYPE_MESSAGE_enum_value  = 11
+	FieldDescriptorProto_TYPE_BYTES_enum_value    = 12
+	FieldDescriptorProto_TYPE_UINT32_enum_value   = 13
+	FieldDescriptorProto_TYPE_ENUM_enum_value     = 14
+	FieldDescriptorProto_TYPE_SFIXED32_enum_value = 15
+	FieldDescriptorProto_TYPE_SFIXED64_enum_value = 16
+	FieldDescriptorProto_TYPE_SINT32_enum_value   = 17
+	FieldDescriptorProto_TYPE_SINT64_enum_value   = 18
+)
+
 // Full and short names for google.protobuf.FieldDescriptorProto.Label.
 const (
 	FieldDescriptorProto_Label_enum_fullname = "google.protobuf.FieldDescriptorProto.Label"
 	FieldDescriptorProto_Label_enum_name     = "Label"
 )
 
+// Enum values for google.protobuf.FieldDescriptorProto.Label.
+const (
+	FieldDescriptorProto_LABEL_OPTIONAL_enum_value = 1
+	FieldDescriptorProto_LABEL_REPEATED_enum_value = 3
+	FieldDescriptorProto_LABEL_REQUIRED_enum_value = 2
+)
+
 // Names for google.protobuf.OneofDescriptorProto.
 const (
 	OneofDescriptorProto_message_name     protoreflect.Name     = "OneofDescriptorProto"
@@ -474,7 +525,6 @@ const (
 	FileOptions_CcGenericServices_field_name         protoreflect.Name = "cc_generic_services"
 	FileOptions_JavaGenericServices_field_name       protoreflect.Name = "java_generic_services"
 	FileOptions_PyGenericServices_field_name         protoreflect.Name = "py_generic_services"
-	FileOptions_PhpGenericServices_field_name        protoreflect.Name = "php_generic_services"
 	FileOptions_Deprecated_field_name                protoreflect.Name = "deprecated"
 	FileOptions_CcEnableArenas_field_name            protoreflect.Name = "cc_enable_arenas"
 	FileOptions_ObjcClassPrefix_field_name           protoreflect.Name = "objc_class_prefix"
@@ -497,7 +547,6 @@ const (
 	FileOptions_CcGenericServices_field_fullname         protoreflect.FullName = "google.protobuf.FileOptions.cc_generic_services"
 	FileOptions_JavaGenericServices_field_fullname       protoreflect.FullName = "google.protobuf.FileOptions.java_generic_services"
 	FileOptions_PyGenericServices_field_fullname         protoreflect.FullName = "google.protobuf.FileOptions.py_generic_services"
-	FileOptions_PhpGenericServices_field_fullname        protoreflect.FullName = "google.protobuf.FileOptions.php_generic_services"
 	FileOptions_Deprecated_field_fullname                protoreflect.FullName = "google.protobuf.FileOptions.deprecated"
 	FileOptions_CcEnableArenas_field_fullname            protoreflect.FullName = "google.protobuf.FileOptions.cc_enable_arenas"
 	FileOptions_ObjcClassPrefix_field_fullname           protoreflect.FullName = "google.protobuf.FileOptions.objc_class_prefix"
@@ -523,7 +572,6 @@ const (
 	FileOptions_CcGenericServices_field_number         protoreflect.FieldNumber = 16
 	FileOptions_JavaGenericServices_field_number       protoreflect.FieldNumber = 17
 	FileOptions_PyGenericServices_field_number         protoreflect.FieldNumber = 18
-	FileOptions_PhpGenericServices_field_number        protoreflect.FieldNumber = 42
 	FileOptions_Deprecated_field_number                protoreflect.FieldNumber = 23
 	FileOptions_CcEnableArenas_field_number            protoreflect.FieldNumber = 31
 	FileOptions_ObjcClassPrefix_field_number           protoreflect.FieldNumber = 36
@@ -543,6 +591,13 @@ const (
 	FileOptions_OptimizeMode_enum_name     = "OptimizeMode"
 )
 
+// Enum values for google.protobuf.FileOptions.OptimizeMode.
+const (
+	FileOptions_SPEED_enum_value        = 1
+	FileOptions_CODE_SIZE_enum_value    = 2
+	FileOptions_LITE_RUNTIME_enum_value = 3
+)
+
 // Names for google.protobuf.MessageOptions.
 const (
 	MessageOptions_message_name     protoreflect.Name     = "MessageOptions"
@@ -599,6 +654,7 @@ const (
 	FieldOptions_Targets_field_name             protoreflect.Name = "targets"
 	FieldOptions_EditionDefaults_field_name     protoreflect.Name = "edition_defaults"
 	FieldOptions_Features_field_name            protoreflect.Name = "features"
+	FieldOptions_FeatureSupport_field_name      protoreflect.Name = "feature_support"
 	FieldOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option"
 
 	FieldOptions_Ctype_field_fullname               protoreflect.FullName = "google.protobuf.FieldOptions.ctype"
@@ -613,6 +669,7 @@ const (
 	FieldOptions_Targets_field_fullname             protoreflect.FullName = "google.protobuf.FieldOptions.targets"
 	FieldOptions_EditionDefaults_field_fullname     protoreflect.FullName = "google.protobuf.FieldOptions.edition_defaults"
 	FieldOptions_Features_field_fullname            protoreflect.FullName = "google.protobuf.FieldOptions.features"
+	FieldOptions_FeatureSupport_field_fullname      protoreflect.FullName = "google.protobuf.FieldOptions.feature_support"
 	FieldOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.uninterpreted_option"
 )
 
@@ -630,6 +687,7 @@ const (
 	FieldOptions_Targets_field_number             protoreflect.FieldNumber = 19
 	FieldOptions_EditionDefaults_field_number     protoreflect.FieldNumber = 20
 	FieldOptions_Features_field_number            protoreflect.FieldNumber = 21
+	FieldOptions_FeatureSupport_field_number      protoreflect.FieldNumber = 22
 	FieldOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999
 )
 
@@ -639,24 +697,59 @@ const (
 	FieldOptions_CType_enum_name     = "CType"
 )
 
+// Enum values for google.protobuf.FieldOptions.CType.
+const (
+	FieldOptions_STRING_enum_value       = 0
+	FieldOptions_CORD_enum_value         = 1
+	FieldOptions_STRING_PIECE_enum_value = 2
+)
+
 // Full and short names for google.protobuf.FieldOptions.JSType.
 const (
 	FieldOptions_JSType_enum_fullname = "google.protobuf.FieldOptions.JSType"
 	FieldOptions_JSType_enum_name     = "JSType"
 )
 
+// Enum values for google.protobuf.FieldOptions.JSType.
+const (
+	FieldOptions_JS_NORMAL_enum_value = 0
+	FieldOptions_JS_STRING_enum_value = 1
+	FieldOptions_JS_NUMBER_enum_value = 2
+)
+
 // Full and short names for google.protobuf.FieldOptions.OptionRetention.
 const (
 	FieldOptions_OptionRetention_enum_fullname = "google.protobuf.FieldOptions.OptionRetention"
 	FieldOptions_OptionRetention_enum_name     = "OptionRetention"
 )
 
+// Enum values for google.protobuf.FieldOptions.OptionRetention.
+const (
+	FieldOptions_RETENTION_UNKNOWN_enum_value = 0
+	FieldOptions_RETENTION_RUNTIME_enum_value = 1
+	FieldOptions_RETENTION_SOURCE_enum_value  = 2
+)
+
 // Full and short names for google.protobuf.FieldOptions.OptionTargetType.
 const (
 	FieldOptions_OptionTargetType_enum_fullname = "google.protobuf.FieldOptions.OptionTargetType"
 	FieldOptions_OptionTargetType_enum_name     = "OptionTargetType"
 )
 
+// Enum values for google.protobuf.FieldOptions.OptionTargetType.
+const (
+	FieldOptions_TARGET_TYPE_UNKNOWN_enum_value         = 0
+	FieldOptions_TARGET_TYPE_FILE_enum_value            = 1
+	FieldOptions_TARGET_TYPE_EXTENSION_RANGE_enum_value = 2
+	FieldOptions_TARGET_TYPE_MESSAGE_enum_value         = 3
+	FieldOptions_TARGET_TYPE_FIELD_enum_value           = 4
+	FieldOptions_TARGET_TYPE_ONEOF_enum_value           = 5
+	FieldOptions_TARGET_TYPE_ENUM_enum_value            = 6
+	FieldOptions_TARGET_TYPE_ENUM_ENTRY_enum_value      = 7
+	FieldOptions_TARGET_TYPE_SERVICE_enum_value         = 8
+	FieldOptions_TARGET_TYPE_METHOD_enum_value          = 9
+)
+
 // Names for google.protobuf.FieldOptions.EditionDefault.
 const (
 	FieldOptions_EditionDefault_message_name     protoreflect.Name     = "EditionDefault"
@@ -678,6 +771,33 @@ const (
 	FieldOptions_EditionDefault_Value_field_number   protoreflect.FieldNumber = 2
 )
 
+// Names for google.protobuf.FieldOptions.FeatureSupport.
+const (
+	FieldOptions_FeatureSupport_message_name     protoreflect.Name     = "FeatureSupport"
+	FieldOptions_FeatureSupport_message_fullname protoreflect.FullName = "google.protobuf.FieldOptions.FeatureSupport"
+)
+
+// Field names for google.protobuf.FieldOptions.FeatureSupport.
+const (
+	FieldOptions_FeatureSupport_EditionIntroduced_field_name  protoreflect.Name = "edition_introduced"
+	FieldOptions_FeatureSupport_EditionDeprecated_field_name  protoreflect.Name = "edition_deprecated"
+	FieldOptions_FeatureSupport_DeprecationWarning_field_name protoreflect.Name = "deprecation_warning"
+	FieldOptions_FeatureSupport_EditionRemoved_field_name     protoreflect.Name = "edition_removed"
+
+	FieldOptions_FeatureSupport_EditionIntroduced_field_fullname  protoreflect.FullName = "google.protobuf.FieldOptions.FeatureSupport.edition_introduced"
+	FieldOptions_FeatureSupport_EditionDeprecated_field_fullname  protoreflect.FullName = "google.protobuf.FieldOptions.FeatureSupport.edition_deprecated"
+	FieldOptions_FeatureSupport_DeprecationWarning_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.FeatureSupport.deprecation_warning"
+	FieldOptions_FeatureSupport_EditionRemoved_field_fullname     protoreflect.FullName = "google.protobuf.FieldOptions.FeatureSupport.edition_removed"
+)
+
+// Field numbers for google.protobuf.FieldOptions.FeatureSupport.
+const (
+	FieldOptions_FeatureSupport_EditionIntroduced_field_number  protoreflect.FieldNumber = 1
+	FieldOptions_FeatureSupport_EditionDeprecated_field_number  protoreflect.FieldNumber = 2
+	FieldOptions_FeatureSupport_DeprecationWarning_field_number protoreflect.FieldNumber = 3
+	FieldOptions_FeatureSupport_EditionRemoved_field_number     protoreflect.FieldNumber = 4
+)
+
 // Names for google.protobuf.OneofOptions.
 const (
 	OneofOptions_message_name     protoreflect.Name     = "OneofOptions"
@@ -740,11 +860,13 @@ const (
 	EnumValueOptions_Deprecated_field_name          protoreflect.Name = "deprecated"
 	EnumValueOptions_Features_field_name            protoreflect.Name = "features"
 	EnumValueOptions_DebugRedact_field_name         protoreflect.Name = "debug_redact"
+	EnumValueOptions_FeatureSupport_field_name      protoreflect.Name = "feature_support"
 	EnumValueOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option"
 
 	EnumValueOptions_Deprecated_field_fullname          protoreflect.FullName = "google.protobuf.EnumValueOptions.deprecated"
 	EnumValueOptions_Features_field_fullname            protoreflect.FullName = "google.protobuf.EnumValueOptions.features"
 	EnumValueOptions_DebugRedact_field_fullname         protoreflect.FullName = "google.protobuf.EnumValueOptions.debug_redact"
+	EnumValueOptions_FeatureSupport_field_fullname      protoreflect.FullName = "google.protobuf.EnumValueOptions.feature_support"
 	EnumValueOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.EnumValueOptions.uninterpreted_option"
 )
 
@@ -753,6 +875,7 @@ const (
 	EnumValueOptions_Deprecated_field_number          protoreflect.FieldNumber = 1
 	EnumValueOptions_Features_field_number            protoreflect.FieldNumber = 2
 	EnumValueOptions_DebugRedact_field_number         protoreflect.FieldNumber = 3
+	EnumValueOptions_FeatureSupport_field_number      protoreflect.FieldNumber = 4
 	EnumValueOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999
 )
 
@@ -813,6 +936,13 @@ const (
 	MethodOptions_IdempotencyLevel_enum_name     = "IdempotencyLevel"
 )
 
+// Enum values for google.protobuf.MethodOptions.IdempotencyLevel.
+const (
+	MethodOptions_IDEMPOTENCY_UNKNOWN_enum_value = 0
+	MethodOptions_NO_SIDE_EFFECTS_enum_value     = 1
+	MethodOptions_IDEMPOTENT_enum_value          = 2
+)
+
 // Names for google.protobuf.UninterpretedOption.
 const (
 	UninterpretedOption_message_name     protoreflect.Name     = "UninterpretedOption"
@@ -909,36 +1039,79 @@ const (
 	FeatureSet_FieldPresence_enum_name     = "FieldPresence"
 )
 
+// Enum values for google.protobuf.FeatureSet.FieldPresence.
+const (
+	FeatureSet_FIELD_PRESENCE_UNKNOWN_enum_value = 0
+	FeatureSet_EXPLICIT_enum_value               = 1
+	FeatureSet_IMPLICIT_enum_value               = 2
+	FeatureSet_LEGACY_REQUIRED_enum_value        = 3
+)
+
 // Full and short names for google.protobuf.FeatureSet.EnumType.
 const (
 	FeatureSet_EnumType_enum_fullname = "google.protobuf.FeatureSet.EnumType"
 	FeatureSet_EnumType_enum_name     = "EnumType"
 )
 
+// Enum values for google.protobuf.FeatureSet.EnumType.
+const (
+	FeatureSet_ENUM_TYPE_UNKNOWN_enum_value = 0
+	FeatureSet_OPEN_enum_value              = 1
+	FeatureSet_CLOSED_enum_value            = 2
+)
+
 // Full and short names for google.protobuf.FeatureSet.RepeatedFieldEncoding.
 const (
 	FeatureSet_RepeatedFieldEncoding_enum_fullname = "google.protobuf.FeatureSet.RepeatedFieldEncoding"
 	FeatureSet_RepeatedFieldEncoding_enum_name     = "RepeatedFieldEncoding"
 )
 
+// Enum values for google.protobuf.FeatureSet.RepeatedFieldEncoding.
+const (
+	FeatureSet_REPEATED_FIELD_ENCODING_UNKNOWN_enum_value = 0
+	FeatureSet_PACKED_enum_value                          = 1
+	FeatureSet_EXPANDED_enum_value                        = 2
+)
+
 // Full and short names for google.protobuf.FeatureSet.Utf8Validation.
 const (
 	FeatureSet_Utf8Validation_enum_fullname = "google.protobuf.FeatureSet.Utf8Validation"
 	FeatureSet_Utf8Validation_enum_name     = "Utf8Validation"
 )
 
+// Enum values for google.protobuf.FeatureSet.Utf8Validation.
+const (
+	FeatureSet_UTF8_VALIDATION_UNKNOWN_enum_value = 0
+	FeatureSet_VERIFY_enum_value                  = 2
+	FeatureSet_NONE_enum_value                    = 3
+)
+
 // Full and short names for google.protobuf.FeatureSet.MessageEncoding.
 const (
 	FeatureSet_MessageEncoding_enum_fullname = "google.protobuf.FeatureSet.MessageEncoding"
 	FeatureSet_MessageEncoding_enum_name     = "MessageEncoding"
 )
 
+// Enum values for google.protobuf.FeatureSet.MessageEncoding.
+const (
+	FeatureSet_MESSAGE_ENCODING_UNKNOWN_enum_value = 0
+	FeatureSet_LENGTH_PREFIXED_enum_value          = 1
+	FeatureSet_DELIMITED_enum_value                = 2
+)
+
 // Full and short names for google.protobuf.FeatureSet.JsonFormat.
 const (
 	FeatureSet_JsonFormat_enum_fullname = "google.protobuf.FeatureSet.JsonFormat"
 	FeatureSet_JsonFormat_enum_name     = "JsonFormat"
 )
 
+// Enum values for google.protobuf.FeatureSet.JsonFormat.
+const (
+	FeatureSet_JSON_FORMAT_UNKNOWN_enum_value = 0
+	FeatureSet_ALLOW_enum_value               = 1
+	FeatureSet_LEGACY_BEST_EFFORT_enum_value  = 2
+)
+
 // Names for google.protobuf.FeatureSetDefaults.
 const (
 	FeatureSetDefaults_message_name     protoreflect.Name     = "FeatureSetDefaults"
@@ -971,17 +1144,20 @@ const (
 
 // Field names for google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.
 const (
-	FeatureSetDefaults_FeatureSetEditionDefault_Edition_field_name  protoreflect.Name = "edition"
-	FeatureSetDefaults_FeatureSetEditionDefault_Features_field_name protoreflect.Name = "features"
+	FeatureSetDefaults_FeatureSetEditionDefault_Edition_field_name             protoreflect.Name = "edition"
+	FeatureSetDefaults_FeatureSetEditionDefault_OverridableFeatures_field_name protoreflect.Name = "overridable_features"
+	FeatureSetDefaults_FeatureSetEditionDefault_FixedFeatures_field_name       protoreflect.Name = "fixed_features"
 
-	FeatureSetDefaults_FeatureSetEditionDefault_Edition_field_fullname  protoreflect.FullName = "google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.edition"
-	FeatureSetDefaults_FeatureSetEditionDefault_Features_field_fullname protoreflect.FullName = "google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.features"
+	FeatureSetDefaults_FeatureSetEditionDefault_Edition_field_fullname             protoreflect.FullName = "google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.edition"
+	FeatureSetDefaults_FeatureSetEditionDefault_OverridableFeatures_field_fullname protoreflect.FullName = "google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.overridable_features"
+	FeatureSetDefaults_FeatureSetEditionDefault_FixedFeatures_field_fullname       protoreflect.FullName = "google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.fixed_features"
 )
 
 // Field numbers for google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.
 const (
-	FeatureSetDefaults_FeatureSetEditionDefault_Edition_field_number  protoreflect.FieldNumber = 3
-	FeatureSetDefaults_FeatureSetEditionDefault_Features_field_number protoreflect.FieldNumber = 2
+	FeatureSetDefaults_FeatureSetEditionDefault_Edition_field_number             protoreflect.FieldNumber = 3
+	FeatureSetDefaults_FeatureSetEditionDefault_OverridableFeatures_field_number protoreflect.FieldNumber = 4
+	FeatureSetDefaults_FeatureSetEditionDefault_FixedFeatures_field_number       protoreflect.FieldNumber = 5
 )
 
 // Names for google.protobuf.SourceCodeInfo.
@@ -1085,3 +1261,10 @@ const (
 	GeneratedCodeInfo_Annotation_Semantic_enum_fullname = "google.protobuf.GeneratedCodeInfo.Annotation.Semantic"
 	GeneratedCodeInfo_Annotation_Semantic_enum_name     = "Semantic"
 )
+
+// Enum values for google.protobuf.GeneratedCodeInfo.Annotation.Semantic.
+const (
+	GeneratedCodeInfo_Annotation_NONE_enum_value  = 0
+	GeneratedCodeInfo_Annotation_SET_enum_value   = 1
+	GeneratedCodeInfo_Annotation_ALIAS_enum_value = 2
+)
diff --git a/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go b/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go
new file mode 100644
index 0000000000..9a652a2b42
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go
@@ -0,0 +1,31 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Code generated by generate-protos. DO NOT EDIT.
+
+package genid
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+)
+
+const File_google_protobuf_go_features_proto = "google/protobuf/go_features.proto"
+
+// Names for google.protobuf.GoFeatures.
+const (
+	GoFeatures_message_name     protoreflect.Name     = "GoFeatures"
+	GoFeatures_message_fullname protoreflect.FullName = "google.protobuf.GoFeatures"
+)
+
+// Field names for google.protobuf.GoFeatures.
+const (
+	GoFeatures_LegacyUnmarshalJsonEnum_field_name protoreflect.Name = "legacy_unmarshal_json_enum"
+
+	GoFeatures_LegacyUnmarshalJsonEnum_field_fullname protoreflect.FullName = "google.protobuf.GoFeatures.legacy_unmarshal_json_enum"
+)
+
+// Field numbers for google.protobuf.GoFeatures.
+const (
+	GoFeatures_LegacyUnmarshalJsonEnum_field_number protoreflect.FieldNumber = 1
+)
diff --git a/vendor/google.golang.org/protobuf/internal/genid/struct_gen.go b/vendor/google.golang.org/protobuf/internal/genid/struct_gen.go
index 1a38944b26..ad6f80c460 100644
--- a/vendor/google.golang.org/protobuf/internal/genid/struct_gen.go
+++ b/vendor/google.golang.org/protobuf/internal/genid/struct_gen.go
@@ -18,6 +18,11 @@ const (
 	NullValue_enum_name     = "NullValue"
 )
 
+// Enum values for google.protobuf.NullValue.
+const (
+	NullValue_NULL_VALUE_enum_value = 0
+)
+
 // Names for google.protobuf.Struct.
 const (
 	Struct_message_name     protoreflect.Name     = "Struct"
diff --git a/vendor/google.golang.org/protobuf/internal/genid/type_gen.go b/vendor/google.golang.org/protobuf/internal/genid/type_gen.go
index e0f75fea0a..49bc73e259 100644
--- a/vendor/google.golang.org/protobuf/internal/genid/type_gen.go
+++ b/vendor/google.golang.org/protobuf/internal/genid/type_gen.go
@@ -18,6 +18,13 @@ const (
 	Syntax_enum_name     = "Syntax"
 )
 
+// Enum values for google.protobuf.Syntax.
+const (
+	Syntax_SYNTAX_PROTO2_enum_value   = 0
+	Syntax_SYNTAX_PROTO3_enum_value   = 1
+	Syntax_SYNTAX_EDITIONS_enum_value = 2
+)
+
 // Names for google.protobuf.Type.
 const (
 	Type_message_name     protoreflect.Name     = "Type"
@@ -105,12 +112,43 @@ const (
 	Field_Kind_enum_name     = "Kind"
 )
 
+// Enum values for google.protobuf.Field.Kind.
+const (
+	Field_TYPE_UNKNOWN_enum_value  = 0
+	Field_TYPE_DOUBLE_enum_value   = 1
+	Field_TYPE_FLOAT_enum_value    = 2
+	Field_TYPE_INT64_enum_value    = 3
+	Field_TYPE_UINT64_enum_value   = 4
+	Field_TYPE_INT32_enum_value    = 5
+	Field_TYPE_FIXED64_enum_value  = 6
+	Field_TYPE_FIXED32_enum_value  = 7
+	Field_TYPE_BOOL_enum_value     = 8
+	Field_TYPE_STRING_enum_value   = 9
+	Field_TYPE_GROUP_enum_value    = 10
+	Field_TYPE_MESSAGE_enum_value  = 11
+	Field_TYPE_BYTES_enum_value    = 12
+	Field_TYPE_UINT32_enum_value   = 13
+	Field_TYPE_ENUM_enum_value     = 14
+	Field_TYPE_SFIXED32_enum_value = 15
+	Field_TYPE_SFIXED64_enum_value = 16
+	Field_TYPE_SINT32_enum_value   = 17
+	Field_TYPE_SINT64_enum_value   = 18
+)
+
 // Full and short names for google.protobuf.Field.Cardinality.
 const (
 	Field_Cardinality_enum_fullname = "google.protobuf.Field.Cardinality"
 	Field_Cardinality_enum_name     = "Cardinality"
 )
 
+// Enum values for google.protobuf.Field.Cardinality.
+const (
+	Field_CARDINALITY_UNKNOWN_enum_value  = 0
+	Field_CARDINALITY_OPTIONAL_enum_value = 1
+	Field_CARDINALITY_REQUIRED_enum_value = 2
+	Field_CARDINALITY_REPEATED_enum_value = 3
+)
+
 // Names for google.protobuf.Enum.
 const (
 	Enum_message_name     protoreflect.Name     = "Enum"
diff --git a/vendor/google.golang.org/protobuf/internal/impl/api_export.go b/vendor/google.golang.org/protobuf/internal/impl/api_export.go
index a371f98de1..5d5771c2ed 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/api_export.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/api_export.go
@@ -22,13 +22,13 @@ type Export struct{}
 
 // NewError formats a string according to the format specifier and arguments and
 // returns an error that has a "proto" prefix.
-func (Export) NewError(f string, x ...interface{}) error {
+func (Export) NewError(f string, x ...any) error {
 	return errors.New(f, x...)
 }
 
 // enum is any enum type generated by protoc-gen-go
 // and must be a named int32 type.
-type enum = interface{}
+type enum = any
 
 // EnumOf returns the protoreflect.Enum interface over e.
 // It returns nil if e is nil.
@@ -81,7 +81,7 @@ func (Export) EnumStringOf(ed protoreflect.EnumDescriptor, n protoreflect.EnumNu
 
 // message is any message type generated by protoc-gen-go
 // and must be a pointer to a named struct type.
-type message = interface{}
+type message = any
 
 // legacyMessageWrapper wraps a v2 message as a v1 message.
 type legacyMessageWrapper struct{ m protoreflect.ProtoMessage }
diff --git a/vendor/google.golang.org/protobuf/internal/impl/checkinit.go b/vendor/google.golang.org/protobuf/internal/impl/checkinit.go
index bff041edc9..f29e6a8fa8 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/checkinit.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/checkinit.go
@@ -68,7 +68,7 @@ func (mi *MessageInfo) isInitExtensions(ext *map[int32]ExtensionField) error {
 	}
 	for _, x := range *ext {
 		ei := getExtensionFieldInfo(x.Type())
-		if ei.funcs.isInit == nil {
+		if ei.funcs.isInit == nil || x.isUnexpandedLazy() {
 			continue
 		}
 		v := x.Value()
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go b/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go
index e74cefdc50..4bb0a7a20c 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go
@@ -21,26 +21,18 @@ type extensionFieldInfo struct {
 	validation          validationInfo
 }
 
-var legacyExtensionFieldInfoCache sync.Map // map[protoreflect.ExtensionType]*extensionFieldInfo
-
 func getExtensionFieldInfo(xt protoreflect.ExtensionType) *extensionFieldInfo {
 	if xi, ok := xt.(*ExtensionInfo); ok {
 		xi.lazyInit()
 		return xi.info
 	}
-	return legacyLoadExtensionFieldInfo(xt)
-}
-
-// legacyLoadExtensionFieldInfo dynamically loads a *ExtensionInfo for xt.
-func legacyLoadExtensionFieldInfo(xt protoreflect.ExtensionType) *extensionFieldInfo {
-	if xi, ok := legacyExtensionFieldInfoCache.Load(xt); ok {
-		return xi.(*extensionFieldInfo)
-	}
-	e := makeExtensionFieldInfo(xt.TypeDescriptor())
-	if e, ok := legacyMessageTypeCache.LoadOrStore(xt, e); ok {
-		return e.(*extensionFieldInfo)
-	}
-	return e
+	// Ideally we'd cache the resulting *extensionFieldInfo so we don't have to
+	// recompute this metadata repeatedly. But without support for something like
+	// weak references, such a cache would pin temporary values (like dynamic
+	// extension types, constructed for the duration of a user request) to the
+	// heap forever, causing memory usage of the cache to grow unbounded.
+	// See discussion in https://github.com/golang/protobuf/issues/1521.
+	return makeExtensionFieldInfo(xt.TypeDescriptor())
 }
 
 func makeExtensionFieldInfo(xd protoreflect.ExtensionDescriptor) *extensionFieldInfo {
@@ -107,6 +99,28 @@ func (f *ExtensionField) canLazy(xt protoreflect.ExtensionType) bool {
 	return false
 }
 
+// isUnexpandedLazy returns true if the ExensionField is lazy and not
+// yet expanded, which means it's present and already checked for
+// initialized required fields.
+func (f *ExtensionField) isUnexpandedLazy() bool {
+	return f.lazy != nil && atomic.LoadUint32(&f.lazy.atomicOnce) == 0
+}
+
+// lazyBuffer retrieves the buffer for a lazy extension if it's not yet expanded.
+//
+// The returned buffer has to be kept over whatever operation we're planning,
+// as re-retrieving it will fail after the message is lazily decoded.
+func (f *ExtensionField) lazyBuffer() []byte {
+	// This function might be in the critical path, so check the atomic without
+	// taking a look first, then only take the lock if needed.
+	if !f.isUnexpandedLazy() {
+		return nil
+	}
+	f.lazy.mu.Lock()
+	defer f.lazy.mu.Unlock()
+	return f.lazy.b
+}
+
 func (f *ExtensionField) lazyInit() {
 	f.lazy.mu.Lock()
 	defer f.lazy.mu.Unlock()
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_field.go b/vendor/google.golang.org/protobuf/internal/impl/codec_field.go
index 3fadd241e1..78ee47e44b 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/codec_field.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/codec_field.go
@@ -233,9 +233,15 @@ func sizeMessageInfo(p pointer, f *coderFieldInfo, opts marshalOptions) int {
 }
 
 func appendMessageInfo(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) {
+	calculatedSize := f.mi.sizePointer(p.Elem(), opts)
 	b = protowire.AppendVarint(b, f.wiretag)
-	b = protowire.AppendVarint(b, uint64(f.mi.sizePointer(p.Elem(), opts)))
-	return f.mi.marshalAppendPointer(b, p.Elem(), opts)
+	b = protowire.AppendVarint(b, uint64(calculatedSize))
+	before := len(b)
+	b, err := f.mi.marshalAppendPointer(b, p.Elem(), opts)
+	if measuredSize := len(b) - before; calculatedSize != measuredSize && err == nil {
+		return nil, errors.MismatchedSizeCalculation(calculatedSize, measuredSize)
+	}
+	return b, err
 }
 
 func consumeMessageInfo(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) {
@@ -262,14 +268,21 @@ func isInitMessageInfo(p pointer, f *coderFieldInfo) error {
 	return f.mi.checkInitializedPointer(p.Elem())
 }
 
-func sizeMessage(m proto.Message, tagsize int, _ marshalOptions) int {
-	return protowire.SizeBytes(proto.Size(m)) + tagsize
+func sizeMessage(m proto.Message, tagsize int, opts marshalOptions) int {
+	return protowire.SizeBytes(opts.Options().Size(m)) + tagsize
 }
 
 func appendMessage(b []byte, m proto.Message, wiretag uint64, opts marshalOptions) ([]byte, error) {
+	mopts := opts.Options()
+	calculatedSize := mopts.Size(m)
 	b = protowire.AppendVarint(b, wiretag)
-	b = protowire.AppendVarint(b, uint64(proto.Size(m)))
-	return opts.Options().MarshalAppend(b, m)
+	b = protowire.AppendVarint(b, uint64(calculatedSize))
+	before := len(b)
+	b, err := mopts.MarshalAppend(b, m)
+	if measuredSize := len(b) - before; calculatedSize != measuredSize && err == nil {
+		return nil, errors.MismatchedSizeCalculation(calculatedSize, measuredSize)
+	}
+	return b, err
 }
 
 func consumeMessage(b []byte, m proto.Message, wtyp protowire.Type, opts unmarshalOptions) (out unmarshalOutput, err error) {
@@ -405,8 +418,8 @@ func consumeGroupType(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInf
 	return f.mi.unmarshalPointer(b, p.Elem(), f.num, opts)
 }
 
-func sizeGroup(m proto.Message, tagsize int, _ marshalOptions) int {
-	return 2*tagsize + proto.Size(m)
+func sizeGroup(m proto.Message, tagsize int, opts marshalOptions) int {
+	return 2*tagsize + opts.Options().Size(m)
 }
 
 func appendGroup(b []byte, m proto.Message, wiretag uint64, opts marshalOptions) ([]byte, error) {
@@ -482,10 +495,14 @@ func appendMessageSliceInfo(b []byte, p pointer, f *coderFieldInfo, opts marshal
 		b = protowire.AppendVarint(b, f.wiretag)
 		siz := f.mi.sizePointer(v, opts)
 		b = protowire.AppendVarint(b, uint64(siz))
+		before := len(b)
 		b, err = f.mi.marshalAppendPointer(b, v, opts)
 		if err != nil {
 			return b, err
 		}
+		if measuredSize := len(b) - before; siz != measuredSize {
+			return nil, errors.MismatchedSizeCalculation(siz, measuredSize)
+		}
 	}
 	return b, nil
 }
@@ -520,28 +537,34 @@ func isInitMessageSliceInfo(p pointer, f *coderFieldInfo) error {
 	return nil
 }
 
-func sizeMessageSlice(p pointer, goType reflect.Type, tagsize int, _ marshalOptions) int {
+func sizeMessageSlice(p pointer, goType reflect.Type, tagsize int, opts marshalOptions) int {
+	mopts := opts.Options()
 	s := p.PointerSlice()
 	n := 0
 	for _, v := range s {
 		m := asMessage(v.AsValueOf(goType.Elem()))
-		n += protowire.SizeBytes(proto.Size(m)) + tagsize
+		n += protowire.SizeBytes(mopts.Size(m)) + tagsize
 	}
 	return n
 }
 
 func appendMessageSlice(b []byte, p pointer, wiretag uint64, goType reflect.Type, opts marshalOptions) ([]byte, error) {
+	mopts := opts.Options()
 	s := p.PointerSlice()
 	var err error
 	for _, v := range s {
 		m := asMessage(v.AsValueOf(goType.Elem()))
 		b = protowire.AppendVarint(b, wiretag)
-		siz := proto.Size(m)
+		siz := mopts.Size(m)
 		b = protowire.AppendVarint(b, uint64(siz))
-		b, err = opts.Options().MarshalAppend(b, m)
+		before := len(b)
+		b, err = mopts.MarshalAppend(b, m)
 		if err != nil {
 			return b, err
 		}
+		if measuredSize := len(b) - before; siz != measuredSize {
+			return nil, errors.MismatchedSizeCalculation(siz, measuredSize)
+		}
 	}
 	return b, nil
 }
@@ -582,11 +605,12 @@ func isInitMessageSlice(p pointer, goType reflect.Type) error {
 // Slices of messages
 
 func sizeMessageSliceValue(listv protoreflect.Value, tagsize int, opts marshalOptions) int {
+	mopts := opts.Options()
 	list := listv.List()
 	n := 0
 	for i, llen := 0, list.Len(); i < llen; i++ {
 		m := list.Get(i).Message().Interface()
-		n += protowire.SizeBytes(proto.Size(m)) + tagsize
+		n += protowire.SizeBytes(mopts.Size(m)) + tagsize
 	}
 	return n
 }
@@ -597,13 +621,17 @@ func appendMessageSliceValue(b []byte, listv protoreflect.Value, wiretag uint64,
 	for i, llen := 0, list.Len(); i < llen; i++ {
 		m := list.Get(i).Message().Interface()
 		b = protowire.AppendVarint(b, wiretag)
-		siz := proto.Size(m)
+		siz := mopts.Size(m)
 		b = protowire.AppendVarint(b, uint64(siz))
+		before := len(b)
 		var err error
 		b, err = mopts.MarshalAppend(b, m)
 		if err != nil {
 			return b, err
 		}
+		if measuredSize := len(b) - before; siz != measuredSize {
+			return nil, errors.MismatchedSizeCalculation(siz, measuredSize)
+		}
 	}
 	return b, nil
 }
@@ -651,11 +679,12 @@ var coderMessageSliceValue = valueCoderFuncs{
 }
 
 func sizeGroupSliceValue(listv protoreflect.Value, tagsize int, opts marshalOptions) int {
+	mopts := opts.Options()
 	list := listv.List()
 	n := 0
 	for i, llen := 0, list.Len(); i < llen; i++ {
 		m := list.Get(i).Message().Interface()
-		n += 2*tagsize + proto.Size(m)
+		n += 2*tagsize + mopts.Size(m)
 	}
 	return n
 }
@@ -738,12 +767,13 @@ func makeGroupSliceFieldCoder(fd protoreflect.FieldDescriptor, ft reflect.Type)
 	}
 }
 
-func sizeGroupSlice(p pointer, messageType reflect.Type, tagsize int, _ marshalOptions) int {
+func sizeGroupSlice(p pointer, messageType reflect.Type, tagsize int, opts marshalOptions) int {
+	mopts := opts.Options()
 	s := p.PointerSlice()
 	n := 0
 	for _, v := range s {
 		m := asMessage(v.AsValueOf(messageType.Elem()))
-		n += 2*tagsize + proto.Size(m)
+		n += 2*tagsize + mopts.Size(m)
 	}
 	return n
 }
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_map.go b/vendor/google.golang.org/protobuf/internal/impl/codec_map.go
index 111b9d16f9..fb35f0bae9 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/codec_map.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/codec_map.go
@@ -9,6 +9,7 @@ import (
 	"sort"
 
 	"google.golang.org/protobuf/encoding/protowire"
+	"google.golang.org/protobuf/internal/errors"
 	"google.golang.org/protobuf/internal/genid"
 	"google.golang.org/protobuf/reflect/protoreflect"
 )
@@ -240,11 +241,16 @@ func appendMapItem(b []byte, keyrv, valrv reflect.Value, mapi *mapInfo, f *coder
 		size += mapi.keyFuncs.size(key.Value(), mapKeyTagSize, opts)
 		size += mapi.valFuncs.size(val, mapValTagSize, opts)
 		b = protowire.AppendVarint(b, uint64(size))
+		before := len(b)
 		b, err := mapi.keyFuncs.marshal(b, key.Value(), mapi.keyWiretag, opts)
 		if err != nil {
 			return nil, err
 		}
-		return mapi.valFuncs.marshal(b, val, mapi.valWiretag, opts)
+		b, err = mapi.valFuncs.marshal(b, val, mapi.valWiretag, opts)
+		if measuredSize := len(b) - before; size != measuredSize && err == nil {
+			return nil, errors.MismatchedSizeCalculation(size, measuredSize)
+		}
+		return b, err
 	} else {
 		key := mapi.conv.keyConv.PBValueOf(keyrv).MapKey()
 		val := pointerOfValue(valrv)
@@ -259,7 +265,12 @@ func appendMapItem(b []byte, keyrv, valrv reflect.Value, mapi *mapInfo, f *coder
 		}
 		b = protowire.AppendVarint(b, mapi.valWiretag)
 		b = protowire.AppendVarint(b, uint64(valSize))
-		return f.mi.marshalAppendPointer(b, val, opts)
+		before := len(b)
+		b, err = f.mi.marshalAppendPointer(b, val, opts)
+		if measuredSize := len(b) - before; valSize != measuredSize && err == nil {
+			return nil, errors.MismatchedSizeCalculation(valSize, measuredSize)
+		}
+		return b, err
 	}
 }
 
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_messageset.go b/vendor/google.golang.org/protobuf/internal/impl/codec_messageset.go
index b7a23faf1e..7a16ec13dd 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/codec_messageset.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/codec_messageset.go
@@ -26,6 +26,15 @@ func sizeMessageSet(mi *MessageInfo, p pointer, opts marshalOptions) (size int)
 		}
 		num, _ := protowire.DecodeTag(xi.wiretag)
 		size += messageset.SizeField(num)
+		if fullyLazyExtensions(opts) {
+			// Don't expand the extension, instead use the buffer to calculate size
+			if lb := x.lazyBuffer(); lb != nil {
+				// We got hold of the buffer, so it's still lazy.
+				// Don't count the tag size in the extension buffer, it's already added.
+				size += protowire.SizeTag(messageset.FieldMessage) + len(lb) - xi.tagsize
+				continue
+			}
+		}
 		size += xi.funcs.size(x.Value(), protowire.SizeTag(messageset.FieldMessage), opts)
 	}
 
@@ -85,6 +94,19 @@ func marshalMessageSetField(mi *MessageInfo, b []byte, x ExtensionField, opts ma
 	xi := getExtensionFieldInfo(x.Type())
 	num, _ := protowire.DecodeTag(xi.wiretag)
 	b = messageset.AppendFieldStart(b, num)
+
+	if fullyLazyExtensions(opts) {
+		// Don't expand the extension if it's still in wire format, instead use the buffer content.
+		if lb := x.lazyBuffer(); lb != nil {
+			// The tag inside the lazy buffer is a different tag (the extension
+			// number), but what we need here is the tag for FieldMessage:
+			b = protowire.AppendVarint(b, protowire.EncodeTag(messageset.FieldMessage, protowire.BytesType))
+			b = append(b, lb[xi.tagsize:]...)
+			b = messageset.AppendFieldEnd(b)
+			return b, nil
+		}
+	}
+
 	b, err := xi.funcs.marshal(b, x.Value(), protowire.EncodeTag(messageset.FieldMessage, protowire.BytesType), opts)
 	if err != nil {
 		return b, err
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_tables.go b/vendor/google.golang.org/protobuf/internal/impl/codec_tables.go
index 576dcf3aac..13077751e2 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/codec_tables.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/codec_tables.go
@@ -197,7 +197,7 @@ func fieldCoder(fd protoreflect.FieldDescriptor, ft reflect.Type) (*MessageInfo,
 		return getMessageInfo(ft), makeMessageFieldCoder(fd, ft)
 	case fd.Kind() == protoreflect.GroupKind:
 		return getMessageInfo(ft), makeGroupFieldCoder(fd, ft)
-	case fd.Syntax() == protoreflect.Proto3 && fd.ContainingOneof() == nil:
+	case !fd.HasPresence() && fd.ContainingOneof() == nil:
 		// Populated oneof fields always encode even if set to the zero value,
 		// which normally are not encoded in proto3.
 		switch fd.Kind() {
diff --git a/vendor/google.golang.org/protobuf/internal/impl/convert.go b/vendor/google.golang.org/protobuf/internal/impl/convert.go
index 185ef2efa5..e06ece55a2 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/convert.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/convert.go
@@ -14,7 +14,7 @@ import (
 // unwrapper unwraps the value to the underlying value.
 // This is implemented by List and Map.
 type unwrapper interface {
-	protoUnwrap() interface{}
+	protoUnwrap() any
 }
 
 // A Converter coverts to/from Go reflect.Value types and protobuf protoreflect.Value types.
diff --git a/vendor/google.golang.org/protobuf/internal/impl/convert_list.go b/vendor/google.golang.org/protobuf/internal/impl/convert_list.go
index f89136516f..18cb96fd70 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/convert_list.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/convert_list.go
@@ -136,6 +136,6 @@ func (ls *listReflect) NewElement() protoreflect.Value {
 func (ls *listReflect) IsValid() bool {
 	return !ls.v.IsNil()
 }
-func (ls *listReflect) protoUnwrap() interface{} {
+func (ls *listReflect) protoUnwrap() any {
 	return ls.v.Interface()
 }
diff --git a/vendor/google.golang.org/protobuf/internal/impl/convert_map.go b/vendor/google.golang.org/protobuf/internal/impl/convert_map.go
index f30b0a0576..304244a651 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/convert_map.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/convert_map.go
@@ -116,6 +116,6 @@ func (ms *mapReflect) NewValue() protoreflect.Value {
 func (ms *mapReflect) IsValid() bool {
 	return !ms.v.IsNil()
 }
-func (ms *mapReflect) protoUnwrap() interface{} {
+func (ms *mapReflect) protoUnwrap() any {
 	return ms.v.Interface()
 }
diff --git a/vendor/google.golang.org/protobuf/internal/impl/encode.go b/vendor/google.golang.org/protobuf/internal/impl/encode.go
index 845c67d6e7..febd212247 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/encode.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/encode.go
@@ -49,8 +49,11 @@ func (mi *MessageInfo) sizePointer(p pointer, opts marshalOptions) (size int) {
 		return 0
 	}
 	if opts.UseCachedSize() && mi.sizecacheOffset.IsValid() {
-		if size := atomic.LoadInt32(p.Apply(mi.sizecacheOffset).Int32()); size >= 0 {
-			return int(size)
+		// The size cache contains the size + 1, to allow the
+		// zero value to be invalid, while also allowing for a
+		// 0 size to be cached.
+		if size := atomic.LoadInt32(p.Apply(mi.sizecacheOffset).Int32()); size > 0 {
+			return int(size - 1)
 		}
 	}
 	return mi.sizePointerSlow(p, opts)
@@ -60,7 +63,7 @@ func (mi *MessageInfo) sizePointerSlow(p pointer, opts marshalOptions) (size int
 	if flags.ProtoLegacy && mi.isMessageSet {
 		size = sizeMessageSet(mi, p, opts)
 		if mi.sizecacheOffset.IsValid() {
-			atomic.StoreInt32(p.Apply(mi.sizecacheOffset).Int32(), int32(size))
+			atomic.StoreInt32(p.Apply(mi.sizecacheOffset).Int32(), int32(size+1))
 		}
 		return size
 	}
@@ -84,13 +87,16 @@ func (mi *MessageInfo) sizePointerSlow(p pointer, opts marshalOptions) (size int
 		}
 	}
 	if mi.sizecacheOffset.IsValid() {
-		if size > math.MaxInt32 {
+		if size > (math.MaxInt32 - 1) {
 			// The size is too large for the int32 sizecache field.
 			// We will need to recompute the size when encoding;
 			// unfortunately expensive, but better than invalid output.
-			atomic.StoreInt32(p.Apply(mi.sizecacheOffset).Int32(), -1)
+			atomic.StoreInt32(p.Apply(mi.sizecacheOffset).Int32(), 0)
 		} else {
-			atomic.StoreInt32(p.Apply(mi.sizecacheOffset).Int32(), int32(size))
+			// The size cache contains the size + 1, to allow the
+			// zero value to be invalid, while also allowing for a
+			// 0 size to be cached.
+			atomic.StoreInt32(p.Apply(mi.sizecacheOffset).Int32(), int32(size+1))
 		}
 	}
 	return size
@@ -149,6 +155,14 @@ func (mi *MessageInfo) marshalAppendPointer(b []byte, p pointer, opts marshalOpt
 	return b, nil
 }
 
+// fullyLazyExtensions returns true if we should attempt to keep extensions lazy over size and marshal.
+func fullyLazyExtensions(opts marshalOptions) bool {
+	// When deterministic marshaling is requested, force an unmarshal for lazy
+	// extensions to produce a deterministic result, instead of passing through
+	// bytes lazily that may or may not match what Go Protobuf would produce.
+	return opts.flags&piface.MarshalDeterministic == 0
+}
+
 func (mi *MessageInfo) sizeExtensions(ext *map[int32]ExtensionField, opts marshalOptions) (n int) {
 	if ext == nil {
 		return 0
@@ -158,6 +172,14 @@ func (mi *MessageInfo) sizeExtensions(ext *map[int32]ExtensionField, opts marsha
 		if xi.funcs.size == nil {
 			continue
 		}
+		if fullyLazyExtensions(opts) {
+			// Don't expand the extension, instead use the buffer to calculate size
+			if lb := x.lazyBuffer(); lb != nil {
+				// We got hold of the buffer, so it's still lazy.
+				n += len(lb)
+				continue
+			}
+		}
 		n += xi.funcs.size(x.Value(), xi.tagsize, opts)
 	}
 	return n
@@ -176,6 +198,13 @@ func (mi *MessageInfo) appendExtensions(b []byte, ext *map[int32]ExtensionField,
 		var err error
 		for _, x := range *ext {
 			xi := getExtensionFieldInfo(x.Type())
+			if fullyLazyExtensions(opts) {
+				// Don't expand the extension if it's still in wire format, instead use the buffer content.
+				if lb := x.lazyBuffer(); lb != nil {
+					b = append(b, lb...)
+					continue
+				}
+			}
 			b, err = xi.funcs.marshal(b, x.Value(), xi.wiretag, opts)
 		}
 		return b, err
@@ -191,6 +220,13 @@ func (mi *MessageInfo) appendExtensions(b []byte, ext *map[int32]ExtensionField,
 		for _, k := range keys {
 			x := (*ext)[int32(k)]
 			xi := getExtensionFieldInfo(x.Type())
+			if fullyLazyExtensions(opts) {
+				// Don't expand the extension if it's still in wire format, instead use the buffer content.
+				if lb := x.lazyBuffer(); lb != nil {
+					b = append(b, lb...)
+					continue
+				}
+			}
 			b, err = xi.funcs.marshal(b, x.Value(), xi.wiretag, opts)
 			if err != nil {
 				return b, err
diff --git a/vendor/google.golang.org/protobuf/internal/impl/extension.go b/vendor/google.golang.org/protobuf/internal/impl/extension.go
index cb25b0bae1..e31249f64f 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/extension.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/extension.go
@@ -53,7 +53,7 @@ type ExtensionInfo struct {
 	// type returned by InterfaceOf may not be identical.
 	//
 	// Deprecated: Use InterfaceOf(xt.Zero()) instead.
-	ExtensionType interface{}
+	ExtensionType any
 
 	// Field is the field number of the extension.
 	//
@@ -95,16 +95,16 @@ func (xi *ExtensionInfo) New() protoreflect.Value {
 func (xi *ExtensionInfo) Zero() protoreflect.Value {
 	return xi.lazyInit().Zero()
 }
-func (xi *ExtensionInfo) ValueOf(v interface{}) protoreflect.Value {
+func (xi *ExtensionInfo) ValueOf(v any) protoreflect.Value {
 	return xi.lazyInit().PBValueOf(reflect.ValueOf(v))
 }
-func (xi *ExtensionInfo) InterfaceOf(v protoreflect.Value) interface{} {
+func (xi *ExtensionInfo) InterfaceOf(v protoreflect.Value) any {
 	return xi.lazyInit().GoValueOf(v).Interface()
 }
 func (xi *ExtensionInfo) IsValidValue(v protoreflect.Value) bool {
 	return xi.lazyInit().IsValidPB(v)
 }
-func (xi *ExtensionInfo) IsValidInterface(v interface{}) bool {
+func (xi *ExtensionInfo) IsValidInterface(v any) bool {
 	return xi.lazyInit().IsValidGo(reflect.ValueOf(v))
 }
 func (xi *ExtensionInfo) TypeDescriptor() protoreflect.ExtensionTypeDescriptor {
diff --git a/vendor/google.golang.org/protobuf/internal/impl/legacy_enum.go b/vendor/google.golang.org/protobuf/internal/impl/legacy_enum.go
index c2a803bb2f..81b2b1a763 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/legacy_enum.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/legacy_enum.go
@@ -97,7 +97,7 @@ func (e *legacyEnumWrapper) Number() protoreflect.EnumNumber {
 func (e *legacyEnumWrapper) ProtoReflect() protoreflect.Enum {
 	return e
 }
-func (e *legacyEnumWrapper) protoUnwrap() interface{} {
+func (e *legacyEnumWrapper) protoUnwrap() any {
 	v := reflect.New(e.goTyp).Elem()
 	v.SetInt(int64(e.num))
 	return v.Interface()
@@ -167,6 +167,7 @@ func aberrantLoadEnumDesc(t reflect.Type) protoreflect.EnumDescriptor {
 	ed := &filedesc.Enum{L2: new(filedesc.EnumL2)}
 	ed.L0.FullName = AberrantDeriveFullName(t) // e.g., github_com.user.repo.MyEnum
 	ed.L0.ParentFile = filedesc.SurrogateProto3
+	ed.L1.EditionFeatures = ed.L0.ParentFile.L1.EditionFeatures
 	ed.L2.Values.List = append(ed.L2.Values.List, filedesc.EnumValue{})
 
 	// TODO: Use the presence of a UnmarshalJSON method to determine proto2?
diff --git a/vendor/google.golang.org/protobuf/internal/impl/legacy_extension.go b/vendor/google.golang.org/protobuf/internal/impl/legacy_extension.go
index 87b30d0504..6e8677ee63 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/legacy_extension.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/legacy_extension.go
@@ -118,7 +118,7 @@ func (xi *ExtensionInfo) initFromLegacy() {
 	xd.L1.Number = protoreflect.FieldNumber(xi.Field)
 	xd.L1.Cardinality = fd.L1.Cardinality
 	xd.L1.Kind = fd.L1.Kind
-	xd.L2.IsPacked = fd.L1.IsPacked
+	xd.L1.EditionFeatures = fd.L1.EditionFeatures
 	xd.L2.Default = fd.L1.Default
 	xd.L1.Extendee = Export{}.MessageDescriptorOf(xi.ExtendedType)
 	xd.L2.Enum = ed
diff --git a/vendor/google.golang.org/protobuf/internal/impl/legacy_file.go b/vendor/google.golang.org/protobuf/internal/impl/legacy_file.go
index 9ab091086c..b649f1124b 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/legacy_file.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/legacy_file.go
@@ -7,7 +7,7 @@ package impl
 import (
 	"bytes"
 	"compress/gzip"
-	"io/ioutil"
+	"io"
 	"sync"
 
 	"google.golang.org/protobuf/internal/filedesc"
@@ -51,7 +51,7 @@ func legacyLoadFileDesc(b []byte) protoreflect.FileDescriptor {
 	if err != nil {
 		panic(err)
 	}
-	b2, err := ioutil.ReadAll(zr)
+	b2, err := io.ReadAll(zr)
 	if err != nil {
 		panic(err)
 	}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go b/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go
index 2ab2c62978..bf0b6049b4 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go
@@ -204,6 +204,7 @@ func aberrantLoadMessageDescReentrant(t reflect.Type, name protoreflect.FullName
 		}
 	}
 
+	md.L1.EditionFeatures = md.L0.ParentFile.L1.EditionFeatures
 	// Obtain a list of oneof wrapper types.
 	var oneofWrappers []reflect.Type
 	methods := make([]reflect.Method, 0, 2)
@@ -215,7 +216,7 @@ func aberrantLoadMessageDescReentrant(t reflect.Type, name protoreflect.FullName
 	}
 	for _, fn := range methods {
 		for _, v := range fn.Func.Call([]reflect.Value{reflect.Zero(fn.Type.In(0))}) {
-			if vs, ok := v.Interface().([]interface{}); ok {
+			if vs, ok := v.Interface().([]any); ok {
 				for _, v := range vs {
 					oneofWrappers = append(oneofWrappers, reflect.TypeOf(v))
 				}
@@ -250,6 +251,7 @@ func aberrantLoadMessageDescReentrant(t reflect.Type, name protoreflect.FullName
 			od := &md.L2.Oneofs.List[n]
 			od.L0.FullName = md.FullName().Append(protoreflect.Name(tag))
 			od.L0.ParentFile = md.L0.ParentFile
+			od.L1.EditionFeatures = md.L1.EditionFeatures
 			od.L0.Parent = md
 			od.L0.Index = n
 
@@ -260,6 +262,7 @@ func aberrantLoadMessageDescReentrant(t reflect.Type, name protoreflect.FullName
 						aberrantAppendField(md, f.Type, tag, "", "")
 						fd := &md.L2.Fields.List[len(md.L2.Fields.List)-1]
 						fd.L1.ContainingOneof = od
+						fd.L1.EditionFeatures = od.L1.EditionFeatures
 						od.L1.Fields.List = append(od.L1.Fields.List, fd)
 					}
 				}
@@ -307,14 +310,14 @@ func aberrantAppendField(md *filedesc.Message, goType reflect.Type, tag, tagKey,
 	fd.L0.Parent = md
 	fd.L0.Index = n
 
-	if fd.L1.IsWeak || fd.L1.HasPacked {
+	if fd.L1.IsWeak || fd.L1.EditionFeatures.IsPacked {
 		fd.L1.Options = func() protoreflect.ProtoMessage {
 			opts := descopts.Field.ProtoReflect().New()
 			if fd.L1.IsWeak {
 				opts.Set(opts.Descriptor().Fields().ByName("weak"), protoreflect.ValueOfBool(true))
 			}
-			if fd.L1.HasPacked {
-				opts.Set(opts.Descriptor().Fields().ByName("packed"), protoreflect.ValueOfBool(fd.L1.IsPacked))
+			if fd.L1.EditionFeatures.IsPacked {
+				opts.Set(opts.Descriptor().Fields().ByName("packed"), protoreflect.ValueOfBool(fd.L1.EditionFeatures.IsPacked))
 			}
 			return opts.Interface()
 		}
@@ -344,6 +347,7 @@ func aberrantAppendField(md *filedesc.Message, goType reflect.Type, tag, tagKey,
 				md2.L0.ParentFile = md.L0.ParentFile
 				md2.L0.Parent = md
 				md2.L0.Index = n
+				md2.L1.EditionFeatures = md.L1.EditionFeatures
 
 				md2.L1.IsMapEntry = true
 				md2.L2.Options = func() protoreflect.ProtoMessage {
@@ -563,6 +567,6 @@ func (m aberrantMessage) IsValid() bool {
 func (m aberrantMessage) ProtoMethods() *protoiface.Methods {
 	return aberrantProtoMethods
 }
-func (m aberrantMessage) protoUnwrap() interface{} {
+func (m aberrantMessage) protoUnwrap() any {
 	return m.v.Interface()
 }
diff --git a/vendor/google.golang.org/protobuf/internal/impl/message.go b/vendor/google.golang.org/protobuf/internal/impl/message.go
index 629bacdced..019399d454 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/message.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/message.go
@@ -35,7 +35,7 @@ type MessageInfo struct {
 	Exporter exporter
 
 	// OneofWrappers is list of pointers to oneof wrapper struct types.
-	OneofWrappers []interface{}
+	OneofWrappers []any
 
 	initMu   sync.Mutex // protects all unexported fields
 	initDone uint32
@@ -47,7 +47,7 @@ type MessageInfo struct {
 // exporter is a function that returns a reference to the ith field of v,
 // where v is a pointer to a struct. It returns nil if it does not support
 // exporting the requested field (e.g., already exported).
-type exporter func(v interface{}, i int) interface{}
+type exporter func(v any, i int) any
 
 // getMessageInfo returns the MessageInfo for any message type that
 // is generated by our implementation of protoc-gen-go (for v2 and on).
@@ -201,7 +201,7 @@ fieldLoop:
 	}
 	for _, fn := range methods {
 		for _, v := range fn.Func.Call([]reflect.Value{reflect.Zero(fn.Type.In(0))}) {
-			if vs, ok := v.Interface().([]interface{}); ok {
+			if vs, ok := v.Interface().([]any); ok {
 				oneofWrappers = vs
 			}
 		}
@@ -256,7 +256,7 @@ func (mi *MessageInfo) Message(i int) protoreflect.MessageType {
 
 type mapEntryType struct {
 	desc    protoreflect.MessageDescriptor
-	valType interface{} // zero value of enum or message type
+	valType any // zero value of enum or message type
 }
 
 func (mt mapEntryType) New() protoreflect.Message {
diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go
index d9ea010bef..ecb4623d70 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go
@@ -20,7 +20,7 @@ type reflectMessageInfo struct {
 	// fieldTypes contains the zero value of an enum or message field.
 	// For lists, it contains the element type.
 	// For maps, it contains the entry value type.
-	fieldTypes map[protoreflect.FieldNumber]interface{}
+	fieldTypes map[protoreflect.FieldNumber]any
 
 	// denseFields is a subset of fields where:
 	//	0 < fieldDesc.Number() < len(denseFields)
@@ -28,7 +28,7 @@ type reflectMessageInfo struct {
 	denseFields []*fieldInfo
 
 	// rangeInfos is a list of all fields (not belonging to a oneof) and oneofs.
-	rangeInfos []interface{} // either *fieldInfo or *oneofInfo
+	rangeInfos []any // either *fieldInfo or *oneofInfo
 
 	getUnknown   func(pointer) protoreflect.RawFields
 	setUnknown   func(pointer, protoreflect.RawFields)
@@ -224,7 +224,7 @@ func (mi *MessageInfo) makeFieldTypes(si structInfo) {
 		}
 		if ft != nil {
 			if mi.fieldTypes == nil {
-				mi.fieldTypes = make(map[protoreflect.FieldNumber]interface{})
+				mi.fieldTypes = make(map[protoreflect.FieldNumber]any)
 			}
 			mi.fieldTypes[fd.Number()] = reflect.Zero(ft).Interface()
 		}
@@ -247,39 +247,39 @@ func (m *extensionMap) Range(f func(protoreflect.FieldDescriptor, protoreflect.V
 		}
 	}
 }
-func (m *extensionMap) Has(xt protoreflect.ExtensionType) (ok bool) {
+func (m *extensionMap) Has(xd protoreflect.ExtensionTypeDescriptor) (ok bool) {
 	if m == nil {
 		return false
 	}
-	xd := xt.TypeDescriptor()
 	x, ok := (*m)[int32(xd.Number())]
 	if !ok {
 		return false
 	}
+	if x.isUnexpandedLazy() {
+		// Avoid calling x.Value(), which triggers a lazy unmarshal.
+		return true
+	}
 	switch {
 	case xd.IsList():
 		return x.Value().List().Len() > 0
 	case xd.IsMap():
 		return x.Value().Map().Len() > 0
-	case xd.Message() != nil:
-		return x.Value().Message().IsValid()
 	}
 	return true
 }
-func (m *extensionMap) Clear(xt protoreflect.ExtensionType) {
-	delete(*m, int32(xt.TypeDescriptor().Number()))
+func (m *extensionMap) Clear(xd protoreflect.ExtensionTypeDescriptor) {
+	delete(*m, int32(xd.Number()))
 }
-func (m *extensionMap) Get(xt protoreflect.ExtensionType) protoreflect.Value {
-	xd := xt.TypeDescriptor()
+func (m *extensionMap) Get(xd protoreflect.ExtensionTypeDescriptor) protoreflect.Value {
 	if m != nil {
 		if x, ok := (*m)[int32(xd.Number())]; ok {
 			return x.Value()
 		}
 	}
-	return xt.Zero()
+	return xd.Type().Zero()
 }
-func (m *extensionMap) Set(xt protoreflect.ExtensionType, v protoreflect.Value) {
-	xd := xt.TypeDescriptor()
+func (m *extensionMap) Set(xd protoreflect.ExtensionTypeDescriptor, v protoreflect.Value) {
+	xt := xd.Type()
 	isValid := true
 	switch {
 	case !xt.IsValidValue(v):
@@ -292,7 +292,7 @@ func (m *extensionMap) Set(xt protoreflect.ExtensionType, v protoreflect.Value)
 		isValid = v.Message().IsValid()
 	}
 	if !isValid {
-		panic(fmt.Sprintf("%v: assigning invalid value", xt.TypeDescriptor().FullName()))
+		panic(fmt.Sprintf("%v: assigning invalid value", xd.FullName()))
 	}
 
 	if *m == nil {
@@ -302,16 +302,15 @@ func (m *extensionMap) Set(xt protoreflect.ExtensionType, v protoreflect.Value)
 	x.Set(xt, v)
 	(*m)[int32(xd.Number())] = x
 }
-func (m *extensionMap) Mutable(xt protoreflect.ExtensionType) protoreflect.Value {
-	xd := xt.TypeDescriptor()
+func (m *extensionMap) Mutable(xd protoreflect.ExtensionTypeDescriptor) protoreflect.Value {
 	if xd.Kind() != protoreflect.MessageKind && xd.Kind() != protoreflect.GroupKind && !xd.IsList() && !xd.IsMap() {
 		panic("invalid Mutable on field with non-composite type")
 	}
 	if x, ok := (*m)[int32(xd.Number())]; ok {
 		return x.Value()
 	}
-	v := xt.New()
-	m.Set(xt, v)
+	v := xd.Type().New()
+	m.Set(xd, v)
 	return v
 }
 
@@ -394,7 +393,7 @@ var (
 // MessageOf returns a reflective view over a message. The input must be a
 // pointer to a named Go struct. If the provided type has a ProtoReflect method,
 // it must be implemented by calling this method.
-func (mi *MessageInfo) MessageOf(m interface{}) protoreflect.Message {
+func (mi *MessageInfo) MessageOf(m any) protoreflect.Message {
 	if reflect.TypeOf(m) != mi.GoReflectType {
 		panic(fmt.Sprintf("type mismatch: got %T, want %v", m, mi.GoReflectType))
 	}
@@ -422,13 +421,13 @@ func (m *messageIfaceWrapper) Reset() {
 func (m *messageIfaceWrapper) ProtoReflect() protoreflect.Message {
 	return (*messageReflectWrapper)(m)
 }
-func (m *messageIfaceWrapper) protoUnwrap() interface{} {
+func (m *messageIfaceWrapper) protoUnwrap() any {
 	return m.p.AsIfaceOf(m.mi.GoReflectType.Elem())
 }
 
 // checkField verifies that the provided field descriptor is valid.
 // Exactly one of the returned values is populated.
-func (mi *MessageInfo) checkField(fd protoreflect.FieldDescriptor) (*fieldInfo, protoreflect.ExtensionType) {
+func (mi *MessageInfo) checkField(fd protoreflect.FieldDescriptor) (*fieldInfo, protoreflect.ExtensionTypeDescriptor) {
 	var fi *fieldInfo
 	if n := fd.Number(); 0 < n && int(n) < len(mi.denseFields) {
 		fi = mi.denseFields[n]
@@ -457,7 +456,7 @@ func (mi *MessageInfo) checkField(fd protoreflect.FieldDescriptor) (*fieldInfo,
 		if !ok {
 			panic(fmt.Sprintf("extension %v does not implement protoreflect.ExtensionTypeDescriptor", fd.FullName()))
 		}
-		return nil, xtd.Type()
+		return nil, xtd
 	}
 	panic(fmt.Sprintf("field %v is invalid", fd.FullName()))
 }
diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go
index 5e736c60ef..986322b195 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go
@@ -538,6 +538,6 @@ func isZero(v reflect.Value) bool {
 		}
 		return true
 	default:
-		panic(&reflect.ValueError{"reflect.Value.IsZero", v.Kind()})
+		panic(&reflect.ValueError{Method: "reflect.Value.IsZero", Kind: v.Kind()})
 	}
 }
diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_gen.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_gen.go
index 741d6e5b6b..99dc23c6f0 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_gen.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_gen.go
@@ -23,12 +23,13 @@ func (m *messageState) New() protoreflect.Message {
 func (m *messageState) Interface() protoreflect.ProtoMessage {
 	return m.protoUnwrap().(protoreflect.ProtoMessage)
 }
-func (m *messageState) protoUnwrap() interface{} {
+func (m *messageState) protoUnwrap() any {
 	return m.pointer().AsIfaceOf(m.messageInfo().GoReflectType.Elem())
 }
 func (m *messageState) ProtoMethods() *protoiface.Methods {
-	m.messageInfo().init()
-	return &m.messageInfo().methods
+	mi := m.messageInfo()
+	mi.init()
+	return &mi.methods
 }
 
 // ProtoMessageInfo is a pseudo-internal API for allowing the v1 code
@@ -41,8 +42,9 @@ func (m *messageState) ProtoMessageInfo() *MessageInfo {
 }
 
 func (m *messageState) Range(f func(protoreflect.FieldDescriptor, protoreflect.Value) bool) {
-	m.messageInfo().init()
-	for _, ri := range m.messageInfo().rangeInfos {
+	mi := m.messageInfo()
+	mi.init()
+	for _, ri := range mi.rangeInfos {
 		switch ri := ri.(type) {
 		case *fieldInfo:
 			if ri.has(m.pointer()) {
@@ -52,77 +54,86 @@ func (m *messageState) Range(f func(protoreflect.FieldDescriptor, protoreflect.V
 			}
 		case *oneofInfo:
 			if n := ri.which(m.pointer()); n > 0 {
-				fi := m.messageInfo().fields[n]
+				fi := mi.fields[n]
 				if !f(fi.fieldDesc, fi.get(m.pointer())) {
 					return
 				}
 			}
 		}
 	}
-	m.messageInfo().extensionMap(m.pointer()).Range(f)
+	mi.extensionMap(m.pointer()).Range(f)
 }
 func (m *messageState) Has(fd protoreflect.FieldDescriptor) bool {
-	m.messageInfo().init()
-	if fi, xt := m.messageInfo().checkField(fd); fi != nil {
+	mi := m.messageInfo()
+	mi.init()
+	if fi, xd := mi.checkField(fd); fi != nil {
 		return fi.has(m.pointer())
 	} else {
-		return m.messageInfo().extensionMap(m.pointer()).Has(xt)
+		return mi.extensionMap(m.pointer()).Has(xd)
 	}
 }
 func (m *messageState) Clear(fd protoreflect.FieldDescriptor) {
-	m.messageInfo().init()
-	if fi, xt := m.messageInfo().checkField(fd); fi != nil {
+	mi := m.messageInfo()
+	mi.init()
+	if fi, xd := mi.checkField(fd); fi != nil {
 		fi.clear(m.pointer())
 	} else {
-		m.messageInfo().extensionMap(m.pointer()).Clear(xt)
+		mi.extensionMap(m.pointer()).Clear(xd)
 	}
 }
 func (m *messageState) Get(fd protoreflect.FieldDescriptor) protoreflect.Value {
-	m.messageInfo().init()
-	if fi, xt := m.messageInfo().checkField(fd); fi != nil {
+	mi := m.messageInfo()
+	mi.init()
+	if fi, xd := mi.checkField(fd); fi != nil {
 		return fi.get(m.pointer())
 	} else {
-		return m.messageInfo().extensionMap(m.pointer()).Get(xt)
+		return mi.extensionMap(m.pointer()).Get(xd)
 	}
 }
 func (m *messageState) Set(fd protoreflect.FieldDescriptor, v protoreflect.Value) {
-	m.messageInfo().init()
-	if fi, xt := m.messageInfo().checkField(fd); fi != nil {
+	mi := m.messageInfo()
+	mi.init()
+	if fi, xd := mi.checkField(fd); fi != nil {
 		fi.set(m.pointer(), v)
 	} else {
-		m.messageInfo().extensionMap(m.pointer()).Set(xt, v)
+		mi.extensionMap(m.pointer()).Set(xd, v)
 	}
 }
 func (m *messageState) Mutable(fd protoreflect.FieldDescriptor) protoreflect.Value {
-	m.messageInfo().init()
-	if fi, xt := m.messageInfo().checkField(fd); fi != nil {
+	mi := m.messageInfo()
+	mi.init()
+	if fi, xd := mi.checkField(fd); fi != nil {
 		return fi.mutable(m.pointer())
 	} else {
-		return m.messageInfo().extensionMap(m.pointer()).Mutable(xt)
+		return mi.extensionMap(m.pointer()).Mutable(xd)
 	}
 }
 func (m *messageState) NewField(fd protoreflect.FieldDescriptor) protoreflect.Value {
-	m.messageInfo().init()
-	if fi, xt := m.messageInfo().checkField(fd); fi != nil {
+	mi := m.messageInfo()
+	mi.init()
+	if fi, xd := mi.checkField(fd); fi != nil {
 		return fi.newField()
 	} else {
-		return xt.New()
+		return xd.Type().New()
 	}
 }
 func (m *messageState) WhichOneof(od protoreflect.OneofDescriptor) protoreflect.FieldDescriptor {
-	m.messageInfo().init()
-	if oi := m.messageInfo().oneofs[od.Name()]; oi != nil && oi.oneofDesc == od {
+	mi := m.messageInfo()
+	mi.init()
+	if oi := mi.oneofs[od.Name()]; oi != nil && oi.oneofDesc == od {
 		return od.Fields().ByNumber(oi.which(m.pointer()))
 	}
 	panic("invalid oneof descriptor " + string(od.FullName()) + " for message " + string(m.Descriptor().FullName()))
 }
 func (m *messageState) GetUnknown() protoreflect.RawFields {
-	m.messageInfo().init()
-	return m.messageInfo().getUnknown(m.pointer())
+	mi := m.messageInfo()
+	mi.init()
+	return mi.getUnknown(m.pointer())
 }
 func (m *messageState) SetUnknown(b protoreflect.RawFields) {
-	m.messageInfo().init()
-	m.messageInfo().setUnknown(m.pointer(), b)
+	mi := m.messageInfo()
+	mi.init()
+	mi.setUnknown(m.pointer(), b)
 }
 func (m *messageState) IsValid() bool {
 	return !m.pointer().IsNil()
@@ -143,12 +154,13 @@ func (m *messageReflectWrapper) Interface() protoreflect.ProtoMessage {
 	}
 	return (*messageIfaceWrapper)(m)
 }
-func (m *messageReflectWrapper) protoUnwrap() interface{} {
+func (m *messageReflectWrapper) protoUnwrap() any {
 	return m.pointer().AsIfaceOf(m.messageInfo().GoReflectType.Elem())
 }
 func (m *messageReflectWrapper) ProtoMethods() *protoiface.Methods {
-	m.messageInfo().init()
-	return &m.messageInfo().methods
+	mi := m.messageInfo()
+	mi.init()
+	return &mi.methods
 }
 
 // ProtoMessageInfo is a pseudo-internal API for allowing the v1 code
@@ -161,8 +173,9 @@ func (m *messageReflectWrapper) ProtoMessageInfo() *MessageInfo {
 }
 
 func (m *messageReflectWrapper) Range(f func(protoreflect.FieldDescriptor, protoreflect.Value) bool) {
-	m.messageInfo().init()
-	for _, ri := range m.messageInfo().rangeInfos {
+	mi := m.messageInfo()
+	mi.init()
+	for _, ri := range mi.rangeInfos {
 		switch ri := ri.(type) {
 		case *fieldInfo:
 			if ri.has(m.pointer()) {
@@ -172,77 +185,86 @@ func (m *messageReflectWrapper) Range(f func(protoreflect.FieldDescriptor, proto
 			}
 		case *oneofInfo:
 			if n := ri.which(m.pointer()); n > 0 {
-				fi := m.messageInfo().fields[n]
+				fi := mi.fields[n]
 				if !f(fi.fieldDesc, fi.get(m.pointer())) {
 					return
 				}
 			}
 		}
 	}
-	m.messageInfo().extensionMap(m.pointer()).Range(f)
+	mi.extensionMap(m.pointer()).Range(f)
 }
 func (m *messageReflectWrapper) Has(fd protoreflect.FieldDescriptor) bool {
-	m.messageInfo().init()
-	if fi, xt := m.messageInfo().checkField(fd); fi != nil {
+	mi := m.messageInfo()
+	mi.init()
+	if fi, xd := mi.checkField(fd); fi != nil {
 		return fi.has(m.pointer())
 	} else {
-		return m.messageInfo().extensionMap(m.pointer()).Has(xt)
+		return mi.extensionMap(m.pointer()).Has(xd)
 	}
 }
 func (m *messageReflectWrapper) Clear(fd protoreflect.FieldDescriptor) {
-	m.messageInfo().init()
-	if fi, xt := m.messageInfo().checkField(fd); fi != nil {
+	mi := m.messageInfo()
+	mi.init()
+	if fi, xd := mi.checkField(fd); fi != nil {
 		fi.clear(m.pointer())
 	} else {
-		m.messageInfo().extensionMap(m.pointer()).Clear(xt)
+		mi.extensionMap(m.pointer()).Clear(xd)
 	}
 }
 func (m *messageReflectWrapper) Get(fd protoreflect.FieldDescriptor) protoreflect.Value {
-	m.messageInfo().init()
-	if fi, xt := m.messageInfo().checkField(fd); fi != nil {
+	mi := m.messageInfo()
+	mi.init()
+	if fi, xd := mi.checkField(fd); fi != nil {
 		return fi.get(m.pointer())
 	} else {
-		return m.messageInfo().extensionMap(m.pointer()).Get(xt)
+		return mi.extensionMap(m.pointer()).Get(xd)
 	}
 }
 func (m *messageReflectWrapper) Set(fd protoreflect.FieldDescriptor, v protoreflect.Value) {
-	m.messageInfo().init()
-	if fi, xt := m.messageInfo().checkField(fd); fi != nil {
+	mi := m.messageInfo()
+	mi.init()
+	if fi, xd := mi.checkField(fd); fi != nil {
 		fi.set(m.pointer(), v)
 	} else {
-		m.messageInfo().extensionMap(m.pointer()).Set(xt, v)
+		mi.extensionMap(m.pointer()).Set(xd, v)
 	}
 }
 func (m *messageReflectWrapper) Mutable(fd protoreflect.FieldDescriptor) protoreflect.Value {
-	m.messageInfo().init()
-	if fi, xt := m.messageInfo().checkField(fd); fi != nil {
+	mi := m.messageInfo()
+	mi.init()
+	if fi, xd := mi.checkField(fd); fi != nil {
 		return fi.mutable(m.pointer())
 	} else {
-		return m.messageInfo().extensionMap(m.pointer()).Mutable(xt)
+		return mi.extensionMap(m.pointer()).Mutable(xd)
 	}
 }
 func (m *messageReflectWrapper) NewField(fd protoreflect.FieldDescriptor) protoreflect.Value {
-	m.messageInfo().init()
-	if fi, xt := m.messageInfo().checkField(fd); fi != nil {
+	mi := m.messageInfo()
+	mi.init()
+	if fi, xd := mi.checkField(fd); fi != nil {
 		return fi.newField()
 	} else {
-		return xt.New()
+		return xd.Type().New()
 	}
 }
 func (m *messageReflectWrapper) WhichOneof(od protoreflect.OneofDescriptor) protoreflect.FieldDescriptor {
-	m.messageInfo().init()
-	if oi := m.messageInfo().oneofs[od.Name()]; oi != nil && oi.oneofDesc == od {
+	mi := m.messageInfo()
+	mi.init()
+	if oi := mi.oneofs[od.Name()]; oi != nil && oi.oneofDesc == od {
 		return od.Fields().ByNumber(oi.which(m.pointer()))
 	}
 	panic("invalid oneof descriptor " + string(od.FullName()) + " for message " + string(m.Descriptor().FullName()))
 }
 func (m *messageReflectWrapper) GetUnknown() protoreflect.RawFields {
-	m.messageInfo().init()
-	return m.messageInfo().getUnknown(m.pointer())
+	mi := m.messageInfo()
+	mi.init()
+	return mi.getUnknown(m.pointer())
 }
 func (m *messageReflectWrapper) SetUnknown(b protoreflect.RawFields) {
-	m.messageInfo().init()
-	m.messageInfo().setUnknown(m.pointer(), b)
+	mi := m.messageInfo()
+	mi.init()
+	mi.setUnknown(m.pointer(), b)
 }
 func (m *messageReflectWrapper) IsValid() bool {
 	return !m.pointer().IsNil()
diff --git a/vendor/google.golang.org/protobuf/internal/impl/pointer_reflect.go b/vendor/google.golang.org/protobuf/internal/impl/pointer_reflect.go
index 517e94434c..da685e8a29 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/pointer_reflect.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/pointer_reflect.go
@@ -16,7 +16,7 @@ import (
 const UnsafeEnabled = false
 
 // Pointer is an opaque pointer type.
-type Pointer interface{}
+type Pointer any
 
 // offset represents the offset to a struct field, accessible from a pointer.
 // The offset is the field index into a struct.
@@ -62,7 +62,7 @@ func pointerOfValue(v reflect.Value) pointer {
 }
 
 // pointerOfIface returns the pointer portion of an interface.
-func pointerOfIface(v interface{}) pointer {
+func pointerOfIface(v any) pointer {
 	return pointer{v: reflect.ValueOf(v)}
 }
 
@@ -93,7 +93,7 @@ func (p pointer) AsValueOf(t reflect.Type) reflect.Value {
 
 // AsIfaceOf treats p as a pointer to an object of type t and returns the value.
 // It is equivalent to p.AsValueOf(t).Interface()
-func (p pointer) AsIfaceOf(t reflect.Type) interface{} {
+func (p pointer) AsIfaceOf(t reflect.Type) any {
 	return p.AsValueOf(t).Interface()
 }
 
diff --git a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go
index 4b020e3116..5f20ca5d8a 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go
@@ -50,7 +50,7 @@ func pointerOfValue(v reflect.Value) pointer {
 }
 
 // pointerOfIface returns the pointer portion of an interface.
-func pointerOfIface(v interface{}) pointer {
+func pointerOfIface(v any) pointer {
 	type ifaceHeader struct {
 		Type unsafe.Pointer
 		Data unsafe.Pointer
@@ -80,7 +80,7 @@ func (p pointer) AsValueOf(t reflect.Type) reflect.Value {
 
 // AsIfaceOf treats p as a pointer to an object of type t and returns the value.
 // It is equivalent to p.AsValueOf(t).Interface()
-func (p pointer) AsIfaceOf(t reflect.Type) interface{} {
+func (p pointer) AsIfaceOf(t reflect.Type) any {
 	// TODO: Use tricky unsafe magic to directly create ifaceHeader.
 	return p.AsValueOf(t).Interface()
 }
diff --git a/vendor/google.golang.org/protobuf/internal/order/range.go b/vendor/google.golang.org/protobuf/internal/order/range.go
index 1665a68e5b..a1f09162d0 100644
--- a/vendor/google.golang.org/protobuf/internal/order/range.go
+++ b/vendor/google.golang.org/protobuf/internal/order/range.go
@@ -18,7 +18,7 @@ type messageField struct {
 }
 
 var messageFieldPool = sync.Pool{
-	New: func() interface{} { return new([]messageField) },
+	New: func() any { return new([]messageField) },
 }
 
 type (
@@ -69,7 +69,7 @@ type mapEntry struct {
 }
 
 var mapEntryPool = sync.Pool{
-	New: func() interface{} { return new([]mapEntry) },
+	New: func() any { return new([]mapEntry) },
 }
 
 type (
diff --git a/vendor/google.golang.org/protobuf/internal/strs/strings.go b/vendor/google.golang.org/protobuf/internal/strs/strings.go
index 0b74e76586..a6e7df2443 100644
--- a/vendor/google.golang.org/protobuf/internal/strs/strings.go
+++ b/vendor/google.golang.org/protobuf/internal/strs/strings.go
@@ -17,7 +17,7 @@ import (
 
 // EnforceUTF8 reports whether to enforce strict UTF-8 validation.
 func EnforceUTF8(fd protoreflect.FieldDescriptor) bool {
-	if flags.ProtoLegacy {
+	if flags.ProtoLegacy || fd.Syntax() == protoreflect.Editions {
 		if fd, ok := fd.(interface{ EnforceUTF8() bool }); ok {
 			return fd.EnforceUTF8()
 		}
diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go
index d8f48faffa..dbbf1f6862 100644
--- a/vendor/google.golang.org/protobuf/internal/version/version.go
+++ b/vendor/google.golang.org/protobuf/internal/version/version.go
@@ -51,8 +51,8 @@ import (
 //  10. Send out the CL for review and submit it.
 const (
 	Major      = 1
-	Minor      = 32
-	Patch      = 0
+	Minor      = 34
+	Patch      = 2
 	PreRelease = ""
 )
 
diff --git a/vendor/google.golang.org/protobuf/proto/decode.go b/vendor/google.golang.org/protobuf/proto/decode.go
index e5b03b5677..d75a6534c1 100644
--- a/vendor/google.golang.org/protobuf/proto/decode.go
+++ b/vendor/google.golang.org/protobuf/proto/decode.go
@@ -51,6 +51,8 @@ type UnmarshalOptions struct {
 
 // Unmarshal parses the wire-format message in b and places the result in m.
 // The provided message must be mutable (e.g., a non-nil pointer to a message).
+//
+// See the [UnmarshalOptions] type if you need more control.
 func Unmarshal(b []byte, m Message) error {
 	_, err := UnmarshalOptions{RecursionLimit: protowire.DefaultRecursionLimit}.unmarshal(b, m.ProtoReflect())
 	return err
diff --git a/vendor/google.golang.org/protobuf/proto/encode.go b/vendor/google.golang.org/protobuf/proto/encode.go
index 4fed202f9f..1f847bcc35 100644
--- a/vendor/google.golang.org/protobuf/proto/encode.go
+++ b/vendor/google.golang.org/protobuf/proto/encode.go
@@ -5,12 +5,17 @@
 package proto
 
 import (
+	"errors"
+	"fmt"
+
 	"google.golang.org/protobuf/encoding/protowire"
 	"google.golang.org/protobuf/internal/encoding/messageset"
 	"google.golang.org/protobuf/internal/order"
 	"google.golang.org/protobuf/internal/pragma"
 	"google.golang.org/protobuf/reflect/protoreflect"
 	"google.golang.org/protobuf/runtime/protoiface"
+
+	protoerrors "google.golang.org/protobuf/internal/errors"
 )
 
 // MarshalOptions configures the marshaler.
@@ -70,7 +75,32 @@ type MarshalOptions struct {
 	UseCachedSize bool
 }
 
+// flags turns the specified MarshalOptions (user-facing) into
+// protoiface.MarshalInputFlags (used internally by the marshaler).
+//
+// See impl.marshalOptions.Options for the inverse operation.
+func (o MarshalOptions) flags() protoiface.MarshalInputFlags {
+	var flags protoiface.MarshalInputFlags
+
+	// Note: o.AllowPartial is always forced to true by MarshalOptions.marshal,
+	// which is why it is not a part of MarshalInputFlags.
+
+	if o.Deterministic {
+		flags |= protoiface.MarshalDeterministic
+	}
+
+	if o.UseCachedSize {
+		flags |= protoiface.MarshalUseCachedSize
+	}
+
+	return flags
+}
+
 // Marshal returns the wire-format encoding of m.
+//
+// This is the most common entry point for encoding a Protobuf message.
+//
+// See the [MarshalOptions] type if you need more control.
 func Marshal(m Message) ([]byte, error) {
 	// Treat nil message interface as an empty message; nothing to output.
 	if m == nil {
@@ -116,6 +146,9 @@ func emptyBytesForMessage(m Message) []byte {
 
 // MarshalAppend appends the wire-format encoding of m to b,
 // returning the result.
+//
+// This is a less common entry point than [Marshal], which is only needed if you
+// need to supply your own buffers for performance reasons.
 func (o MarshalOptions) MarshalAppend(b []byte, m Message) ([]byte, error) {
 	// Treat nil message interface as an empty message; nothing to append.
 	if m == nil {
@@ -145,12 +178,7 @@ func (o MarshalOptions) marshal(b []byte, m protoreflect.Message) (out protoifac
 		in := protoiface.MarshalInput{
 			Message: m,
 			Buf:     b,
-		}
-		if o.Deterministic {
-			in.Flags |= protoiface.MarshalDeterministic
-		}
-		if o.UseCachedSize {
-			in.Flags |= protoiface.MarshalUseCachedSize
+			Flags:   o.flags(),
 		}
 		if methods.Size != nil {
 			sout := methods.Size(protoiface.SizeInput{
@@ -168,6 +196,10 @@ func (o MarshalOptions) marshal(b []byte, m protoreflect.Message) (out protoifac
 		out.Buf, err = o.marshalMessageSlow(b, m)
 	}
 	if err != nil {
+		var mismatch *protoerrors.SizeMismatchError
+		if errors.As(err, &mismatch) {
+			return out, fmt.Errorf("marshaling %s: %v", string(m.Descriptor().FullName()), err)
+		}
 		return out, err
 	}
 	if allowPartial {
diff --git a/vendor/google.golang.org/protobuf/proto/extension.go b/vendor/google.golang.org/protobuf/proto/extension.go
index 17899a3a76..d248f29284 100644
--- a/vendor/google.golang.org/protobuf/proto/extension.go
+++ b/vendor/google.golang.org/protobuf/proto/extension.go
@@ -11,18 +11,21 @@ import (
 // HasExtension reports whether an extension field is populated.
 // It returns false if m is invalid or if xt does not extend m.
 func HasExtension(m Message, xt protoreflect.ExtensionType) bool {
-	// Treat nil message interface as an empty message; no populated fields.
-	if m == nil {
+	// Treat nil message interface or descriptor as an empty message; no populated
+	// fields.
+	if m == nil || xt == nil {
 		return false
 	}
 
 	// As a special-case, we reports invalid or mismatching descriptors
 	// as always not being populated (since they aren't).
-	if xt == nil || m.ProtoReflect().Descriptor() != xt.TypeDescriptor().ContainingMessage() {
+	mr := m.ProtoReflect()
+	xd := xt.TypeDescriptor()
+	if mr.Descriptor() != xd.ContainingMessage() {
 		return false
 	}
 
-	return m.ProtoReflect().Has(xt.TypeDescriptor())
+	return mr.Has(xd)
 }
 
 // ClearExtension clears an extension field such that subsequent
@@ -36,7 +39,7 @@ func ClearExtension(m Message, xt protoreflect.ExtensionType) {
 // If the field is unpopulated, it returns the default value for
 // scalars and an immutable, empty value for lists or messages.
 // It panics if xt does not extend m.
-func GetExtension(m Message, xt protoreflect.ExtensionType) interface{} {
+func GetExtension(m Message, xt protoreflect.ExtensionType) any {
 	// Treat nil message interface as an empty message; return the default.
 	if m == nil {
 		return xt.InterfaceOf(xt.Zero())
@@ -48,7 +51,7 @@ func GetExtension(m Message, xt protoreflect.ExtensionType) interface{} {
 // SetExtension stores the value of an extension field.
 // It panics if m is invalid, xt does not extend m, or if type of v
 // is invalid for the specified extension field.
-func SetExtension(m Message, xt protoreflect.ExtensionType, v interface{}) {
+func SetExtension(m Message, xt protoreflect.ExtensionType, v any) {
 	xd := xt.TypeDescriptor()
 	pv := xt.ValueOf(v)
 
@@ -75,7 +78,7 @@ func SetExtension(m Message, xt protoreflect.ExtensionType, v interface{}) {
 // It returns immediately if f returns false.
 // While iterating, mutating operations may only be performed
 // on the current extension field.
-func RangeExtensions(m Message, f func(protoreflect.ExtensionType, interface{}) bool) {
+func RangeExtensions(m Message, f func(protoreflect.ExtensionType, any) bool) {
 	// Treat nil message interface as an empty message; nothing to range over.
 	if m == nil {
 		return
diff --git a/vendor/google.golang.org/protobuf/proto/messageset.go b/vendor/google.golang.org/protobuf/proto/messageset.go
index 312d5d45c6..575d14831f 100644
--- a/vendor/google.golang.org/protobuf/proto/messageset.go
+++ b/vendor/google.golang.org/protobuf/proto/messageset.go
@@ -47,11 +47,16 @@ func (o MarshalOptions) marshalMessageSet(b []byte, m protoreflect.Message) ([]b
 func (o MarshalOptions) marshalMessageSetField(b []byte, fd protoreflect.FieldDescriptor, value protoreflect.Value) ([]byte, error) {
 	b = messageset.AppendFieldStart(b, fd.Number())
 	b = protowire.AppendTag(b, messageset.FieldMessage, protowire.BytesType)
-	b = protowire.AppendVarint(b, uint64(o.Size(value.Message().Interface())))
+	calculatedSize := o.Size(value.Message().Interface())
+	b = protowire.AppendVarint(b, uint64(calculatedSize))
+	before := len(b)
 	b, err := o.marshalMessage(b, value.Message())
 	if err != nil {
 		return b, err
 	}
+	if measuredSize := len(b) - before; calculatedSize != measuredSize {
+		return nil, errors.MismatchedSizeCalculation(calculatedSize, measuredSize)
+	}
 	b = messageset.AppendFieldEnd(b)
 	return b, nil
 }
diff --git a/vendor/google.golang.org/protobuf/proto/size.go b/vendor/google.golang.org/protobuf/proto/size.go
index f1692b49b6..052fb5ae31 100644
--- a/vendor/google.golang.org/protobuf/proto/size.go
+++ b/vendor/google.golang.org/protobuf/proto/size.go
@@ -34,6 +34,7 @@ func (o MarshalOptions) size(m protoreflect.Message) (size int) {
 	if methods != nil && methods.Size != nil {
 		out := methods.Size(protoiface.SizeInput{
 			Message: m,
+			Flags:   o.flags(),
 		})
 		return out.Size
 	}
@@ -42,6 +43,7 @@ func (o MarshalOptions) size(m protoreflect.Message) (size int) {
 		// This case is mainly used for legacy types with a Marshal method.
 		out, _ := methods.Marshal(protoiface.MarshalInput{
 			Message: m,
+			Flags:   o.flags(),
 		})
 		return len(out.Buf)
 	}
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go b/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go
index baa0cc6218..8fbecb4f58 100644
--- a/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go
@@ -13,6 +13,7 @@
 package protodesc
 
 import (
+	"google.golang.org/protobuf/internal/editionssupport"
 	"google.golang.org/protobuf/internal/errors"
 	"google.golang.org/protobuf/internal/filedesc"
 	"google.golang.org/protobuf/internal/pragma"
@@ -91,15 +92,17 @@ func (o FileOptions) New(fd *descriptorpb.FileDescriptorProto, r Resolver) (prot
 	switch fd.GetSyntax() {
 	case "proto2", "":
 		f.L1.Syntax = protoreflect.Proto2
+		f.L1.Edition = filedesc.EditionProto2
 	case "proto3":
 		f.L1.Syntax = protoreflect.Proto3
+		f.L1.Edition = filedesc.EditionProto3
 	case "editions":
 		f.L1.Syntax = protoreflect.Editions
 		f.L1.Edition = fromEditionProto(fd.GetEdition())
 	default:
 		return nil, errors.New("invalid syntax: %q", fd.GetSyntax())
 	}
-	if f.L1.Syntax == protoreflect.Editions && (fd.GetEdition() < SupportedEditionsMinimum || fd.GetEdition() > SupportedEditionsMaximum) {
+	if f.L1.Syntax == protoreflect.Editions && (fd.GetEdition() < editionssupport.Minimum || fd.GetEdition() > editionssupport.Maximum) {
 		return nil, errors.New("use of edition %v not yet supported by the Go Protobuf runtime", fd.GetEdition())
 	}
 	f.L1.Path = fd.GetName()
@@ -114,9 +117,7 @@ func (o FileOptions) New(fd *descriptorpb.FileDescriptorProto, r Resolver) (prot
 		opts = proto.Clone(opts).(*descriptorpb.FileOptions)
 		f.L2.Options = func() protoreflect.ProtoMessage { return opts }
 	}
-	if f.L1.Syntax == protoreflect.Editions {
-		initFileDescFromFeatureSet(f, fd.GetOptions().GetFeatures())
-	}
+	initFileDescFromFeatureSet(f, fd.GetOptions().GetFeatures())
 
 	f.L2.Imports = make(filedesc.FileImports, len(fd.GetDependency()))
 	for _, i := range fd.GetPublicDependency() {
@@ -219,10 +220,10 @@ func (o FileOptions) New(fd *descriptorpb.FileDescriptorProto, r Resolver) (prot
 	if err := validateEnumDeclarations(f.L1.Enums.List, fd.GetEnumType()); err != nil {
 		return nil, err
 	}
-	if err := validateMessageDeclarations(f.L1.Messages.List, fd.GetMessageType()); err != nil {
+	if err := validateMessageDeclarations(f, f.L1.Messages.List, fd.GetMessageType()); err != nil {
 		return nil, err
 	}
-	if err := validateExtensionDeclarations(f.L1.Extensions.List, fd.GetExtension()); err != nil {
+	if err := validateExtensionDeclarations(f, f.L1.Extensions.List, fd.GetExtension()); err != nil {
 		return nil, err
 	}
 
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go
index aff6fd4900..8561755427 100644
--- a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go
@@ -28,6 +28,7 @@ func (r descsByName) initEnumDeclarations(eds []*descriptorpb.EnumDescriptorProt
 			opts = proto.Clone(opts).(*descriptorpb.EnumOptions)
 			e.L2.Options = func() protoreflect.ProtoMessage { return opts }
 		}
+		e.L1.EditionFeatures = mergeEditionFeatures(parent, ed.GetOptions().GetFeatures())
 		for _, s := range ed.GetReservedName() {
 			e.L2.ReservedNames.List = append(e.L2.ReservedNames.List, protoreflect.Name(s))
 		}
@@ -68,6 +69,7 @@ func (r descsByName) initMessagesDeclarations(mds []*descriptorpb.DescriptorProt
 		if m.L0, err = r.makeBase(m, parent, md.GetName(), i, sb); err != nil {
 			return nil, err
 		}
+		m.L1.EditionFeatures = mergeEditionFeatures(parent, md.GetOptions().GetFeatures())
 		if opts := md.GetOptions(); opts != nil {
 			opts = proto.Clone(opts).(*descriptorpb.MessageOptions)
 			m.L2.Options = func() protoreflect.ProtoMessage { return opts }
@@ -114,6 +116,27 @@ func (r descsByName) initMessagesDeclarations(mds []*descriptorpb.DescriptorProt
 	return ms, nil
 }
 
+// canBePacked returns whether the field can use packed encoding:
+// https://protobuf.dev/programming-guides/encoding/#packed
+func canBePacked(fd *descriptorpb.FieldDescriptorProto) bool {
+	if fd.GetLabel() != descriptorpb.FieldDescriptorProto_LABEL_REPEATED {
+		return false // not a repeated field
+	}
+
+	switch protoreflect.Kind(fd.GetType()) {
+	case protoreflect.MessageKind, protoreflect.GroupKind:
+		return false // not a scalar type field
+
+	case protoreflect.StringKind, protoreflect.BytesKind:
+		// string and bytes can explicitly not be declared as packed,
+		// see https://protobuf.dev/programming-guides/encoding/#packed
+		return false
+
+	default:
+		return true
+	}
+}
+
 func (r descsByName) initFieldsFromDescriptorProto(fds []*descriptorpb.FieldDescriptorProto, parent protoreflect.Descriptor, sb *strs.Builder) (fs []filedesc.Field, err error) {
 	fs = make([]filedesc.Field, len(fds)) // allocate up-front to ensure stable pointers
 	for i, fd := range fds {
@@ -121,13 +144,15 @@ func (r descsByName) initFieldsFromDescriptorProto(fds []*descriptorpb.FieldDesc
 		if f.L0, err = r.makeBase(f, parent, fd.GetName(), i, sb); err != nil {
 			return nil, err
 		}
+		f.L1.EditionFeatures = mergeEditionFeatures(parent, fd.GetOptions().GetFeatures())
 		f.L1.IsProto3Optional = fd.GetProto3Optional()
 		if opts := fd.GetOptions(); opts != nil {
 			opts = proto.Clone(opts).(*descriptorpb.FieldOptions)
 			f.L1.Options = func() protoreflect.ProtoMessage { return opts }
 			f.L1.IsWeak = opts.GetWeak()
-			f.L1.HasPacked = opts.Packed != nil
-			f.L1.IsPacked = opts.GetPacked()
+			if opts.Packed != nil {
+				f.L1.EditionFeatures.IsPacked = opts.GetPacked()
+			}
 		}
 		f.L1.Number = protoreflect.FieldNumber(fd.GetNumber())
 		f.L1.Cardinality = protoreflect.Cardinality(fd.GetLabel())
@@ -138,28 +163,12 @@ func (r descsByName) initFieldsFromDescriptorProto(fds []*descriptorpb.FieldDesc
 			f.L1.StringName.InitJSON(fd.GetJsonName())
 		}
 
-		if f.Base.L0.ParentFile.Syntax() == protoreflect.Editions {
-			f.L1.Presence = resolveFeatureHasFieldPresence(f.Base.L0.ParentFile, fd)
-			// We reuse the existing field because the old option `[packed =
-			// true]` is mutually exclusive with the editions feature.
-			if fd.GetLabel() == descriptorpb.FieldDescriptorProto_LABEL_REPEATED {
-				f.L1.HasPacked = true
-				f.L1.IsPacked = resolveFeatureRepeatedFieldEncodingPacked(f.Base.L0.ParentFile, fd)
-			}
-
-			// We pretend this option is always explicitly set because the only
-			// use of HasEnforceUTF8 is to determine whether to use EnforceUTF8
-			// or to return the appropriate default.
-			// When using editions we either parse the option or resolve the
-			// appropriate default here (instead of later when this option is
-			// requested from the descriptor).
-			// In proto2/proto3 syntax HasEnforceUTF8 might be false.
-			f.L1.HasEnforceUTF8 = true
-			f.L1.EnforceUTF8 = resolveFeatureEnforceUTF8(f.Base.L0.ParentFile, fd)
+		if f.L1.EditionFeatures.IsLegacyRequired {
+			f.L1.Cardinality = protoreflect.Required
+		}
 
-			if f.L1.Kind == protoreflect.MessageKind && resolveFeatureDelimitedEncoding(f.Base.L0.ParentFile, fd) {
-				f.L1.Kind = protoreflect.GroupKind
-			}
+		if f.L1.Kind == protoreflect.MessageKind && f.L1.EditionFeatures.IsDelimitedEncoded {
+			f.L1.Kind = protoreflect.GroupKind
 		}
 	}
 	return fs, nil
@@ -172,6 +181,7 @@ func (r descsByName) initOneofsFromDescriptorProto(ods []*descriptorpb.OneofDesc
 		if o.L0, err = r.makeBase(o, parent, od.GetName(), i, sb); err != nil {
 			return nil, err
 		}
+		o.L1.EditionFeatures = mergeEditionFeatures(parent, od.GetOptions().GetFeatures())
 		if opts := od.GetOptions(); opts != nil {
 			opts = proto.Clone(opts).(*descriptorpb.OneofOptions)
 			o.L1.Options = func() protoreflect.ProtoMessage { return opts }
@@ -188,10 +198,13 @@ func (r descsByName) initExtensionDeclarations(xds []*descriptorpb.FieldDescript
 		if x.L0, err = r.makeBase(x, parent, xd.GetName(), i, sb); err != nil {
 			return nil, err
 		}
+		x.L1.EditionFeatures = mergeEditionFeatures(parent, xd.GetOptions().GetFeatures())
 		if opts := xd.GetOptions(); opts != nil {
 			opts = proto.Clone(opts).(*descriptorpb.FieldOptions)
 			x.L2.Options = func() protoreflect.ProtoMessage { return opts }
-			x.L2.IsPacked = opts.GetPacked()
+			if opts.Packed != nil {
+				x.L1.EditionFeatures.IsPacked = opts.GetPacked()
+			}
 		}
 		x.L1.Number = protoreflect.FieldNumber(xd.GetNumber())
 		x.L1.Cardinality = protoreflect.Cardinality(xd.GetLabel())
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_resolve.go b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_resolve.go
index 27d7e35012..f3cebab29c 100644
--- a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_resolve.go
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_resolve.go
@@ -46,6 +46,11 @@ func (r *resolver) resolveMessageDependencies(ms []filedesc.Message, mds []*desc
 			if f.L1.Kind, f.L1.Enum, f.L1.Message, err = r.findTarget(f.Kind(), f.Parent().FullName(), partialName(fd.GetTypeName()), f.IsWeak()); err != nil {
 				return errors.New("message field %q cannot resolve type: %v", f.FullName(), err)
 			}
+			if f.L1.Kind == protoreflect.GroupKind && (f.IsMap() || f.IsMapEntry()) {
+				// A map field might inherit delimited encoding from a file-wide default feature.
+				// But maps never actually use delimited encoding. (At least for now...)
+				f.L1.Kind = protoreflect.MessageKind
+			}
 			if fd.DefaultValue != nil {
 				v, ev, err := unmarshalDefault(fd.GetDefaultValue(), f, r.allowUnresolvable)
 				if err != nil {
@@ -276,8 +281,8 @@ func unmarshalDefault(s string, fd protoreflect.FieldDescriptor, allowUnresolvab
 	} else if err != nil {
 		return v, ev, err
 	}
-	if fd.Syntax() == protoreflect.Proto3 {
-		return v, ev, errors.New("cannot be specified under proto3 semantics")
+	if !fd.HasPresence() {
+		return v, ev, errors.New("cannot be specified with implicit field presence")
 	}
 	if fd.Kind() == protoreflect.MessageKind || fd.Kind() == protoreflect.GroupKind || fd.Cardinality() == protoreflect.Repeated {
 		return v, ev, errors.New("cannot be specified on composite types")
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_validate.go b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_validate.go
index 9af1d56487..6de31c2ebd 100644
--- a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_validate.go
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_validate.go
@@ -45,11 +45,11 @@ func validateEnumDeclarations(es []filedesc.Enum, eds []*descriptorpb.EnumDescri
 		if allowAlias && !foundAlias {
 			return errors.New("enum %q allows aliases, but none were found", e.FullName())
 		}
-		if e.Syntax() == protoreflect.Proto3 {
+		if !e.IsClosed() {
 			if v := e.Values().Get(0); v.Number() != 0 {
-				return errors.New("enum %q using proto3 semantics must have zero number for the first value", v.FullName())
+				return errors.New("enum %q using open semantics must have zero number for the first value", v.FullName())
 			}
-			// Verify that value names in proto3 do not conflict if the
+			// Verify that value names in open enums do not conflict if the
 			// case-insensitive prefix is removed.
 			// See protoc v3.8.0: src/google/protobuf/descriptor.cc:4991-5055
 			names := map[string]protoreflect.EnumValueDescriptor{}
@@ -58,7 +58,7 @@ func validateEnumDeclarations(es []filedesc.Enum, eds []*descriptorpb.EnumDescri
 				v1 := e.Values().Get(i)
 				s := strs.EnumValueName(strs.TrimEnumPrefix(string(v1.Name()), prefix))
 				if v2, ok := names[s]; ok && v1.Number() != v2.Number() {
-					return errors.New("enum %q using proto3 semantics has conflict: %q with %q", e.FullName(), v1.Name(), v2.Name())
+					return errors.New("enum %q using open semantics has conflict: %q with %q", e.FullName(), v1.Name(), v2.Name())
 				}
 				names[s] = v1
 			}
@@ -80,7 +80,9 @@ func validateEnumDeclarations(es []filedesc.Enum, eds []*descriptorpb.EnumDescri
 	return nil
 }
 
-func validateMessageDeclarations(ms []filedesc.Message, mds []*descriptorpb.DescriptorProto) error {
+func validateMessageDeclarations(file *filedesc.File, ms []filedesc.Message, mds []*descriptorpb.DescriptorProto) error {
+	// There are a few limited exceptions only for proto3
+	isProto3 := file.L1.Edition == fromEditionProto(descriptorpb.Edition_EDITION_PROTO3)
 	for i, md := range mds {
 		m := &ms[i]
 
@@ -107,25 +109,13 @@ func validateMessageDeclarations(ms []filedesc.Message, mds []*descriptorpb.Desc
 		if isMessageSet && !flags.ProtoLegacy {
 			return errors.New("message %q is a MessageSet, which is a legacy proto1 feature that is no longer supported", m.FullName())
 		}
-		if isMessageSet && (m.Syntax() != protoreflect.Proto2 || m.Fields().Len() > 0 || m.ExtensionRanges().Len() == 0) {
+		if isMessageSet && (isProto3 || m.Fields().Len() > 0 || m.ExtensionRanges().Len() == 0) {
 			return errors.New("message %q is an invalid proto1 MessageSet", m.FullName())
 		}
-		if m.Syntax() == protoreflect.Proto3 {
+		if isProto3 {
 			if m.ExtensionRanges().Len() > 0 {
 				return errors.New("message %q using proto3 semantics cannot have extension ranges", m.FullName())
 			}
-			// Verify that field names in proto3 do not conflict if lowercased
-			// with all underscores removed.
-			// See protoc v3.8.0: src/google/protobuf/descriptor.cc:5830-5847
-			names := map[string]protoreflect.FieldDescriptor{}
-			for i := 0; i < m.Fields().Len(); i++ {
-				f1 := m.Fields().Get(i)
-				s := strings.Replace(strings.ToLower(string(f1.Name())), "_", "", -1)
-				if f2, ok := names[s]; ok {
-					return errors.New("message %q using proto3 semantics has conflict: %q with %q", m.FullName(), f1.Name(), f2.Name())
-				}
-				names[s] = f1
-			}
 		}
 
 		for j, fd := range md.GetField() {
@@ -149,7 +139,7 @@ func validateMessageDeclarations(ms []filedesc.Message, mds []*descriptorpb.Desc
 				return errors.New("message field %q may not have extendee: %q", f.FullName(), fd.GetExtendee())
 			}
 			if f.L1.IsProto3Optional {
-				if f.Syntax() != protoreflect.Proto3 {
+				if !isProto3 {
 					return errors.New("message field %q under proto3 optional semantics must be specified in the proto3 syntax", f.FullName())
 				}
 				if f.Cardinality() != protoreflect.Optional {
@@ -162,26 +152,29 @@ func validateMessageDeclarations(ms []filedesc.Message, mds []*descriptorpb.Desc
 			if f.IsWeak() && !flags.ProtoLegacy {
 				return errors.New("message field %q is a weak field, which is a legacy proto1 feature that is no longer supported", f.FullName())
 			}
-			if f.IsWeak() && (f.Syntax() != protoreflect.Proto2 || !isOptionalMessage(f) || f.ContainingOneof() != nil) {
+			if f.IsWeak() && (!f.HasPresence() || !isOptionalMessage(f) || f.ContainingOneof() != nil) {
 				return errors.New("message field %q may only be weak for an optional message", f.FullName())
 			}
 			if f.IsPacked() && !isPackable(f) {
 				return errors.New("message field %q is not packable", f.FullName())
 			}
-			if err := checkValidGroup(f); err != nil {
+			if err := checkValidGroup(file, f); err != nil {
 				return errors.New("message field %q is an invalid group: %v", f.FullName(), err)
 			}
 			if err := checkValidMap(f); err != nil {
 				return errors.New("message field %q is an invalid map: %v", f.FullName(), err)
 			}
-			if f.Syntax() == protoreflect.Proto3 {
+			if isProto3 {
 				if f.Cardinality() == protoreflect.Required {
 					return errors.New("message field %q using proto3 semantics cannot be required", f.FullName())
 				}
-				if f.Enum() != nil && !f.Enum().IsPlaceholder() && f.Enum().Syntax() != protoreflect.Proto3 {
-					return errors.New("message field %q using proto3 semantics may only depend on a proto3 enum", f.FullName())
+				if f.Enum() != nil && !f.Enum().IsPlaceholder() && f.Enum().IsClosed() {
+					return errors.New("message field %q using proto3 semantics may only depend on open enums", f.FullName())
 				}
 			}
+			if f.Cardinality() == protoreflect.Optional && !f.HasPresence() && f.Enum() != nil && !f.Enum().IsPlaceholder() && f.Enum().IsClosed() {
+				return errors.New("message field %q with implicit presence may only use open enums", f.FullName())
+			}
 		}
 		seenSynthetic := false // synthetic oneofs for proto3 optional must come after real oneofs
 		for j := range md.GetOneofDecl() {
@@ -215,17 +208,17 @@ func validateMessageDeclarations(ms []filedesc.Message, mds []*descriptorpb.Desc
 		if err := validateEnumDeclarations(m.L1.Enums.List, md.GetEnumType()); err != nil {
 			return err
 		}
-		if err := validateMessageDeclarations(m.L1.Messages.List, md.GetNestedType()); err != nil {
+		if err := validateMessageDeclarations(file, m.L1.Messages.List, md.GetNestedType()); err != nil {
 			return err
 		}
-		if err := validateExtensionDeclarations(m.L1.Extensions.List, md.GetExtension()); err != nil {
+		if err := validateExtensionDeclarations(file, m.L1.Extensions.List, md.GetExtension()); err != nil {
 			return err
 		}
 	}
 	return nil
 }
 
-func validateExtensionDeclarations(xs []filedesc.Extension, xds []*descriptorpb.FieldDescriptorProto) error {
+func validateExtensionDeclarations(f *filedesc.File, xs []filedesc.Extension, xds []*descriptorpb.FieldDescriptorProto) error {
 	for i, xd := range xds {
 		x := &xs[i]
 		// NOTE: Avoid using the IsValid method since extensions to MessageSet
@@ -267,13 +260,13 @@ func validateExtensionDeclarations(xs []filedesc.Extension, xds []*descriptorpb.
 		if x.IsPacked() && !isPackable(x) {
 			return errors.New("extension field %q is not packable", x.FullName())
 		}
-		if err := checkValidGroup(x); err != nil {
+		if err := checkValidGroup(f, x); err != nil {
 			return errors.New("extension field %q is an invalid group: %v", x.FullName(), err)
 		}
 		if md := x.Message(); md != nil && md.IsMapEntry() {
 			return errors.New("extension field %q cannot be a map entry", x.FullName())
 		}
-		if x.Syntax() == protoreflect.Proto3 {
+		if f.L1.Edition == fromEditionProto(descriptorpb.Edition_EDITION_PROTO3) {
 			switch x.ContainingMessage().FullName() {
 			case (*descriptorpb.FileOptions)(nil).ProtoReflect().Descriptor().FullName():
 			case (*descriptorpb.EnumOptions)(nil).ProtoReflect().Descriptor().FullName():
@@ -309,21 +302,25 @@ func isPackable(fd protoreflect.FieldDescriptor) bool {
 
 // checkValidGroup reports whether fd is a valid group according to the same
 // rules that protoc imposes.
-func checkValidGroup(fd protoreflect.FieldDescriptor) error {
+func checkValidGroup(f *filedesc.File, fd protoreflect.FieldDescriptor) error {
 	md := fd.Message()
 	switch {
 	case fd.Kind() != protoreflect.GroupKind:
 		return nil
-	case fd.Syntax() != protoreflect.Proto2:
-		return errors.New("invalid under proto2 semantics")
+	case f.L1.Edition == fromEditionProto(descriptorpb.Edition_EDITION_PROTO3):
+		return errors.New("invalid under proto3 semantics")
 	case md == nil || md.IsPlaceholder():
 		return errors.New("message must be resolvable")
-	case fd.FullName().Parent() != md.FullName().Parent():
-		return errors.New("message and field must be declared in the same scope")
-	case !unicode.IsUpper(rune(md.Name()[0])):
-		return errors.New("message name must start with an uppercase")
-	case fd.Name() != protoreflect.Name(strings.ToLower(string(md.Name()))):
-		return errors.New("field name must be lowercased form of the message name")
+	}
+	if f.L1.Edition < fromEditionProto(descriptorpb.Edition_EDITION_2023) {
+		switch {
+		case fd.FullName().Parent() != md.FullName().Parent():
+			return errors.New("message and field must be declared in the same scope")
+		case !unicode.IsUpper(rune(md.Name()[0])):
+			return errors.New("message name must start with an uppercase")
+		case fd.Name() != protoreflect.Name(strings.ToLower(string(md.Name()))):
+			return errors.New("field name must be lowercased form of the message name")
+		}
 	}
 	return nil
 }
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/editions.go b/vendor/google.golang.org/protobuf/reflect/protodesc/editions.go
index 7352926cab..804830eda3 100644
--- a/vendor/google.golang.org/protobuf/reflect/protodesc/editions.go
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/editions.go
@@ -5,29 +5,24 @@
 package protodesc
 
 import (
-	_ "embed"
 	"fmt"
 	"os"
 	"sync"
 
+	"google.golang.org/protobuf/internal/editiondefaults"
 	"google.golang.org/protobuf/internal/filedesc"
 	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/reflect/protoreflect"
 	"google.golang.org/protobuf/types/descriptorpb"
+	gofeaturespb "google.golang.org/protobuf/types/gofeaturespb"
 )
 
-const (
-	SupportedEditionsMinimum = descriptorpb.Edition_EDITION_PROTO2
-	SupportedEditionsMaximum = descriptorpb.Edition_EDITION_2023
-)
-
-//go:embed editions_defaults.binpb
-var binaryEditionDefaults []byte
 var defaults = &descriptorpb.FeatureSetDefaults{}
 var defaultsCacheMu sync.Mutex
 var defaultsCache = make(map[filedesc.Edition]*descriptorpb.FeatureSet)
 
 func init() {
-	err := proto.Unmarshal(binaryEditionDefaults, defaults)
+	err := proto.Unmarshal(editiondefaults.Defaults, defaults)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "unmarshal editions defaults: %v\n", err)
 		os.Exit(1)
@@ -67,111 +62,84 @@ func getFeatureSetFor(ed filedesc.Edition) *descriptorpb.FeatureSet {
 		fmt.Fprintf(os.Stderr, "internal error: unsupported edition %v (did you forget to update the embedded defaults (i.e. the bootstrap descriptor proto)?)\n", edpb)
 		os.Exit(1)
 	}
-	fs := defaults.GetDefaults()[0].GetFeatures()
+	fsed := defaults.GetDefaults()[0]
 	// Using a linear search for now.
 	// Editions are guaranteed to be sorted and thus we could use a binary search.
 	// Given that there are only a handful of editions (with one more per year)
 	// there is not much reason to use a binary search.
 	for _, def := range defaults.GetDefaults() {
 		if def.GetEdition() <= edpb {
-			fs = def.GetFeatures()
+			fsed = def
 		} else {
 			break
 		}
 	}
+	fs := proto.Clone(fsed.GetFixedFeatures()).(*descriptorpb.FeatureSet)
+	proto.Merge(fs, fsed.GetOverridableFeatures())
 	defaultsCache[ed] = fs
 	return fs
 }
 
-func resolveFeatureHasFieldPresence(fileDesc *filedesc.File, fieldDesc *descriptorpb.FieldDescriptorProto) bool {
-	fs := fieldDesc.GetOptions().GetFeatures()
-	if fs == nil || fs.FieldPresence == nil {
-		return fileDesc.L1.EditionFeatures.IsFieldPresence
+// mergeEditionFeatures merges the parent and child feature sets. This function
+// should be used when initializing Go descriptors from descriptor protos which
+// is why the parent is a filedesc.EditionsFeatures (Go representation) while
+// the child is a descriptorproto.FeatureSet (protoc representation).
+// Any feature set by the child overwrites what is set by the parent.
+func mergeEditionFeatures(parentDesc protoreflect.Descriptor, child *descriptorpb.FeatureSet) filedesc.EditionFeatures {
+	var parentFS filedesc.EditionFeatures
+	switch p := parentDesc.(type) {
+	case *filedesc.File:
+		parentFS = p.L1.EditionFeatures
+	case *filedesc.Message:
+		parentFS = p.L1.EditionFeatures
+	default:
+		panic(fmt.Sprintf("unknown parent type %T", parentDesc))
 	}
-	return fs.GetFieldPresence() == descriptorpb.FeatureSet_LEGACY_REQUIRED ||
-		fs.GetFieldPresence() == descriptorpb.FeatureSet_EXPLICIT
-}
-
-func resolveFeatureRepeatedFieldEncodingPacked(fileDesc *filedesc.File, fieldDesc *descriptorpb.FieldDescriptorProto) bool {
-	fs := fieldDesc.GetOptions().GetFeatures()
-	if fs == nil || fs.RepeatedFieldEncoding == nil {
-		return fileDesc.L1.EditionFeatures.IsPacked
+	if child == nil {
+		return parentFS
 	}
-	return fs.GetRepeatedFieldEncoding() == descriptorpb.FeatureSet_PACKED
-}
-
-func resolveFeatureEnforceUTF8(fileDesc *filedesc.File, fieldDesc *descriptorpb.FieldDescriptorProto) bool {
-	fs := fieldDesc.GetOptions().GetFeatures()
-	if fs == nil || fs.Utf8Validation == nil {
-		return fileDesc.L1.EditionFeatures.IsUTF8Validated
+	if fp := child.FieldPresence; fp != nil {
+		parentFS.IsFieldPresence = *fp == descriptorpb.FeatureSet_LEGACY_REQUIRED ||
+			*fp == descriptorpb.FeatureSet_EXPLICIT
+		parentFS.IsLegacyRequired = *fp == descriptorpb.FeatureSet_LEGACY_REQUIRED
 	}
-	return fs.GetUtf8Validation() == descriptorpb.FeatureSet_VERIFY
-}
-
-func resolveFeatureDelimitedEncoding(fileDesc *filedesc.File, fieldDesc *descriptorpb.FieldDescriptorProto) bool {
-	fs := fieldDesc.GetOptions().GetFeatures()
-	if fs == nil || fs.MessageEncoding == nil {
-		return fileDesc.L1.EditionFeatures.IsDelimitedEncoded
+	if et := child.EnumType; et != nil {
+		parentFS.IsOpenEnum = *et == descriptorpb.FeatureSet_OPEN
 	}
-	return fs.GetMessageEncoding() == descriptorpb.FeatureSet_DELIMITED
-}
 
-// initFileDescFromFeatureSet initializes editions related fields in fd based
-// on fs. If fs is nil it is assumed to be an empty featureset and all fields
-// will be initialized with the appropriate default. fd.L1.Edition must be set
-// before calling this function.
-func initFileDescFromFeatureSet(fd *filedesc.File, fs *descriptorpb.FeatureSet) {
-	dfs := getFeatureSetFor(fd.L1.Edition)
-	if fs == nil {
-		fs = &descriptorpb.FeatureSet{}
+	if rfe := child.RepeatedFieldEncoding; rfe != nil {
+		parentFS.IsPacked = *rfe == descriptorpb.FeatureSet_PACKED
 	}
 
-	var fieldPresence descriptorpb.FeatureSet_FieldPresence
-	if fp := fs.FieldPresence; fp != nil {
-		fieldPresence = *fp
-	} else {
-		fieldPresence = *dfs.FieldPresence
+	if utf8val := child.Utf8Validation; utf8val != nil {
+		parentFS.IsUTF8Validated = *utf8val == descriptorpb.FeatureSet_VERIFY
 	}
-	fd.L1.EditionFeatures.IsFieldPresence = fieldPresence == descriptorpb.FeatureSet_LEGACY_REQUIRED ||
-		fieldPresence == descriptorpb.FeatureSet_EXPLICIT
-
-	var enumType descriptorpb.FeatureSet_EnumType
-	if et := fs.EnumType; et != nil {
-		enumType = *et
-	} else {
-		enumType = *dfs.EnumType
-	}
-	fd.L1.EditionFeatures.IsOpenEnum = enumType == descriptorpb.FeatureSet_OPEN
 
-	var respeatedFieldEncoding descriptorpb.FeatureSet_RepeatedFieldEncoding
-	if rfe := fs.RepeatedFieldEncoding; rfe != nil {
-		respeatedFieldEncoding = *rfe
-	} else {
-		respeatedFieldEncoding = *dfs.RepeatedFieldEncoding
+	if me := child.MessageEncoding; me != nil {
+		parentFS.IsDelimitedEncoded = *me == descriptorpb.FeatureSet_DELIMITED
 	}
-	fd.L1.EditionFeatures.IsPacked = respeatedFieldEncoding == descriptorpb.FeatureSet_PACKED
 
-	var isUTF8Validated descriptorpb.FeatureSet_Utf8Validation
-	if utf8val := fs.Utf8Validation; utf8val != nil {
-		isUTF8Validated = *utf8val
-	} else {
-		isUTF8Validated = *dfs.Utf8Validation
+	if jf := child.JsonFormat; jf != nil {
+		parentFS.IsJSONCompliant = *jf == descriptorpb.FeatureSet_ALLOW
 	}
-	fd.L1.EditionFeatures.IsUTF8Validated = isUTF8Validated == descriptorpb.FeatureSet_VERIFY
 
-	var messageEncoding descriptorpb.FeatureSet_MessageEncoding
-	if me := fs.MessageEncoding; me != nil {
-		messageEncoding = *me
-	} else {
-		messageEncoding = *dfs.MessageEncoding
+	if goFeatures, ok := proto.GetExtension(child, gofeaturespb.E_Go).(*gofeaturespb.GoFeatures); ok && goFeatures != nil {
+		if luje := goFeatures.LegacyUnmarshalJsonEnum; luje != nil {
+			parentFS.GenerateLegacyUnmarshalJSON = *luje
+		}
 	}
-	fd.L1.EditionFeatures.IsDelimitedEncoded = messageEncoding == descriptorpb.FeatureSet_DELIMITED
 
-	var jsonFormat descriptorpb.FeatureSet_JsonFormat
-	if jf := fs.JsonFormat; jf != nil {
-		jsonFormat = *jf
-	} else {
-		jsonFormat = *dfs.JsonFormat
-	}
-	fd.L1.EditionFeatures.IsJSONCompliant = jsonFormat == descriptorpb.FeatureSet_ALLOW
+	return parentFS
+}
+
+// initFileDescFromFeatureSet initializes editions related fields in fd based
+// on fs. If fs is nil it is assumed to be an empty featureset and all fields
+// will be initialized with the appropriate default. fd.L1.Edition must be set
+// before calling this function.
+func initFileDescFromFeatureSet(fd *filedesc.File, fs *descriptorpb.FeatureSet) {
+	dfs := getFeatureSetFor(fd.L1.Edition)
+	// initialize the featureset with the defaults
+	fd.L1.EditionFeatures = mergeEditionFeatures(fd, dfs)
+	// overwrite any options explicitly specified
+	fd.L1.EditionFeatures = mergeEditionFeatures(fd, fs)
 }
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/editions_defaults.binpb b/vendor/google.golang.org/protobuf/reflect/protodesc/editions_defaults.binpb
deleted file mode 100644
index 1a8610a843..0000000000
--- a/vendor/google.golang.org/protobuf/reflect/protodesc/editions_defaults.binpb
+++ /dev/null
@@ -1,4 +0,0 @@
-
-
 
(
0�
-

 (
0
�
-


 (
0
� �(�
\ No newline at end of file
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go b/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go
index 9d6e05420f..a5de8d4001 100644
--- a/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go
@@ -73,6 +73,16 @@ func ToFileDescriptorProto(file protoreflect.FileDescriptor) *descriptorpb.FileD
 	if syntax := file.Syntax(); syntax != protoreflect.Proto2 && syntax.IsValid() {
 		p.Syntax = proto.String(file.Syntax().String())
 	}
+	if file.Syntax() == protoreflect.Editions {
+		desc := file
+		if fileImportDesc, ok := file.(protoreflect.FileImport); ok {
+			desc = fileImportDesc.FileDescriptor
+		}
+
+		if editionsInterface, ok := desc.(interface{ Edition() int32 }); ok {
+			p.Edition = descriptorpb.Edition(editionsInterface.Edition()).Enum()
+		}
+	}
 	return p
 }
 
@@ -153,6 +163,18 @@ func ToFieldDescriptorProto(field protoreflect.FieldDescriptor) *descriptorpb.Fi
 	if field.Syntax() == protoreflect.Proto3 && field.HasOptionalKeyword() {
 		p.Proto3Optional = proto.Bool(true)
 	}
+	if field.Syntax() == protoreflect.Editions {
+		// Editions have no group keyword, this type is only set so that downstream users continue
+		// treating this as delimited encoding.
+		if p.GetType() == descriptorpb.FieldDescriptorProto_TYPE_GROUP {
+			p.Type = descriptorpb.FieldDescriptorProto_TYPE_MESSAGE.Enum()
+		}
+		// Editions have no required keyword, this label is only set so that downstream users continue
+		// treating it as required.
+		if p.GetLabel() == descriptorpb.FieldDescriptorProto_LABEL_REQUIRED {
+			p.Label = descriptorpb.FieldDescriptorProto_LABEL_OPTIONAL.Enum()
+		}
+	}
 	if field.HasDefault() {
 		def, err := defval.Marshal(field.Default(), field.DefaultEnumValue(), field.Kind(), defval.Descriptor)
 		if err != nil && field.DefaultEnumValue() != nil {
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go
index ec6572dfda..c85bfaa5bb 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go
@@ -161,7 +161,7 @@ const (
 // IsValid reports whether the syntax is valid.
 func (s Syntax) IsValid() bool {
 	switch s {
-	case Proto2, Proto3:
+	case Proto2, Proto3, Editions:
 		return true
 	default:
 		return false
@@ -175,6 +175,8 @@ func (s Syntax) String() string {
 		return "proto2"
 	case Proto3:
 		return "proto3"
+	case Editions:
+		return "editions"
 	default:
 		return fmt.Sprintf("<unknown:%d>", s)
 	}
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
index 0c045db6ab..ea154eec44 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
@@ -160,8 +160,6 @@ func (p *SourcePath) appendFileOptions(b []byte) []byte {
 		b = p.appendSingularField(b, "java_generic_services", nil)
 	case 18:
 		b = p.appendSingularField(b, "py_generic_services", nil)
-	case 42:
-		b = p.appendSingularField(b, "php_generic_services", nil)
 	case 23:
 		b = p.appendSingularField(b, "deprecated", nil)
 	case 31:
@@ -375,6 +373,8 @@ func (p *SourcePath) appendFieldOptions(b []byte) []byte {
 		b = p.appendRepeatedField(b, "edition_defaults", (*SourcePath).appendFieldOptions_EditionDefault)
 	case 21:
 		b = p.appendSingularField(b, "features", (*SourcePath).appendFeatureSet)
+	case 22:
+		b = p.appendSingularField(b, "feature_support", (*SourcePath).appendFieldOptions_FeatureSupport)
 	case 999:
 		b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption)
 	}
@@ -485,6 +485,8 @@ func (p *SourcePath) appendEnumValueOptions(b []byte) []byte {
 		b = p.appendSingularField(b, "features", (*SourcePath).appendFeatureSet)
 	case 3:
 		b = p.appendSingularField(b, "debug_redact", nil)
+	case 4:
+		b = p.appendSingularField(b, "feature_support", (*SourcePath).appendFieldOptions_FeatureSupport)
 	case 999:
 		b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption)
 	}
@@ -521,6 +523,23 @@ func (p *SourcePath) appendFieldOptions_EditionDefault(b []byte) []byte {
 	return b
 }
 
+func (p *SourcePath) appendFieldOptions_FeatureSupport(b []byte) []byte {
+	if len(*p) == 0 {
+		return b
+	}
+	switch (*p)[0] {
+	case 1:
+		b = p.appendSingularField(b, "edition_introduced", nil)
+	case 2:
+		b = p.appendSingularField(b, "edition_deprecated", nil)
+	case 3:
+		b = p.appendSingularField(b, "deprecation_warning", nil)
+	case 4:
+		b = p.appendSingularField(b, "edition_removed", nil)
+	}
+	return b
+}
+
 func (p *SourcePath) appendUninterpretedOption_NamePart(b []byte) []byte {
 	if len(*p) == 0 {
 		return b
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go
index 60ff62b4c8..cd8fadbaf8 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go
@@ -510,7 +510,7 @@ type ExtensionType interface {
 	//
 	// ValueOf is more extensive than protoreflect.ValueOf for a given field's
 	// value as it has more type information available.
-	ValueOf(interface{}) Value
+	ValueOf(any) Value
 
 	// InterfaceOf completely unwraps the Value to the underlying Go type.
 	// InterfaceOf panics if the input is nil or does not represent the
@@ -519,13 +519,13 @@ type ExtensionType interface {
 	//
 	// InterfaceOf is able to unwrap the Value further than Value.Interface
 	// as it has more type information available.
-	InterfaceOf(Value) interface{}
+	InterfaceOf(Value) any
 
 	// IsValidValue reports whether the Value is valid to assign to the field.
 	IsValidValue(Value) bool
 
 	// IsValidInterface reports whether the input is valid to assign to the field.
-	IsValidInterface(interface{}) bool
+	IsValidInterface(any) bool
 }
 
 // EnumDescriptor describes an enum and
@@ -544,6 +544,12 @@ type EnumDescriptor interface {
 	// ReservedRanges is a list of reserved ranges of enum numbers.
 	ReservedRanges() EnumRanges
 
+	// IsClosed reports whether this enum uses closed semantics.
+	// See https://protobuf.dev/programming-guides/enum/#definitions.
+	// Note: the Go protobuf implementation is not spec compliant and treats
+	// all enums as open enums.
+	IsClosed() bool
+
 	isEnumDescriptor
 }
 type isEnumDescriptor interface{ ProtoType(EnumDescriptor) }
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_pure.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_pure.go
index 7ced876f4e..75f83a2af0 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_pure.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_pure.go
@@ -32,11 +32,11 @@ const (
 type value struct {
 	pragma.DoNotCompare // 0B
 
-	typ   valueType   // 8B
-	num   uint64      // 8B
-	str   string      // 16B
-	bin   []byte      // 24B
-	iface interface{} // 16B
+	typ   valueType // 8B
+	num   uint64    // 8B
+	str   string    // 16B
+	bin   []byte    // 24B
+	iface any       // 16B
 }
 
 func valueOfString(v string) Value {
@@ -45,7 +45,7 @@ func valueOfString(v string) Value {
 func valueOfBytes(v []byte) Value {
 	return Value{typ: bytesType, bin: v}
 }
-func valueOfIface(v interface{}) Value {
+func valueOfIface(v any) Value {
 	return Value{typ: ifaceType, iface: v}
 }
 
@@ -55,6 +55,6 @@ func (v Value) getString() string {
 func (v Value) getBytes() []byte {
 	return v.bin
 }
-func (v Value) getIface() interface{} {
+func (v Value) getIface() any {
 	return v.iface
 }
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go
index 1603097311..9fe83cef5a 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go
@@ -69,8 +69,8 @@ import (
 // composite Value. Modifying an empty, read-only value panics.
 type Value value
 
-// The protoreflect API uses a custom Value union type instead of interface{}
-// to keep the future open for performance optimizations. Using an interface{}
+// The protoreflect API uses a custom Value union type instead of any
+// to keep the future open for performance optimizations. Using an any
 // always incurs an allocation for primitives (e.g., int64) since it needs to
 // be boxed on the heap (as interfaces can only contain pointers natively).
 // Instead, we represent the Value union as a flat struct that internally keeps
@@ -85,7 +85,7 @@ type Value value
 // ValueOf returns a Value initialized with the concrete value stored in v.
 // This panics if the type does not match one of the allowed types in the
 // Value union.
-func ValueOf(v interface{}) Value {
+func ValueOf(v any) Value {
 	switch v := v.(type) {
 	case nil:
 		return Value{}
@@ -192,10 +192,10 @@ func (v Value) IsValid() bool {
 	return v.typ != nilType
 }
 
-// Interface returns v as an interface{}.
+// Interface returns v as an any.
 //
 // Invariant: v == ValueOf(v).Interface()
-func (v Value) Interface() interface{} {
+func (v Value) Interface() any {
 	switch v.typ {
 	case nilType:
 		return nil
@@ -406,8 +406,8 @@ func (k MapKey) IsValid() bool {
 	return Value(k).IsValid()
 }
 
-// Interface returns k as an interface{}.
-func (k MapKey) Interface() interface{} {
+// Interface returns k as an any.
+func (k MapKey) Interface() any {
 	return Value(k).Interface()
 }
 
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go
index b1fdbe3e8e..7f3583ead8 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go
@@ -45,7 +45,7 @@ var (
 
 // typeOf returns a pointer to the Go type information.
 // The pointer is comparable and equal if and only if the types are identical.
-func typeOf(t interface{}) unsafe.Pointer {
+func typeOf(t any) unsafe.Pointer {
 	return (*ifaceHeader)(unsafe.Pointer(&t)).Type
 }
 
@@ -80,7 +80,7 @@ func valueOfBytes(v []byte) Value {
 	p := (*sliceHeader)(unsafe.Pointer(&v))
 	return Value{typ: bytesType, ptr: p.Data, num: uint64(len(v))}
 }
-func valueOfIface(v interface{}) Value {
+func valueOfIface(v any) Value {
 	p := (*ifaceHeader)(unsafe.Pointer(&v))
 	return Value{typ: p.Type, ptr: p.Data}
 }
@@ -93,7 +93,7 @@ func (v Value) getBytes() (x []byte) {
 	*(*sliceHeader)(unsafe.Pointer(&x)) = sliceHeader{Data: v.ptr, Len: int(v.num), Cap: int(v.num)}
 	return x
 }
-func (v Value) getIface() (x interface{}) {
+func (v Value) getIface() (x any) {
 	*(*ifaceHeader)(unsafe.Pointer(&x)) = ifaceHeader{Type: v.typ, Data: v.ptr}
 	return x
 }
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go
index 4354701117..f7d386990a 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go
@@ -15,7 +15,7 @@ import (
 
 type (
 	ifaceHeader struct {
-		_    [0]interface{} // if interfaces have greater alignment than unsafe.Pointer, this will enforce it.
+		_    [0]any // if interfaces have greater alignment than unsafe.Pointer, this will enforce it.
 		Type unsafe.Pointer
 		Data unsafe.Pointer
 	}
@@ -37,7 +37,7 @@ var (
 
 // typeOf returns a pointer to the Go type information.
 // The pointer is comparable and equal if and only if the types are identical.
-func typeOf(t interface{}) unsafe.Pointer {
+func typeOf(t any) unsafe.Pointer {
 	return (*ifaceHeader)(unsafe.Pointer(&t)).Type
 }
 
@@ -70,7 +70,7 @@ func valueOfString(v string) Value {
 func valueOfBytes(v []byte) Value {
 	return Value{typ: bytesType, ptr: unsafe.Pointer(unsafe.SliceData(v)), num: uint64(len(v))}
 }
-func valueOfIface(v interface{}) Value {
+func valueOfIface(v any) Value {
 	p := (*ifaceHeader)(unsafe.Pointer(&v))
 	return Value{typ: p.Type, ptr: p.Data}
 }
@@ -81,7 +81,7 @@ func (v Value) getString() string {
 func (v Value) getBytes() []byte {
 	return unsafe.Slice((*byte)(v.ptr), v.num)
 }
-func (v Value) getIface() (x interface{}) {
+func (v Value) getIface() (x any) {
 	*(*ifaceHeader)(unsafe.Pointer(&x)) = ifaceHeader{Type: v.typ, Data: v.ptr}
 	return x
 }
diff --git a/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go b/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go
index 6267dc52a6..de17773391 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go
@@ -95,7 +95,7 @@ type Files struct {
 	// multiple files. Only top-level declarations are registered.
 	// Note that enum values are in the top-level since that are in the same
 	// scope as the parent enum.
-	descsByName map[protoreflect.FullName]interface{}
+	descsByName map[protoreflect.FullName]any
 	filesByPath map[string][]protoreflect.FileDescriptor
 	numFiles    int
 }
@@ -117,7 +117,7 @@ func (r *Files) RegisterFile(file protoreflect.FileDescriptor) error {
 		defer globalMutex.Unlock()
 	}
 	if r.descsByName == nil {
-		r.descsByName = map[protoreflect.FullName]interface{}{
+		r.descsByName = map[protoreflect.FullName]any{
 			"": &packageDescriptor{},
 		}
 		r.filesByPath = make(map[string][]protoreflect.FileDescriptor)
@@ -485,7 +485,7 @@ type Types struct {
 }
 
 type (
-	typesByName         map[protoreflect.FullName]interface{}
+	typesByName         map[protoreflect.FullName]any
 	extensionsByMessage map[protoreflect.FullName]extensionsByNumber
 	extensionsByNumber  map[protoreflect.FieldNumber]protoreflect.ExtensionType
 )
@@ -570,7 +570,7 @@ func (r *Types) RegisterExtension(xt protoreflect.ExtensionType) error {
 	return nil
 }
 
-func (r *Types) register(kind string, desc protoreflect.Descriptor, typ interface{}) error {
+func (r *Types) register(kind string, desc protoreflect.Descriptor, typ any) error {
 	name := desc.FullName()
 	prev := r.typesByName[name]
 	if prev != nil {
@@ -841,7 +841,7 @@ func (r *Types) RangeExtensionsByMessage(message protoreflect.FullName, f func(p
 	}
 }
 
-func typeName(t interface{}) string {
+func typeName(t any) string {
 	switch t.(type) {
 	case protoreflect.EnumType:
 		return "enum"
@@ -854,7 +854,7 @@ func typeName(t interface{}) string {
 	}
 }
 
-func amendErrorWithCaller(err error, prev, curr interface{}) error {
+func amendErrorWithCaller(err error, prev, curr any) error {
 	prevPkg := goPackage(prev)
 	currPkg := goPackage(curr)
 	if prevPkg == "" || currPkg == "" || prevPkg == currPkg {
@@ -863,7 +863,7 @@ func amendErrorWithCaller(err error, prev, curr interface{}) error {
 	return errors.New("%s\n\tpreviously from: %q\n\tcurrently from:  %q", err, prevPkg, currPkg)
 }
 
-func goPackage(v interface{}) string {
+func goPackage(v any) string {
 	switch d := v.(type) {
 	case protoreflect.EnumType:
 		v = d.Descriptor()
diff --git a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
index 38daa858d0..9403eb0750 100644
--- a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
+++ b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
@@ -54,6 +54,9 @@ type Edition int32
 const (
 	// A placeholder for an unknown edition value.
 	Edition_EDITION_UNKNOWN Edition = 0
+	// A placeholder edition for specifying default behaviors *before* a feature
+	// was first introduced.  This is effectively an "infinite past".
+	Edition_EDITION_LEGACY Edition = 900
 	// Legacy syntax "editions".  These pre-date editions, but behave much like
 	// distinct editions.  These can't be used to specify the edition of proto
 	// files, but feature definitions must supply proto2/proto3 defaults for
@@ -64,6 +67,7 @@ const (
 	// should not be depended on, but they will always be time-ordered for easy
 	// comparison.
 	Edition_EDITION_2023 Edition = 1000
+	Edition_EDITION_2024 Edition = 1001
 	// Placeholder editions for testing feature resolution.  These should not be
 	// used or relyed on outside of tests.
 	Edition_EDITION_1_TEST_ONLY     Edition = 1
@@ -71,31 +75,41 @@ const (
 	Edition_EDITION_99997_TEST_ONLY Edition = 99997
 	Edition_EDITION_99998_TEST_ONLY Edition = 99998
 	Edition_EDITION_99999_TEST_ONLY Edition = 99999
+	// Placeholder for specifying unbounded edition support.  This should only
+	// ever be used by plugins that can expect to never require any changes to
+	// support a new edition.
+	Edition_EDITION_MAX Edition = 2147483647
 )
 
 // Enum value maps for Edition.
 var (
 	Edition_name = map[int32]string{
-		0:     "EDITION_UNKNOWN",
-		998:   "EDITION_PROTO2",
-		999:   "EDITION_PROTO3",
-		1000:  "EDITION_2023",
-		1:     "EDITION_1_TEST_ONLY",
-		2:     "EDITION_2_TEST_ONLY",
-		99997: "EDITION_99997_TEST_ONLY",
-		99998: "EDITION_99998_TEST_ONLY",
-		99999: "EDITION_99999_TEST_ONLY",
+		0:          "EDITION_UNKNOWN",
+		900:        "EDITION_LEGACY",
+		998:        "EDITION_PROTO2",
+		999:        "EDITION_PROTO3",
+		1000:       "EDITION_2023",
+		1001:       "EDITION_2024",
+		1:          "EDITION_1_TEST_ONLY",
+		2:          "EDITION_2_TEST_ONLY",
+		99997:      "EDITION_99997_TEST_ONLY",
+		99998:      "EDITION_99998_TEST_ONLY",
+		99999:      "EDITION_99999_TEST_ONLY",
+		2147483647: "EDITION_MAX",
 	}
 	Edition_value = map[string]int32{
 		"EDITION_UNKNOWN":         0,
+		"EDITION_LEGACY":          900,
 		"EDITION_PROTO2":          998,
 		"EDITION_PROTO3":          999,
 		"EDITION_2023":            1000,
+		"EDITION_2024":            1001,
 		"EDITION_1_TEST_ONLY":     1,
 		"EDITION_2_TEST_ONLY":     2,
 		"EDITION_99997_TEST_ONLY": 99997,
 		"EDITION_99998_TEST_ONLY": 99998,
 		"EDITION_99999_TEST_ONLY": 99999,
+		"EDITION_MAX":             2147483647,
 	}
 )
 
@@ -954,21 +968,21 @@ type FeatureSet_Utf8Validation int32
 
 const (
 	FeatureSet_UTF8_VALIDATION_UNKNOWN FeatureSet_Utf8Validation = 0
-	FeatureSet_NONE                    FeatureSet_Utf8Validation = 1
 	FeatureSet_VERIFY                  FeatureSet_Utf8Validation = 2
+	FeatureSet_NONE                    FeatureSet_Utf8Validation = 3
 )
 
 // Enum value maps for FeatureSet_Utf8Validation.
 var (
 	FeatureSet_Utf8Validation_name = map[int32]string{
 		0: "UTF8_VALIDATION_UNKNOWN",
-		1: "NONE",
 		2: "VERIFY",
+		3: "NONE",
 	}
 	FeatureSet_Utf8Validation_value = map[string]int32{
 		"UTF8_VALIDATION_UNKNOWN": 0,
-		"NONE":                    1,
 		"VERIFY":                  2,
+		"NONE":                    3,
 	}
 )
 
@@ -1643,12 +1657,12 @@ type FieldDescriptorProto struct {
 	// If true, this is a proto3 "optional". When a proto3 field is optional, it
 	// tracks presence regardless of field type.
 	//
-	// When proto3_optional is true, this field must be belong to a oneof to
-	// signal to old proto3 clients that presence is tracked for this field. This
-	// oneof is known as a "synthetic" oneof, and this field must be its sole
-	// member (each proto3 optional field gets its own synthetic oneof). Synthetic
-	// oneofs exist in the descriptor only, and do not generate any API. Synthetic
-	// oneofs must be ordered after all "real" oneofs.
+	// When proto3_optional is true, this field must belong to a oneof to signal
+	// to old proto3 clients that presence is tracked for this field. This oneof
+	// is known as a "synthetic" oneof, and this field must be its sole member
+	// (each proto3 optional field gets its own synthetic oneof). Synthetic oneofs
+	// exist in the descriptor only, and do not generate any API. Synthetic oneofs
+	// must be ordered after all "real" oneofs.
 	//
 	// For message fields, proto3_optional doesn't create any semantic change,
 	// since non-repeated message fields always track presence. However it still
@@ -2168,12 +2182,16 @@ type FileOptions struct {
 	//
 	// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
 	JavaGenerateEqualsAndHash *bool `protobuf:"varint,20,opt,name=java_generate_equals_and_hash,json=javaGenerateEqualsAndHash" json:"java_generate_equals_and_hash,omitempty"`
-	// If set true, then the Java2 code generator will generate code that
-	// throws an exception whenever an attempt is made to assign a non-UTF-8
-	// byte sequence to a string field.
-	// Message reflection will do the same.
-	// However, an extension field still accepts non-UTF-8 byte sequences.
-	// This option has no effect on when used with the lite runtime.
+	// A proto2 file can set this to true to opt in to UTF-8 checking for Java,
+	// which will throw an exception if invalid UTF-8 is parsed from the wire or
+	// assigned to a string field.
+	//
+	// TODO: clarify exactly what kinds of field types this option
+	// applies to, and update these docs accordingly.
+	//
+	// Proto3 files already perform these checks. Setting the option explicitly to
+	// false has no effect: it cannot be used to opt proto3 files out of UTF-8
+	// checks.
 	JavaStringCheckUtf8 *bool                     `protobuf:"varint,27,opt,name=java_string_check_utf8,json=javaStringCheckUtf8,def=0" json:"java_string_check_utf8,omitempty"`
 	OptimizeFor         *FileOptions_OptimizeMode `protobuf:"varint,9,opt,name=optimize_for,json=optimizeFor,enum=google.protobuf.FileOptions_OptimizeMode,def=1" json:"optimize_for,omitempty"`
 	// Sets the Go package where structs generated from this .proto will be
@@ -2195,7 +2213,6 @@ type FileOptions struct {
 	CcGenericServices   *bool `protobuf:"varint,16,opt,name=cc_generic_services,json=ccGenericServices,def=0" json:"cc_generic_services,omitempty"`
 	JavaGenericServices *bool `protobuf:"varint,17,opt,name=java_generic_services,json=javaGenericServices,def=0" json:"java_generic_services,omitempty"`
 	PyGenericServices   *bool `protobuf:"varint,18,opt,name=py_generic_services,json=pyGenericServices,def=0" json:"py_generic_services,omitempty"`
-	PhpGenericServices  *bool `protobuf:"varint,42,opt,name=php_generic_services,json=phpGenericServices,def=0" json:"php_generic_services,omitempty"`
 	// Is this file deprecated?
 	// Depending on the target platform, this can emit Deprecated annotations
 	// for everything in the file, or it will be completely ignored; in the very
@@ -2244,7 +2261,6 @@ const (
 	Default_FileOptions_CcGenericServices   = bool(false)
 	Default_FileOptions_JavaGenericServices = bool(false)
 	Default_FileOptions_PyGenericServices   = bool(false)
-	Default_FileOptions_PhpGenericServices  = bool(false)
 	Default_FileOptions_Deprecated          = bool(false)
 	Default_FileOptions_CcEnableArenas      = bool(true)
 )
@@ -2352,13 +2368,6 @@ func (x *FileOptions) GetPyGenericServices() bool {
 	return Default_FileOptions_PyGenericServices
 }
 
-func (x *FileOptions) GetPhpGenericServices() bool {
-	if x != nil && x.PhpGenericServices != nil {
-		return *x.PhpGenericServices
-	}
-	return Default_FileOptions_PhpGenericServices
-}
-
 func (x *FileOptions) GetDeprecated() bool {
 	if x != nil && x.Deprecated != nil {
 		return *x.Deprecated
@@ -2472,10 +2481,6 @@ type MessageOptions struct {
 	// for the message, or it will be completely ignored; in the very least,
 	// this is a formalization for deprecating messages.
 	Deprecated *bool `protobuf:"varint,3,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
-	// NOTE: Do not set the option in .proto files. Always use the maps syntax
-	// instead. The option should only be implicitly set by the proto compiler
-	// parser.
-	//
 	// Whether the message is an automatically generated map entry type for the
 	// maps field.
 	//
@@ -2496,6 +2501,10 @@ type MessageOptions struct {
 	// use a native map in the target language to hold the keys and values.
 	// The reflection APIs in such implementations still need to work as
 	// if the field is a repeated message field.
+	//
+	// NOTE: Do not set the option in .proto files. Always use the maps syntax
+	// instead. The option should only be implicitly set by the proto compiler
+	// parser.
 	MapEntry *bool `protobuf:"varint,7,opt,name=map_entry,json=mapEntry" json:"map_entry,omitempty"`
 	// Enable the legacy handling of JSON field name conflicts.  This lowercases
 	// and strips underscored from the fields before comparison in proto3 only.
@@ -2655,19 +2664,11 @@ type FieldOptions struct {
 	// call from multiple threads concurrently, while non-const methods continue
 	// to require exclusive access.
 	//
-	// Note that implementations may choose not to check required fields within
-	// a lazy sub-message.  That is, calling IsInitialized() on the outer message
-	// may return true even if the inner message has missing required fields.
-	// This is necessary because otherwise the inner message would have to be
-	// parsed in order to perform the check, defeating the purpose of lazy
-	// parsing.  An implementation which chooses not to check required fields
-	// must be consistent about it.  That is, for any particular sub-message, the
-	// implementation must either *always* check its required fields, or *never*
-	// check its required fields, regardless of whether or not the message has
-	// been parsed.
-	//
-	// As of May 2022, lazy verifies the contents of the byte stream during
-	// parsing.  An invalid byte stream will cause the overall parsing to fail.
+	// Note that lazy message fields are still eagerly verified to check
+	// ill-formed wireformat or missing required fields. Calling IsInitialized()
+	// on the outer message would fail if the inner message has missing required
+	// fields. Failed verification would result in parsing failure (except when
+	// uninitialized messages are acceptable).
 	Lazy *bool `protobuf:"varint,5,opt,name=lazy,def=0" json:"lazy,omitempty"`
 	// unverified_lazy does no correctness checks on the byte stream. This should
 	// only be used where lazy with verification is prohibitive for performance
@@ -2687,7 +2688,8 @@ type FieldOptions struct {
 	Targets         []FieldOptions_OptionTargetType `protobuf:"varint,19,rep,name=targets,enum=google.protobuf.FieldOptions_OptionTargetType" json:"targets,omitempty"`
 	EditionDefaults []*FieldOptions_EditionDefault  `protobuf:"bytes,20,rep,name=edition_defaults,json=editionDefaults" json:"edition_defaults,omitempty"`
 	// Any features defined in the specific edition.
-	Features *FeatureSet `protobuf:"bytes,21,opt,name=features" json:"features,omitempty"`
+	Features       *FeatureSet                  `protobuf:"bytes,21,opt,name=features" json:"features,omitempty"`
+	FeatureSupport *FieldOptions_FeatureSupport `protobuf:"bytes,22,opt,name=feature_support,json=featureSupport" json:"feature_support,omitempty"`
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
 }
@@ -2819,6 +2821,13 @@ func (x *FieldOptions) GetFeatures() *FeatureSet {
 	return nil
 }
 
+func (x *FieldOptions) GetFeatureSupport() *FieldOptions_FeatureSupport {
+	if x != nil {
+		return x.FeatureSupport
+	}
+	return nil
+}
+
 func (x *FieldOptions) GetUninterpretedOption() []*UninterpretedOption {
 	if x != nil {
 		return x.UninterpretedOption
@@ -3003,6 +3012,8 @@ type EnumValueOptions struct {
 	// out when using debug formats, e.g. when the field contains sensitive
 	// credentials.
 	DebugRedact *bool `protobuf:"varint,3,opt,name=debug_redact,json=debugRedact,def=0" json:"debug_redact,omitempty"`
+	// Information about the support window of a feature value.
+	FeatureSupport *FieldOptions_FeatureSupport `protobuf:"bytes,4,opt,name=feature_support,json=featureSupport" json:"feature_support,omitempty"`
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
 }
@@ -3066,6 +3077,13 @@ func (x *EnumValueOptions) GetDebugRedact() bool {
 	return Default_EnumValueOptions_DebugRedact
 }
 
+func (x *EnumValueOptions) GetFeatureSupport() *FieldOptions_FeatureSupport {
+	if x != nil {
+		return x.FeatureSupport
+	}
+	return nil
+}
+
 func (x *EnumValueOptions) GetUninterpretedOption() []*UninterpretedOption {
 	if x != nil {
 		return x.UninterpretedOption
@@ -3976,6 +3994,88 @@ func (x *FieldOptions_EditionDefault) GetValue() string {
 	return ""
 }
 
+// Information about the support window of a feature.
+type FieldOptions_FeatureSupport struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The edition that this feature was first available in.  In editions
+	// earlier than this one, the default assigned to EDITION_LEGACY will be
+	// used, and proto files will not be able to override it.
+	EditionIntroduced *Edition `protobuf:"varint,1,opt,name=edition_introduced,json=editionIntroduced,enum=google.protobuf.Edition" json:"edition_introduced,omitempty"`
+	// The edition this feature becomes deprecated in.  Using this after this
+	// edition may trigger warnings.
+	EditionDeprecated *Edition `protobuf:"varint,2,opt,name=edition_deprecated,json=editionDeprecated,enum=google.protobuf.Edition" json:"edition_deprecated,omitempty"`
+	// The deprecation warning text if this feature is used after the edition it
+	// was marked deprecated in.
+	DeprecationWarning *string `protobuf:"bytes,3,opt,name=deprecation_warning,json=deprecationWarning" json:"deprecation_warning,omitempty"`
+	// The edition this feature is no longer available in.  In editions after
+	// this one, the last default assigned will be used, and proto files will
+	// not be able to override it.
+	EditionRemoved *Edition `protobuf:"varint,4,opt,name=edition_removed,json=editionRemoved,enum=google.protobuf.Edition" json:"edition_removed,omitempty"`
+}
+
+func (x *FieldOptions_FeatureSupport) Reset() {
+	*x = FieldOptions_FeatureSupport{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[28]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FieldOptions_FeatureSupport) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FieldOptions_FeatureSupport) ProtoMessage() {}
+
+func (x *FieldOptions_FeatureSupport) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[28]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FieldOptions_FeatureSupport.ProtoReflect.Descriptor instead.
+func (*FieldOptions_FeatureSupport) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{12, 1}
+}
+
+func (x *FieldOptions_FeatureSupport) GetEditionIntroduced() Edition {
+	if x != nil && x.EditionIntroduced != nil {
+		return *x.EditionIntroduced
+	}
+	return Edition_EDITION_UNKNOWN
+}
+
+func (x *FieldOptions_FeatureSupport) GetEditionDeprecated() Edition {
+	if x != nil && x.EditionDeprecated != nil {
+		return *x.EditionDeprecated
+	}
+	return Edition_EDITION_UNKNOWN
+}
+
+func (x *FieldOptions_FeatureSupport) GetDeprecationWarning() string {
+	if x != nil && x.DeprecationWarning != nil {
+		return *x.DeprecationWarning
+	}
+	return ""
+}
+
+func (x *FieldOptions_FeatureSupport) GetEditionRemoved() Edition {
+	if x != nil && x.EditionRemoved != nil {
+		return *x.EditionRemoved
+	}
+	return Edition_EDITION_UNKNOWN
+}
+
 // The name of the uninterpreted option.  Each string represents a segment in
 // a dot-separated name.  is_extension is true iff a segment represents an
 // extension (denoted with parentheses in options specs in .proto files).
@@ -3993,7 +4093,7 @@ type UninterpretedOption_NamePart struct {
 func (x *UninterpretedOption_NamePart) Reset() {
 	*x = UninterpretedOption_NamePart{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[28]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[29]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4006,7 +4106,7 @@ func (x *UninterpretedOption_NamePart) String() string {
 func (*UninterpretedOption_NamePart) ProtoMessage() {}
 
 func (x *UninterpretedOption_NamePart) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[28]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[29]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4045,14 +4145,17 @@ type FeatureSetDefaults_FeatureSetEditionDefault struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Edition  *Edition    `protobuf:"varint,3,opt,name=edition,enum=google.protobuf.Edition" json:"edition,omitempty"`
-	Features *FeatureSet `protobuf:"bytes,2,opt,name=features" json:"features,omitempty"`
+	Edition *Edition `protobuf:"varint,3,opt,name=edition,enum=google.protobuf.Edition" json:"edition,omitempty"`
+	// Defaults of features that can be overridden in this edition.
+	OverridableFeatures *FeatureSet `protobuf:"bytes,4,opt,name=overridable_features,json=overridableFeatures" json:"overridable_features,omitempty"`
+	// Defaults of features that can't be overridden in this edition.
+	FixedFeatures *FeatureSet `protobuf:"bytes,5,opt,name=fixed_features,json=fixedFeatures" json:"fixed_features,omitempty"`
 }
 
 func (x *FeatureSetDefaults_FeatureSetEditionDefault) Reset() {
 	*x = FeatureSetDefaults_FeatureSetEditionDefault{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[29]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[30]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4065,7 +4168,7 @@ func (x *FeatureSetDefaults_FeatureSetEditionDefault) String() string {
 func (*FeatureSetDefaults_FeatureSetEditionDefault) ProtoMessage() {}
 
 func (x *FeatureSetDefaults_FeatureSetEditionDefault) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[29]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[30]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4088,9 +4191,16 @@ func (x *FeatureSetDefaults_FeatureSetEditionDefault) GetEdition() Edition {
 	return Edition_EDITION_UNKNOWN
 }
 
-func (x *FeatureSetDefaults_FeatureSetEditionDefault) GetFeatures() *FeatureSet {
+func (x *FeatureSetDefaults_FeatureSetEditionDefault) GetOverridableFeatures() *FeatureSet {
 	if x != nil {
-		return x.Features
+		return x.OverridableFeatures
+	}
+	return nil
+}
+
+func (x *FeatureSetDefaults_FeatureSetEditionDefault) GetFixedFeatures() *FeatureSet {
+	if x != nil {
+		return x.FixedFeatures
 	}
 	return nil
 }
@@ -4104,7 +4214,7 @@ type SourceCodeInfo_Location struct {
 	// location.
 	//
 	// Each element is a field number or an index.  They form a path from
-	// the root FileDescriptorProto to the place where the definition occurs.
+	// the root FileDescriptorProto to the place where the definition appears.
 	// For example, this path:
 	//
 	//	[ 4, 3, 2, 7, 1 ]
@@ -4196,7 +4306,7 @@ type SourceCodeInfo_Location struct {
 func (x *SourceCodeInfo_Location) Reset() {
 	*x = SourceCodeInfo_Location{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[30]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[31]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4209,7 +4319,7 @@ func (x *SourceCodeInfo_Location) String() string {
 func (*SourceCodeInfo_Location) ProtoMessage() {}
 
 func (x *SourceCodeInfo_Location) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[30]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[31]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4283,7 +4393,7 @@ type GeneratedCodeInfo_Annotation struct {
 func (x *GeneratedCodeInfo_Annotation) Reset() {
 	*x = GeneratedCodeInfo_Annotation{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[31]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[32]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -4296,7 +4406,7 @@ func (x *GeneratedCodeInfo_Annotation) String() string {
 func (*GeneratedCodeInfo_Annotation) ProtoMessage() {}
 
 func (x *GeneratedCodeInfo_Annotation) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[31]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[32]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -4451,7 +4561,7 @@ var file_google_protobuf_descriptor_proto_rawDesc = []byte{
 	0x1a, 0x37, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67,
 	0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05,
 	0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0xc7, 0x04, 0x0a, 0x15, 0x45, 0x78,
+	0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0xcc, 0x04, 0x0a, 0x15, 0x45, 0x78,
 	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69,
 	0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
 	0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03,
@@ -4468,290 +4578,239 @@ var file_google_protobuf_descriptor_proto_rawDesc = []byte{
 	0x75, 0x72, 0x65, 0x73, 0x18, 0x32, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f,
 	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61,
 	0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65,
-	0x73, 0x12, 0x68, 0x0a, 0x0c, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x73, 0x12, 0x6d, 0x0a, 0x0c, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
 	0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
 	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73,
 	0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e,
 	0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74,
-	0x65, 0x3a, 0x0a, 0x55, 0x4e, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x45, 0x44, 0x52, 0x0c, 0x76,
-	0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x94, 0x01, 0x0a, 0x0b,
-	0x44, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x6e,
-	0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d,
-	0x62, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x75, 0x6c, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x66, 0x75, 0x6c, 0x6c, 0x4e, 0x61, 0x6d, 0x65,
-	0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x74, 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64,
-	0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64,
-	0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x18, 0x06, 0x20, 0x01,
-	0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x4a, 0x04, 0x08, 0x04,
-	0x10, 0x05, 0x22, 0x34, 0x0a, 0x11, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x44, 0x45, 0x43, 0x4c, 0x41,
-	0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x55, 0x4e, 0x56, 0x45,
-	0x52, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x01, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80,
-	0x80, 0x80, 0x02, 0x22, 0xc1, 0x06, 0x0a, 0x14, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73,
-	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
-	0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05,
-	0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65,
-	0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44,
-	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x4c,
-	0x61, 0x62, 0x65, 0x6c, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x3e, 0x0a, 0x04, 0x74,
-	0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c,
-	0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f,
-	0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74,
-	0x79, 0x70, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
-	0x74, 0x79, 0x70, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65,
-	0x6e, 0x64, 0x65, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65,
-	0x6e, 0x64, 0x65, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x65, 0x66,
-	0x61, 0x75, 0x6c, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x6e, 0x65,
-	0x6f, 0x66, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a,
-	0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x6a, 0x73,
-	0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6a,
-	0x73, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64,
-	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x12, 0x27, 0x0a, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x61, 0x6c, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x33, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x22, 0xb6, 0x02, 0x0a, 0x04, 0x54, 0x79,
-	0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x4f, 0x55, 0x42, 0x4c,
-	0x45, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x4c, 0x4f, 0x41,
-	0x54, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x36,
-	0x34, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54,
-	0x36, 0x34, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54,
-	0x33, 0x32, 0x10, 0x05, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58,
-	0x45, 0x44, 0x36, 0x34, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46,
-	0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x07, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45,
-	0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x10, 0x08, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f,
-	0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x09, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45,
-	0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x0a, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45,
-	0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x10, 0x0b, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59,
-	0x50, 0x45, 0x5f, 0x42, 0x59, 0x54, 0x45, 0x53, 0x10, 0x0c, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59,
-	0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x0d, 0x12, 0x0d, 0x0a, 0x09, 0x54,
-	0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x10, 0x0e, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59,
-	0x50, 0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x0f, 0x12, 0x11, 0x0a,
-	0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x10,
-	0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10,
-	0x11, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x36, 0x34,
-	0x10, 0x12, 0x22, 0x43, 0x0a, 0x05, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x0e, 0x4c,
-	0x41, 0x42, 0x45, 0x4c, 0x5f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12,
-	0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x50, 0x45, 0x41, 0x54, 0x45,
-	0x44, 0x10, 0x03, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x51,
-	0x55, 0x49, 0x52, 0x45, 0x44, 0x10, 0x02, 0x22, 0x63, 0x0a, 0x14, 0x4f, 0x6e, 0x65, 0x6f, 0x66,
-	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12,
-	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
-	0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xe3, 0x02, 0x0a,
-	0x13, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50,
+	0x65, 0x3a, 0x0a, 0x55, 0x4e, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x45, 0x44, 0x42, 0x03, 0x88,
+	0x01, 0x02, 0x52, 0x0c, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x1a, 0x94, 0x01, 0x0a, 0x0b, 0x44, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05,
+	0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x75, 0x6c, 0x6c,
+	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x66, 0x75, 0x6c,
+	0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73,
+	0x65, 0x72, 0x76, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x73,
+	0x65, 0x72, 0x76, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65,
+	0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65,
+	0x64, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x34, 0x0a, 0x11, 0x56, 0x65, 0x72, 0x69, 0x66,
+	0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0f, 0x0a, 0x0b,
+	0x44, 0x45, 0x43, 0x4c, 0x41, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x00, 0x12, 0x0e, 0x0a,
+	0x0a, 0x55, 0x4e, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x01, 0x2a, 0x09, 0x08,
+	0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0xc1, 0x06, 0x0a, 0x14, 0x46, 0x69, 0x65,
+	0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x41, 0x0a,
+	0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
+	0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72,
+	0x6f, 0x74, 0x6f, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c,
+	0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72,
+	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65,
+	0x12, 0x1b, 0x0a, 0x09, 0x74, 0x79, 0x70, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x79, 0x70, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a,
+	0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x65, 0x66,
+	0x61, 0x75, 0x6c, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1f,
+	0x0a, 0x0b, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x09, 0x20,
+	0x01, 0x28, 0x05, 0x52, 0x0a, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12,
+	0x1b, 0x0a, 0x09, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x08, 0x6a, 0x73, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07,
+	0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x5f,
+	0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x22, 0xb6,
+	0x02, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x44, 0x4f, 0x55, 0x42, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45,
+	0x5f, 0x46, 0x4c, 0x4f, 0x41, 0x54, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45,
+	0x5f, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45,
+	0x5f, 0x55, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50,
+	0x45, 0x5f, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x05, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50,
+	0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x54,
+	0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x07, 0x12, 0x0d, 0x0a,
+	0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x10, 0x08, 0x12, 0x0f, 0x0a, 0x0b,
+	0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x09, 0x12, 0x0e, 0x0a,
+	0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x0a, 0x12, 0x10, 0x0a,
+	0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x10, 0x0b, 0x12,
+	0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x59, 0x54, 0x45, 0x53, 0x10, 0x0c, 0x12,
+	0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x0d,
+	0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x10, 0x0e, 0x12,
+	0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32,
+	0x10, 0x0f, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45,
+	0x44, 0x36, 0x34, 0x10, 0x10, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49,
+	0x4e, 0x54, 0x33, 0x32, 0x10, 0x11, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53,
+	0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x12, 0x22, 0x43, 0x0a, 0x05, 0x4c, 0x61, 0x62, 0x65, 0x6c,
+	0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e,
+	0x41, 0x4c, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45,
+	0x50, 0x45, 0x41, 0x54, 0x45, 0x44, 0x10, 0x03, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45,
+	0x4c, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x44, 0x10, 0x02, 0x22, 0x63, 0x0a, 0x14,
+	0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50,
 	0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f,
-	0x74, 0x6f, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x36, 0x0a, 0x07, 0x6f, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75,
-	0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x12, 0x5d, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x72, 0x61,
-	0x6e, 0x67, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d,
-	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
-	0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67,
-	0x65, 0x52, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65,
-	0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65,
-	0x64, 0x4e, 0x61, 0x6d, 0x65, 0x1a, 0x3b, 0x0a, 0x11, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73,
-	0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74,
-	0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74,
-	0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65,
-	0x6e, 0x64, 0x22, 0x83, 0x01, 0x0a, 0x18, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65,
-	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12,
-	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
-	0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x3b, 0x0a, 0x07, 0x6f,
-	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67,
+	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f,
+	0x66, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x22, 0xe3, 0x02, 0x0a, 0x13, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
+	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67,
 	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45,
-	0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52,
-	0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xa7, 0x01, 0x0a, 0x16, 0x53, 0x65, 0x72,
-	0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72,
-	0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f,
-	0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
-	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52,
-	0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x22, 0x89, 0x02, 0x0a, 0x15, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73,
-	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
-	0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12,
-	0x1f, 0x0a, 0x0b, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65,
-	0x12, 0x38, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x10, 0x63, 0x6c,
-	0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x05,
-	0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x63, 0x6c, 0x69,
-	0x65, 0x6e, 0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x30, 0x0a, 0x10,
-	0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67,
-	0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x73,
-	0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x22, 0xca,
-	0x09, 0x0a, 0x0b, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x21,
-	0x0a, 0x0c, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6a, 0x61, 0x76, 0x61, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67,
-	0x65, 0x12, 0x30, 0x0a, 0x14, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x5f,
-	0x63, 0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x12, 0x6a, 0x61, 0x76, 0x61, 0x4f, 0x75, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x6e,
-	0x61, 0x6d, 0x65, 0x12, 0x35, 0x0a, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6d, 0x75, 0x6c, 0x74,
-	0x69, 0x70, 0x6c, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x6a, 0x61, 0x76, 0x61, 0x4d, 0x75, 0x6c,
-	0x74, 0x69, 0x70, 0x6c, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x44, 0x0a, 0x1d, 0x6a, 0x61,
-	0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x71, 0x75, 0x61,
-	0x6c, 0x73, 0x5f, 0x61, 0x6e, 0x64, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x14, 0x20, 0x01, 0x28,
-	0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x19, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72,
-	0x61, 0x74, 0x65, 0x45, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x41, 0x6e, 0x64, 0x48, 0x61, 0x73, 0x68,
-	0x12, 0x3a, 0x0a, 0x16, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f,
-	0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f, 0x75, 0x74, 0x66, 0x38, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x53, 0x74, 0x72,
-	0x69, 0x6e, 0x67, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x55, 0x74, 0x66, 0x38, 0x12, 0x53, 0x0a, 0x0c,
-	0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01,
-	0x28, 0x0e, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x3a, 0x05, 0x53,
-	0x50, 0x45, 0x45, 0x44, 0x52, 0x0b, 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x46, 0x6f,
-	0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x67, 0x6f, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18,
-	0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x67, 0x6f, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65,
-	0x12, 0x35, 0x0a, 0x13, 0x63, 0x63, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66,
-	0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x63, 0x63, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x39, 0x0a, 0x15, 0x6a, 0x61, 0x76, 0x61, 0x5f,
-	0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73,
-	0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a,
-	0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
-	0x65, 0x73, 0x12, 0x35, 0x0a, 0x13, 0x70, 0x79, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63,
-	0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x3a,
-	0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x70, 0x79, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69,
-	0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x37, 0x0a, 0x14, 0x70, 0x68, 0x70,
-	0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
-	0x73, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x12,
-	0x70, 0x68, 0x70, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
-	0x65, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64,
-	0x18, 0x17, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64,
-	0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x2e, 0x0a, 0x10, 0x63, 0x63, 0x5f,
-	0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x61, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x18, 0x1f, 0x20,
-	0x01, 0x28, 0x08, 0x3a, 0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x63, 0x45, 0x6e, 0x61,
-	0x62, 0x6c, 0x65, 0x41, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x62, 0x6a,
-	0x63, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x24,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x62, 0x6a, 0x63, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50,
-	0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x5f,
-	0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x25, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0f, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65,
-	0x12, 0x21, 0x0a, 0x0c, 0x73, 0x77, 0x69, 0x66, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78,
-	0x18, 0x27, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x77, 0x69, 0x66, 0x74, 0x50, 0x72, 0x65,
-	0x66, 0x69, 0x78, 0x12, 0x28, 0x0a, 0x10, 0x70, 0x68, 0x70, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73,
-	0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70,
-	0x68, 0x70, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x23, 0x0a,
-	0x0d, 0x70, 0x68, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x29,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x68, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61,
-	0x63, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x70, 0x68, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61,
-	0x74, 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x2c, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x14, 0x70, 0x68, 0x70, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4e,
-	0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x75, 0x62, 0x79,
-	0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
-	0x72, 0x75, 0x62, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x37, 0x0a, 0x08, 0x66,
-	0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x32, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74,
-	0x75, 0x72, 0x65, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70,
-	0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65,
-	0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a,
-	0x0a, 0x0c, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x09,
-	0x0a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x43, 0x4f, 0x44,
-	0x45, 0x5f, 0x53, 0x49, 0x5a, 0x45, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x4c, 0x49, 0x54, 0x45,
-	0x5f, 0x52, 0x55, 0x4e, 0x54, 0x49, 0x4d, 0x45, 0x10, 0x03, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10,
-	0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x26, 0x10, 0x27, 0x22, 0xf4, 0x03, 0x0a, 0x0e,
-	0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x3c,
-	0x0a, 0x17, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x77, 0x69,
-	0x72, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x3a,
-	0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x14, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x53,
-	0x65, 0x74, 0x57, 0x69, 0x72, 0x65, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x4c, 0x0a, 0x1f,
-	0x6e, 0x6f, 0x5f, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x5f, 0x64, 0x65, 0x73, 0x63,
-	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x1c, 0x6e, 0x6f,
-	0x53, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
-	0x6f, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65,
-	0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05,
-	0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
-	0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x07,
-	0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x56,
-	0x0a, 0x26, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x6c, 0x65, 0x67,
-	0x61, 0x63, 0x79, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x63,
-	0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02,
-	0x18, 0x01, 0x52, 0x22, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x4c, 0x65,
-	0x67, 0x61, 0x63, 0x79, 0x4a, 0x73, 0x6f, 0x6e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x43, 0x6f, 0x6e,
-	0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72,
-	0x65, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75,
-	0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12,
-	0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64,
-	0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65,
-	0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80,
-	0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06,
-	0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x4a, 0x04, 0x08, 0x08, 0x10, 0x09, 0x4a, 0x04, 0x08, 0x09,
-	0x10, 0x0a, 0x22, 0xad, 0x0a, 0x0a, 0x0c, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x12, 0x41, 0x0a, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x2e, 0x43, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x52,
-	0x05, 0x63, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x47,
-	0x0a, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24,
+	0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
+	0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x36,
+	0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5d, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76,
+	0x65, 0x64, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36,
 	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4a, 0x53,
-	0x54, 0x79, 0x70, 0x65, 0x3a, 0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x52,
-	0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12, 0x19, 0x0a, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x18,
-	0x05, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x6c, 0x61,
-	0x7a, 0x79, 0x12, 0x2e, 0x0a, 0x0f, 0x75, 0x6e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64,
-	0x5f, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c,
-	0x73, 0x65, 0x52, 0x0e, 0x75, 0x6e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x4c, 0x61,
-	0x7a, 0x79, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64,
+	0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65,
+	0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64,
+	0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65,
+	0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65,
+	0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x1a, 0x3b, 0x0a, 0x11, 0x45, 0x6e,
+	0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12,
+	0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05,
+	0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0x83, 0x01, 0x0a, 0x18, 0x45, 0x6e, 0x75, 0x6d,
+	0x56, 0x61, 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62,
+	0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72,
+	0x12, 0x3b, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xa7, 0x01,
+	0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x06,
+	0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d,
+	0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x39, 0x0a, 0x07,
+	0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07,
+	0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x89, 0x02, 0x0a, 0x15, 0x4d, 0x65, 0x74, 0x68,
+	0x6f, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x5f, 0x74,
+	0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x69, 0x6e, 0x70, 0x75, 0x74,
+	0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x5f, 0x74,
+	0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6f, 0x75, 0x74, 0x70, 0x75,
+	0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x38, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12,
+	0x30, 0x0a, 0x10, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d,
+	0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65,
+	0x52, 0x0f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e,
+	0x67, 0x12, 0x30, 0x0a, 0x10, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x72, 0x65,
+	0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c,
+	0x73, 0x65, 0x52, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d,
+	0x69, 0x6e, 0x67, 0x22, 0xad, 0x09, 0x0a, 0x0b, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x70, 0x61, 0x63, 0x6b,
+	0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6a, 0x61, 0x76, 0x61, 0x50,
+	0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x30, 0x0a, 0x14, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6f,
+	0x75, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x6a, 0x61, 0x76, 0x61, 0x4f, 0x75, 0x74, 0x65, 0x72, 0x43,
+	0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x35, 0x0a, 0x13, 0x6a, 0x61, 0x76, 0x61,
+	0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18,
+	0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x6a, 0x61,
+	0x76, 0x61, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12,
+	0x44, 0x0a, 0x1d, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65,
+	0x5f, 0x65, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x5f, 0x61, 0x6e, 0x64, 0x5f, 0x68, 0x61, 0x73, 0x68,
+	0x18, 0x14, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x19, 0x6a, 0x61, 0x76, 0x61,
+	0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x45, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x41, 0x6e,
+	0x64, 0x48, 0x61, 0x73, 0x68, 0x12, 0x3a, 0x0a, 0x16, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x73, 0x74,
+	0x72, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f, 0x75, 0x74, 0x66, 0x38, 0x18,
+	0x1b, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61,
+	0x76, 0x61, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x55, 0x74, 0x66,
+	0x38, 0x12, 0x53, 0x0a, 0x0c, 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x5f, 0x66, 0x6f,
+	0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f,
+	0x64, 0x65, 0x3a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x52, 0x0b, 0x6f, 0x70, 0x74, 0x69, 0x6d,
+	0x69, 0x7a, 0x65, 0x46, 0x6f, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x67, 0x6f, 0x5f, 0x70, 0x61, 0x63,
+	0x6b, 0x61, 0x67, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x67, 0x6f, 0x50, 0x61,
+	0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x35, 0x0a, 0x13, 0x63, 0x63, 0x5f, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x10, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x63, 0x63, 0x47, 0x65, 0x6e,
+	0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x39, 0x0a, 0x15,
+	0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c,
+	0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53,
+	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x35, 0x0a, 0x13, 0x70, 0x79, 0x5f, 0x67, 0x65,
+	0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x12,
+	0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x70, 0x79, 0x47,
+	0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x25,
+	0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x17, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65,
+	0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x2e, 0x0a, 0x10, 0x63, 0x63, 0x5f, 0x65, 0x6e, 0x61, 0x62,
+	0x6c, 0x65, 0x5f, 0x61, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, 0x3a,
+	0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x63, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x41,
+	0x72, 0x65, 0x6e, 0x61, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x62, 0x6a, 0x63, 0x5f, 0x63, 0x6c,
+	0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x24, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0f, 0x6f, 0x62, 0x6a, 0x63, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69,
+	0x78, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
+	0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x25, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x73, 0x68,
+	0x61, 0x72, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c,
+	0x73, 0x77, 0x69, 0x66, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x27, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0b, 0x73, 0x77, 0x69, 0x66, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12,
+	0x28, 0x0a, 0x10, 0x70, 0x68, 0x70, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65,
+	0x66, 0x69, 0x78, 0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70, 0x68, 0x70, 0x43, 0x6c,
+	0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x68, 0x70,
+	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x29, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0c, 0x70, 0x68, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x34,
+	0x0a, 0x16, 0x70, 0x68, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x6e,
+	0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14,
+	0x70, 0x68, 0x70, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4e, 0x61, 0x6d, 0x65, 0x73,
+	0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x75, 0x62, 0x79, 0x5f, 0x70, 0x61, 0x63,
+	0x6b, 0x61, 0x67, 0x65, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x72, 0x75, 0x62, 0x79,
+	0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75,
+	0x72, 0x65, 0x73, 0x18, 0x32, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74,
+	0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73,
+	0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65,
+	0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
+	0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x0a, 0x0c, 0x4f, 0x70,
+	0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x50,
+	0x45, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x49,
+	0x5a, 0x45, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x4c, 0x49, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4e,
+	0x54, 0x49, 0x4d, 0x45, 0x10, 0x03, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80,
+	0x02, 0x4a, 0x04, 0x08, 0x2a, 0x10, 0x2b, 0x4a, 0x04, 0x08, 0x26, 0x10, 0x27, 0x52, 0x14, 0x70,
+	0x68, 0x70, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x73, 0x22, 0xf4, 0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x3c, 0x0a, 0x17, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67,
+	0x65, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x77, 0x69, 0x72, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61,
+	0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x14,
+	0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x57, 0x69, 0x72, 0x65, 0x46, 0x6f,
+	0x72, 0x6d, 0x61, 0x74, 0x12, 0x4c, 0x0a, 0x1f, 0x6e, 0x6f, 0x5f, 0x73, 0x74, 0x61, 0x6e, 0x64,
+	0x61, 0x72, 0x64, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x5f, 0x61,
+	0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66,
+	0x61, 0x6c, 0x73, 0x65, 0x52, 0x1c, 0x6e, 0x6f, 0x53, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64,
+	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73,
+	0x6f, 0x72, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64,
 	0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64,
-	0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x19, 0x0a, 0x04, 0x77, 0x65, 0x61,
-	0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04,
-	0x77, 0x65, 0x61, 0x6b, 0x12, 0x28, 0x0a, 0x0c, 0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x72, 0x65,
-	0x64, 0x61, 0x63, 0x74, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73,
-	0x65, 0x52, 0x0b, 0x64, 0x65, 0x62, 0x75, 0x67, 0x52, 0x65, 0x64, 0x61, 0x63, 0x74, 0x12, 0x4b,
-	0x0a, 0x09, 0x72, 0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x11, 0x20, 0x01, 0x28,
-	0x0e, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x09, 0x72, 0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x48, 0x0a, 0x07, 0x74,
-	0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x18, 0x13, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
-	0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x54, 0x79, 0x70, 0x65, 0x52, 0x07, 0x74, 0x61,
-	0x72, 0x67, 0x65, 0x74, 0x73, 0x12, 0x57, 0x0a, 0x10, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
-	0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x18, 0x14, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x2c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x45,
-	0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x52, 0x0f, 0x65,
-	0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x12, 0x37,
-	0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b,
+	0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70,
+	0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x61,
+	0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x56, 0x0a, 0x26, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63,
+	0x61, 0x74, 0x65, 0x64, 0x5f, 0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x5f, 0x6a, 0x73, 0x6f, 0x6e,
+	0x5f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73,
+	0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x22, 0x64, 0x65, 0x70, 0x72,
+	0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4a, 0x73, 0x6f, 0x6e,
+	0x46, 0x69, 0x65, 0x6c, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x12, 0x37,
+	0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b,
 	0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
 	0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66,
 	0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74,
@@ -4760,323 +4819,414 @@ var file_google_protobuf_descriptor_proto_rawDesc = []byte{
 	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72,
 	0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e,
 	0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x1a, 0x5a, 0x0a, 0x0e, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x66, 0x61,
-	0x75, 0x6c, 0x74, 0x12, 0x32, 0x0a, 0x07, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07,
-	0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x2f, 0x0a,
-	0x05, 0x43, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47,
-	0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x43, 0x4f, 0x52, 0x44, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c,
-	0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x50, 0x49, 0x45, 0x43, 0x45, 0x10, 0x02, 0x22, 0x35,
-	0x0a, 0x06, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0d, 0x0a, 0x09, 0x4a, 0x53, 0x5f, 0x4e,
-	0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x4a, 0x53, 0x5f, 0x53, 0x54,
-	0x52, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x55, 0x4d,
-	0x42, 0x45, 0x52, 0x10, 0x02, 0x22, 0x55, 0x0a, 0x0f, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x15, 0x0a, 0x11, 0x52, 0x45, 0x54, 0x45,
-	0x4e, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12,
-	0x15, 0x0a, 0x11, 0x52, 0x45, 0x54, 0x45, 0x4e, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x52, 0x55, 0x4e,
-	0x54, 0x49, 0x4d, 0x45, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x52, 0x45, 0x54, 0x45, 0x4e, 0x54,
-	0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x10, 0x02, 0x22, 0x8c, 0x02, 0x0a,
-	0x10, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x54, 0x79, 0x70,
-	0x65, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45,
-	0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x41,
-	0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x10, 0x01,
-	0x12, 0x1f, 0x0a, 0x1b, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
-	0x45, 0x58, 0x54, 0x45, 0x4e, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x52, 0x41, 0x4e, 0x47, 0x45, 0x10,
-	0x02, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45,
-	0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x10, 0x03, 0x12, 0x15, 0x0a, 0x11, 0x54, 0x41,
-	0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x10,
-	0x04, 0x12, 0x15, 0x0a, 0x11, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45,
-	0x5f, 0x4f, 0x4e, 0x45, 0x4f, 0x46, 0x10, 0x05, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x41, 0x52, 0x47,
-	0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x10, 0x06, 0x12, 0x1a,
-	0x0a, 0x16, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e,
-	0x55, 0x4d, 0x5f, 0x45, 0x4e, 0x54, 0x52, 0x59, 0x10, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41,
-	0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43,
-	0x45, 0x10, 0x08, 0x12, 0x16, 0x0a, 0x12, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59,
-	0x50, 0x45, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f, 0x44, 0x10, 0x09, 0x2a, 0x09, 0x08, 0xe8, 0x07,
-	0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x4a, 0x04, 0x08, 0x12,
-	0x10, 0x13, 0x22, 0xac, 0x01, 0x0a, 0x0c, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53,
-	0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x58, 0x0a, 0x14,
-	0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64,
-	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80,
-	0x02, 0x22, 0xd1, 0x02, 0x0a, 0x0b, 0x45, 0x6e, 0x75, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x41, 0x6c, 0x69,
-	0x61, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64,
-	0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x56, 0x0a, 0x26, 0x64, 0x65, 0x70,
-	0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x5f, 0x6a,
-	0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x6c, 0x69,
-	0x63, 0x74, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x22, 0x64,
-	0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4a,
-	0x73, 0x6f, 0x6e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74,
-	0x73, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x07, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74,
-	0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a,
-	0x04, 0x08, 0x05, 0x10, 0x06, 0x22, 0x81, 0x02, 0x0a, 0x10, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65,
-	0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05,
+	0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x04,
+	0x10, 0x05, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x4a, 0x04,
+	0x08, 0x08, 0x10, 0x09, 0x4a, 0x04, 0x08, 0x09, 0x10, 0x0a, 0x22, 0x9d, 0x0d, 0x0a, 0x0c, 0x46,
+	0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x41, 0x0a, 0x05, 0x63,
+	0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65,
+	0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x43, 0x54, 0x79, 0x70, 0x65, 0x3a,
+	0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x52, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16,
+	0x0a, 0x06, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06,
+	0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x47, 0x0a, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65,
+	0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x09, 0x4a, 0x53,
+	0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x52, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12,
+	0x19, 0x0a, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66,
+	0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x12, 0x2e, 0x0a, 0x0f, 0x75, 0x6e,
+	0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x0f, 0x20,
+	0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0e, 0x75, 0x6e, 0x76, 0x65,
+	0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x4c, 0x61, 0x7a, 0x79, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65,
+	0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05,
 	0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
-	0x64, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74,
-	0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x28, 0x0a, 0x0c, 0x64, 0x65,
-	0x62, 0x75, 0x67, 0x5f, 0x72, 0x65, 0x64, 0x61, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0b, 0x64, 0x65, 0x62, 0x75, 0x67, 0x52, 0x65,
-	0x64, 0x61, 0x63, 0x74, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70,
-	0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65,
-	0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09,
-	0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0xd5, 0x01, 0x0a, 0x0e, 0x53, 0x65,
-	0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x37, 0x0a, 0x08,
-	0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61,
-	0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61,
-	0x74, 0x65, 0x64, 0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65,
-	0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x58, 0x0a, 0x14,
-	0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64,
-	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80,
-	0x02, 0x22, 0x99, 0x03, 0x0a, 0x0d, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
-	0x64, 0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a,
-	0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x71, 0x0a, 0x11, 0x69, 0x64,
-	0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18,
-	0x22, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x49, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63,
-	0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x3a, 0x13, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45,
-	0x4e, 0x43, 0x59, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x52, 0x10, 0x69, 0x64, 0x65,
-	0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x37, 0x0a,
-	0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x23, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65,
-	0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65,
+	0x64, 0x12, 0x19, 0x0a, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a,
+	0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x12, 0x28, 0x0a, 0x0c,
+	0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x72, 0x65, 0x64, 0x61, 0x63, 0x74, 0x18, 0x10, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0b, 0x64, 0x65, 0x62, 0x75, 0x67,
+	0x52, 0x65, 0x64, 0x61, 0x63, 0x74, 0x12, 0x4b, 0x0a, 0x09, 0x72, 0x65, 0x74, 0x65, 0x6e, 0x74,
+	0x69, 0x6f, 0x6e, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c,
+	0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x72, 0x65, 0x74, 0x65, 0x6e, 0x74,
+	0x69, 0x6f, 0x6e, 0x12, 0x48, 0x0a, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x18, 0x13,
+	0x20, 0x03, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74,
+	0x54, 0x79, 0x70, 0x65, 0x52, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x12, 0x57, 0x0a,
+	0x10, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
+	0x73, 0x18, 0x14, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65,
+	0x66, 0x61, 0x75, 0x6c, 0x74, 0x52, 0x0f, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65,
+	0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72,
+	0x65, 0x73, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75,
+	0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12,
+	0x55, 0x0a, 0x0f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x73, 0x75, 0x70, 0x70, 0x6f,
+	0x72, 0x74, 0x18, 0x16, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53,
+	0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x0e, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53,
+	0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65,
 	0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7,
 	0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
 	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70,
 	0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69,
 	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x22, 0x50, 0x0a, 0x10, 0x49, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c,
-	0x65, 0x76, 0x65, 0x6c, 0x12, 0x17, 0x0a, 0x13, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45,
-	0x4e, 0x43, 0x59, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x13, 0x0a,
-	0x0f, 0x4e, 0x4f, 0x5f, 0x53, 0x49, 0x44, 0x45, 0x5f, 0x45, 0x46, 0x46, 0x45, 0x43, 0x54, 0x53,
-	0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e, 0x54,
-	0x10, 0x02, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0x9a, 0x03,
-	0x0a, 0x13, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f,
-	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65,
-	0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x50, 0x61,
-	0x72, 0x74, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x69, 0x64, 0x65, 0x6e,
-	0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x0f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x12, 0x2c, 0x0a, 0x12, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f,
-	0x69, 0x6e, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52,
-	0x10, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75,
-	0x65, 0x12, 0x2c, 0x0a, 0x12, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e,
-	0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x6e,
-	0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12,
-	0x21, 0x0a, 0x0c, 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
-	0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0b, 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c,
-	0x75, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x76, 0x61, 0x6c,
-	0x75, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67,
-	0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61,
-	0x74, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e,
-	0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x1a, 0x4a,
-	0x0a, 0x08, 0x4e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x61,
-	0x6d, 0x65, 0x5f, 0x70, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, 0x6e,
-	0x61, 0x6d, 0x65, 0x50, 0x61, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x73, 0x5f, 0x65, 0x78,
-	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x02, 0x28, 0x08, 0x52, 0x0b, 0x69,
-	0x73, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0xfc, 0x09, 0x0a, 0x0a, 0x46,
-	0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x12, 0x8b, 0x01, 0x0a, 0x0e, 0x66, 0x69,
-	0x65, 0x6c, 0x64, 0x5f, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0e, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e,
-	0x46, 0x69, 0x65, 0x6c, 0x64, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x63, 0x65, 0x42, 0x39, 0x88,
-	0x01, 0x01, 0x98, 0x01, 0x04, 0x98, 0x01, 0x01, 0xa2, 0x01, 0x0d, 0x12, 0x08, 0x45, 0x58, 0x50,
-	0x4c, 0x49, 0x43, 0x49, 0x54, 0x18, 0xe6, 0x07, 0xa2, 0x01, 0x0d, 0x12, 0x08, 0x49, 0x4d, 0x50,
-	0x4c, 0x49, 0x43, 0x49, 0x54, 0x18, 0xe7, 0x07, 0xa2, 0x01, 0x0d, 0x12, 0x08, 0x45, 0x58, 0x50,
-	0x4c, 0x49, 0x43, 0x49, 0x54, 0x18, 0xe8, 0x07, 0x52, 0x0d, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x50,
-	0x72, 0x65, 0x73, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x66, 0x0a, 0x09, 0x65, 0x6e, 0x75, 0x6d, 0x5f,
-	0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61,
-	0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x54, 0x79, 0x70, 0x65,
-	0x42, 0x23, 0x88, 0x01, 0x01, 0x98, 0x01, 0x06, 0x98, 0x01, 0x01, 0xa2, 0x01, 0x0b, 0x12, 0x06,
-	0x43, 0x4c, 0x4f, 0x53, 0x45, 0x44, 0x18, 0xe6, 0x07, 0xa2, 0x01, 0x09, 0x12, 0x04, 0x4f, 0x50,
-	0x45, 0x4e, 0x18, 0xe7, 0x07, 0x52, 0x08, 0x65, 0x6e, 0x75, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x12,
-	0x92, 0x01, 0x0a, 0x17, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x65,
-	0x6c, 0x64, 0x5f, 0x65, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x0e, 0x32, 0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x52,
-	0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x45, 0x6e, 0x63, 0x6f,
-	0x64, 0x69, 0x6e, 0x67, 0x42, 0x27, 0x88, 0x01, 0x01, 0x98, 0x01, 0x04, 0x98, 0x01, 0x01, 0xa2,
-	0x01, 0x0d, 0x12, 0x08, 0x45, 0x58, 0x50, 0x41, 0x4e, 0x44, 0x45, 0x44, 0x18, 0xe6, 0x07, 0xa2,
-	0x01, 0x0b, 0x12, 0x06, 0x50, 0x41, 0x43, 0x4b, 0x45, 0x44, 0x18, 0xe7, 0x07, 0x52, 0x15, 0x72,
-	0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x45, 0x6e, 0x63, 0x6f,
-	0x64, 0x69, 0x6e, 0x67, 0x12, 0x78, 0x0a, 0x0f, 0x75, 0x74, 0x66, 0x38, 0x5f, 0x76, 0x61, 0x6c,
-	0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e,
+	0x1a, 0x5a, 0x0a, 0x0e, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x66, 0x61, 0x75,
+	0x6c, 0x74, 0x12, 0x32, 0x0a, 0x07, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x65,
+	0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x1a, 0x96, 0x02, 0x0a,
+	0x0e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12,
+	0x47, 0x0a, 0x12, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x74, 0x72, 0x6f,
+	0x64, 0x75, 0x63, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x64,
+	0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x11, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e,
+	0x74, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x65, 0x64, 0x12, 0x47, 0x0a, 0x12, 0x65, 0x64, 0x69, 0x74,
+	0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x11,
+	0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
+	0x64, 0x12, 0x2f, 0x0a, 0x13, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x5f, 0x77, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12,
+	0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x57, 0x61, 0x72, 0x6e, 0x69,
+	0x6e, 0x67, 0x12, 0x41, 0x0a, 0x0f, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65,
+	0x6d, 0x6f, 0x76, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x64,
+	0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
+	0x6d, 0x6f, 0x76, 0x65, 0x64, 0x22, 0x2f, 0x0a, 0x05, 0x43, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a,
+	0x0a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x43, 0x4f,
+	0x52, 0x44, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x50,
+	0x49, 0x45, 0x43, 0x45, 0x10, 0x02, 0x22, 0x35, 0x0a, 0x06, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65,
+	0x12, 0x0d, 0x0a, 0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x10, 0x00, 0x12,
+	0x0d, 0x0a, 0x09, 0x4a, 0x53, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x0d,
+	0x0a, 0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x55, 0x4d, 0x42, 0x45, 0x52, 0x10, 0x02, 0x22, 0x55, 0x0a,
+	0x0f, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e,
+	0x12, 0x15, 0x0a, 0x11, 0x52, 0x45, 0x54, 0x45, 0x4e, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e,
+	0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x52, 0x45, 0x54, 0x45, 0x4e,
+	0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x52, 0x55, 0x4e, 0x54, 0x49, 0x4d, 0x45, 0x10, 0x01, 0x12, 0x14,
+	0x0a, 0x10, 0x52, 0x45, 0x54, 0x45, 0x4e, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x4f, 0x55, 0x52,
+	0x43, 0x45, 0x10, 0x02, 0x22, 0x8c, 0x02, 0x0a, 0x10, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54,
+	0x61, 0x72, 0x67, 0x65, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x52,
+	0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e,
+	0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50,
+	0x45, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x1f, 0x0a, 0x1b, 0x54, 0x41, 0x52, 0x47,
+	0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x4e, 0x53, 0x49, 0x4f,
+	0x4e, 0x5f, 0x52, 0x41, 0x4e, 0x47, 0x45, 0x10, 0x02, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x52,
+	0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45,
+	0x10, 0x03, 0x12, 0x15, 0x0a, 0x11, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50,
+	0x45, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x10, 0x04, 0x12, 0x15, 0x0a, 0x11, 0x54, 0x41, 0x52,
+	0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4f, 0x4e, 0x45, 0x4f, 0x46, 0x10, 0x05,
+	0x12, 0x14, 0x0a, 0x10, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x45, 0x4e, 0x55, 0x4d, 0x10, 0x06, 0x12, 0x1a, 0x0a, 0x16, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54,
+	0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x4e, 0x54, 0x52, 0x59,
+	0x10, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50,
+	0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x10, 0x08, 0x12, 0x16, 0x0a, 0x12, 0x54,
+	0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f,
+	0x44, 0x10, 0x09, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04,
+	0x08, 0x04, 0x10, 0x05, 0x4a, 0x04, 0x08, 0x12, 0x10, 0x13, 0x22, 0xac, 0x01, 0x0a, 0x0c, 0x4f,
+	0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x37, 0x0a, 0x08, 0x66,
+	0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e,
 	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x55, 0x74, 0x66, 0x38, 0x56,
-	0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x23, 0x88, 0x01, 0x01, 0x98, 0x01,
-	0x04, 0x98, 0x01, 0x01, 0xa2, 0x01, 0x09, 0x12, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x18, 0xe6, 0x07,
-	0xa2, 0x01, 0x0b, 0x12, 0x06, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x18, 0xe7, 0x07, 0x52, 0x0e,
-	0x75, 0x74, 0x66, 0x38, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x78,
-	0x0a, 0x10, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x65, 0x6e, 0x63, 0x6f, 0x64, 0x69,
-	0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75,
-	0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x45, 0x6e, 0x63,
-	0x6f, 0x64, 0x69, 0x6e, 0x67, 0x42, 0x20, 0x88, 0x01, 0x01, 0x98, 0x01, 0x04, 0x98, 0x01, 0x01,
-	0xa2, 0x01, 0x14, 0x12, 0x0f, 0x4c, 0x45, 0x4e, 0x47, 0x54, 0x48, 0x5f, 0x50, 0x52, 0x45, 0x46,
-	0x49, 0x58, 0x45, 0x44, 0x18, 0xe6, 0x07, 0x52, 0x0f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
-	0x45, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x7c, 0x0a, 0x0b, 0x6a, 0x73, 0x6f, 0x6e,
-	0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e,
+	0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74,
+	0x75, 0x72, 0x65, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70,
+	0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65,
+	0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09,
+	0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0xd1, 0x02, 0x0a, 0x0b, 0x45, 0x6e,
+	0x75, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x6c, 0x6c,
+	0x6f, 0x77, 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a,
+	0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65,
+	0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05,
+	0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
+	0x64, 0x12, 0x56, 0x0a, 0x26, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f,
+	0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x69, 0x65, 0x6c,
+	0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x22, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
+	0x64, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4a, 0x73, 0x6f, 0x6e, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x43, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x65, 0x61,
+	0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65,
+	0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72,
+	0x65, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65,
+	0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65,
+	0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8,
+	0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x22, 0xd8, 0x02,
+	0x0a, 0x10, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64,
+	0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x65, 0x61,
+	0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65,
+	0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72,
+	0x65, 0x73, 0x12, 0x28, 0x0a, 0x0c, 0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x72, 0x65, 0x64, 0x61,
+	0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52,
+	0x0b, 0x64, 0x65, 0x62, 0x75, 0x67, 0x52, 0x65, 0x64, 0x61, 0x63, 0x74, 0x12, 0x55, 0x0a, 0x0f,
+	0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x75, 0x70, 0x70,
+	0x6f, 0x72, 0x74, 0x52, 0x0e, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x75, 0x70, 0x70,
+	0x6f, 0x72, 0x74, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
+	0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74,
+	0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08,
+	0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0xd5, 0x01, 0x0a, 0x0e, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x37, 0x0a, 0x08, 0x66,
+	0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e,
 	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x4a, 0x73, 0x6f, 0x6e, 0x46,
-	0x6f, 0x72, 0x6d, 0x61, 0x74, 0x42, 0x33, 0x88, 0x01, 0x01, 0x98, 0x01, 0x03, 0x98, 0x01, 0x06,
-	0x98, 0x01, 0x01, 0xa2, 0x01, 0x17, 0x12, 0x12, 0x4c, 0x45, 0x47, 0x41, 0x43, 0x59, 0x5f, 0x42,
-	0x45, 0x53, 0x54, 0x5f, 0x45, 0x46, 0x46, 0x4f, 0x52, 0x54, 0x18, 0xe6, 0x07, 0xa2, 0x01, 0x0a,
-	0x12, 0x05, 0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x18, 0xe7, 0x07, 0x52, 0x0a, 0x6a, 0x73, 0x6f, 0x6e,
-	0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x22, 0x5c, 0x0a, 0x0d, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x50,
-	0x72, 0x65, 0x73, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x46, 0x49, 0x45, 0x4c, 0x44,
-	0x5f, 0x50, 0x52, 0x45, 0x53, 0x45, 0x4e, 0x43, 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57,
-	0x4e, 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x45, 0x58, 0x50, 0x4c, 0x49, 0x43, 0x49, 0x54, 0x10,
-	0x01, 0x12, 0x0c, 0x0a, 0x08, 0x49, 0x4d, 0x50, 0x4c, 0x49, 0x43, 0x49, 0x54, 0x10, 0x02, 0x12,
-	0x13, 0x0a, 0x0f, 0x4c, 0x45, 0x47, 0x41, 0x43, 0x59, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52,
-	0x45, 0x44, 0x10, 0x03, 0x22, 0x37, 0x0a, 0x08, 0x45, 0x6e, 0x75, 0x6d, 0x54, 0x79, 0x70, 0x65,
-	0x12, 0x15, 0x0a, 0x11, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e,
-	0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x4f, 0x50, 0x45, 0x4e, 0x10,
-	0x01, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x4c, 0x4f, 0x53, 0x45, 0x44, 0x10, 0x02, 0x22, 0x56, 0x0a,
-	0x15, 0x52, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x45, 0x6e,
-	0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x23, 0x0a, 0x1f, 0x52, 0x45, 0x50, 0x45, 0x41, 0x54,
-	0x45, 0x44, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x45, 0x4e, 0x43, 0x4f, 0x44, 0x49, 0x4e,
-	0x47, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x50,
-	0x41, 0x43, 0x4b, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x45, 0x58, 0x50, 0x41, 0x4e,
-	0x44, 0x45, 0x44, 0x10, 0x02, 0x22, 0x43, 0x0a, 0x0e, 0x55, 0x74, 0x66, 0x38, 0x56, 0x61, 0x6c,
-	0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1b, 0x0a, 0x17, 0x55, 0x54, 0x46, 0x38, 0x5f,
-	0x56, 0x41, 0x4c, 0x49, 0x44, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f,
-	0x57, 0x4e, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x01, 0x12, 0x0a,
-	0x0a, 0x06, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x10, 0x02, 0x22, 0x53, 0x0a, 0x0f, 0x4d, 0x65,
-	0x73, 0x73, 0x61, 0x67, 0x65, 0x45, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x1c, 0x0a,
-	0x18, 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x5f, 0x45, 0x4e, 0x43, 0x4f, 0x44, 0x49, 0x4e,
-	0x47, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x4c,
-	0x45, 0x4e, 0x47, 0x54, 0x48, 0x5f, 0x50, 0x52, 0x45, 0x46, 0x49, 0x58, 0x45, 0x44, 0x10, 0x01,
-	0x12, 0x0d, 0x0a, 0x09, 0x44, 0x45, 0x4c, 0x49, 0x4d, 0x49, 0x54, 0x45, 0x44, 0x10, 0x02, 0x22,
-	0x48, 0x0a, 0x0a, 0x4a, 0x73, 0x6f, 0x6e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x17, 0x0a,
-	0x13, 0x4a, 0x53, 0x4f, 0x4e, 0x5f, 0x46, 0x4f, 0x52, 0x4d, 0x41, 0x54, 0x5f, 0x55, 0x4e, 0x4b,
-	0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x10,
-	0x01, 0x12, 0x16, 0x0a, 0x12, 0x4c, 0x45, 0x47, 0x41, 0x43, 0x59, 0x5f, 0x42, 0x45, 0x53, 0x54,
-	0x5f, 0x45, 0x46, 0x46, 0x4f, 0x52, 0x54, 0x10, 0x02, 0x2a, 0x06, 0x08, 0xe8, 0x07, 0x10, 0xe9,
-	0x07, 0x2a, 0x06, 0x08, 0xe9, 0x07, 0x10, 0xea, 0x07, 0x2a, 0x06, 0x08, 0x8b, 0x4e, 0x10, 0x90,
-	0x4e, 0x4a, 0x06, 0x08, 0xe7, 0x07, 0x10, 0xe8, 0x07, 0x22, 0xfe, 0x02, 0x0a, 0x12, 0x46, 0x65,
-	0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73,
-	0x12, 0x58, 0x0a, 0x08, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x44,
-	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53,
-	0x65, 0x74, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
-	0x52, 0x08, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x12, 0x41, 0x0a, 0x0f, 0x6d, 0x69,
-	0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20,
-	0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x6d,
-	0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a,
-	0x0f, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
-	0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x0e, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
-	0x1a, 0x87, 0x01, 0x0a, 0x18, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x45,
-	0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x32, 0x0a,
-	0x07, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18,
+	0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74,
+	0x75, 0x72, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74,
+	0x65, 0x64, 0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52,
+	0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x58, 0x0a, 0x14, 0x75,
+	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02,
+	0x22, 0x99, 0x03, 0x0a, 0x0d, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64,
+	0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64,
+	0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x71, 0x0a, 0x11, 0x69, 0x64, 0x65,
+	0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x22,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x49, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79,
+	0x4c, 0x65, 0x76, 0x65, 0x6c, 0x3a, 0x13, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e,
+	0x43, 0x59, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x52, 0x10, 0x69, 0x64, 0x65, 0x6d,
+	0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x37, 0x0a, 0x08,
+	0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x23, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b,
 	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f,
-	0x6e, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20,
+	0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x08, 0x66, 0x65, 0x61,
+	0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
+	0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22,
+	0x50, 0x0a, 0x10, 0x49, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65,
+	0x76, 0x65, 0x6c, 0x12, 0x17, 0x0a, 0x13, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e,
+	0x43, 0x59, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f,
+	0x4e, 0x4f, 0x5f, 0x53, 0x49, 0x44, 0x45, 0x5f, 0x45, 0x46, 0x46, 0x45, 0x43, 0x54, 0x53, 0x10,
+	0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e, 0x54, 0x10,
+	0x02, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0x9a, 0x03, 0x0a,
+	0x13, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74,
+	0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x72,
+	0x74, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x69, 0x64, 0x65, 0x6e, 0x74,
+	0x69, 0x66, 0x69, 0x65, 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x0f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x56, 0x61, 0x6c,
+	0x75, 0x65, 0x12, 0x2c, 0x0a, 0x12, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x69,
+	0x6e, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x10,
+	0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65,
+	0x12, 0x2c, 0x0a, 0x12, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74,
+	0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x6e, 0x65,
+	0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x21,
+	0x0a, 0x0c, 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x06,
+	0x20, 0x01, 0x28, 0x01, 0x52, 0x0b, 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74,
+	0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x61,
+	0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x1a, 0x4a, 0x0a,
+	0x08, 0x4e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x61, 0x6d,
+	0x65, 0x5f, 0x70, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, 0x6e, 0x61,
+	0x6d, 0x65, 0x50, 0x61, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x73, 0x5f, 0x65, 0x78, 0x74,
+	0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x02, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x73,
+	0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0xa7, 0x0a, 0x0a, 0x0a, 0x46, 0x65,
+	0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x12, 0x91, 0x01, 0x0a, 0x0e, 0x66, 0x69, 0x65,
+	0x6c, 0x64, 0x5f, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0e, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x46,
+	0x69, 0x65, 0x6c, 0x64, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x63, 0x65, 0x42, 0x3f, 0x88, 0x01,
+	0x01, 0x98, 0x01, 0x04, 0x98, 0x01, 0x01, 0xa2, 0x01, 0x0d, 0x12, 0x08, 0x45, 0x58, 0x50, 0x4c,
+	0x49, 0x43, 0x49, 0x54, 0x18, 0xe6, 0x07, 0xa2, 0x01, 0x0d, 0x12, 0x08, 0x49, 0x4d, 0x50, 0x4c,
+	0x49, 0x43, 0x49, 0x54, 0x18, 0xe7, 0x07, 0xa2, 0x01, 0x0d, 0x12, 0x08, 0x45, 0x58, 0x50, 0x4c,
+	0x49, 0x43, 0x49, 0x54, 0x18, 0xe8, 0x07, 0xb2, 0x01, 0x03, 0x08, 0xe8, 0x07, 0x52, 0x0d, 0x66,
+	0x69, 0x65, 0x6c, 0x64, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x6c, 0x0a, 0x09,
+	0x65, 0x6e, 0x75, 0x6d, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32,
+	0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x45, 0x6e, 0x75,
+	0x6d, 0x54, 0x79, 0x70, 0x65, 0x42, 0x29, 0x88, 0x01, 0x01, 0x98, 0x01, 0x06, 0x98, 0x01, 0x01,
+	0xa2, 0x01, 0x0b, 0x12, 0x06, 0x43, 0x4c, 0x4f, 0x53, 0x45, 0x44, 0x18, 0xe6, 0x07, 0xa2, 0x01,
+	0x09, 0x12, 0x04, 0x4f, 0x50, 0x45, 0x4e, 0x18, 0xe7, 0x07, 0xb2, 0x01, 0x03, 0x08, 0xe8, 0x07,
+	0x52, 0x08, 0x65, 0x6e, 0x75, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x12, 0x98, 0x01, 0x0a, 0x17, 0x72,
+	0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x65, 0x6e,
+	0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
+	0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x52, 0x65, 0x70, 0x65, 0x61, 0x74,
+	0x65, 0x64, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x45, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x42,
+	0x2d, 0x88, 0x01, 0x01, 0x98, 0x01, 0x04, 0x98, 0x01, 0x01, 0xa2, 0x01, 0x0d, 0x12, 0x08, 0x45,
+	0x58, 0x50, 0x41, 0x4e, 0x44, 0x45, 0x44, 0x18, 0xe6, 0x07, 0xa2, 0x01, 0x0b, 0x12, 0x06, 0x50,
+	0x41, 0x43, 0x4b, 0x45, 0x44, 0x18, 0xe7, 0x07, 0xb2, 0x01, 0x03, 0x08, 0xe8, 0x07, 0x52, 0x15,
+	0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x45, 0x6e, 0x63,
+	0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x7e, 0x0a, 0x0f, 0x75, 0x74, 0x66, 0x38, 0x5f, 0x76, 0x61,
+	0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x55, 0x74, 0x66, 0x38,
+	0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x29, 0x88, 0x01, 0x01, 0x98,
+	0x01, 0x04, 0x98, 0x01, 0x01, 0xa2, 0x01, 0x09, 0x12, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x18, 0xe6,
+	0x07, 0xa2, 0x01, 0x0b, 0x12, 0x06, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x18, 0xe7, 0x07, 0xb2,
+	0x01, 0x03, 0x08, 0xe8, 0x07, 0x52, 0x0e, 0x75, 0x74, 0x66, 0x38, 0x56, 0x61, 0x6c, 0x69, 0x64,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x7e, 0x0a, 0x10, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
+	0x5f, 0x65, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32,
+	0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x4d, 0x65, 0x73,
+	0x73, 0x61, 0x67, 0x65, 0x45, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x42, 0x26, 0x88, 0x01,
+	0x01, 0x98, 0x01, 0x04, 0x98, 0x01, 0x01, 0xa2, 0x01, 0x14, 0x12, 0x0f, 0x4c, 0x45, 0x4e, 0x47,
+	0x54, 0x48, 0x5f, 0x50, 0x52, 0x45, 0x46, 0x49, 0x58, 0x45, 0x44, 0x18, 0xe6, 0x07, 0xb2, 0x01,
+	0x03, 0x08, 0xe8, 0x07, 0x52, 0x0f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x45, 0x6e, 0x63,
+	0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x82, 0x01, 0x0a, 0x0b, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66,
+	0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65,
+	0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x2e, 0x4a, 0x73, 0x6f, 0x6e, 0x46, 0x6f, 0x72,
+	0x6d, 0x61, 0x74, 0x42, 0x39, 0x88, 0x01, 0x01, 0x98, 0x01, 0x03, 0x98, 0x01, 0x06, 0x98, 0x01,
+	0x01, 0xa2, 0x01, 0x17, 0x12, 0x12, 0x4c, 0x45, 0x47, 0x41, 0x43, 0x59, 0x5f, 0x42, 0x45, 0x53,
+	0x54, 0x5f, 0x45, 0x46, 0x46, 0x4f, 0x52, 0x54, 0x18, 0xe6, 0x07, 0xa2, 0x01, 0x0a, 0x12, 0x05,
+	0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x18, 0xe7, 0x07, 0xb2, 0x01, 0x03, 0x08, 0xe8, 0x07, 0x52, 0x0a,
+	0x6a, 0x73, 0x6f, 0x6e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x22, 0x5c, 0x0a, 0x0d, 0x46, 0x69,
+	0x65, 0x6c, 0x64, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x46,
+	0x49, 0x45, 0x4c, 0x44, 0x5f, 0x50, 0x52, 0x45, 0x53, 0x45, 0x4e, 0x43, 0x45, 0x5f, 0x55, 0x4e,
+	0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x45, 0x58, 0x50, 0x4c, 0x49,
+	0x43, 0x49, 0x54, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x49, 0x4d, 0x50, 0x4c, 0x49, 0x43, 0x49,
+	0x54, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x4c, 0x45, 0x47, 0x41, 0x43, 0x59, 0x5f, 0x52, 0x45,
+	0x51, 0x55, 0x49, 0x52, 0x45, 0x44, 0x10, 0x03, 0x22, 0x37, 0x0a, 0x08, 0x45, 0x6e, 0x75, 0x6d,
+	0x54, 0x79, 0x70, 0x65, 0x12, 0x15, 0x0a, 0x11, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x54, 0x59, 0x50,
+	0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x4f,
+	0x50, 0x45, 0x4e, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x4c, 0x4f, 0x53, 0x45, 0x44, 0x10,
+	0x02, 0x22, 0x56, 0x0a, 0x15, 0x52, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x46, 0x69, 0x65,
+	0x6c, 0x64, 0x45, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x23, 0x0a, 0x1f, 0x52, 0x45,
+	0x50, 0x45, 0x41, 0x54, 0x45, 0x44, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x45, 0x4e, 0x43,
+	0x4f, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12,
+	0x0a, 0x0a, 0x06, 0x50, 0x41, 0x43, 0x4b, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x45,
+	0x58, 0x50, 0x41, 0x4e, 0x44, 0x45, 0x44, 0x10, 0x02, 0x22, 0x49, 0x0a, 0x0e, 0x55, 0x74, 0x66,
+	0x38, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1b, 0x0a, 0x17, 0x55,
+	0x54, 0x46, 0x38, 0x5f, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55,
+	0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x56, 0x45, 0x52, 0x49,
+	0x46, 0x59, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x03, 0x22, 0x04,
+	0x08, 0x01, 0x10, 0x01, 0x22, 0x53, 0x0a, 0x0f, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x45,
+	0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x45, 0x53, 0x53, 0x41,
+	0x47, 0x45, 0x5f, 0x45, 0x4e, 0x43, 0x4f, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x55, 0x4e, 0x4b, 0x4e,
+	0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x4c, 0x45, 0x4e, 0x47, 0x54, 0x48, 0x5f,
+	0x50, 0x52, 0x45, 0x46, 0x49, 0x58, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x44, 0x45,
+	0x4c, 0x49, 0x4d, 0x49, 0x54, 0x45, 0x44, 0x10, 0x02, 0x22, 0x48, 0x0a, 0x0a, 0x4a, 0x73, 0x6f,
+	0x6e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x17, 0x0a, 0x13, 0x4a, 0x53, 0x4f, 0x4e, 0x5f,
+	0x46, 0x4f, 0x52, 0x4d, 0x41, 0x54, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00,
+	0x12, 0x09, 0x0a, 0x05, 0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x4c,
+	0x45, 0x47, 0x41, 0x43, 0x59, 0x5f, 0x42, 0x45, 0x53, 0x54, 0x5f, 0x45, 0x46, 0x46, 0x4f, 0x52,
+	0x54, 0x10, 0x02, 0x2a, 0x06, 0x08, 0xe8, 0x07, 0x10, 0x8b, 0x4e, 0x2a, 0x06, 0x08, 0x8b, 0x4e,
+	0x10, 0x90, 0x4e, 0x2a, 0x06, 0x08, 0x90, 0x4e, 0x10, 0x91, 0x4e, 0x4a, 0x06, 0x08, 0xe7, 0x07,
+	0x10, 0xe8, 0x07, 0x22, 0xef, 0x03, 0x0a, 0x12, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53,
+	0x65, 0x74, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x08, 0x64, 0x65,
+	0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
+	0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
+	0x73, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x45, 0x64, 0x69, 0x74,
+	0x69, 0x6f, 0x6e, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x52, 0x08, 0x64, 0x65, 0x66, 0x61,
+	0x75, 0x6c, 0x74, 0x73, 0x12, 0x41, 0x0a, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f,
+	0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d,
+	0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x69, 0x6d,
+	0x75, 0x6d, 0x5f, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e,
+	0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x69,
+	0x6d, 0x75, 0x6d, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xf8, 0x01, 0x0a, 0x18, 0x46,
+	0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+	0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x32, 0x0a, 0x07, 0x65, 0x64, 0x69, 0x74, 0x69,
+	0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x64, 0x69, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x07, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4e, 0x0a, 0x14, 0x6f,
+	0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75,
+	0x72, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74,
+	0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x52, 0x13, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x61,
+	0x62, 0x6c, 0x65, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x42, 0x0a, 0x0e, 0x66,
+	0x69, 0x78, 0x65, 0x64, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x05, 0x20,
 	0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
 	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74,
-	0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x22, 0xa7, 0x02, 0x0a, 0x0e, 0x53,
-	0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x44, 0x0a,
-	0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f,
-	0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x1a, 0xce, 0x01, 0x0a, 0x08, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x12, 0x16, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x02,
-	0x10, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x16, 0x0a, 0x04, 0x73, 0x70, 0x61, 0x6e,
-	0x18, 0x02, 0x20, 0x03, 0x28, 0x05, 0x42, 0x02, 0x10, 0x01, 0x52, 0x04, 0x73, 0x70, 0x61, 0x6e,
-	0x12, 0x29, 0x0a, 0x10, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6d, 0x6d,
-	0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x65, 0x61, 0x64,
-	0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x74,
-	0x72, 0x61, 0x69, 0x6c, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73,
-	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x69, 0x6e, 0x67,
-	0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x3a, 0x0a, 0x19, 0x6c, 0x65, 0x61, 0x64,
-	0x69, 0x6e, 0x67, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6d,
-	0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x17, 0x6c, 0x65, 0x61,
-	0x64, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6d, 0x6d,
-	0x65, 0x6e, 0x74, 0x73, 0x22, 0xd0, 0x02, 0x0a, 0x11, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
-	0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x4d, 0x0a, 0x0a, 0x61, 0x6e,
-	0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e,
-	0x66, 0x6f, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x61,
-	0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xeb, 0x01, 0x0a, 0x0a, 0x41, 0x6e,
-	0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68,
-	0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x02, 0x10, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68,
-	0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x46, 0x69, 0x6c,
-	0x65, 0x12, 0x14, 0x0a, 0x05, 0x62, 0x65, 0x67, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05,
-	0x52, 0x05, 0x62, 0x65, 0x67, 0x69, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x12, 0x52, 0x0a, 0x08, 0x73, 0x65, 0x6d,
-	0x61, 0x6e, 0x74, 0x69, 0x63, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x47, 0x65,
-	0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e,
-	0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x6d, 0x61, 0x6e,
-	0x74, 0x69, 0x63, 0x52, 0x08, 0x73, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x22, 0x28, 0x0a,
-	0x08, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e,
-	0x45, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x53, 0x45, 0x54, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05,
-	0x41, 0x4c, 0x49, 0x41, 0x53, 0x10, 0x02, 0x2a, 0xea, 0x01, 0x0a, 0x07, 0x45, 0x64, 0x69, 0x74,
-	0x69, 0x6f, 0x6e, 0x12, 0x13, 0x0a, 0x0f, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55,
-	0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0e, 0x45, 0x44, 0x49, 0x54,
+	0x52, 0x0d, 0x66, 0x69, 0x78, 0x65, 0x64, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x4a,
+	0x04, 0x08, 0x01, 0x10, 0x02, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x52, 0x08, 0x66, 0x65, 0x61,
+	0x74, 0x75, 0x72, 0x65, 0x73, 0x22, 0xa7, 0x02, 0x0a, 0x0e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x44, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x6f, 0x75,
+	0x72, 0x63, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x4c, 0x6f, 0x63, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xce,
+	0x01, 0x0a, 0x08, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x04, 0x70,
+	0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x02, 0x10, 0x01, 0x52, 0x04, 0x70,
+	0x61, 0x74, 0x68, 0x12, 0x16, 0x0a, 0x04, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28,
+	0x05, 0x42, 0x02, 0x10, 0x01, 0x52, 0x04, 0x73, 0x70, 0x61, 0x6e, 0x12, 0x29, 0x0a, 0x10, 0x6c,
+	0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f,
+	0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x69,
+	0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x10, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6d, 0x6d, 0x65,
+	0x6e, 0x74, 0x73, 0x12, 0x3a, 0x0a, 0x19, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x64,
+	0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73,
+	0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x17, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x44,
+	0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x22,
+	0xd0, 0x02, 0x0a, 0x11, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x64,
+	0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x4d, 0x0a, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x47, 0x65, 0x6e, 0x65,
+	0x72, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x41, 0x6e,
+	0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xeb, 0x01, 0x0a, 0x0a, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28,
+	0x05, 0x42, 0x02, 0x10, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x73,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0a, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05,
+	0x62, 0x65, 0x67, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x62, 0x65, 0x67,
+	0x69, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52,
+	0x03, 0x65, 0x6e, 0x64, 0x12, 0x52, 0x0a, 0x08, 0x73, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63,
+	0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
+	0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x52, 0x08,
+	0x73, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x22, 0x28, 0x0a, 0x08, 0x53, 0x65, 0x6d, 0x61,
+	0x6e, 0x74, 0x69, 0x63, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x07,
+	0x0a, 0x03, 0x53, 0x45, 0x54, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x4c, 0x49, 0x41, 0x53,
+	0x10, 0x02, 0x2a, 0xa7, 0x02, 0x0a, 0x07, 0x45, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x13,
+	0x0a, 0x0f, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57,
+	0x4e, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0e, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4c,
+	0x45, 0x47, 0x41, 0x43, 0x59, 0x10, 0x84, 0x07, 0x12, 0x13, 0x0a, 0x0e, 0x45, 0x44, 0x49, 0x54,
 	0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x32, 0x10, 0xe6, 0x07, 0x12, 0x13, 0x0a,
 	0x0e, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x33, 0x10,
 	0xe7, 0x07, 0x12, 0x11, 0x0a, 0x0c, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x32, 0x30,
-	0x32, 0x33, 0x10, 0xe8, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e,
-	0x5f, 0x31, 0x5f, 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x01, 0x12, 0x17,
-	0x0a, 0x13, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x32, 0x5f, 0x54, 0x45, 0x53, 0x54,
-	0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x02, 0x12, 0x1d, 0x0a, 0x17, 0x45, 0x44, 0x49, 0x54, 0x49,
-	0x4f, 0x4e, 0x5f, 0x39, 0x39, 0x39, 0x39, 0x37, 0x5f, 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4f, 0x4e,
-	0x4c, 0x59, 0x10, 0x9d, 0x8d, 0x06, 0x12, 0x1d, 0x0a, 0x17, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f,
-	0x4e, 0x5f, 0x39, 0x39, 0x39, 0x39, 0x38, 0x5f, 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4f, 0x4e, 0x4c,
-	0x59, 0x10, 0x9e, 0x8d, 0x06, 0x12, 0x1d, 0x0a, 0x17, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e,
-	0x5f, 0x39, 0x39, 0x39, 0x39, 0x39, 0x5f, 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4f, 0x4e, 0x4c, 0x59,
-	0x10, 0x9f, 0x8d, 0x06, 0x42, 0x7e, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x42, 0x10, 0x44, 0x65, 0x73,
-	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x73, 0x48, 0x01, 0x5a,
-	0x2d, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f,
-	0x72, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65,
-	0x73, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x70, 0x62, 0xf8, 0x01,
-	0x01, 0xa2, 0x02, 0x03, 0x47, 0x50, 0x42, 0xaa, 0x02, 0x1a, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x52, 0x65, 0x66, 0x6c, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e,
+	0x32, 0x33, 0x10, 0xe8, 0x07, 0x12, 0x11, 0x0a, 0x0c, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e,
+	0x5f, 0x32, 0x30, 0x32, 0x34, 0x10, 0xe9, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x45, 0x44, 0x49, 0x54,
+	0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10,
+	0x01, 0x12, 0x17, 0x0a, 0x13, 0x45, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x32, 0x5f, 0x54,
+	0x45, 0x53, 0x54, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x02, 0x12, 0x1d, 0x0a, 0x17, 0x45, 0x44,
+	0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x39, 0x39, 0x39, 0x39, 0x37, 0x5f, 0x54, 0x45, 0x53, 0x54,
+	0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x9d, 0x8d, 0x06, 0x12, 0x1d, 0x0a, 0x17, 0x45, 0x44, 0x49,
+	0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x39, 0x39, 0x39, 0x39, 0x38, 0x5f, 0x54, 0x45, 0x53, 0x54, 0x5f,
+	0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x9e, 0x8d, 0x06, 0x12, 0x1d, 0x0a, 0x17, 0x45, 0x44, 0x49, 0x54,
+	0x49, 0x4f, 0x4e, 0x5f, 0x39, 0x39, 0x39, 0x39, 0x39, 0x5f, 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4f,
+	0x4e, 0x4c, 0x59, 0x10, 0x9f, 0x8d, 0x06, 0x12, 0x13, 0x0a, 0x0b, 0x45, 0x44, 0x49, 0x54, 0x49,
+	0x4f, 0x4e, 0x5f, 0x4d, 0x41, 0x58, 0x10, 0xff, 0xff, 0xff, 0xff, 0x07, 0x42, 0x7e, 0x0a, 0x13,
+	0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x42, 0x10, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x73, 0x48, 0x01, 0x5a, 0x2d, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69,
+	0x70, 0x74, 0x6f, 0x72, 0x70, 0x62, 0xf8, 0x01, 0x01, 0xa2, 0x02, 0x03, 0x47, 0x50, 0x42, 0xaa,
+	0x02, 0x1a, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x52, 0x65, 0x66, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
 }
 
 var (
@@ -5092,8 +5242,8 @@ func file_google_protobuf_descriptor_proto_rawDescGZIP() []byte {
 }
 
 var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 17)
-var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 32)
-var file_google_protobuf_descriptor_proto_goTypes = []interface{}{
+var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 33)
+var file_google_protobuf_descriptor_proto_goTypes = []any{
 	(Edition)(0), // 0: google.protobuf.Edition
 	(ExtensionRangeOptions_VerificationState)(0),        // 1: google.protobuf.ExtensionRangeOptions.VerificationState
 	(FieldDescriptorProto_Type)(0),                      // 2: google.protobuf.FieldDescriptorProto.Type
@@ -5139,10 +5289,11 @@ var file_google_protobuf_descriptor_proto_goTypes = []interface{}{
 	(*ExtensionRangeOptions_Declaration)(nil),           // 42: google.protobuf.ExtensionRangeOptions.Declaration
 	(*EnumDescriptorProto_EnumReservedRange)(nil),       // 43: google.protobuf.EnumDescriptorProto.EnumReservedRange
 	(*FieldOptions_EditionDefault)(nil),                 // 44: google.protobuf.FieldOptions.EditionDefault
-	(*UninterpretedOption_NamePart)(nil),                // 45: google.protobuf.UninterpretedOption.NamePart
-	(*FeatureSetDefaults_FeatureSetEditionDefault)(nil), // 46: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault
-	(*SourceCodeInfo_Location)(nil),                     // 47: google.protobuf.SourceCodeInfo.Location
-	(*GeneratedCodeInfo_Annotation)(nil),                // 48: google.protobuf.GeneratedCodeInfo.Annotation
+	(*FieldOptions_FeatureSupport)(nil),                 // 45: google.protobuf.FieldOptions.FeatureSupport
+	(*UninterpretedOption_NamePart)(nil),                // 46: google.protobuf.UninterpretedOption.NamePart
+	(*FeatureSetDefaults_FeatureSetEditionDefault)(nil), // 47: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault
+	(*SourceCodeInfo_Location)(nil),                     // 48: google.protobuf.SourceCodeInfo.Location
+	(*GeneratedCodeInfo_Annotation)(nil),                // 49: google.protobuf.GeneratedCodeInfo.Annotation
 }
 var file_google_protobuf_descriptor_proto_depIdxs = []int32{
 	18, // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto
@@ -5187,40 +5338,46 @@ var file_google_protobuf_descriptor_proto_depIdxs = []int32{
 	8,  // 39: google.protobuf.FieldOptions.targets:type_name -> google.protobuf.FieldOptions.OptionTargetType
 	44, // 40: google.protobuf.FieldOptions.edition_defaults:type_name -> google.protobuf.FieldOptions.EditionDefault
 	36, // 41: google.protobuf.FieldOptions.features:type_name -> google.protobuf.FeatureSet
-	35, // 42: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	36, // 43: google.protobuf.OneofOptions.features:type_name -> google.protobuf.FeatureSet
-	35, // 44: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	36, // 45: google.protobuf.EnumOptions.features:type_name -> google.protobuf.FeatureSet
-	35, // 46: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	36, // 47: google.protobuf.EnumValueOptions.features:type_name -> google.protobuf.FeatureSet
-	35, // 48: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	36, // 49: google.protobuf.ServiceOptions.features:type_name -> google.protobuf.FeatureSet
-	35, // 50: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	9,  // 51: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel
-	36, // 52: google.protobuf.MethodOptions.features:type_name -> google.protobuf.FeatureSet
-	35, // 53: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	45, // 54: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart
-	10, // 55: google.protobuf.FeatureSet.field_presence:type_name -> google.protobuf.FeatureSet.FieldPresence
-	11, // 56: google.protobuf.FeatureSet.enum_type:type_name -> google.protobuf.FeatureSet.EnumType
-	12, // 57: google.protobuf.FeatureSet.repeated_field_encoding:type_name -> google.protobuf.FeatureSet.RepeatedFieldEncoding
-	13, // 58: google.protobuf.FeatureSet.utf8_validation:type_name -> google.protobuf.FeatureSet.Utf8Validation
-	14, // 59: google.protobuf.FeatureSet.message_encoding:type_name -> google.protobuf.FeatureSet.MessageEncoding
-	15, // 60: google.protobuf.FeatureSet.json_format:type_name -> google.protobuf.FeatureSet.JsonFormat
-	46, // 61: google.protobuf.FeatureSetDefaults.defaults:type_name -> google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault
-	0,  // 62: google.protobuf.FeatureSetDefaults.minimum_edition:type_name -> google.protobuf.Edition
-	0,  // 63: google.protobuf.FeatureSetDefaults.maximum_edition:type_name -> google.protobuf.Edition
-	47, // 64: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location
-	48, // 65: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation
-	20, // 66: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions
-	0,  // 67: google.protobuf.FieldOptions.EditionDefault.edition:type_name -> google.protobuf.Edition
-	0,  // 68: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.edition:type_name -> google.protobuf.Edition
-	36, // 69: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.features:type_name -> google.protobuf.FeatureSet
-	16, // 70: google.protobuf.GeneratedCodeInfo.Annotation.semantic:type_name -> google.protobuf.GeneratedCodeInfo.Annotation.Semantic
-	71, // [71:71] is the sub-list for method output_type
-	71, // [71:71] is the sub-list for method input_type
-	71, // [71:71] is the sub-list for extension type_name
-	71, // [71:71] is the sub-list for extension extendee
-	0,  // [0:71] is the sub-list for field type_name
+	45, // 42: google.protobuf.FieldOptions.feature_support:type_name -> google.protobuf.FieldOptions.FeatureSupport
+	35, // 43: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	36, // 44: google.protobuf.OneofOptions.features:type_name -> google.protobuf.FeatureSet
+	35, // 45: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	36, // 46: google.protobuf.EnumOptions.features:type_name -> google.protobuf.FeatureSet
+	35, // 47: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	36, // 48: google.protobuf.EnumValueOptions.features:type_name -> google.protobuf.FeatureSet
+	45, // 49: google.protobuf.EnumValueOptions.feature_support:type_name -> google.protobuf.FieldOptions.FeatureSupport
+	35, // 50: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	36, // 51: google.protobuf.ServiceOptions.features:type_name -> google.protobuf.FeatureSet
+	35, // 52: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	9,  // 53: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel
+	36, // 54: google.protobuf.MethodOptions.features:type_name -> google.protobuf.FeatureSet
+	35, // 55: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	46, // 56: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart
+	10, // 57: google.protobuf.FeatureSet.field_presence:type_name -> google.protobuf.FeatureSet.FieldPresence
+	11, // 58: google.protobuf.FeatureSet.enum_type:type_name -> google.protobuf.FeatureSet.EnumType
+	12, // 59: google.protobuf.FeatureSet.repeated_field_encoding:type_name -> google.protobuf.FeatureSet.RepeatedFieldEncoding
+	13, // 60: google.protobuf.FeatureSet.utf8_validation:type_name -> google.protobuf.FeatureSet.Utf8Validation
+	14, // 61: google.protobuf.FeatureSet.message_encoding:type_name -> google.protobuf.FeatureSet.MessageEncoding
+	15, // 62: google.protobuf.FeatureSet.json_format:type_name -> google.protobuf.FeatureSet.JsonFormat
+	47, // 63: google.protobuf.FeatureSetDefaults.defaults:type_name -> google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault
+	0,  // 64: google.protobuf.FeatureSetDefaults.minimum_edition:type_name -> google.protobuf.Edition
+	0,  // 65: google.protobuf.FeatureSetDefaults.maximum_edition:type_name -> google.protobuf.Edition
+	48, // 66: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location
+	49, // 67: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation
+	20, // 68: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions
+	0,  // 69: google.protobuf.FieldOptions.EditionDefault.edition:type_name -> google.protobuf.Edition
+	0,  // 70: google.protobuf.FieldOptions.FeatureSupport.edition_introduced:type_name -> google.protobuf.Edition
+	0,  // 71: google.protobuf.FieldOptions.FeatureSupport.edition_deprecated:type_name -> google.protobuf.Edition
+	0,  // 72: google.protobuf.FieldOptions.FeatureSupport.edition_removed:type_name -> google.protobuf.Edition
+	0,  // 73: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.edition:type_name -> google.protobuf.Edition
+	36, // 74: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.overridable_features:type_name -> google.protobuf.FeatureSet
+	36, // 75: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.fixed_features:type_name -> google.protobuf.FeatureSet
+	16, // 76: google.protobuf.GeneratedCodeInfo.Annotation.semantic:type_name -> google.protobuf.GeneratedCodeInfo.Annotation.Semantic
+	77, // [77:77] is the sub-list for method output_type
+	77, // [77:77] is the sub-list for method input_type
+	77, // [77:77] is the sub-list for extension type_name
+	77, // [77:77] is the sub-list for extension extendee
+	0,  // [0:77] is the sub-list for field type_name
 }
 
 func init() { file_google_protobuf_descriptor_proto_init() }
@@ -5229,7 +5386,7 @@ func file_google_protobuf_descriptor_proto_init() {
 		return
 	}
 	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_descriptor_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[0].Exporter = func(v any, i int) any {
 			switch v := v.(*FileDescriptorSet); i {
 			case 0:
 				return &v.state
@@ -5241,7 +5398,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[1].Exporter = func(v any, i int) any {
 			switch v := v.(*FileDescriptorProto); i {
 			case 0:
 				return &v.state
@@ -5253,7 +5410,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[2].Exporter = func(v any, i int) any {
 			switch v := v.(*DescriptorProto); i {
 			case 0:
 				return &v.state
@@ -5265,7 +5422,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[3].Exporter = func(v any, i int) any {
 			switch v := v.(*ExtensionRangeOptions); i {
 			case 0:
 				return &v.state
@@ -5279,7 +5436,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[4].Exporter = func(v any, i int) any {
 			switch v := v.(*FieldDescriptorProto); i {
 			case 0:
 				return &v.state
@@ -5291,7 +5448,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[5].Exporter = func(v any, i int) any {
 			switch v := v.(*OneofDescriptorProto); i {
 			case 0:
 				return &v.state
@@ -5303,7 +5460,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[6].Exporter = func(v any, i int) any {
 			switch v := v.(*EnumDescriptorProto); i {
 			case 0:
 				return &v.state
@@ -5315,7 +5472,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[7].Exporter = func(v any, i int) any {
 			switch v := v.(*EnumValueDescriptorProto); i {
 			case 0:
 				return &v.state
@@ -5327,7 +5484,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[8].Exporter = func(v any, i int) any {
 			switch v := v.(*ServiceDescriptorProto); i {
 			case 0:
 				return &v.state
@@ -5339,7 +5496,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[9].Exporter = func(v any, i int) any {
 			switch v := v.(*MethodDescriptorProto); i {
 			case 0:
 				return &v.state
@@ -5351,7 +5508,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[10].Exporter = func(v any, i int) any {
 			switch v := v.(*FileOptions); i {
 			case 0:
 				return &v.state
@@ -5365,7 +5522,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[11].Exporter = func(v any, i int) any {
 			switch v := v.(*MessageOptions); i {
 			case 0:
 				return &v.state
@@ -5379,7 +5536,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[12].Exporter = func(v any, i int) any {
 			switch v := v.(*FieldOptions); i {
 			case 0:
 				return &v.state
@@ -5393,7 +5550,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[13].Exporter = func(v any, i int) any {
 			switch v := v.(*OneofOptions); i {
 			case 0:
 				return &v.state
@@ -5407,7 +5564,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[14].Exporter = func(v any, i int) any {
 			switch v := v.(*EnumOptions); i {
 			case 0:
 				return &v.state
@@ -5421,7 +5578,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[15].Exporter = func(v any, i int) any {
 			switch v := v.(*EnumValueOptions); i {
 			case 0:
 				return &v.state
@@ -5435,7 +5592,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[16].Exporter = func(v any, i int) any {
 			switch v := v.(*ServiceOptions); i {
 			case 0:
 				return &v.state
@@ -5449,7 +5606,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[17].Exporter = func(v any, i int) any {
 			switch v := v.(*MethodOptions); i {
 			case 0:
 				return &v.state
@@ -5463,7 +5620,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[18].Exporter = func(v any, i int) any {
 			switch v := v.(*UninterpretedOption); i {
 			case 0:
 				return &v.state
@@ -5475,7 +5632,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[19].Exporter = func(v any, i int) any {
 			switch v := v.(*FeatureSet); i {
 			case 0:
 				return &v.state
@@ -5489,7 +5646,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[20].Exporter = func(v any, i int) any {
 			switch v := v.(*FeatureSetDefaults); i {
 			case 0:
 				return &v.state
@@ -5501,7 +5658,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[21].Exporter = func(v any, i int) any {
 			switch v := v.(*SourceCodeInfo); i {
 			case 0:
 				return &v.state
@@ -5513,7 +5670,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[22].Exporter = func(v any, i int) any {
 			switch v := v.(*GeneratedCodeInfo); i {
 			case 0:
 				return &v.state
@@ -5525,7 +5682,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[23].Exporter = func(v any, i int) any {
 			switch v := v.(*DescriptorProto_ExtensionRange); i {
 			case 0:
 				return &v.state
@@ -5537,7 +5694,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[24].Exporter = func(v any, i int) any {
 			switch v := v.(*DescriptorProto_ReservedRange); i {
 			case 0:
 				return &v.state
@@ -5549,7 +5706,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[25].Exporter = func(v any, i int) any {
 			switch v := v.(*ExtensionRangeOptions_Declaration); i {
 			case 0:
 				return &v.state
@@ -5561,7 +5718,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[26].Exporter = func(v any, i int) any {
 			switch v := v.(*EnumDescriptorProto_EnumReservedRange); i {
 			case 0:
 				return &v.state
@@ -5573,7 +5730,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[27].Exporter = func(v any, i int) any {
 			switch v := v.(*FieldOptions_EditionDefault); i {
 			case 0:
 				return &v.state
@@ -5585,7 +5742,19 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[28].Exporter = func(v any, i int) any {
+			switch v := v.(*FieldOptions_FeatureSupport); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[29].Exporter = func(v any, i int) any {
 			switch v := v.(*UninterpretedOption_NamePart); i {
 			case 0:
 				return &v.state
@@ -5597,7 +5766,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[30].Exporter = func(v any, i int) any {
 			switch v := v.(*FeatureSetDefaults_FeatureSetEditionDefault); i {
 			case 0:
 				return &v.state
@@ -5609,7 +5778,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[31].Exporter = func(v any, i int) any {
 			switch v := v.(*SourceCodeInfo_Location); i {
 			case 0:
 				return &v.state
@@ -5621,7 +5790,7 @@ func file_google_protobuf_descriptor_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_descriptor_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_descriptor_proto_msgTypes[32].Exporter = func(v any, i int) any {
 			switch v := v.(*GeneratedCodeInfo_Annotation); i {
 			case 0:
 				return &v.state
@@ -5640,7 +5809,7 @@ func file_google_protobuf_descriptor_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_google_protobuf_descriptor_proto_rawDesc,
 			NumEnums:      17,
-			NumMessages:   32,
+			NumMessages:   33,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/vendor/google.golang.org/protobuf/types/gofeaturespb/go_features.pb.go b/vendor/google.golang.org/protobuf/types/gofeaturespb/go_features.pb.go
new file mode 100644
index 0000000000..a2ca940c50
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/types/gofeaturespb/go_features.pb.go
@@ -0,0 +1,181 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2023 Google Inc.  All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file or at
+// https://developers.google.com/open-source/licenses/bsd
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: google/protobuf/go_features.proto
+
+package gofeaturespb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	descriptorpb "google.golang.org/protobuf/types/descriptorpb"
+	reflect "reflect"
+	sync "sync"
+)
+
+type GoFeatures struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Whether or not to generate the deprecated UnmarshalJSON method for enums.
+	LegacyUnmarshalJsonEnum *bool `protobuf:"varint,1,opt,name=legacy_unmarshal_json_enum,json=legacyUnmarshalJsonEnum" json:"legacy_unmarshal_json_enum,omitempty"`
+}
+
+func (x *GoFeatures) Reset() {
+	*x = GoFeatures{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_go_features_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GoFeatures) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GoFeatures) ProtoMessage() {}
+
+func (x *GoFeatures) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_go_features_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GoFeatures.ProtoReflect.Descriptor instead.
+func (*GoFeatures) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_go_features_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *GoFeatures) GetLegacyUnmarshalJsonEnum() bool {
+	if x != nil && x.LegacyUnmarshalJsonEnum != nil {
+		return *x.LegacyUnmarshalJsonEnum
+	}
+	return false
+}
+
+var file_google_protobuf_go_features_proto_extTypes = []protoimpl.ExtensionInfo{
+	{
+		ExtendedType:  (*descriptorpb.FeatureSet)(nil),
+		ExtensionType: (*GoFeatures)(nil),
+		Field:         1002,
+		Name:          "pb.go",
+		Tag:           "bytes,1002,opt,name=go",
+		Filename:      "google/protobuf/go_features.proto",
+	},
+}
+
+// Extension fields to descriptorpb.FeatureSet.
+var (
+	// optional pb.GoFeatures go = 1002;
+	E_Go = &file_google_protobuf_go_features_proto_extTypes[0]
+)
+
+var File_google_protobuf_go_features_proto protoreflect.FileDescriptor
+
+var file_google_protobuf_go_features_proto_rawDesc = []byte{
+	0x0a, 0x21, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2f, 0x67, 0x6f, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x12, 0x02, 0x70, 0x62, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xcd, 0x01, 0x0a, 0x0a, 0x47, 0x6f,
+	0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0xbe, 0x01, 0x0a, 0x1a, 0x6c, 0x65, 0x67,
+	0x61, 0x63, 0x79, 0x5f, 0x75, 0x6e, 0x6d, 0x61, 0x72, 0x73, 0x68, 0x61, 0x6c, 0x5f, 0x6a, 0x73,
+	0x6f, 0x6e, 0x5f, 0x65, 0x6e, 0x75, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x42, 0x80, 0x01,
+	0x88, 0x01, 0x01, 0x98, 0x01, 0x06, 0x98, 0x01, 0x01, 0xa2, 0x01, 0x09, 0x12, 0x04, 0x74, 0x72,
+	0x75, 0x65, 0x18, 0x84, 0x07, 0xa2, 0x01, 0x0a, 0x12, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x18,
+	0xe7, 0x07, 0xb2, 0x01, 0x5b, 0x08, 0xe8, 0x07, 0x10, 0xe8, 0x07, 0x1a, 0x53, 0x54, 0x68, 0x65,
+	0x20, 0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x20, 0x55, 0x6e, 0x6d, 0x61, 0x72, 0x73, 0x68, 0x61,
+	0x6c, 0x4a, 0x53, 0x4f, 0x4e, 0x20, 0x41, 0x50, 0x49, 0x20, 0x69, 0x73, 0x20, 0x64, 0x65, 0x70,
+	0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x77, 0x69, 0x6c, 0x6c,
+	0x20, 0x62, 0x65, 0x20, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x64, 0x20, 0x69, 0x6e, 0x20, 0x61,
+	0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x20, 0x65, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x2e,
+	0x52, 0x17, 0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x55, 0x6e, 0x6d, 0x61, 0x72, 0x73, 0x68, 0x61,
+	0x6c, 0x4a, 0x73, 0x6f, 0x6e, 0x45, 0x6e, 0x75, 0x6d, 0x3a, 0x3c, 0x0a, 0x02, 0x67, 0x6f, 0x12,
+	0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x53, 0x65, 0x74, 0x18, 0xea, 0x07, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x47, 0x6f, 0x46, 0x65, 0x61, 0x74, 0x75,
+	0x72, 0x65, 0x73, 0x52, 0x02, 0x67, 0x6f, 0x42, 0x2f, 0x5a, 0x2d, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x67, 0x6f, 0x66, 0x65,
+	0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x70, 0x62,
+}
+
+var (
+	file_google_protobuf_go_features_proto_rawDescOnce sync.Once
+	file_google_protobuf_go_features_proto_rawDescData = file_google_protobuf_go_features_proto_rawDesc
+)
+
+func file_google_protobuf_go_features_proto_rawDescGZIP() []byte {
+	file_google_protobuf_go_features_proto_rawDescOnce.Do(func() {
+		file_google_protobuf_go_features_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_go_features_proto_rawDescData)
+	})
+	return file_google_protobuf_go_features_proto_rawDescData
+}
+
+var file_google_protobuf_go_features_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_google_protobuf_go_features_proto_goTypes = []any{
+	(*GoFeatures)(nil),              // 0: pb.GoFeatures
+	(*descriptorpb.FeatureSet)(nil), // 1: google.protobuf.FeatureSet
+}
+var file_google_protobuf_go_features_proto_depIdxs = []int32{
+	1, // 0: pb.go:extendee -> google.protobuf.FeatureSet
+	0, // 1: pb.go:type_name -> pb.GoFeatures
+	2, // [2:2] is the sub-list for method output_type
+	2, // [2:2] is the sub-list for method input_type
+	1, // [1:2] is the sub-list for extension type_name
+	0, // [0:1] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_google_protobuf_go_features_proto_init() }
+func file_google_protobuf_go_features_proto_init() {
+	if File_google_protobuf_go_features_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_google_protobuf_go_features_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*GoFeatures); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_google_protobuf_go_features_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 1,
+			NumServices:   0,
+		},
+		GoTypes:           file_google_protobuf_go_features_proto_goTypes,
+		DependencyIndexes: file_google_protobuf_go_features_proto_depIdxs,
+		MessageInfos:      file_google_protobuf_go_features_proto_msgTypes,
+		ExtensionInfos:    file_google_protobuf_go_features_proto_extTypes,
+	}.Build()
+	File_google_protobuf_go_features_proto = out.File
+	file_google_protobuf_go_features_proto_rawDesc = nil
+	file_google_protobuf_go_features_proto_goTypes = nil
+	file_google_protobuf_go_features_proto_depIdxs = nil
+}
diff --git a/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go b/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
index 9de51be540..7172b43d38 100644
--- a/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
@@ -445,7 +445,7 @@ func file_google_protobuf_any_proto_rawDescGZIP() []byte {
 }
 
 var file_google_protobuf_any_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
-var file_google_protobuf_any_proto_goTypes = []interface{}{
+var file_google_protobuf_any_proto_goTypes = []any{
 	(*Any)(nil), // 0: google.protobuf.Any
 }
 var file_google_protobuf_any_proto_depIdxs = []int32{
@@ -462,7 +462,7 @@ func file_google_protobuf_any_proto_init() {
 		return
 	}
 	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_any_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_any_proto_msgTypes[0].Exporter = func(v any, i int) any {
 			switch v := v.(*Any); i {
 			case 0:
 				return &v.state
diff --git a/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go b/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go
index df709a8dd4..1b71bcd910 100644
--- a/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go
@@ -323,7 +323,7 @@ func file_google_protobuf_duration_proto_rawDescGZIP() []byte {
 }
 
 var file_google_protobuf_duration_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
-var file_google_protobuf_duration_proto_goTypes = []interface{}{
+var file_google_protobuf_duration_proto_goTypes = []any{
 	(*Duration)(nil), // 0: google.protobuf.Duration
 }
 var file_google_protobuf_duration_proto_depIdxs = []int32{
@@ -340,7 +340,7 @@ func file_google_protobuf_duration_proto_init() {
 		return
 	}
 	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_duration_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_duration_proto_msgTypes[0].Exporter = func(v any, i int) any {
 			switch v := v.(*Duration); i {
 			case 0:
 				return &v.state
diff --git a/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go b/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go
index e8789cb331..ac1e91bb6d 100644
--- a/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go
@@ -537,7 +537,7 @@ func file_google_protobuf_field_mask_proto_rawDescGZIP() []byte {
 }
 
 var file_google_protobuf_field_mask_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
-var file_google_protobuf_field_mask_proto_goTypes = []interface{}{
+var file_google_protobuf_field_mask_proto_goTypes = []any{
 	(*FieldMask)(nil), // 0: google.protobuf.FieldMask
 }
 var file_google_protobuf_field_mask_proto_depIdxs = []int32{
@@ -554,7 +554,7 @@ func file_google_protobuf_field_mask_proto_init() {
 		return
 	}
 	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_field_mask_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_field_mask_proto_msgTypes[0].Exporter = func(v any, i int) any {
 			switch v := v.(*FieldMask); i {
 			case 0:
 				return &v.state
diff --git a/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go b/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go
new file mode 100644
index 0000000000..d45361cbc7
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go
@@ -0,0 +1,810 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: google/protobuf/struct.proto
+
+// Package structpb contains generated types for google/protobuf/struct.proto.
+//
+// The messages (i.e., Value, Struct, and ListValue) defined in struct.proto are
+// used to represent arbitrary JSON. The Value message represents a JSON value,
+// the Struct message represents a JSON object, and the ListValue message
+// represents a JSON array. See https://json.org for more information.
+//
+// The Value, Struct, and ListValue types have generated MarshalJSON and
+// UnmarshalJSON methods such that they serialize JSON equivalent to what the
+// messages themselves represent. Use of these types with the
+// "google.golang.org/protobuf/encoding/protojson" package
+// ensures that they will be serialized as their JSON equivalent.
+//
+// # Conversion to and from a Go interface
+//
+// The standard Go "encoding/json" package has functionality to serialize
+// arbitrary types to a large degree. The Value.AsInterface, Struct.AsMap, and
+// ListValue.AsSlice methods can convert the protobuf message representation into
+// a form represented by any, map[string]any, and []any.
+// This form can be used with other packages that operate on such data structures
+// and also directly with the standard json package.
+//
+// In order to convert the any, map[string]any, and []any
+// forms back as Value, Struct, and ListValue messages, use the NewStruct,
+// NewList, and NewValue constructor functions.
+//
+// # Example usage
+//
+// Consider the following example JSON object:
+//
+//	{
+//		"firstName": "John",
+//		"lastName": "Smith",
+//		"isAlive": true,
+//		"age": 27,
+//		"address": {
+//			"streetAddress": "21 2nd Street",
+//			"city": "New York",
+//			"state": "NY",
+//			"postalCode": "10021-3100"
+//		},
+//		"phoneNumbers": [
+//			{
+//				"type": "home",
+//				"number": "212 555-1234"
+//			},
+//			{
+//				"type": "office",
+//				"number": "646 555-4567"
+//			}
+//		],
+//		"children": [],
+//		"spouse": null
+//	}
+//
+// To construct a Value message representing the above JSON object:
+//
+//	m, err := structpb.NewValue(map[string]any{
+//		"firstName": "John",
+//		"lastName":  "Smith",
+//		"isAlive":   true,
+//		"age":       27,
+//		"address": map[string]any{
+//			"streetAddress": "21 2nd Street",
+//			"city":          "New York",
+//			"state":         "NY",
+//			"postalCode":    "10021-3100",
+//		},
+//		"phoneNumbers": []any{
+//			map[string]any{
+//				"type":   "home",
+//				"number": "212 555-1234",
+//			},
+//			map[string]any{
+//				"type":   "office",
+//				"number": "646 555-4567",
+//			},
+//		},
+//		"children": []any{},
+//		"spouse":   nil,
+//	})
+//	if err != nil {
+//		... // handle error
+//	}
+//	... // make use of m as a *structpb.Value
+package structpb
+
+import (
+	base64 "encoding/base64"
+	protojson "google.golang.org/protobuf/encoding/protojson"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	math "math"
+	reflect "reflect"
+	sync "sync"
+	utf8 "unicode/utf8"
+)
+
+// `NullValue` is a singleton enumeration to represent the null value for the
+// `Value` type union.
+//
+// The JSON representation for `NullValue` is JSON `null`.
+type NullValue int32
+
+const (
+	// Null value.
+	NullValue_NULL_VALUE NullValue = 0
+)
+
+// Enum value maps for NullValue.
+var (
+	NullValue_name = map[int32]string{
+		0: "NULL_VALUE",
+	}
+	NullValue_value = map[string]int32{
+		"NULL_VALUE": 0,
+	}
+)
+
+func (x NullValue) Enum() *NullValue {
+	p := new(NullValue)
+	*p = x
+	return p
+}
+
+func (x NullValue) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (NullValue) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_protobuf_struct_proto_enumTypes[0].Descriptor()
+}
+
+func (NullValue) Type() protoreflect.EnumType {
+	return &file_google_protobuf_struct_proto_enumTypes[0]
+}
+
+func (x NullValue) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use NullValue.Descriptor instead.
+func (NullValue) EnumDescriptor() ([]byte, []int) {
+	return file_google_protobuf_struct_proto_rawDescGZIP(), []int{0}
+}
+
+// `Struct` represents a structured data value, consisting of fields
+// which map to dynamically typed values. In some languages, `Struct`
+// might be supported by a native representation. For example, in
+// scripting languages like JS a struct is represented as an
+// object. The details of that representation are described together
+// with the proto support for the language.
+//
+// The JSON representation for `Struct` is JSON object.
+type Struct struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Unordered map of dynamically typed values.
+	Fields map[string]*Value `protobuf:"bytes,1,rep,name=fields,proto3" json:"fields,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+// NewStruct constructs a Struct from a general-purpose Go map.
+// The map keys must be valid UTF-8.
+// The map values are converted using NewValue.
+func NewStruct(v map[string]any) (*Struct, error) {
+	x := &Struct{Fields: make(map[string]*Value, len(v))}
+	for k, v := range v {
+		if !utf8.ValidString(k) {
+			return nil, protoimpl.X.NewError("invalid UTF-8 in string: %q", k)
+		}
+		var err error
+		x.Fields[k], err = NewValue(v)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return x, nil
+}
+
+// AsMap converts x to a general-purpose Go map.
+// The map values are converted by calling Value.AsInterface.
+func (x *Struct) AsMap() map[string]any {
+	f := x.GetFields()
+	vs := make(map[string]any, len(f))
+	for k, v := range f {
+		vs[k] = v.AsInterface()
+	}
+	return vs
+}
+
+func (x *Struct) MarshalJSON() ([]byte, error) {
+	return protojson.Marshal(x)
+}
+
+func (x *Struct) UnmarshalJSON(b []byte) error {
+	return protojson.Unmarshal(b, x)
+}
+
+func (x *Struct) Reset() {
+	*x = Struct{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_struct_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Struct) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Struct) ProtoMessage() {}
+
+func (x *Struct) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_struct_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Struct.ProtoReflect.Descriptor instead.
+func (*Struct) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_struct_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Struct) GetFields() map[string]*Value {
+	if x != nil {
+		return x.Fields
+	}
+	return nil
+}
+
+// `Value` represents a dynamically typed value which can be either
+// null, a number, a string, a boolean, a recursive struct value, or a
+// list of values. A producer of value is expected to set one of these
+// variants. Absence of any variant indicates an error.
+//
+// The JSON representation for `Value` is JSON value.
+type Value struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The kind of value.
+	//
+	// Types that are assignable to Kind:
+	//
+	//	*Value_NullValue
+	//	*Value_NumberValue
+	//	*Value_StringValue
+	//	*Value_BoolValue
+	//	*Value_StructValue
+	//	*Value_ListValue
+	Kind isValue_Kind `protobuf_oneof:"kind"`
+}
+
+// NewValue constructs a Value from a general-purpose Go interface.
+//
+//	╔════════════════════════╤════════════════════════════════════════════╗
+//	║ Go type                │ Conversion                                 ║
+//	╠════════════════════════╪════════════════════════════════════════════╣
+//	║ nil                    │ stored as NullValue                        ║
+//	║ bool                   │ stored as BoolValue                        ║
+//	║ int, int32, int64      │ stored as NumberValue                      ║
+//	║ uint, uint32, uint64   │ stored as NumberValue                      ║
+//	║ float32, float64       │ stored as NumberValue                      ║
+//	║ string                 │ stored as StringValue; must be valid UTF-8 ║
+//	║ []byte                 │ stored as StringValue; base64-encoded      ║
+//	║ map[string]any         │ stored as StructValue                      ║
+//	║ []any                  │ stored as ListValue                        ║
+//	╚════════════════════════╧════════════════════════════════════════════╝
+//
+// When converting an int64 or uint64 to a NumberValue, numeric precision loss
+// is possible since they are stored as a float64.
+func NewValue(v any) (*Value, error) {
+	switch v := v.(type) {
+	case nil:
+		return NewNullValue(), nil
+	case bool:
+		return NewBoolValue(v), nil
+	case int:
+		return NewNumberValue(float64(v)), nil
+	case int32:
+		return NewNumberValue(float64(v)), nil
+	case int64:
+		return NewNumberValue(float64(v)), nil
+	case uint:
+		return NewNumberValue(float64(v)), nil
+	case uint32:
+		return NewNumberValue(float64(v)), nil
+	case uint64:
+		return NewNumberValue(float64(v)), nil
+	case float32:
+		return NewNumberValue(float64(v)), nil
+	case float64:
+		return NewNumberValue(float64(v)), nil
+	case string:
+		if !utf8.ValidString(v) {
+			return nil, protoimpl.X.NewError("invalid UTF-8 in string: %q", v)
+		}
+		return NewStringValue(v), nil
+	case []byte:
+		s := base64.StdEncoding.EncodeToString(v)
+		return NewStringValue(s), nil
+	case map[string]any:
+		v2, err := NewStruct(v)
+		if err != nil {
+			return nil, err
+		}
+		return NewStructValue(v2), nil
+	case []any:
+		v2, err := NewList(v)
+		if err != nil {
+			return nil, err
+		}
+		return NewListValue(v2), nil
+	default:
+		return nil, protoimpl.X.NewError("invalid type: %T", v)
+	}
+}
+
+// NewNullValue constructs a new null Value.
+func NewNullValue() *Value {
+	return &Value{Kind: &Value_NullValue{NullValue: NullValue_NULL_VALUE}}
+}
+
+// NewBoolValue constructs a new boolean Value.
+func NewBoolValue(v bool) *Value {
+	return &Value{Kind: &Value_BoolValue{BoolValue: v}}
+}
+
+// NewNumberValue constructs a new number Value.
+func NewNumberValue(v float64) *Value {
+	return &Value{Kind: &Value_NumberValue{NumberValue: v}}
+}
+
+// NewStringValue constructs a new string Value.
+func NewStringValue(v string) *Value {
+	return &Value{Kind: &Value_StringValue{StringValue: v}}
+}
+
+// NewStructValue constructs a new struct Value.
+func NewStructValue(v *Struct) *Value {
+	return &Value{Kind: &Value_StructValue{StructValue: v}}
+}
+
+// NewListValue constructs a new list Value.
+func NewListValue(v *ListValue) *Value {
+	return &Value{Kind: &Value_ListValue{ListValue: v}}
+}
+
+// AsInterface converts x to a general-purpose Go interface.
+//
+// Calling Value.MarshalJSON and "encoding/json".Marshal on this output produce
+// semantically equivalent JSON (assuming no errors occur).
+//
+// Floating-point values (i.e., "NaN", "Infinity", and "-Infinity") are
+// converted as strings to remain compatible with MarshalJSON.
+func (x *Value) AsInterface() any {
+	switch v := x.GetKind().(type) {
+	case *Value_NumberValue:
+		if v != nil {
+			switch {
+			case math.IsNaN(v.NumberValue):
+				return "NaN"
+			case math.IsInf(v.NumberValue, +1):
+				return "Infinity"
+			case math.IsInf(v.NumberValue, -1):
+				return "-Infinity"
+			default:
+				return v.NumberValue
+			}
+		}
+	case *Value_StringValue:
+		if v != nil {
+			return v.StringValue
+		}
+	case *Value_BoolValue:
+		if v != nil {
+			return v.BoolValue
+		}
+	case *Value_StructValue:
+		if v != nil {
+			return v.StructValue.AsMap()
+		}
+	case *Value_ListValue:
+		if v != nil {
+			return v.ListValue.AsSlice()
+		}
+	}
+	return nil
+}
+
+func (x *Value) MarshalJSON() ([]byte, error) {
+	return protojson.Marshal(x)
+}
+
+func (x *Value) UnmarshalJSON(b []byte) error {
+	return protojson.Unmarshal(b, x)
+}
+
+func (x *Value) Reset() {
+	*x = Value{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_struct_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Value) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Value) ProtoMessage() {}
+
+func (x *Value) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_struct_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Value.ProtoReflect.Descriptor instead.
+func (*Value) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_struct_proto_rawDescGZIP(), []int{1}
+}
+
+func (m *Value) GetKind() isValue_Kind {
+	if m != nil {
+		return m.Kind
+	}
+	return nil
+}
+
+func (x *Value) GetNullValue() NullValue {
+	if x, ok := x.GetKind().(*Value_NullValue); ok {
+		return x.NullValue
+	}
+	return NullValue_NULL_VALUE
+}
+
+func (x *Value) GetNumberValue() float64 {
+	if x, ok := x.GetKind().(*Value_NumberValue); ok {
+		return x.NumberValue
+	}
+	return 0
+}
+
+func (x *Value) GetStringValue() string {
+	if x, ok := x.GetKind().(*Value_StringValue); ok {
+		return x.StringValue
+	}
+	return ""
+}
+
+func (x *Value) GetBoolValue() bool {
+	if x, ok := x.GetKind().(*Value_BoolValue); ok {
+		return x.BoolValue
+	}
+	return false
+}
+
+func (x *Value) GetStructValue() *Struct {
+	if x, ok := x.GetKind().(*Value_StructValue); ok {
+		return x.StructValue
+	}
+	return nil
+}
+
+func (x *Value) GetListValue() *ListValue {
+	if x, ok := x.GetKind().(*Value_ListValue); ok {
+		return x.ListValue
+	}
+	return nil
+}
+
+type isValue_Kind interface {
+	isValue_Kind()
+}
+
+type Value_NullValue struct {
+	// Represents a null value.
+	NullValue NullValue `protobuf:"varint,1,opt,name=null_value,json=nullValue,proto3,enum=google.protobuf.NullValue,oneof"`
+}
+
+type Value_NumberValue struct {
+	// Represents a double value.
+	NumberValue float64 `protobuf:"fixed64,2,opt,name=number_value,json=numberValue,proto3,oneof"`
+}
+
+type Value_StringValue struct {
+	// Represents a string value.
+	StringValue string `protobuf:"bytes,3,opt,name=string_value,json=stringValue,proto3,oneof"`
+}
+
+type Value_BoolValue struct {
+	// Represents a boolean value.
+	BoolValue bool `protobuf:"varint,4,opt,name=bool_value,json=boolValue,proto3,oneof"`
+}
+
+type Value_StructValue struct {
+	// Represents a structured value.
+	StructValue *Struct `protobuf:"bytes,5,opt,name=struct_value,json=structValue,proto3,oneof"`
+}
+
+type Value_ListValue struct {
+	// Represents a repeated `Value`.
+	ListValue *ListValue `protobuf:"bytes,6,opt,name=list_value,json=listValue,proto3,oneof"`
+}
+
+func (*Value_NullValue) isValue_Kind() {}
+
+func (*Value_NumberValue) isValue_Kind() {}
+
+func (*Value_StringValue) isValue_Kind() {}
+
+func (*Value_BoolValue) isValue_Kind() {}
+
+func (*Value_StructValue) isValue_Kind() {}
+
+func (*Value_ListValue) isValue_Kind() {}
+
+// `ListValue` is a wrapper around a repeated field of values.
+//
+// The JSON representation for `ListValue` is JSON array.
+type ListValue struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Repeated field of dynamically typed values.
+	Values []*Value `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"`
+}
+
+// NewList constructs a ListValue from a general-purpose Go slice.
+// The slice elements are converted using NewValue.
+func NewList(v []any) (*ListValue, error) {
+	x := &ListValue{Values: make([]*Value, len(v))}
+	for i, v := range v {
+		var err error
+		x.Values[i], err = NewValue(v)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return x, nil
+}
+
+// AsSlice converts x to a general-purpose Go slice.
+// The slice elements are converted by calling Value.AsInterface.
+func (x *ListValue) AsSlice() []any {
+	vals := x.GetValues()
+	vs := make([]any, len(vals))
+	for i, v := range vals {
+		vs[i] = v.AsInterface()
+	}
+	return vs
+}
+
+func (x *ListValue) MarshalJSON() ([]byte, error) {
+	return protojson.Marshal(x)
+}
+
+func (x *ListValue) UnmarshalJSON(b []byte) error {
+	return protojson.Unmarshal(b, x)
+}
+
+func (x *ListValue) Reset() {
+	*x = ListValue{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_struct_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ListValue) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ListValue) ProtoMessage() {}
+
+func (x *ListValue) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_struct_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ListValue.ProtoReflect.Descriptor instead.
+func (*ListValue) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_struct_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *ListValue) GetValues() []*Value {
+	if x != nil {
+		return x.Values
+	}
+	return nil
+}
+
+var File_google_protobuf_struct_proto protoreflect.FileDescriptor
+
+var file_google_protobuf_struct_proto_rawDesc = []byte{
+	0x0a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0f,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x22,
+	0x98, 0x01, 0x0a, 0x06, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x12, 0x3b, 0x0a, 0x06, 0x66, 0x69,
+	0x65, 0x6c, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72,
+	0x75, 0x63, 0x74, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52,
+	0x06, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x73, 0x1a, 0x51, 0x0a, 0x0b, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2c, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xb2, 0x02, 0x0a, 0x05, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x12, 0x3b, 0x0a, 0x0a, 0x6e, 0x75, 0x6c, 0x6c, 0x5f, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4e, 0x75, 0x6c, 0x6c, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x48, 0x00, 0x52, 0x09, 0x6e, 0x75, 0x6c, 0x6c, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x12, 0x23, 0x0a, 0x0c, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x48, 0x00, 0x52, 0x0b, 0x6e, 0x75, 0x6d, 0x62, 0x65,
+	0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x23, 0x0a, 0x0c, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67,
+	0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b,
+	0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0a, 0x62,
+	0x6f, 0x6f, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x48,
+	0x00, 0x52, 0x09, 0x62, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x3c, 0x0a, 0x0c,
+	0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x05, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x48, 0x00, 0x52, 0x0b, 0x73,
+	0x74, 0x72, 0x75, 0x63, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x3b, 0x0a, 0x0a, 0x6c, 0x69,
+	0x73, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x4c, 0x69, 0x73, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x48, 0x00, 0x52, 0x09, 0x6c, 0x69,
+	0x73, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x06, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x22,
+	0x3b, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2e, 0x0a, 0x06,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x2a, 0x1b, 0x0a, 0x09,
+	0x4e, 0x75, 0x6c, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x0e, 0x0a, 0x0a, 0x4e, 0x55, 0x4c,
+	0x4c, 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x10, 0x00, 0x42, 0x7f, 0x0a, 0x13, 0x63, 0x6f, 0x6d,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x42, 0x0b, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
+	0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f,
+	0x72, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65,
+	0x73, 0x2f, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x70, 0x62,
+	0xf8, 0x01, 0x01, 0xa2, 0x02, 0x03, 0x47, 0x50, 0x42, 0xaa, 0x02, 0x1e, 0x47, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x57, 0x65, 0x6c, 0x6c,
+	0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
+}
+
+var (
+	file_google_protobuf_struct_proto_rawDescOnce sync.Once
+	file_google_protobuf_struct_proto_rawDescData = file_google_protobuf_struct_proto_rawDesc
+)
+
+func file_google_protobuf_struct_proto_rawDescGZIP() []byte {
+	file_google_protobuf_struct_proto_rawDescOnce.Do(func() {
+		file_google_protobuf_struct_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_struct_proto_rawDescData)
+	})
+	return file_google_protobuf_struct_proto_rawDescData
+}
+
+var file_google_protobuf_struct_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_google_protobuf_struct_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
+var file_google_protobuf_struct_proto_goTypes = []any{
+	(NullValue)(0),    // 0: google.protobuf.NullValue
+	(*Struct)(nil),    // 1: google.protobuf.Struct
+	(*Value)(nil),     // 2: google.protobuf.Value
+	(*ListValue)(nil), // 3: google.protobuf.ListValue
+	nil,               // 4: google.protobuf.Struct.FieldsEntry
+}
+var file_google_protobuf_struct_proto_depIdxs = []int32{
+	4, // 0: google.protobuf.Struct.fields:type_name -> google.protobuf.Struct.FieldsEntry
+	0, // 1: google.protobuf.Value.null_value:type_name -> google.protobuf.NullValue
+	1, // 2: google.protobuf.Value.struct_value:type_name -> google.protobuf.Struct
+	3, // 3: google.protobuf.Value.list_value:type_name -> google.protobuf.ListValue
+	2, // 4: google.protobuf.ListValue.values:type_name -> google.protobuf.Value
+	2, // 5: google.protobuf.Struct.FieldsEntry.value:type_name -> google.protobuf.Value
+	6, // [6:6] is the sub-list for method output_type
+	6, // [6:6] is the sub-list for method input_type
+	6, // [6:6] is the sub-list for extension type_name
+	6, // [6:6] is the sub-list for extension extendee
+	0, // [0:6] is the sub-list for field type_name
+}
+
+func init() { file_google_protobuf_struct_proto_init() }
+func file_google_protobuf_struct_proto_init() {
+	if File_google_protobuf_struct_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_google_protobuf_struct_proto_msgTypes[0].Exporter = func(v any, i int) any {
+			switch v := v.(*Struct); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_struct_proto_msgTypes[1].Exporter = func(v any, i int) any {
+			switch v := v.(*Value); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_struct_proto_msgTypes[2].Exporter = func(v any, i int) any {
+			switch v := v.(*ListValue); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_google_protobuf_struct_proto_msgTypes[1].OneofWrappers = []any{
+		(*Value_NullValue)(nil),
+		(*Value_NumberValue)(nil),
+		(*Value_StringValue)(nil),
+		(*Value_BoolValue)(nil),
+		(*Value_StructValue)(nil),
+		(*Value_ListValue)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_google_protobuf_struct_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   4,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_google_protobuf_struct_proto_goTypes,
+		DependencyIndexes: file_google_protobuf_struct_proto_depIdxs,
+		EnumInfos:         file_google_protobuf_struct_proto_enumTypes,
+		MessageInfos:      file_google_protobuf_struct_proto_msgTypes,
+	}.Build()
+	File_google_protobuf_struct_proto = out.File
+	file_google_protobuf_struct_proto_rawDesc = nil
+	file_google_protobuf_struct_proto_goTypes = nil
+	file_google_protobuf_struct_proto_depIdxs = nil
+}
diff --git a/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go b/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
index 81511a3363..83a5a645b0 100644
--- a/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
@@ -332,7 +332,7 @@ func file_google_protobuf_timestamp_proto_rawDescGZIP() []byte {
 }
 
 var file_google_protobuf_timestamp_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
-var file_google_protobuf_timestamp_proto_goTypes = []interface{}{
+var file_google_protobuf_timestamp_proto_goTypes = []any{
 	(*Timestamp)(nil), // 0: google.protobuf.Timestamp
 }
 var file_google_protobuf_timestamp_proto_depIdxs = []int32{
@@ -349,7 +349,7 @@ func file_google_protobuf_timestamp_proto_init() {
 		return
 	}
 	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_timestamp_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_timestamp_proto_msgTypes[0].Exporter = func(v any, i int) any {
 			switch v := v.(*Timestamp); i {
 			case 0:
 				return &v.state
diff --git a/vendor/google.golang.org/protobuf/types/known/wrapperspb/wrappers.pb.go b/vendor/google.golang.org/protobuf/types/known/wrapperspb/wrappers.pb.go
index 762a87130f..e473f826aa 100644
--- a/vendor/google.golang.org/protobuf/types/known/wrapperspb/wrappers.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/wrapperspb/wrappers.pb.go
@@ -605,7 +605,7 @@ func file_google_protobuf_wrappers_proto_rawDescGZIP() []byte {
 }
 
 var file_google_protobuf_wrappers_proto_msgTypes = make([]protoimpl.MessageInfo, 9)
-var file_google_protobuf_wrappers_proto_goTypes = []interface{}{
+var file_google_protobuf_wrappers_proto_goTypes = []any{
 	(*DoubleValue)(nil), // 0: google.protobuf.DoubleValue
 	(*FloatValue)(nil),  // 1: google.protobuf.FloatValue
 	(*Int64Value)(nil),  // 2: google.protobuf.Int64Value
@@ -630,7 +630,7 @@ func file_google_protobuf_wrappers_proto_init() {
 		return
 	}
 	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_wrappers_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_wrappers_proto_msgTypes[0].Exporter = func(v any, i int) any {
 			switch v := v.(*DoubleValue); i {
 			case 0:
 				return &v.state
@@ -642,7 +642,7 @@ func file_google_protobuf_wrappers_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_wrappers_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_wrappers_proto_msgTypes[1].Exporter = func(v any, i int) any {
 			switch v := v.(*FloatValue); i {
 			case 0:
 				return &v.state
@@ -654,7 +654,7 @@ func file_google_protobuf_wrappers_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_wrappers_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_wrappers_proto_msgTypes[2].Exporter = func(v any, i int) any {
 			switch v := v.(*Int64Value); i {
 			case 0:
 				return &v.state
@@ -666,7 +666,7 @@ func file_google_protobuf_wrappers_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_wrappers_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_wrappers_proto_msgTypes[3].Exporter = func(v any, i int) any {
 			switch v := v.(*UInt64Value); i {
 			case 0:
 				return &v.state
@@ -678,7 +678,7 @@ func file_google_protobuf_wrappers_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_wrappers_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_wrappers_proto_msgTypes[4].Exporter = func(v any, i int) any {
 			switch v := v.(*Int32Value); i {
 			case 0:
 				return &v.state
@@ -690,7 +690,7 @@ func file_google_protobuf_wrappers_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_wrappers_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_wrappers_proto_msgTypes[5].Exporter = func(v any, i int) any {
 			switch v := v.(*UInt32Value); i {
 			case 0:
 				return &v.state
@@ -702,7 +702,7 @@ func file_google_protobuf_wrappers_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_wrappers_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_wrappers_proto_msgTypes[6].Exporter = func(v any, i int) any {
 			switch v := v.(*BoolValue); i {
 			case 0:
 				return &v.state
@@ -714,7 +714,7 @@ func file_google_protobuf_wrappers_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_wrappers_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_wrappers_proto_msgTypes[7].Exporter = func(v any, i int) any {
 			switch v := v.(*StringValue); i {
 			case 0:
 				return &v.state
@@ -726,7 +726,7 @@ func file_google_protobuf_wrappers_proto_init() {
 				return nil
 			}
 		}
-		file_google_protobuf_wrappers_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+		file_google_protobuf_wrappers_proto_msgTypes[8].Exporter = func(v any, i int) any {
 			switch v := v.(*BytesValue); i {
 			case 0:
 				return &v.state
diff --git a/vendor/modules.txt b/vendor/modules.txt
index ed74e0d3d2..efde0a3ffb 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -52,7 +52,7 @@ github.com/aws/aws-sdk-go/service/sts/stsiface
 # github.com/beorn7/perks v1.0.1
 ## explicit; go 1.11
 github.com/beorn7/perks/quantile
-# github.com/cespare/xxhash/v2 v2.2.0
+# github.com/cespare/xxhash/v2 v2.3.0
 ## explicit; go 1.11
 github.com/cespare/xxhash/v2
 # github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0
@@ -79,6 +79,9 @@ github.com/coreos/etcd/version
 # github.com/coreos/go-oidc v2.2.1+incompatible
 ## explicit
 github.com/coreos/go-oidc
+# github.com/coreos/go-oidc/v3 v3.11.0
+## explicit; go 1.21
+github.com/coreos/go-oidc/v3/oidc
 # github.com/coreos/go-semver v0.3.0
 ## explicit
 github.com/coreos/go-semver/semver
@@ -108,6 +111,11 @@ github.com/fatih/color
 # github.com/fsnotify/fsnotify v1.6.0
 ## explicit; go 1.16
 github.com/fsnotify/fsnotify
+# github.com/go-jose/go-jose/v4 v4.0.3
+## explicit; go 1.21
+github.com/go-jose/go-jose/v4
+github.com/go-jose/go-jose/v4/cipher
+github.com/go-jose/go-jose/v4/json
 # github.com/go-logr/logr v1.3.0
 ## explicit; go 1.18
 github.com/go-logr/logr
@@ -137,8 +145,8 @@ github.com/golang/groupcache/lru
 ## explicit; go 1.11
 github.com/golang/mock/gomock
 github.com/golang/mock/mockgen/model
-# github.com/golang/protobuf v1.5.3
-## explicit; go 1.9
+# github.com/golang/protobuf v1.5.4
+## explicit; go 1.17
 github.com/golang/protobuf/descriptor
 github.com/golang/protobuf/jsonpb
 github.com/golang/protobuf/proto
@@ -169,17 +177,27 @@ github.com/google/gofuzz/bytesource
 # github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 ## explicit; go 1.13
 github.com/google/shlex
-# github.com/google/uuid v1.5.0
+# github.com/google/uuid v1.6.0
 ## explicit
 github.com/google/uuid
 # github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
 ## explicit; go 1.14
+github.com/grpc-ecosystem/go-grpc-middleware
+github.com/grpc-ecosystem/go-grpc-middleware/auth
 github.com/grpc-ecosystem/go-grpc-middleware/util/metautils
+# github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
+## explicit
+github.com/grpc-ecosystem/go-grpc-prometheus
 # github.com/grpc-ecosystem/grpc-gateway v1.16.0
 ## explicit; go 1.14
 github.com/grpc-ecosystem/grpc-gateway/internal
 github.com/grpc-ecosystem/grpc-gateway/runtime
 github.com/grpc-ecosystem/grpc-gateway/utilities
+# github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0
+## explicit; go 1.20
+github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule
+github.com/grpc-ecosystem/grpc-gateway/v2/runtime
+github.com/grpc-ecosystem/grpc-gateway/v2/utilities
 # github.com/hashicorp/consul/api v1.20.0
 ## explicit; go 1.19
 github.com/hashicorp/consul/api
@@ -230,12 +248,24 @@ github.com/libopenstorage/cloudops/pkg/storagedistribution
 github.com/libopenstorage/cloudops/pkg/utils
 github.com/libopenstorage/cloudops/specs/decisionmatrix
 github.com/libopenstorage/cloudops/unsupported
+# github.com/libopenstorage/grpc-framework v0.1.4
+## explicit; go 1.21
+github.com/libopenstorage/grpc-framework/pkg/auth
+github.com/libopenstorage/grpc-framework/pkg/auth/role
+github.com/libopenstorage/grpc-framework/pkg/correlation
+github.com/libopenstorage/grpc-framework/pkg/grpc/client
+github.com/libopenstorage/grpc-framework/pkg/grpc/server
+github.com/libopenstorage/grpc-framework/pkg/grpc/util
+github.com/libopenstorage/grpc-framework/pkg/util
+github.com/libopenstorage/grpc-framework/server
 # github.com/libopenstorage/openstorage v9.4.47+incompatible => github.com/libopenstorage/openstorage v1.0.1-0.20240221210452-7757fdc2b8ff
 ## explicit; go 1.17
 github.com/libopenstorage/openstorage/api
 github.com/libopenstorage/openstorage/pkg/auth
 github.com/libopenstorage/openstorage/pkg/correlation
+github.com/libopenstorage/openstorage/pkg/dbg
 github.com/libopenstorage/openstorage/pkg/grpcserver
+github.com/libopenstorage/openstorage/pkg/sched
 # github.com/libopenstorage/secrets v0.0.0-20220413195519-57d1c446c5e9
 ## explicit; go 1.13
 github.com/libopenstorage/secrets/aws/credentials
@@ -250,9 +280,6 @@ github.com/mattn/go-colorable
 # github.com/mattn/go-isatty v0.0.17
 ## explicit; go 1.15
 github.com/mattn/go-isatty
-# github.com/matttproud/golang_protobuf_extensions v1.0.4
-## explicit; go 1.9
-github.com/matttproud/golang_protobuf_extensions/pbutil
 # github.com/mitchellh/go-homedir v1.1.0
 ## explicit
 github.com/mitchellh/go-homedir
@@ -332,25 +359,28 @@ github.com/prometheus-operator/prometheus-operator/pkg/client/versioned
 github.com/prometheus-operator/prometheus-operator/pkg/client/versioned/scheme
 github.com/prometheus-operator/prometheus-operator/pkg/client/versioned/typed/monitoring/v1
 github.com/prometheus-operator/prometheus-operator/pkg/client/versioned/typed/monitoring/v1alpha1
-# github.com/prometheus/client_golang v1.15.1
-## explicit; go 1.17
+# github.com/prometheus/client_golang v1.19.1
+## explicit; go 1.20
 github.com/prometheus/client_golang/prometheus
 github.com/prometheus/client_golang/prometheus/collectors
 github.com/prometheus/client_golang/prometheus/internal
 github.com/prometheus/client_golang/prometheus/promhttp
-# github.com/prometheus/client_model v0.4.0
-## explicit; go 1.18
+# github.com/prometheus/client_model v0.6.1
+## explicit; go 1.19
 github.com/prometheus/client_model/go
-# github.com/prometheus/common v0.42.0
-## explicit; go 1.18
+# github.com/prometheus/common v0.55.0
+## explicit; go 1.20
 github.com/prometheus/common/expfmt
-github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg
 github.com/prometheus/common/model
-# github.com/prometheus/procfs v0.9.0
-## explicit; go 1.18
+# github.com/prometheus/procfs v0.15.1
+## explicit; go 1.20
 github.com/prometheus/procfs
 github.com/prometheus/procfs/internal/fs
 github.com/prometheus/procfs/internal/util
+# github.com/rs/cors v1.11.0
+## explicit; go 1.13
+github.com/rs/cors
+github.com/rs/cors/internal
 # github.com/russross/blackfriday/v2 v2.1.0
 ## explicit
 github.com/russross/blackfriday/v2
@@ -360,27 +390,27 @@ github.com/sirupsen/logrus
 # github.com/spf13/pflag v1.0.5
 ## explicit; go 1.12
 github.com/spf13/pflag
-# github.com/stretchr/objx v0.5.0
-## explicit; go 1.12
-github.com/stretchr/objx
-# github.com/stretchr/testify v1.8.4
+# github.com/stretchr/objx v0.5.2
 ## explicit; go 1.20
+github.com/stretchr/objx
+# github.com/stretchr/testify v1.9.0
+## explicit; go 1.17
 github.com/stretchr/testify/assert
 github.com/stretchr/testify/mock
 github.com/stretchr/testify/require
 # github.com/urfave/cli v1.22.12
 ## explicit; go 1.11
 github.com/urfave/cli
-# golang.org/x/crypto v0.18.0
-## explicit; go 1.18
+# golang.org/x/crypto v0.25.0
+## explicit; go 1.20
 golang.org/x/crypto/ed25519
 golang.org/x/crypto/pbkdf2
-# golang.org/x/mod v0.12.0
-## explicit; go 1.17
+# golang.org/x/mod v0.17.0
+## explicit; go 1.18
 golang.org/x/mod/internal/lazyregexp
 golang.org/x/mod/module
 golang.org/x/mod/semver
-# golang.org/x/net v0.20.0
+# golang.org/x/net v0.27.0
 ## explicit; go 1.18
 golang.org/x/net/context
 golang.org/x/net/http/httpguts
@@ -391,20 +421,20 @@ golang.org/x/net/internal/socks
 golang.org/x/net/internal/timeseries
 golang.org/x/net/proxy
 golang.org/x/net/trace
-# golang.org/x/oauth2 v0.16.0
+# golang.org/x/oauth2 v0.21.0
 ## explicit; go 1.18
 golang.org/x/oauth2
 golang.org/x/oauth2/internal
-# golang.org/x/sys v0.16.0
+# golang.org/x/sys v0.22.0
 ## explicit; go 1.18
 golang.org/x/sys/execabs
 golang.org/x/sys/plan9
 golang.org/x/sys/unix
 golang.org/x/sys/windows
-# golang.org/x/term v0.16.0
+# golang.org/x/term v0.22.0
 ## explicit; go 1.18
 golang.org/x/term
-# golang.org/x/text v0.14.0
+# golang.org/x/text v0.16.0
 ## explicit; go 1.18
 golang.org/x/text/secure/bidirule
 golang.org/x/text/transform
@@ -413,7 +443,7 @@ golang.org/x/text/unicode/norm
 # golang.org/x/time v0.5.0
 ## explicit; go 1.18
 golang.org/x/time/rate
-# golang.org/x/tools v0.13.0 => golang.org/x/tools v0.1.11
+# golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d => golang.org/x/tools v0.1.11
 ## explicit; go 1.17
 golang.org/x/tools/go/ast/astutil
 golang.org/x/tools/go/gcexportdata
@@ -435,28 +465,18 @@ golang.org/x/tools/internal/typesinternal
 # gomodules.xyz/jsonpatch/v2 v2.4.0
 ## explicit; go 1.20
 gomodules.xyz/jsonpatch/v2
-# google.golang.org/appengine v1.6.8
-## explicit; go 1.11
-google.golang.org/appengine/internal
-google.golang.org/appengine/internal/base
-google.golang.org/appengine/internal/datastore
-google.golang.org/appengine/internal/log
-google.golang.org/appengine/internal/remote_api
-google.golang.org/appengine/internal/urlfetch
-google.golang.org/appengine/urlfetch
 # google.golang.org/genproto v0.0.0-20231212172506-995d672761c0
 ## explicit; go 1.19
-google.golang.org/genproto/internal
 google.golang.org/genproto/protobuf/field_mask
-# google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0
-## explicit; go 1.19
+# google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d
+## explicit; go 1.20
 google.golang.org/genproto/googleapis/api
 google.golang.org/genproto/googleapis/api/annotations
 google.golang.org/genproto/googleapis/api/httpbody
-# google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917
-## explicit; go 1.19
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d
+## explicit; go 1.20
 google.golang.org/genproto/googleapis/rpc/status
-# google.golang.org/grpc v1.60.1 => google.golang.org/grpc v1.29.1
+# google.golang.org/grpc v1.65.0 => google.golang.org/grpc v1.29.1
 ## explicit; go 1.11
 google.golang.org/grpc
 google.golang.org/grpc/attributes
@@ -472,6 +492,7 @@ google.golang.org/grpc/credentials/internal
 google.golang.org/grpc/encoding
 google.golang.org/grpc/encoding/proto
 google.golang.org/grpc/grpclog
+google.golang.org/grpc/health
 google.golang.org/grpc/health/grpc_health_v1
 google.golang.org/grpc/internal
 google.golang.org/grpc/internal/backoff
@@ -500,14 +521,17 @@ google.golang.org/grpc/serviceconfig
 google.golang.org/grpc/stats
 google.golang.org/grpc/status
 google.golang.org/grpc/tap
-# google.golang.org/protobuf v1.32.0
-## explicit; go 1.17
+# google.golang.org/protobuf v1.34.2
+## explicit; go 1.20
+google.golang.org/protobuf/encoding/protodelim
 google.golang.org/protobuf/encoding/protojson
 google.golang.org/protobuf/encoding/prototext
 google.golang.org/protobuf/encoding/protowire
 google.golang.org/protobuf/internal/descfmt
 google.golang.org/protobuf/internal/descopts
 google.golang.org/protobuf/internal/detrand
+google.golang.org/protobuf/internal/editiondefaults
+google.golang.org/protobuf/internal/editionssupport
 google.golang.org/protobuf/internal/encoding/defval
 google.golang.org/protobuf/internal/encoding/json
 google.golang.org/protobuf/internal/encoding/messageset
@@ -531,9 +555,11 @@ google.golang.org/protobuf/reflect/protoregistry
 google.golang.org/protobuf/runtime/protoiface
 google.golang.org/protobuf/runtime/protoimpl
 google.golang.org/protobuf/types/descriptorpb
+google.golang.org/protobuf/types/gofeaturespb
 google.golang.org/protobuf/types/known/anypb
 google.golang.org/protobuf/types/known/durationpb
 google.golang.org/protobuf/types/known/fieldmaskpb
+google.golang.org/protobuf/types/known/structpb
 google.golang.org/protobuf/types/known/timestamppb
 google.golang.org/protobuf/types/known/wrapperspb
 # gopkg.in/inf.v0 v0.9.1