From 2c01a7dfe7670764a8b72bfb24fbde06f8c263f0 Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Mon, 17 Apr 2023 05:10:48 +0000
Subject: [PATCH 1/9] update last_rebase.sh

---
 scripts/auto-rebase/last_rebase.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh
index 044a6f5fd5..bdbc467c65 100755
--- a/scripts/auto-rebase/last_rebase.sh
+++ b/scripts/auto-rebase/last_rebase.sh
@@ -1,2 +1,2 @@
 #!/bin/bash -x
-./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-13-171034" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-14-004314" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12"
+./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-15-102029" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-15-102028" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12"

From 39e8c256d2e411d5eca0c940ae7b808fb58bf989 Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Mon, 17 Apr 2023 05:10:49 +0000
Subject: [PATCH 2/9] update changelog

---
 scripts/auto-rebase/changelog.txt | 77 +++++++++++++++++++++++++++----
 scripts/auto-rebase/commits.txt   | 14 +++---
 2 files changed, 74 insertions(+), 17 deletions(-)

diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt
index 65ec2fe921..50cc1956a7 100644
--- a/scripts/auto-rebase/changelog.txt
+++ b/scripts/auto-rebase/changelog.txt
@@ -1,16 +1,14 @@
-# cluster-kube-apiserver-operator embedded-component 5f038db7df7ade2f3da707394a14e391c693d25c to 02ea4a4120dd0f8eb49d070b1fe420ed6d1debba
-083565cf97e4077cff36091aba5a276d469f8eed 2023-03-22T18:35:00+00:00 update apf configuration to use v1beta3
-# kubernetes embedded-component 22308ca177342eb6820b95e0cad1142e385ef4c9 to 0c79814882f4a4b842fbeab001c9f92f9de9a9b9
-71873f411a7949e19aca37d65494aba17cdbe2da 2023-03-16T19:57:24+00:00 UPSTREAM: <carry>: STOR-829: Add CSIInlineVolumeSecurity admission plugin
-# machine-config-operator embedded-component 0318874b6243752bb0bd30f8e99bd03d19278b37 to 5d6b4e794bda70accd168867bba815e3b3e3b02a
-f98d25046fa825cb91c2b6f97c928f44b53b1b0f 2023-03-28T08:02:56+00:00 OCPBUGS-8676: Fix kubelet.service node-ip for v6-primary dual-stack
-# kubernetes image-amd64 22308ca177342eb6820b95e0cad1142e385ef4c9 to 0c79814882f4a4b842fbeab001c9f92f9de9a9b9
-71873f411a7949e19aca37d65494aba17cdbe2da 2023-03-16T19:57:24+00:00 UPSTREAM: <carry>: STOR-829: Add CSIInlineVolumeSecurity admission plugin
-# kubernetes image-arm64 22308ca177342eb6820b95e0cad1142e385ef4c9 to 85375332a108abce2f23a61958ae7adcc449477c
+# cluster-network-operator embedded-component b7b90a5bef21ebe3c91362bb1415469197e0290b to d9b70b9b587762e53863d61d0447f2f74580bd4b
+498475d4f534072c1d49befb0d12b88059082f93 2023-04-13T05:50:19+00:00 OCPBUGS-11046: Fix allowlist ds template
+# kubernetes embedded-component 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 to 19816eefa6829861687df6dfe573708756c464cc
+2e08e352eb705054f78f03a534a627ff8a038209 2023-04-12T20:02:20+02:00 UPSTREAM: <drop>: bump: apiserver-lib-go for fixed SCC admission
+7101082be4e94ecdbad1da83df354131d90f5560 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: vendor: bump runc to 1.1.6
+b75565423e47cd3d2bb7fbcc56f0bff21562c2a7 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: CVE-2023-27561: Bump runc go module v1.1.4 -> v1.1.5
+5a2bcff32a30b8d9f9f937c6cb5d5d3e6ca5069f 2023-04-12T17:00:37+00:00 UPSTREAM: <carry>: disable load balancing on created cgroups when managed is enabled
+c376be027feb599a81f5f38e5b1922e9c05065b2 2023-04-12T17:53:58+02:00 UPSTREAM: <carry>: SCC pod extractor: assume default SA if SA is empty
 1721e67a44c1e57c0751240b0feb62fe610186be 2023-04-11T20:28:05+02:00 UPSTREAM: <drop>: hack/update-vendor.sh, make update and update image
 e61f3ad194851a5db1489aab125ead07612bb170 2023-04-11T20:25:49+02:00 UPSTREAM: <carry>: Force using the go tooling from the system
 6aebbd28015e52d856ed6097f1918a8246316f35 2023-04-11T20:23:23+02:00 UPSTREAM: <drop>: manually resolve conflicts
-71873f411a7949e19aca37d65494aba17cdbe2da 2023-03-16T19:57:24+00:00 UPSTREAM: <carry>: STOR-829: Add CSIInlineVolumeSecurity admission plugin
 9e644106593f3f4aa98f8a84b23db5fa378900bd 2023-03-15T13:33:11+00:00 Release commit for Kubernetes v1.26.3
 6138cccca8d2c9cbe81d62c20b573078cd846907 2023-03-09T16:10:53-05:00 Avoid metric lookup in Parallelizer.Util on every work piece
 7cc066c1050a55201e391a1c354464c008d36c82 2023-03-09T15:47:02-05:00 One lock among PodNominator and SchedulingQueue
@@ -48,3 +46,62 @@ d87b53b15dcc60f15a418dd23cf4912d92c41eaa 2023-02-03T00:01:07-05:00 Invoke gimme
 25183b77325b58abdcd09d9c0e94791e7a6232c1 2023-02-03T00:01:06-05:00 Defer builds to test-cmd and test-integration targets
 a50ebe3c210c0744166d5e2d1510ff4aac732aef 2023-01-31T16:08:55-05:00 Set node_stage whenever available
 6206ce9fbf49e09cbf950317db7cece29d2e023a 2023-01-30T15:37:02-05:00 Carefully compute request path for metrics
+# machine-config-operator embedded-component 5d6b4e794bda70accd168867bba815e3b3e3b02a to 35b049f9d3eaac15fdf6632e2ecd8cf55bd539e3
+b1826289224b1e973b88f3d0903b63cc9118af83 2023-04-13T16:32:58+00:00 OCPBUGS-11280: Fixing forcedns dispatcher script permission issue for assisted sno rhel9 upgrade
+1e962e3c33c905d86871fc740eaac69e3b6f12a8 2023-03-29T13:52:01+00:00 Splitting NetworkManager-onprem.conf.yaml to 2 files: 1. NetworkManager-onprem.conf.yaml will set unmanaged field as before and will do it only for onprem platforms as before 2. NetworkManager-ipv6.conf.yaml will set ipv6 flags for all platforms
+# ovn-kubernetes image-amd64 c66883c01e06722319fdf18e9997231b6abda3aa to e3bef98aa599a90a7f24ab077e7b979d688eb537
+13db0f8dc40dea0a2a6d89810750f3dc9c3603d9 2023-03-28T10:56:40-04:00 Fixes Egress Firewall node selector for ipv6
+# kubernetes image-amd64 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 to 19816eefa6829861687df6dfe573708756c464cc
+2e08e352eb705054f78f03a534a627ff8a038209 2023-04-12T20:02:20+02:00 UPSTREAM: <drop>: bump: apiserver-lib-go for fixed SCC admission
+7101082be4e94ecdbad1da83df354131d90f5560 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: vendor: bump runc to 1.1.6
+b75565423e47cd3d2bb7fbcc56f0bff21562c2a7 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: CVE-2023-27561: Bump runc go module v1.1.4 -> v1.1.5
+5a2bcff32a30b8d9f9f937c6cb5d5d3e6ca5069f 2023-04-12T17:00:37+00:00 UPSTREAM: <carry>: disable load balancing on created cgroups when managed is enabled
+c376be027feb599a81f5f38e5b1922e9c05065b2 2023-04-12T17:53:58+02:00 UPSTREAM: <carry>: SCC pod extractor: assume default SA if SA is empty
+1721e67a44c1e57c0751240b0feb62fe610186be 2023-04-11T20:28:05+02:00 UPSTREAM: <drop>: hack/update-vendor.sh, make update and update image
+e61f3ad194851a5db1489aab125ead07612bb170 2023-04-11T20:25:49+02:00 UPSTREAM: <carry>: Force using the go tooling from the system
+6aebbd28015e52d856ed6097f1918a8246316f35 2023-04-11T20:23:23+02:00 UPSTREAM: <drop>: manually resolve conflicts
+9e644106593f3f4aa98f8a84b23db5fa378900bd 2023-03-15T13:33:11+00:00 Release commit for Kubernetes v1.26.3
+6138cccca8d2c9cbe81d62c20b573078cd846907 2023-03-09T16:10:53-05:00 Avoid metric lookup in Parallelizer.Util on every work piece
+7cc066c1050a55201e391a1c354464c008d36c82 2023-03-09T15:47:02-05:00 One lock among PodNominator and SchedulingQueue
+6968f56567c90ea4329448a9185445bb1f114295 2023-03-09T12:39:06-08:00 Removes old discovery hack ignoring 403 and 404
+363bcdd815c051e52954b1aab1cd503dfc19bff7 2023-03-09T12:38:02-08:00 Plumb stale GroupVersions through aggregated discovery
+24f79b28edf2496aa63b7578b083362e009a987e 2023-03-09T10:08:08+01:00 releng/go: Update images, dependencies and version to Go 1.19.7
+6e8addd9a0a9e2983e3040e337b1b7ba6df83d87 2023-03-08T04:00:34+00:00 Tolerate empty discovery response in memcache client
+5aefc0c454e0e4f7c431ddfdfe767859b36b55ac 2023-03-03T10:00:26+05:30 Fix for windows kube-proxy: 'externalTrafficPolicy: Local' results in no clusterIP entry in windows node.
+4bab824def3417109b6dca8e16ad3b7fa80d74c8 2023-03-02T11:39:47-08:00 Deflake tests in staging/src/k8s.io/kube-aggregator/pkg/apiserver
+20f36098d951df73b131e9408f1a37a74b84ba5d 2023-03-02T11:39:42-08:00 Fix a data race in TestDirty
+d07478bd5a863273aec874c869bb8cd3de911bdc 2023-03-02T11:39:38-08:00 ut: fix TestLegacyFallbackNoCache versions order
+b1f6dc0311402ffc8849ffab2998b38d839b9924 2023-03-02T11:36:43-08:00 Fix legacy fallback stale for aggregated discovery
+3df1e8e32fdc4462bdfe1537d90ce4e6d83e6a9a 2023-03-02T02:29:31+00:00 add unit test
+86a6f5d1b58ee63de1133b515001dd6d333b207a 2023-03-02T02:29:31+00:00 fix 116028
+e8627059b02a360f30a869abc7c1cbec00163651 2023-02-28T17:19:34-03:00 Re-enable label selector
+1b063e1248ce9f38fda5456054fca77ecb320eec 2023-02-28T17:19:34-03:00 Add integration test for diff --prune --selector
+215a91b4381ec2fded38e8d0253e0e3f3675f9cb 2023-02-28T17:19:32-03:00 Use label selector for filtering out resources when pruning. Matches same behavior as for kubectl apply
+9ec50f523aa50219f2449b1acc119619d0642051 2023-02-27T10:58:28+01:00 svc: Support pods with same address
+a4ea8e56c1558292233d6b4bb1d0712a21bf3518 2023-02-27T08:37:59+01:00 api: generated files
+bb8e051b4b95e1eb0e2dc4e3e25b4373a8a6307d 2023-02-27T08:33:04+01:00 api: drop Resources.Claims from PVC and PVC template
+5ea3848172c54a35b0e86a3709b983136e277293 2023-02-24T20:23:32+01:00 scheduler/framework/plugins/volumebinding: fix inaccurate log for when a volume is bound to a claim
+f5261ae7362e90f20db2557bc83d590e83aeb7be 2023-02-24T07:25:58-08:00 Fix validation.go to validate without StatefulSetStartOrdinal feature gate check. Adds test case to validate regression fix of validation failing when spec.ordinals set and feature gate disabled
+f945942cfa18acc3cb0d063a065fafa1e710dc88 2023-02-22T14:30:11+00:00 Update CHANGELOG/CHANGELOG-1.26.md for v1.26.2
+a87eb5d44f4d0008ef910d98d3b1983e3320bab7 2023-02-22T13:32:21+00:00 Release commit for Kubernetes v1.26.3-rc.0
+a05ec2e0147acb5955b21e4b971ae2e59a3ea019 2023-02-20T23:05:34+01:00 Remove global framework variable
+072703c70b066c590686b9b75dcacab5a3f737dd 2023-02-15T10:25:09-08:00 fix race in aggregated discovery handler
+bdecd47143ebfddfeacb36b9ff980446476eec9c 2023-02-14T17:46:31+00:00 Remove check for CSI driver running on node for CSI migration attach operations
+00e1ab6b5dbf815eb6853a497b8ce1685a717536 2023-02-14T11:06:01-05:00 Disable multiple pv mount tests for vsphere intree driver
+192f90ac9c5f0e04f0b9973952e0227cb37c5c4e 2023-02-13T21:26:58-05:00 Simplify construction of /metrics request
+4e7930724f2afb60efc29b94ce1c5c75ceecb7cc 2023-02-08T16:54:52+05:30 Fix for issue with Loadbalancer policy creation for IPV6 endpoints in Dualstack mode.
+83c3ca63a12eaadfa2fb20ea5d6b588904461193 2023-02-07T17:03:20-08:00 Bump konnectivity-client to v0.0.36
+29f810fc071157cfa55603e97c0065e50f45a131 2023-02-06T21:51:40+00:00 make GetSubnetPrefix IP family agnostic
+d87b53b15dcc60f15a418dd23cf4912d92c41eaa 2023-02-03T00:01:07-05:00 Invoke gimme from kube::golang::verify_go_version
+62386bb73950cbdec1f8938a3250937702222749 2023-02-03T00:01:07-05:00 Add gimme
+25183b77325b58abdcd09d9c0e94791e7a6232c1 2023-02-03T00:01:06-05:00 Defer builds to test-cmd and test-integration targets
+a50ebe3c210c0744166d5e2d1510ff4aac732aef 2023-01-31T16:08:55-05:00 Set node_stage whenever available
+6206ce9fbf49e09cbf950317db7cece29d2e023a 2023-01-30T15:37:02-05:00 Carefully compute request path for metrics
+# ovn-kubernetes image-arm64 c66883c01e06722319fdf18e9997231b6abda3aa to e3bef98aa599a90a7f24ab077e7b979d688eb537
+13db0f8dc40dea0a2a6d89810750f3dc9c3603d9 2023-03-28T10:56:40-04:00 Fixes Egress Firewall node selector for ipv6
+# kubernetes image-arm64 85375332a108abce2f23a61958ae7adcc449477c to 19816eefa6829861687df6dfe573708756c464cc
+2e08e352eb705054f78f03a534a627ff8a038209 2023-04-12T20:02:20+02:00 UPSTREAM: <drop>: bump: apiserver-lib-go for fixed SCC admission
+7101082be4e94ecdbad1da83df354131d90f5560 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: vendor: bump runc to 1.1.6
+b75565423e47cd3d2bb7fbcc56f0bff21562c2a7 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: CVE-2023-27561: Bump runc go module v1.1.4 -> v1.1.5
+5a2bcff32a30b8d9f9f937c6cb5d5d3e6ca5069f 2023-04-12T17:00:37+00:00 UPSTREAM: <carry>: disable load balancing on created cgroups when managed is enabled
+c376be027feb599a81f5f38e5b1922e9c05065b2 2023-04-12T17:53:58+02:00 UPSTREAM: <carry>: SCC pod extractor: assume default SA if SA is empty
diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt
index 95bd4bccd4..fdd44b74f8 100644
--- a/scripts/auto-rebase/commits.txt
+++ b/scripts/auto-rebase/commits.txt
@@ -3,12 +3,12 @@ https://github.com/openshift/cluster-ingress-operator embedded-component 6aa482c
 https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 02ea4a4120dd0f8eb49d070b1fe420ed6d1debba
 https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component cdde94837bec1810dbad71ca070a84f212de0cbb
 https://github.com/openshift/cluster-kube-scheduler-operator embedded-component dc5cba57ddcdb5a4b43240d1c2ab908fa953d887
-https://github.com/openshift/cluster-network-operator embedded-component b7b90a5bef21ebe3c91362bb1415469197e0290b
+https://github.com/openshift/cluster-network-operator embedded-component d9b70b9b587762e53863d61d0447f2f74580bd4b
 https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 9a8aba8cad6491a31e743a7e366d758351482d88
 https://github.com/openshift/cluster-policy-controller embedded-component d02c85ab3203fe22eddcc4694e17504ef34935de
 https://github.com/openshift/etcd embedded-component f70da9d78221bc3e6bf8ac14c0c4ecc106f4f57d
-https://github.com/openshift/kubernetes embedded-component 0c79814882f4a4b842fbeab001c9f92f9de9a9b9
-https://github.com/openshift/machine-config-operator embedded-component 5d6b4e794bda70accd168867bba815e3b3e3b02a
+https://github.com/openshift/kubernetes embedded-component 19816eefa6829861687df6dfe573708756c464cc
+https://github.com/openshift/machine-config-operator embedded-component 35b049f9d3eaac15fdf6632e2ecd8cf55bd539e3
 https://github.com/openshift/openshift-controller-manager embedded-component 87de83867ac51730f506138ee790a56ca21d9fc9
 https://github.com/openshift/route-controller-manager embedded-component d7a8e22db412b6fabb7028ca0da8de8f3d9ac3c3
 https://github.com/openshift/service-ca-operator embedded-component 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a
@@ -16,13 +16,13 @@ https://github.com/openshift/oc image-amd64 92b1a3d0e5d092430b523f6541aa0c504b22
 https://github.com/openshift/coredns image-amd64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb
 https://github.com/openshift/router image-amd64 e28644631982fb4596e065d3ae85099f0886829d
 https://github.com/openshift/kube-rbac-proxy image-amd64 11b1439d48a47a408ae7e2dd851989f7b7b4f595
-https://github.com/openshift/ovn-kubernetes image-amd64 c66883c01e06722319fdf18e9997231b6abda3aa
-https://github.com/openshift/kubernetes image-amd64 0c79814882f4a4b842fbeab001c9f92f9de9a9b9
+https://github.com/openshift/ovn-kubernetes image-amd64 e3bef98aa599a90a7f24ab077e7b979d688eb537
+https://github.com/openshift/kubernetes image-amd64 19816eefa6829861687df6dfe573708756c464cc
 https://github.com/openshift/service-ca-operator image-amd64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a
 https://github.com/openshift/oc image-arm64 92b1a3d0e5d092430b523f6541aa0c504b2222b3
 https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb
 https://github.com/openshift/router image-arm64 e28644631982fb4596e065d3ae85099f0886829d
 https://github.com/openshift/kube-rbac-proxy image-arm64 11b1439d48a47a408ae7e2dd851989f7b7b4f595
-https://github.com/openshift/ovn-kubernetes image-arm64 c66883c01e06722319fdf18e9997231b6abda3aa
-https://github.com/openshift/kubernetes image-arm64 85375332a108abce2f23a61958ae7adcc449477c
+https://github.com/openshift/ovn-kubernetes image-arm64 e3bef98aa599a90a7f24ab077e7b979d688eb537
+https://github.com/openshift/kubernetes image-arm64 19816eefa6829861687df6dfe573708756c464cc
 https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a

From 3fdfc373c953609c269a4289575e3252acc39082 Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Mon, 17 Apr 2023 05:12:18 +0000
Subject: [PATCH 3/9] update microshift/go.mod

---
 go.mod |  80 +++++++++++++++++-----------------
 go.sum | 135 ++++++++++++++++++++++++++++++---------------------------
 2 files changed, 112 insertions(+), 103 deletions(-)

diff --git a/go.mod b/go.mod
index 6258895839..c86a833680 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/spf13/cobra v1.6.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.8.0
-	golang.org/x/sys v0.5.0
+	golang.org/x/sys v0.6.0
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/api v0.26.1
 	k8s.io/apiextensions-apiserver v0.26.1
@@ -140,10 +140,10 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/runc v1.1.4 // indirect
+	github.com/opencontainers/runc v1.1.6 // indirect
 	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect
 	github.com/opencontainers/selinux v1.10.0 // indirect
-	github.com/openshift/apiserver-library-go v0.0.0-20230120221150-cefee9e0162b // indirect
+	github.com/openshift/apiserver-library-go v0.0.0-20230411124846-9fe2aa032a6f // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pkg/profile v1.3.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
@@ -185,14 +185,14 @@ require (
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.19.0 // indirect
 	golang.org/x/crypto v0.1.0 // indirect
-	golang.org/x/mod v0.6.0 // indirect
-	golang.org/x/net v0.7.0 // indirect
+	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/net v0.8.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect
-	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
-	golang.org/x/term v0.5.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/sync v0.1.0 // indirect
+	golang.org/x/term v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
-	golang.org/x/tools v0.2.0 // indirect
+	golang.org/x/tools v0.6.0 // indirect
 	google.golang.org/api v0.60.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect
@@ -221,7 +221,7 @@ require (
 	k8s.io/mount-utils v0.0.0 // indirect
 	k8s.io/pod-security-admission v0.25.0 // indirect
 	k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect
-	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35 // indirect
+	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/kube-storage-version-migrator v0.0.4 // indirect
 	sigs.k8s.io/kustomize/api v0.12.1 // indirect
@@ -231,34 +231,34 @@ require (
 
 replace (
 	github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 // from kubernetes
-	k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4 // release kubernetes
-	k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230412020409-0c79814882f4 // from kubernetes
+	k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682 // release kubernetes
+	k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230414060647-19816eefa682 // from kubernetes
 )
diff --git a/go.sum b/go.sum
index fc9ca6379f..1c00a8f9a6 100644
--- a/go.sum
+++ b/go.sum
@@ -589,8 +589,9 @@ github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3I
 github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM=
 github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg=
 github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg=
+github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA=
+github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
 github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc=
@@ -600,65 +601,65 @@ github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuh
 github.com/openshift/api v0.0.0-20230120195050-6ba31fa438f2/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4=
 github.com/openshift/api v0.0.0-20230208193339-068b2ae5534f h1:+GaTEfR8gYzh64fdlRKLYZLwt5p4wQd2mdnvkhFDa8k=
 github.com/openshift/api v0.0.0-20230208193339-068b2ae5534f/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4=
-github.com/openshift/apiserver-library-go v0.0.0-20230120221150-cefee9e0162b h1:1AeKPWFTSSSqSl0VYmwnaOuxw2kExQgJ6pjuC4XV33A=
-github.com/openshift/apiserver-library-go v0.0.0-20230120221150-cefee9e0162b/go.mod h1:FmOGJTf5L1X9LiqnsNDwKJyt5ycUNxnNqpxs0rgylTc=
+github.com/openshift/apiserver-library-go v0.0.0-20230411124846-9fe2aa032a6f h1:rcaCMJa6vCtX/4orBfonBz2Z2zjdlJzDOzxwhlcq10U=
+github.com/openshift/apiserver-library-go v0.0.0-20230411124846-9fe2aa032a6f/go.mod h1:pI5W5+O/b0A7qOAXuLLCQqQjoCcQoEPsoBNoFfScvUQ=
 github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d h1:RR4ah7FfaPR1WePizm0jlrsbmPu91xQZnAsVVreQV1k=
 github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
 github.com/openshift/client-go v0.0.0-20230120202327-72f107311084 h1:66uaqNwA+qYyQDwsMWUfjjau8ezmg1dzCqub13KZOcE=
 github.com/openshift/client-go v0.0.0-20230120202327-72f107311084/go.mod h1:M3h9m001PWac3eAudGG3isUud6yBjr5XpzLYLLTlHKo=
 github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203 h1:rafkiE1rN2dQC0rq7q44mI4/69aEkcxmdpxVlwvTOPY=
 github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203/go.mod h1:vlkRuwyRueLOQ/ZRRle+rCrh+YNoh+pzJm9WaN9e6mU=
-github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4 h1:DxU8TWjU8Oena8Ghid/K+cmQLNJSJRhuUFdlHqrEYM0=
-github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4/go.mod h1:FFmjFkZxW22qBBjGCdvUj9MzYgHeh1t+7fG3n7162tM=
-github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 h1:dzCea/DHA2x6R9j+wTb7BY3LnqhorBSvVdmB/wF0b5o=
-github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM=
-github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 h1:agPz3HCip5q6vbfHqIrZHBO2cq27NR6xPzlIWtiNV14=
-github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4/go.mod h1:U0Mmzj5eyc8IBdGjsF2XR3dBQG0yqvhy468GKZvdfXU=
-github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 h1:t45aNQ0O98VzJ9nA8mhvcXDl30FcmZpR/yfLudfnwPQ=
-github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo=
-github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 h1:pXWg407R5iaAYV2w/ElE7MtOmxcZ62WpCq6f4S2/Cvk=
-github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4/go.mod h1:xwqK7Ox7oH/b11ZMPYtqPV/OYt2ZlYZf7XsuukECSc4=
-github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 h1:paEpt3um9AlkuelIGXcweXP4MNcbSZqUZXmKK/ys77M=
-github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c=
-github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 h1:EpfLJVTood6aq/ElFbWN+sWqx1aJYhvv0XRRZZHZVC0=
-github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc=
-github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 h1:mtZeh53RDdQpMkIOn6Z0f3WOiWCcmw/Ua93PbDgW7Bk=
-github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4/go.mod h1:C8LxhCSrMIvk2892MFXHd6Ygyy/cCVK30VOZZVm4KSM=
-github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 h1:CJG+OQlmVbldHGEblR3d2HVcgm8KSQzlFaVzj8P8WxI=
-github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4/go.mod h1:sf8VADmgVR2MzucAzvUaYsYLUi8S4onGjDNXWp6+iOw=
-github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4/go.mod h1:HDEVJ4fMSa8PKXQ5cJgG2PEEYCM9NDxpj7EojkpHatA=
-github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 h1:oBP6cLuqYBCVpXsOIOhk++szFMFJ6Nwn+4Lgat1jkkQ=
-github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc=
-github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 h1:0aFCy3DFIJp9q7MjIdF+d7c9gRRldbzoADzeXJHD6Ps=
-github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4/go.mod h1:v9q5XN/HFJwSIQ9HiyzSh9Pgpkf0sdmLX2s4wWmub1c=
-github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 h1:gtLRfQXW02jMSNd3b+OYihuYGnf3kdpM1XcxVho24yI=
-github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4/go.mod h1:45yXoVo9Jbbpsz92uqBbG2oVBkVEWv+4ROfek4yo0NE=
-github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 h1:UH2CrxJMeQfqUXKAdBS4wMrTkRr5IlMLtC4K6QLUVa0=
-github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4/go.mod h1:X6BH8wZUzqCnAYka7oy7QYoBUcN3xSXV6rZIxdXoArE=
-github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 h1:hVdwgqxDk4bluPK25EPn8Pac41kd+Z5dEYx2rDlmlfA=
-github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4/go.mod h1:aNNfBLYfQbTrwqWHK9JMaodwbDNG1lELDChC0mhKLJQ=
-github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 h1:TFwYCrthXTV89eiKNewDLRHIxqzUVsOTDI6CRenseVs=
-github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4/go.mod h1:MovKp06tUSXe3MnKchEr1D8CdDZgIhYiw6D6sBjZy94=
-github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 h1:6x02hFqXOhHkpGrkQMnZxbze/W5ezpFJY24p+QBOSGc=
-github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4/go.mod h1:RBaXXXu0TgOgwWU+GKrNbBjVj6I6mZ3Kuwxphmx83hM=
-github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 h1:YE1eqfA+F0slkcQz/JUq/wLe6GOOWeyKYDXYjwTBMuw=
-github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4/go.mod h1:tZLl7PAQI9WT9QcUVeua4aK0EIZE1DZhQorO9WLoRGs=
-github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 h1:DhG+hjnNz9dWd99ZDYgTvGfa664Z1BeNdsitcr1S/E0=
-github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4/go.mod h1:FmdoDrAFpzYtGWgaPrurpkB+ITnnOV/V/+uoFPovBKA=
-github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 h1:at3OR4PQWIMjPX4Rj/gF0axWOCxJUaC/0nb0v5+aICg=
-github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4/go.mod h1:Zgt5E29gT4nxpbFBvx43u3fRNTfMAvqZxchXnjw+gOo=
-github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 h1:gwn29Sp0NX3xKTFS7RrOBNM/pKAQqKUOduPQSrFB85o=
-github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do=
-github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 h1:6okyPOQlNzes/eX6zLDfxuZ8vq9TCClcMK/z2CspUNc=
-github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4/go.mod h1:A6pOnDSKM3jdR7v/EOkKKuHWsR3GGm4T3Vr9jS1U6QA=
-github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 h1:XDfbRtXJkcJ+0DYpGDY5z+THMad2F645g4axdksFVyE=
-github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4/go.mod h1:K4ChxIQRGSv8E4Cz3XSuZ38G5UwpTb/4p32vGMDpa1k=
-github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 h1:0siZkDLsSH1EwQozlv4jSvXjv4J/YxShm5t+8D0R79U=
-github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4/go.mod h1:5qMnaoxtG8tgh9JRt99mH4aEw1Us6LFFigCQExPUeXQ=
-github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 h1:shy31jV3C6duCqPIbpBoayfvub0MD+ewWMsk4SNHlmo=
-github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4/go.mod h1:1PgQc8yQxp+tnTD2lzlyNGTngwImNyANUq74eRnHT5U=
-github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 h1:g3n+u+PZ/FEOf0lvfFcgDV+rMQdYsUa1uW8tLrr4yII=
-github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4/go.mod h1:KtKLalpm2l5WOPMqKs6VETKre5j3sPUz0D16MXQd1QI=
+github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682 h1:aAZOgCVCBWMRRwi5W/NazlOCaCLlaMI704LTMwo/HUg=
+github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682/go.mod h1:T0+m4H3K5iWzDP65vb1st8Pd3siJoeSpbC0EzmymTVk=
+github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 h1:f+5Fcc/WQpus26/zjyl/XCYr4NSNpAtYuf6bV2UJf14=
+github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682/go.mod h1:uLYjAyw1JyCS9EUj6oUhl4eRy4XthcFpSodl6cOokQI=
+github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 h1:oh00NNthfcbhoHHG9RMaQ+Q9gaB+OjU6LsjIOgTZ6dA=
+github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682/go.mod h1:yViNAI+IfEaoAVoSOgZXDmN4bMipiqwvrXekieIkdbY=
+github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 h1:w4uwFjypPaaff3++nri9Z6P+OdBnUf9lF8czEeiOCYM=
+github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682/go.mod h1:ApuQzVQOyTrgHIGrmVljD8zZ+ZoHmXYbsFwLvSelf84=
+github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 h1:Ac/LHZaMAqUr9rE4Q1oLG6iuLwwi6L3GAuTPdsqO15Y=
+github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682/go.mod h1:VFDYdzpH+ZfUFicJweH6XtgDJJ+bBhIMgS/NgM6c9+c=
+github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 h1:LfPzMcGu+ns6q2+JD8KX2o3lxeUq8smiNSXwjLn98Do=
+github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682/go.mod h1:LumLfFU84tK2qax1WpUviAosYlqlUaSJTIEtYjYpfxw=
+github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 h1:4m/eWo2ebGxBMmYB9y6YoI4EWIKGDG8SRSciVCX1ilA=
+github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682/go.mod h1:0QH/+sNaHFjTGTSyuwBXuHHhyBRa2r6ndYXUxchMPKI=
+github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 h1:QVD1gei4qjU1ZzqLrrk9UUM4oL5xNU5WHQrOh+plP2o=
+github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682/go.mod h1:UDt2Nn2cJxGQWGuPZXA8zhtTccXCsbzIMD2QMvjAl/s=
+github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 h1:Le/7MKrlHyL0GzydqE9O2YuBPTEwnMG5cUJHPOqQSKE=
+github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682/go.mod h1:CHVYBTORnxNcEy4sP3o5mXQCtQ+xakaDn7H4irLH4hE=
+github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682/go.mod h1:RPAt1JMA66rIEi+T0Dm3inLGbyc8PsaIoRuh006OoKQ=
+github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 h1:qyJleza3TMgCwXZ+b88cdGZMUz7G29GPpFNs0mGyscc=
+github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682/go.mod h1:4bzeXuIaKw5yabxEcNwxVYHKi0wLgcjl5naBxe4N1cw=
+github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 h1:nvGIHfDumItIc0eHmw1XkyaHYqODBrw4LFt6qX2UAE0=
+github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682/go.mod h1:1kjV28ccOe1eJI0U3RSRTXDv8PSWILLyDrRHnlN0b5Q=
+github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 h1:ieDpK+9kwFiYrZLf8szWJs034wF7DPyZ6imE9lvPwmU=
+github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682/go.mod h1:MzAfXD5g03ADE/cQOanac914VXKVm+PE21CdbMnqHh8=
+github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 h1:LHuIB1W4NAG9ZnrRQdfctquaE4GLKgCSQjny5JZYr+4=
+github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682/go.mod h1:sjqtRwsq9OIu27wzHZyTUxhszi4BTrLOZUP3XxMT3ac=
+github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 h1:IJ5E8PY+2bWAGqpmqDtkU2W4t6XmLC76x921nr1JVmY=
+github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682/go.mod h1:3iftQXweshE6LzQ4a0nccCFroiXuvkd0Tv0yVhVZo3g=
+github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 h1:SImSqAAOj9J8LfLmHFnMRAHSedb14k0fejLGldaAi1k=
+github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682/go.mod h1:i5+I2dCeC47HR6g0aFW6nr1wNfWRlyFmiSDs2NqFs3I=
+github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 h1:3rSkUFhklB10N5Xp3Dm3Wn6g+xyRNXdoRQaGdzGEMvs=
+github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682/go.mod h1:uzei6+XRNkQICBV+e8BACOZwRpfWPvpZ6bVCWYsuxfQ=
+github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 h1:WJVg9acdlTWqKOiC7JbJa2Ev0kFki5tL4mcdxTAkUMQ=
+github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682/go.mod h1:HLz7lzU2qNPgSwDA8ZH4T6Ll6kWU6Y6BpIzPWYfLBkc=
+github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 h1:YJruCzvKX+sqPHNK87ZdNJ3bld9cDh86nMuI1V50yKM=
+github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682/go.mod h1:W/OyRa4Ahdv09yt5iHcxSrTCn2yg33rlMqo9yW1GFm0=
+github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 h1:cGUyvu78+r830+joBbEILP5vkmM0udzZWvwEFYKSc30=
+github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682/go.mod h1:gAOk6X5CwD031FqXVf7CD4yQdou7UUUmP0FmRqCGPUI=
+github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 h1:1tYc5o7kN6Vx2Jr/HQLt8AQImp8TT2hBZWRIT0ZRfL8=
+github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682/go.mod h1:plN+kBQozEYwSUD3aB9oFwrpkVeIN5xVpQ6sLRbSiNs=
+github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 h1:F6Iq7mYVCz+EkVxwtb56Rg6EWbQ/JTSVo0zbrwZ+RTE=
+github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682/go.mod h1:au5YzS8yhxLz767EWIVfabqOrCtMfjppQRDQ+BPnNCE=
+github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 h1:4I/f6SZBayfieqXt7Zk0cWkbfXDGBdLTXFpDCXeAuX0=
+github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682/go.mod h1:j7EjbuGsi5n1jhuQ1s2xbgsV4H5MOY6iTjtp+CaBsh0=
+github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 h1:UCHUJBT8ieT0lja74AgVhU54Td2iFFLurUKKwv+ibig=
+github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682/go.mod h1:0XHkNqJcpcb3wT61pTKmEWoX8uuV9Q5N2Z48NrDYdww=
+github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 h1:BT1oPp1IvgYzpmksSeyoSvl61E4NbAQKyFt7wKEO+nY=
+github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682/go.mod h1:Xv4esSdxyeauCQqd77P5rMAjH8eAhtUfZjgykqPkXIg=
+github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 h1:/LcItEq3+hoyU2Cw181TFbGTSegdYWIC3AFlFwGTre4=
+github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682/go.mod h1:t18RIruuLO3r+O64ycCBgy26pv4C82be62Gkaneigqo=
 github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4 h1:B9e1Sga7Q6iSI1YgzLgfABo+LDET7HZngJ+tKlrwVSk=
 github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4/go.mod h1:xO4nAf0qa56dgvEJWVD1WuwSJ8JWPU1TYLBQrlutWnE=
 github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I=
@@ -935,8 +936,9 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I=
 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -992,8 +994,9 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
-golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1026,8 +1029,9 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1115,15 +1119,17 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
-golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1136,8 +1142,9 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1208,8 +1215,9 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE=
 golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
+golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1430,8 +1438,9 @@ k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35 h1:+xBL5uTc+BkPBwmMi3vYfUJjq+N3K+H6PXeETwf5cPI=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35/go.mod h1:WxjusMwXlKzfAs4p9km6XJRndVt2FROgMVCE4cdohFo=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 h1:PUuX1qIFv309AT8hF/CdPKDmsG/hn/L8zRX7VvISM3A=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36/go.mod h1:WxjusMwXlKzfAs4p9km6XJRndVt2FROgMVCE4cdohFo=
 sigs.k8s.io/controller-tools v0.2.8/go.mod h1:9VKHPszmf2DHz/QmHkcfZoewO6BL7pPs9uAiBVsaJSE=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=

From ee5b59e708ee99aea13854ca8f5d750c3a63ebc8 Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Mon, 17 Apr 2023 05:12:30 +0000
Subject: [PATCH 4/9] update microshift/vendor

---
 .../libcontainer/cgroups/ebpf/ebpf_linux.go   |   2 +-
 .../runc/libcontainer/cgroups/fs/fs.go        |   1 +
 .../libcontainer/cgroups/systemd/common.go    |  66 ++-
 .../libcontainer/cgroups/systemd/cpuset.go    |   5 +
 .../runc/libcontainer/cgroups/systemd/v1.go   |  12 +-
 .../runc/libcontainer/cgroups/systemd/v2.go   |   2 +-
 .../runc/libcontainer/cgroups/utils.go        |   6 +-
 .../configs/validate/validator.go             |   5 +-
 .../runc/libcontainer/container_linux.go      |   2 +-
 .../runc/libcontainer/eaccess_go119.go        |  17 +
 .../runc/libcontainer/eaccess_stub.go         |  10 +
 .../runc/libcontainer/factory_linux.go        |  11 +-
 .../runc/libcontainer/init_linux.go           |   5 +-
 .../runc/libcontainer/rootfs_linux.go         |  82 +--
 .../runc/libcontainer/standard_init_linux.go  |  11 +-
 .../opencontainers/runc/libcontainer/sync.go  |  14 +-
 .../runc/libcontainer/system/linux.go         |  19 -
 .../runc/libcontainer/user/user.go            |  14 +-
 .../sccmatching/patched_sc_accessors.go       | 471 ++++++++++++++++++
 .../sccmatching/provider.go                   |  46 +-
 vendor/golang.org/x/net/html/doc.go           |  15 +
 vendor/golang.org/x/net/html/escape.go        |  81 +++
 vendor/golang.org/x/net/html/render.go        |   2 +-
 vendor/golang.org/x/net/html/token.go         |  10 +-
 .../x/sync/singleflight/singleflight.go       |  11 +-
 vendor/golang.org/x/sys/cpu/hwcap_linux.go    |  15 +
 vendor/golang.org/x/sys/cpu/runtime_auxv.go   |  16 +
 .../x/sys/cpu/runtime_auxv_go121.go           |  19 +
 vendor/golang.org/x/sys/execabs/execabs.go    |   2 +-
 .../golang.org/x/sys/execabs/execabs_go118.go |   6 +
 .../golang.org/x/sys/execabs/execabs_go119.go |   4 +
 vendor/golang.org/x/sys/unix/ioctl.go         |  17 +-
 vendor/golang.org/x/sys/unix/ioctl_zos.go     |   8 +-
 vendor/golang.org/x/sys/unix/ptrace_darwin.go |   6 +
 vendor/golang.org/x/sys/unix/ptrace_ios.go    |   6 +
 vendor/golang.org/x/sys/unix/syscall_aix.go   |   5 +-
 vendor/golang.org/x/sys/unix/syscall_bsd.go   |   3 +-
 .../golang.org/x/sys/unix/syscall_darwin.go   |  12 +-
 .../x/sys/unix/syscall_darwin_amd64.go        |   1 +
 .../x/sys/unix/syscall_darwin_arm64.go        |   1 +
 .../x/sys/unix/syscall_dragonfly.go           |   1 +
 .../golang.org/x/sys/unix/syscall_freebsd.go  |  43 +-
 .../x/sys/unix/syscall_freebsd_386.go         |  17 +-
 .../x/sys/unix/syscall_freebsd_amd64.go       |  17 +-
 .../x/sys/unix/syscall_freebsd_arm.go         |  15 +-
 .../x/sys/unix/syscall_freebsd_arm64.go       |  15 +-
 .../x/sys/unix/syscall_freebsd_riscv64.go     |  15 +-
 vendor/golang.org/x/sys/unix/syscall_hurd.go  |   8 +
 vendor/golang.org/x/sys/unix/syscall_linux.go |  36 +-
 .../golang.org/x/sys/unix/syscall_netbsd.go   |   5 +-
 .../golang.org/x/sys/unix/syscall_openbsd.go  |   1 +
 .../golang.org/x/sys/unix/syscall_solaris.go  |  21 +-
 .../x/sys/unix/syscall_zos_s390x.go           |   4 +-
 vendor/golang.org/x/sys/unix/zerrors_linux.go |  10 +-
 .../x/sys/unix/zptrace_armnn_linux.go         |   8 +-
 .../x/sys/unix/zptrace_linux_arm64.go         |   4 +-
 .../x/sys/unix/zptrace_mipsnn_linux.go        |   8 +-
 .../x/sys/unix/zptrace_mipsnnle_linux.go      |   8 +-
 .../x/sys/unix/zptrace_x86_linux.go           |   8 +-
 .../golang.org/x/sys/unix/zsyscall_aix_ppc.go |  10 +
 .../x/sys/unix/zsyscall_aix_ppc64.go          |  10 +
 .../x/sys/unix/zsyscall_aix_ppc64_gc.go       |   7 +
 .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go    |   8 +
 .../x/sys/unix/zsyscall_darwin_amd64.go       |  16 +
 .../x/sys/unix/zsyscall_darwin_arm64.go       |  16 +
 .../x/sys/unix/zsyscall_dragonfly_amd64.go    |  10 +
 .../x/sys/unix/zsyscall_freebsd_386.go        |  20 +
 .../x/sys/unix/zsyscall_freebsd_amd64.go      |  20 +
 .../x/sys/unix/zsyscall_freebsd_arm.go        |  20 +
 .../x/sys/unix/zsyscall_freebsd_arm64.go      |  20 +
 .../x/sys/unix/zsyscall_freebsd_riscv64.go    |  20 +
 .../golang.org/x/sys/unix/zsyscall_linux.go   |  10 +
 .../x/sys/unix/zsyscall_netbsd_386.go         |  10 +
 .../x/sys/unix/zsyscall_netbsd_amd64.go       |  10 +
 .../x/sys/unix/zsyscall_netbsd_arm.go         |  10 +
 .../x/sys/unix/zsyscall_netbsd_arm64.go       |  10 +
 .../x/sys/unix/zsyscall_openbsd_386.go        |   8 +
 .../x/sys/unix/zsyscall_openbsd_amd64.go      |   8 +
 .../x/sys/unix/zsyscall_openbsd_arm.go        |   8 +
 .../x/sys/unix/zsyscall_openbsd_arm64.go      |   8 +
 .../x/sys/unix/zsyscall_openbsd_mips64.go     |   8 +
 .../x/sys/unix/zsyscall_openbsd_ppc64.go      |   8 +
 .../x/sys/unix/zsyscall_openbsd_riscv64.go    |   8 +
 .../x/sys/unix/zsyscall_solaris_amd64.go      |  11 +
 .../x/sys/unix/zsyscall_zos_s390x.go          |  10 +
 .../x/sys/unix/ztypes_freebsd_386.go          |   2 +-
 .../x/sys/unix/ztypes_freebsd_amd64.go        |   2 +-
 .../x/sys/unix/ztypes_freebsd_arm.go          |   2 +-
 .../x/sys/unix/ztypes_freebsd_arm64.go        |   2 +-
 .../x/sys/unix/ztypes_freebsd_riscv64.go      |   2 +-
 vendor/golang.org/x/sys/unix/ztypes_linux.go  | 140 ++++--
 .../golang.org/x/sys/unix/ztypes_linux_386.go |   2 +-
 .../x/sys/unix/ztypes_linux_amd64.go          |   2 +-
 .../golang.org/x/sys/unix/ztypes_linux_arm.go |   2 +-
 .../x/sys/unix/ztypes_linux_arm64.go          |   2 +-
 .../x/sys/unix/ztypes_linux_loong64.go        |   2 +-
 .../x/sys/unix/ztypes_linux_mips.go           |   2 +-
 .../x/sys/unix/ztypes_linux_mips64.go         |   2 +-
 .../x/sys/unix/ztypes_linux_mips64le.go       |   2 +-
 .../x/sys/unix/ztypes_linux_mipsle.go         |   2 +-
 .../golang.org/x/sys/unix/ztypes_linux_ppc.go |   2 +-
 .../x/sys/unix/ztypes_linux_ppc64.go          |   2 +-
 .../x/sys/unix/ztypes_linux_ppc64le.go        |   2 +-
 .../x/sys/unix/ztypes_linux_riscv64.go        |   2 +-
 .../x/sys/unix/ztypes_linux_s390x.go          |   2 +-
 .../x/sys/unix/ztypes_linux_sparc64.go        |   2 +-
 .../x/sys/windows/syscall_windows.go          |   6 +-
 .../golang.org/x/sys/windows/types_windows.go |  85 ++++
 .../x/sys/windows/zsyscall_windows.go         |  27 +
 .../x/text/encoding/internal/internal.go      |   2 +-
 .../x/text/unicode/norm/forminfo.go           |   2 +-
 .../x/tools/internal/gocommand/version.go     |  23 +
 .../x/tools/internal/imports/fix.go           |   9 +-
 .../x/tools/internal/imports/sortimports.go   |   1 +
 .../x/tools/internal/imports/zstdlib.go       | 188 ++++++-
 vendor/k8s.io/api/core/v1/generated.proto     |   2 +-
 vendor/k8s.io/api/core/v1/types.go            |   2 +-
 .../core/v1/types_swagger_doc_generated.go    |   2 +-
 .../discovery/aggregated_discovery.go         |  44 +-
 .../discovery/cached/memory/memcache.go       |  53 +-
 .../client-go/discovery/discovery_client.go   | 118 +++--
 .../pkg/apiserver/handler_discovery.go        |  31 +-
 .../pkg/api/persistentvolumeclaim/util.go     |   4 +
 vendor/k8s.io/kubernetes/pkg/api/pod/util.go  |  10 +
 .../pkg/apis/apps/validation/validation.go    |  20 +-
 .../k8s.io/kubernetes/pkg/apis/core/types.go  |   2 +-
 .../util/endpointslice/endpointset.go         |   8 +-
 .../volume/attachdetach/util/util.go          |  17 -
 .../volume/persistentvolume/pv_controller.go  |   2 +-
 .../generated/openapi/zz_generated.openapi.go |   2 +-
 .../pkg/kubelet/cm/cgroup_manager_linux.go    |  15 +
 .../pkg/scheduler/framework/interface.go      |   3 +
 .../framework/parallelize/parallelism.go      |   5 +-
 .../framework/plugins/volumebinding/binder.go |  10 +-
 .../scheduler/framework/runtime/framework.go  |   4 +
 .../internal/queue/scheduling_queue.go        |  77 +--
 .../kubernetes/pkg/scheduler/scheduler.go     |   9 +-
 .../operationexecutor/operation_generator.go  |  10 +
 .../podsecurity/patch_podspecextractor.go     |   4 +
 vendor/modules.txt                            | 132 ++---
 .../konnectivity-client/pkg/client/client.go  |  64 ++-
 .../konnectivity-client/pkg/client/conn.go    |  14 +-
 142 files changed, 2178 insertions(+), 598 deletions(-)
 create mode 100644 vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go
 create mode 100644 vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go
 create mode 100644 vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/patched_sc_accessors.go
 create mode 100644 vendor/golang.org/x/sys/cpu/runtime_auxv.go
 create mode 100644 vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go

diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go
index 104c74a890..35b00aaf05 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go
@@ -93,7 +93,7 @@ var (
 )
 
 // Loosely based on the BPF_F_REPLACE support check in
-//   <https://github.com/cilium/ebpf/blob/v0.6.0/link/syscalls.go>.
+// https://github.com/cilium/ebpf/blob/v0.6.0/link/syscalls.go.
 //
 // TODO: move this logic to cilium/ebpf
 func haveBpfProgReplace() bool {
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go
index fb4fcc7f75..9e2f0ec04c 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go
@@ -28,6 +28,7 @@ var subsystems = []subsystem{
 	&FreezerGroup{},
 	&RdmaGroup{},
 	&NameGroup{GroupName: "name=systemd", Join: true},
+	&NameGroup{GroupName: "misc", Join: true},
 }
 
 var errSubsystemDoesNotExist = errors.New("cgroup: subsystem does not exist")
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go
index 45744c15c0..50746ae0c5 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go
@@ -293,8 +293,18 @@ func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, err
 			// rules separately to systemd) we can safely skip entries that don't
 			// have a corresponding path.
 			if _, err := os.Stat(entry.Path); err != nil {
-				logrus.Debugf("skipping device %s for systemd: %s", entry.Path, err)
-				continue
+				// Also check /sys/dev so that we don't depend on /dev/{block,char}
+				// being populated. (/dev/{block,char} is populated by udev, which
+				// isn't strictly required for systemd). Ironically, this happens most
+				// easily when starting containerd within a runc created container
+				// itself.
+
+				// We don't bother with securejoin here because we create entry.Path
+				// right above here, so we know it's safe.
+				if _, err := os.Stat("/sys" + entry.Path); err != nil {
+					logrus.Warnf("skipping device %s for systemd: %s", entry.Path, err)
+					continue
+				}
 			}
 		}
 		deviceAllowList = append(deviceAllowList, entry)
@@ -343,32 +353,52 @@ func isUnitExists(err error) bool {
 	return isDbusError(err, "org.freedesktop.systemd1.UnitExists")
 }
 
-func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Property) error {
+func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Property, ignoreExist bool) error {
 	statusChan := make(chan string, 1)
+	retry := true
+
+retry:
 	err := cm.retryOnDisconnect(func(c *systemdDbus.Conn) error {
 		_, err := c.StartTransientUnitContext(context.TODO(), unitName, "replace", properties, statusChan)
 		return err
 	})
-	if err == nil {
-		timeout := time.NewTimer(30 * time.Second)
-		defer timeout.Stop()
-
-		select {
-		case s := <-statusChan:
-			close(statusChan)
-			// Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit
-			if s != "done" {
-				resetFailedUnit(cm, unitName)
-				return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s)
-			}
-		case <-timeout.C:
+	if err != nil {
+		if !isUnitExists(err) {
+			return err
+		}
+		if ignoreExist {
+			// TODO: remove this hack.
+			// This is kubelet making sure a slice exists (see
+			// https://github.com/opencontainers/runc/pull/1124).
+			return nil
+		}
+		if retry {
+			// In case a unit with the same name exists, this may
+			// be a leftover failed unit. Reset it, so systemd can
+			// remove it, and retry once.
 			resetFailedUnit(cm, unitName)
-			return errors.New("Timeout waiting for systemd to create " + unitName)
+			retry = false
+			goto retry
 		}
-	} else if !isUnitExists(err) {
 		return err
 	}
 
+	timeout := time.NewTimer(30 * time.Second)
+	defer timeout.Stop()
+
+	select {
+	case s := <-statusChan:
+		close(statusChan)
+		// Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit
+		if s != "done" {
+			resetFailedUnit(cm, unitName)
+			return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s)
+		}
+	case <-timeout.C:
+		resetFailedUnit(cm, unitName)
+		return errors.New("Timeout waiting for systemd to create " + unitName)
+	}
+
 	return nil
 }
 
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go
index 83d10dd705..dd474cf1b1 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go
@@ -51,5 +51,10 @@ func RangeToBits(str string) ([]byte, error) {
 		// do not allow empty values
 		return nil, errors.New("empty value")
 	}
+
+	// fit cpuset parsing order in systemd
+	for l, r := 0, len(ret)-1; l < r; l, r = l+1, r-1 {
+		ret[l], ret[r] = ret[r], ret[l]
+	}
 	return ret, nil
 }
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go
index a74a05a5cd..046c3056fb 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go
@@ -71,6 +71,7 @@ var legacySubsystems = []subsystem{
 	&fs.NetClsGroup{},
 	&fs.NameGroup{GroupName: "name=systemd"},
 	&fs.RdmaGroup{},
+	&fs.NameGroup{GroupName: "misc"},
 }
 
 func genV1ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) {
@@ -206,7 +207,7 @@ func (m *legacyManager) Apply(pid int) error {
 
 	properties = append(properties, c.SystemdProps...)
 
-	if err := startUnit(m.dbus, unitName, properties); err != nil {
+	if err := startUnit(m.dbus, unitName, properties, pid == -1); err != nil {
 		return err
 	}
 
@@ -273,14 +274,7 @@ func getSubsystemPath(slice, unit, subsystem string) (string, error) {
 		return "", err
 	}
 
-	initPath, err := cgroups.GetInitCgroup(subsystem)
-	if err != nil {
-		return "", err
-	}
-	// if pid 1 is systemd 226 or later, it will be in init.scope, not the root
-	initPath = strings.TrimSuffix(filepath.Clean(initPath), "init.scope")
-
-	return filepath.Join(mountpoint, initPath, slice, unit), nil
+	return filepath.Join(mountpoint, slice, unit), nil
 }
 
 func (m *legacyManager) Freeze(state configs.FreezerState) error {
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go
index de0cb974d4..94d24ee450 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go
@@ -284,7 +284,7 @@ func (m *unifiedManager) Apply(pid int) error {
 
 	properties = append(properties, c.SystemdProps...)
 
-	if err := startUnit(m.dbus, unitName, properties); err != nil {
+	if err := startUnit(m.dbus, unitName, properties, pid == -1); err != nil {
 		return fmt.Errorf("unable to start unit %q (properties %+v): %w", unitName, properties, err)
 	}
 
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
index b32af4ee53..fc4ae44a48 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
@@ -162,8 +162,10 @@ func readProcsFile(dir string) ([]int, error) {
 
 // ParseCgroupFile parses the given cgroup file, typically /proc/self/cgroup
 // or /proc/<pid>/cgroup, into a map of subsystems to cgroup paths, e.g.
-//   "cpu": "/user.slice/user-1000.slice"
-//   "pids": "/user.slice/user-1000.slice"
+//
+//	"cpu": "/user.slice/user-1000.slice"
+//	"pids": "/user.slice/user-1000.slice"
+//
 // etc.
 //
 // Note that for cgroup v2 unified hierarchy, there are no per-controller
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go
index 627621a58d..4fbd308dad 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go
@@ -131,9 +131,8 @@ func (v *ConfigValidator) cgroupnamespace(config *configs.Config) error {
 // convertSysctlVariableToDotsSeparator can return sysctl variables in dots separator format.
 // The '/' separator is also accepted in place of a '.'.
 // Convert the sysctl variables to dots separator format for validation.
-// More info:
-//   https://man7.org/linux/man-pages/man8/sysctl.8.html
-//   https://man7.org/linux/man-pages/man5/sysctl.d.5.html
+// More info: sysctl(8), sysctl.d(5).
+//
 // For example:
 // Input sysctl variable "net/ipv4/conf/eno2.100.rp_filter"
 // will return the converted value "net.ipv4.conf.eno2/100.rp_filter"
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go
index 9df830d8cd..dd61dfd3c9 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go
@@ -926,7 +926,7 @@ func (c *linuxContainer) criuSupportsExtNS(t configs.NamespaceType) bool {
 }
 
 func criuNsToKey(t configs.NamespaceType) string {
-	return "extRoot" + strings.Title(configs.NsName(t)) + "NS"
+	return "extRoot" + strings.Title(configs.NsName(t)) + "NS" //nolint:staticcheck // SA1019: strings.Title is deprecated
 }
 
 func (c *linuxContainer) handleCheckpointingExternalNamespaces(rpcOpts *criurpc.CriuOpts, t configs.NamespaceType) error {
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go
new file mode 100644
index 0000000000..cc1e2079a7
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go
@@ -0,0 +1,17 @@
+//go:build !go1.20
+// +build !go1.20
+
+package libcontainer
+
+import "golang.org/x/sys/unix"
+
+func eaccess(path string) error {
+	// This check is similar to access(2) with X_OK except for
+	// setuid/setgid binaries where it checks against the effective
+	// (rather than real) uid and gid. It is not needed in go 1.20
+	// and beyond and will be removed later.
+
+	// Relies on code added in https://go-review.googlesource.com/c/sys/+/468877
+	// and older CLs linked from there.
+	return unix.Faccessat(unix.AT_FDCWD, path, unix.X_OK, unix.AT_EACCESS)
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go
new file mode 100644
index 0000000000..7c049fd7aa
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go
@@ -0,0 +1,10 @@
+//go:build go1.20
+
+package libcontainer
+
+func eaccess(path string) error {
+	// Not needed in Go 1.20+ as the functionality is already in there
+	// (added by https://go.dev/cl/416115, https://go.dev/cl/414824,
+	// and fixed in Go 1.20.2 by https://go.dev/cl/469956).
+	return nil
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go
index e6c71ac34e..a1fa7de2d2 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go
@@ -179,6 +179,12 @@ func (l *LinuxFactory) Create(id string, config *configs.Config) (Container, err
 			return nil, fmt.Errorf("unable to get cgroup PIDs: %w", err)
 		}
 		if len(pids) != 0 {
+			if config.Cgroups.Systemd {
+				// systemd cgroup driver can't add a pid to an
+				// existing systemd unit and will return an
+				// error anyway, so let's error out early.
+				return nil, fmt.Errorf("container's cgroup is not empty: %d process(es) found", len(pids))
+			}
 			// TODO: return an error.
 			logrus.Warnf("container's cgroup is not empty: %d process(es) found", len(pids))
 			logrus.Warn("DEPRECATED: running container in a non-empty cgroup won't be supported in runc 1.2; https://github.com/opencontainers/runc/issues/3132")
@@ -338,10 +344,9 @@ func (l *LinuxFactory) StartInitialization() (err error) {
 
 	defer func() {
 		if e := recover(); e != nil {
-			if e, ok := e.(error); ok {
-				err = fmt.Errorf("panic from initialization: %w, %s", e, debug.Stack())
+			if ee, ok := e.(error); ok {
+				err = fmt.Errorf("panic from initialization: %w, %s", ee, debug.Stack())
 			} else {
-				//nolint:errorlint // here e is not of error type
 				err = fmt.Errorf("panic from initialization: %v, %s", e, debug.Stack())
 			}
 		}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go
index 1e5c394c3e..2e4c59353c 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go
@@ -411,8 +411,9 @@ func fixStdioPermissions(u *user.ExecUser) error {
 			return &os.PathError{Op: "fstat", Path: file.Name(), Err: err}
 		}
 
-		// Skip chown if uid is already the one we want.
-		if int(s.Uid) == u.Uid {
+		// Skip chown if uid is already the one we want or any of the STDIO descriptors
+		// were redirected to /dev/null.
+		if int(s.Uid) == u.Uid || s.Rdev == null.Rdev {
 			continue
 		}
 
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go
index ec7638e4d5..c3f88fc703 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go
@@ -329,26 +329,41 @@ func mountCgroupV2(m *configs.Mount, c *mountConfig) error {
 	if err := os.MkdirAll(dest, 0o755); err != nil {
 		return err
 	}
-	return utils.WithProcfd(c.root, m.Destination, func(procfd string) error {
-		if err := mount(m.Source, m.Destination, procfd, "cgroup2", uintptr(m.Flags), m.Data); err != nil {
-			// when we are in UserNS but CgroupNS is not unshared, we cannot mount cgroup2 (#2158)
-			if errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY) {
-				src := fs2.UnifiedMountpoint
-				if c.cgroupns && c.cgroup2Path != "" {
-					// Emulate cgroupns by bind-mounting
-					// the container cgroup path rather than
-					// the whole /sys/fs/cgroup.
-					src = c.cgroup2Path
-				}
-				err = mount(src, m.Destination, procfd, "", uintptr(m.Flags)|unix.MS_BIND, "")
-				if c.rootlessCgroups && errors.Is(err, unix.ENOENT) {
-					err = nil
-				}
-			}
-			return err
-		}
-		return nil
+	err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error {
+		return mount(m.Source, m.Destination, procfd, "cgroup2", uintptr(m.Flags), m.Data)
 	})
+	if err == nil || !(errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY)) {
+		return err
+	}
+
+	// When we are in UserNS but CgroupNS is not unshared, we cannot mount
+	// cgroup2 (#2158), so fall back to bind mount.
+	bindM := &configs.Mount{
+		Device:           "bind",
+		Source:           fs2.UnifiedMountpoint,
+		Destination:      m.Destination,
+		Flags:            unix.MS_BIND | m.Flags,
+		PropagationFlags: m.PropagationFlags,
+	}
+	if c.cgroupns && c.cgroup2Path != "" {
+		// Emulate cgroupns by bind-mounting the container cgroup path
+		// rather than the whole /sys/fs/cgroup.
+		bindM.Source = c.cgroup2Path
+	}
+	// mountToRootfs() handles remounting for MS_RDONLY.
+	// No need to set c.fd here, because mountToRootfs() calls utils.WithProcfd() by itself in mountPropagate().
+	err = mountToRootfs(bindM, c)
+	if c.rootlessCgroups && errors.Is(err, unix.ENOENT) {
+		// ENOENT (for `src = c.cgroup2Path`) happens when rootless runc is being executed
+		// outside the userns+mountns.
+		//
+		// Mask `/sys/fs/cgroup` to ensure it is read-only, even when `/sys` is mounted
+		// with `rbind,ro` (`runc spec --rootless` produces `rbind,ro` for `/sys`).
+		err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error {
+			return maskPath(procfd, c.label)
+		})
+	}
+	return err
 }
 
 func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) {
@@ -398,32 +413,43 @@ func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) {
 
 func mountToRootfs(m *configs.Mount, c *mountConfig) error {
 	rootfs := c.root
-	mountLabel := c.label
-	mountFd := c.fd
-	dest, err := securejoin.SecureJoin(rootfs, m.Destination)
-	if err != nil {
-		return err
-	}
 
+	// procfs and sysfs are special because we need to ensure they are actually
+	// mounted on a specific path in a container without any funny business.
 	switch m.Device {
 	case "proc", "sysfs":
 		// If the destination already exists and is not a directory, we bail
-		// out This is to avoid mounting through a symlink or similar -- which
+		// out. This is to avoid mounting through a symlink or similar -- which
 		// has been a "fun" attack scenario in the past.
 		// TODO: This won't be necessary once we switch to libpathrs and we can
 		//       stop all of these symlink-exchange attacks.
+		dest := filepath.Clean(m.Destination)
+		if !strings.HasPrefix(dest, rootfs) {
+			// Do not use securejoin as it resolves symlinks.
+			dest = filepath.Join(rootfs, dest)
+		}
 		if fi, err := os.Lstat(dest); err != nil {
 			if !os.IsNotExist(err) {
 				return err
 			}
-		} else if fi.Mode()&os.ModeDir == 0 {
+		} else if !fi.IsDir() {
 			return fmt.Errorf("filesystem %q must be mounted on ordinary directory", m.Device)
 		}
 		if err := os.MkdirAll(dest, 0o755); err != nil {
 			return err
 		}
-		// Selinux kernels do not support labeling of /proc or /sys
+		// Selinux kernels do not support labeling of /proc or /sys.
 		return mountPropagate(m, rootfs, "", nil)
+	}
+
+	mountLabel := c.label
+	mountFd := c.fd
+	dest, err := securejoin.SecureJoin(rootfs, m.Destination)
+	if err != nil {
+		return err
+	}
+
+	switch m.Device {
 	case "mqueue":
 		if err := os.MkdirAll(dest, 0o755); err != nil {
 			return err
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go
index 081d1503a3..c09a7bed30 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go
@@ -198,11 +198,12 @@ func (l *linuxStandardInit) Init() error {
 	if err != nil {
 		return err
 	}
-	// exec.LookPath might return no error for an executable residing on a
-	// file system mounted with noexec flag, so perform this extra check
-	// now while we can still return a proper error.
-	if err := system.Eaccess(name); err != nil {
-		return &os.PathError{Op: "exec", Path: name, Err: err}
+	// exec.LookPath in Go < 1.20 might return no error for an executable
+	// residing on a file system mounted with noexec flag, so perform this
+	// extra check now while we can still return a proper error.
+	// TODO: remove this once go < 1.20 is not supported.
+	if err := eaccess(name); err != nil {
+		return &os.PathError{Op: "eaccess", Path: name, Err: err}
 	}
 
 	// Set seccomp as close to execve as possible, so as few syscalls take
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/sync.go b/vendor/github.com/opencontainers/runc/libcontainer/sync.go
index c9a23ef3a7..25dc286307 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/sync.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/sync.go
@@ -15,16 +15,16 @@ type syncType string
 // during container setup. They come in pairs (with procError being a generic
 // response which is followed by an &initError).
 //
-// [  child  ] <-> [   parent   ]
+//	[  child  ] <-> [   parent   ]
 //
-// procHooks   --> [run hooks]
-//             <-- procResume
+//	procHooks   --> [run hooks]
+//	            <-- procResume
 //
-// procReady   --> [final setup]
-//             <-- procRun
+//	procReady   --> [final setup]
+//	            <-- procRun
 //
-// procSeccomp --> [pick up seccomp fd with pidfd_getfd()]
-//             <-- procSeccompDone
+//	procSeccomp --> [pick up seccomp fd with pidfd_getfd()]
+//	            <-- procSeccompDone
 const (
 	procError       syncType = "procError"
 	procReady       syncType = "procReady"
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go b/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go
index 039059a444..e1d6eb1803 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go
@@ -31,25 +31,6 @@ func (p ParentDeathSignal) Set() error {
 	return SetParentDeathSignal(uintptr(p))
 }
 
-// Eaccess is similar to unix.Access except for setuid/setgid binaries
-// it checks against the effective (rather than real) uid and gid.
-func Eaccess(path string) error {
-	err := unix.Faccessat2(unix.AT_FDCWD, path, unix.X_OK, unix.AT_EACCESS)
-	if err != unix.ENOSYS && err != unix.EPERM { //nolint:errorlint // unix errors are bare
-		return err
-	}
-
-	// Faccessat2() not available; check if we are a set[ug]id binary.
-	if os.Getuid() == os.Geteuid() && os.Getgid() == os.Getegid() {
-		// For a non-set[ug]id binary, use access(2).
-		return unix.Access(path, unix.X_OK)
-	}
-
-	// For a setuid/setgid binary, there is no fallback way
-	// so assume we can execute the binary.
-	return nil
-}
-
 func Execv(cmd string, args []string, env []string) error {
 	name, err := exec.LookPath(cmd)
 	if err != nil {
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go
index 2473c5eadd..a1e216683d 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go
@@ -280,13 +280,13 @@ func GetExecUserPath(userSpec string, defaults *ExecUser, passwdPath, groupPath
 // found in any entry in passwd and group respectively.
 //
 // Examples of valid user specifications are:
-//     * ""
-//     * "user"
-//     * "uid"
-//     * "user:group"
-//     * "uid:gid
-//     * "user:gid"
-//     * "uid:group"
+//   - ""
+//   - "user"
+//   - "uid"
+//   - "user:group"
+//   - "uid:gid
+//   - "user:gid"
+//   - "uid:group"
 //
 // It should be noted that if you specify a numeric user or group id, they will
 // not be evaluated as usernames (only the metadata will be filled). So attempting
diff --git a/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/patched_sc_accessors.go b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/patched_sc_accessors.go
new file mode 100644
index 0000000000..7b24270c93
--- /dev/null
+++ b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/patched_sc_accessors.go
@@ -0,0 +1,471 @@
+/*
+ * This file is a copy of k8s.io/kubernetes/pkg/securitycontext/accessors.go that
+ * contains the patch from https://github.com/kubernetes/kubernetes/pull/115968
+ * that only appears in kube 1.27.
+ * FIXME: Remove this file when OpenShift users kube 1.27 as its base.
+ */
+
+package sccmatching
+
+import (
+	"reflect"
+
+	api "k8s.io/kubernetes/pkg/apis/core"
+	"k8s.io/kubernetes/pkg/securitycontext"
+)
+
+type SecccompProfileAccessor interface {
+	SeccompProfile() *api.SeccompProfile
+}
+
+type SeccompProfileMutator interface {
+	SetSeccompProfile(*api.SeccompProfile)
+}
+
+type PatchedPodSecurityContextAccessor interface {
+	securitycontext.PodSecurityContextAccessor
+	SecccompProfileAccessor
+}
+
+type PatchedPodSecurityContextMutator interface {
+	securitycontext.PodSecurityContextMutator
+	SecccompProfileAccessor
+	SeccompProfileMutator
+}
+
+// NewPodSecurityContextAccessor returns an accessor for the given pod security context.
+// May be initialized with a nil PodSecurityContext.
+func NewPodSecurityContextAccessor(podSC *api.PodSecurityContext) PatchedPodSecurityContextAccessor {
+	return &podSecurityContextWrapper{podSC: podSC}
+}
+
+// NewPodSecurityContextMutator returns a mutator for the given pod security context.
+// May be initialized with a nil PodSecurityContext.
+func NewPodSecurityContextMutator(podSC *api.PodSecurityContext) PatchedPodSecurityContextMutator {
+	return &podSecurityContextWrapper{podSC: podSC}
+}
+
+type podSecurityContextWrapper struct {
+	podSC *api.PodSecurityContext
+}
+
+func (w *podSecurityContextWrapper) PodSecurityContext() *api.PodSecurityContext {
+	return w.podSC
+}
+
+func (w *podSecurityContextWrapper) ensurePodSC() {
+	if w.podSC == nil {
+		w.podSC = &api.PodSecurityContext{}
+	}
+}
+
+func (w *podSecurityContextWrapper) HostNetwork() bool {
+	if w.podSC == nil {
+		return false
+	}
+	return w.podSC.HostNetwork
+}
+func (w *podSecurityContextWrapper) SetHostNetwork(v bool) {
+	if w.podSC == nil && v == false {
+		return
+	}
+	w.ensurePodSC()
+	w.podSC.HostNetwork = v
+}
+func (w *podSecurityContextWrapper) HostPID() bool {
+	if w.podSC == nil {
+		return false
+	}
+	return w.podSC.HostPID
+}
+func (w *podSecurityContextWrapper) SetHostPID(v bool) {
+	if w.podSC == nil && v == false {
+		return
+	}
+	w.ensurePodSC()
+	w.podSC.HostPID = v
+}
+func (w *podSecurityContextWrapper) HostIPC() bool {
+	if w.podSC == nil {
+		return false
+	}
+	return w.podSC.HostIPC
+}
+func (w *podSecurityContextWrapper) SetHostIPC(v bool) {
+	if w.podSC == nil && v == false {
+		return
+	}
+	w.ensurePodSC()
+	w.podSC.HostIPC = v
+}
+func (w *podSecurityContextWrapper) SELinuxOptions() *api.SELinuxOptions {
+	if w.podSC == nil {
+		return nil
+	}
+	return w.podSC.SELinuxOptions
+}
+func (w *podSecurityContextWrapper) SetSELinuxOptions(v *api.SELinuxOptions) {
+	if w.podSC == nil && v == nil {
+		return
+	}
+	w.ensurePodSC()
+	w.podSC.SELinuxOptions = v
+}
+func (w *podSecurityContextWrapper) RunAsUser() *int64 {
+	if w.podSC == nil {
+		return nil
+	}
+	return w.podSC.RunAsUser
+}
+func (w *podSecurityContextWrapper) SetRunAsUser(v *int64) {
+	if w.podSC == nil && v == nil {
+		return
+	}
+	w.ensurePodSC()
+	w.podSC.RunAsUser = v
+}
+func (w *podSecurityContextWrapper) RunAsGroup() *int64 {
+	if w.podSC == nil {
+		return nil
+	}
+	return w.podSC.RunAsGroup
+}
+func (w *podSecurityContextWrapper) SetRunAsGroup(v *int64) {
+	if w.podSC == nil && v == nil {
+		return
+	}
+	w.ensurePodSC()
+	w.podSC.RunAsGroup = v
+}
+
+func (w *podSecurityContextWrapper) RunAsNonRoot() *bool {
+	if w.podSC == nil {
+		return nil
+	}
+	return w.podSC.RunAsNonRoot
+}
+func (w *podSecurityContextWrapper) SetRunAsNonRoot(v *bool) {
+	if w.podSC == nil && v == nil {
+		return
+	}
+	w.ensurePodSC()
+	w.podSC.RunAsNonRoot = v
+}
+func (w *podSecurityContextWrapper) SeccompProfile() *api.SeccompProfile {
+	if w.podSC == nil {
+		return nil
+	}
+	return w.podSC.SeccompProfile
+}
+func (w *podSecurityContextWrapper) SetSeccompProfile(p *api.SeccompProfile) {
+	if w.podSC == nil && p == nil {
+		return
+	}
+	w.ensurePodSC()
+	w.podSC.SeccompProfile = p
+}
+func (w *podSecurityContextWrapper) SupplementalGroups() []int64 {
+	if w.podSC == nil {
+		return nil
+	}
+	return w.podSC.SupplementalGroups
+}
+func (w *podSecurityContextWrapper) SetSupplementalGroups(v []int64) {
+	if w.podSC == nil && len(v) == 0 {
+		return
+	}
+	w.ensurePodSC()
+	if len(v) == 0 && len(w.podSC.SupplementalGroups) == 0 {
+		return
+	}
+	w.podSC.SupplementalGroups = v
+}
+func (w *podSecurityContextWrapper) FSGroup() *int64 {
+	if w.podSC == nil {
+		return nil
+	}
+	return w.podSC.FSGroup
+}
+func (w *podSecurityContextWrapper) SetFSGroup(v *int64) {
+	if w.podSC == nil && v == nil {
+		return
+	}
+	w.ensurePodSC()
+	w.podSC.FSGroup = v
+}
+
+type PatchedContainerSecurityContextAccessor interface {
+	securitycontext.ContainerSecurityContextAccessor
+	SecccompProfileAccessor
+}
+
+type PatchedContainerSecurityContextMutator interface {
+	securitycontext.ContainerSecurityContextMutator
+	SecccompProfileAccessor
+	SeccompProfileMutator
+}
+
+// NewContainerSecurityContextAccessor returns an accessor for the provided container security context
+// May be initialized with a nil SecurityContext
+func NewContainerSecurityContextAccessor(containerSC *api.SecurityContext) PatchedContainerSecurityContextAccessor {
+	return &containerSecurityContextWrapper{containerSC: containerSC}
+}
+
+// NewContainerSecurityContextMutator returns a mutator for the provided container security context
+// May be initialized with a nil SecurityContext
+func NewContainerSecurityContextMutator(containerSC *api.SecurityContext) PatchedContainerSecurityContextMutator {
+	return &containerSecurityContextWrapper{containerSC: containerSC}
+}
+
+type containerSecurityContextWrapper struct {
+	containerSC *api.SecurityContext
+}
+
+func (w *containerSecurityContextWrapper) ContainerSecurityContext() *api.SecurityContext {
+	return w.containerSC
+}
+
+func (w *containerSecurityContextWrapper) ensureContainerSC() {
+	if w.containerSC == nil {
+		w.containerSC = &api.SecurityContext{}
+	}
+}
+
+func (w *containerSecurityContextWrapper) Capabilities() *api.Capabilities {
+	if w.containerSC == nil {
+		return nil
+	}
+	return w.containerSC.Capabilities
+}
+func (w *containerSecurityContextWrapper) SetCapabilities(v *api.Capabilities) {
+	if w.containerSC == nil && v == nil {
+		return
+	}
+	w.ensureContainerSC()
+	w.containerSC.Capabilities = v
+}
+func (w *containerSecurityContextWrapper) Privileged() *bool {
+	if w.containerSC == nil {
+		return nil
+	}
+	return w.containerSC.Privileged
+}
+func (w *containerSecurityContextWrapper) SetPrivileged(v *bool) {
+	if w.containerSC == nil && v == nil {
+		return
+	}
+	w.ensureContainerSC()
+	w.containerSC.Privileged = v
+}
+func (w *containerSecurityContextWrapper) ProcMount() api.ProcMountType {
+	if w.containerSC == nil {
+		return api.DefaultProcMount
+	}
+	if w.containerSC.ProcMount == nil {
+		return api.DefaultProcMount
+	}
+	return *w.containerSC.ProcMount
+}
+func (w *containerSecurityContextWrapper) SELinuxOptions() *api.SELinuxOptions {
+	if w.containerSC == nil {
+		return nil
+	}
+	return w.containerSC.SELinuxOptions
+}
+func (w *containerSecurityContextWrapper) SetSELinuxOptions(v *api.SELinuxOptions) {
+	if w.containerSC == nil && v == nil {
+		return
+	}
+	w.ensureContainerSC()
+	w.containerSC.SELinuxOptions = v
+}
+func (w *containerSecurityContextWrapper) RunAsUser() *int64 {
+	if w.containerSC == nil {
+		return nil
+	}
+	return w.containerSC.RunAsUser
+}
+func (w *containerSecurityContextWrapper) SetRunAsUser(v *int64) {
+	if w.containerSC == nil && v == nil {
+		return
+	}
+	w.ensureContainerSC()
+	w.containerSC.RunAsUser = v
+}
+func (w *containerSecurityContextWrapper) RunAsGroup() *int64 {
+	if w.containerSC == nil {
+		return nil
+	}
+	return w.containerSC.RunAsGroup
+}
+func (w *containerSecurityContextWrapper) SetRunAsGroup(v *int64) {
+	if w.containerSC == nil && v == nil {
+		return
+	}
+	w.ensureContainerSC()
+	w.containerSC.RunAsGroup = v
+}
+
+func (w *containerSecurityContextWrapper) RunAsNonRoot() *bool {
+	if w.containerSC == nil {
+		return nil
+	}
+	return w.containerSC.RunAsNonRoot
+}
+func (w *containerSecurityContextWrapper) SetRunAsNonRoot(v *bool) {
+	if w.containerSC == nil && v == nil {
+		return
+	}
+	w.ensureContainerSC()
+	w.containerSC.RunAsNonRoot = v
+}
+func (w *containerSecurityContextWrapper) ReadOnlyRootFilesystem() *bool {
+	if w.containerSC == nil {
+		return nil
+	}
+	return w.containerSC.ReadOnlyRootFilesystem
+}
+func (w *containerSecurityContextWrapper) SetReadOnlyRootFilesystem(v *bool) {
+	if w.containerSC == nil && v == nil {
+		return
+	}
+	w.ensureContainerSC()
+	w.containerSC.ReadOnlyRootFilesystem = v
+}
+func (w *containerSecurityContextWrapper) SeccompProfile() *api.SeccompProfile {
+	if w.containerSC == nil {
+		return nil
+	}
+	return w.containerSC.SeccompProfile
+}
+func (w *containerSecurityContextWrapper) SetSeccompProfile(p *api.SeccompProfile) {
+	if w.containerSC == nil && p == nil {
+		return
+	}
+	w.ensureContainerSC()
+	w.containerSC.SeccompProfile = p
+}
+
+func (w *containerSecurityContextWrapper) AllowPrivilegeEscalation() *bool {
+	if w.containerSC == nil {
+		return nil
+	}
+	return w.containerSC.AllowPrivilegeEscalation
+}
+func (w *containerSecurityContextWrapper) SetAllowPrivilegeEscalation(v *bool) {
+	if w.containerSC == nil && v == nil {
+		return
+	}
+	w.ensureContainerSC()
+	w.containerSC.AllowPrivilegeEscalation = v
+}
+
+// NewEffectiveContainerSecurityContextAccessor returns an accessor for reading effective values
+// for the provided pod security context and container security context
+func NewEffectiveContainerSecurityContextAccessor(podSC PatchedPodSecurityContextAccessor, containerSC PatchedContainerSecurityContextMutator) PatchedContainerSecurityContextAccessor {
+	return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC}
+}
+
+// NewEffectiveContainerSecurityContextMutator returns a mutator for reading and writing effective values
+// for the provided pod security context and container security context
+func NewEffectiveContainerSecurityContextMutator(podSC PatchedPodSecurityContextAccessor, containerSC PatchedContainerSecurityContextMutator) PatchedContainerSecurityContextMutator {
+	return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC}
+}
+
+type effectiveContainerSecurityContextWrapper struct {
+	podSC       PatchedPodSecurityContextAccessor
+	containerSC PatchedContainerSecurityContextMutator
+}
+
+func (w *effectiveContainerSecurityContextWrapper) ContainerSecurityContext() *api.SecurityContext {
+	return w.containerSC.ContainerSecurityContext()
+}
+
+func (w *effectiveContainerSecurityContextWrapper) Capabilities() *api.Capabilities {
+	return w.containerSC.Capabilities()
+}
+func (w *effectiveContainerSecurityContextWrapper) SetCapabilities(v *api.Capabilities) {
+	if !reflect.DeepEqual(w.Capabilities(), v) {
+		w.containerSC.SetCapabilities(v)
+	}
+}
+func (w *effectiveContainerSecurityContextWrapper) Privileged() *bool {
+	return w.containerSC.Privileged()
+}
+func (w *effectiveContainerSecurityContextWrapper) SetPrivileged(v *bool) {
+	if !reflect.DeepEqual(w.Privileged(), v) {
+		w.containerSC.SetPrivileged(v)
+	}
+}
+func (w *effectiveContainerSecurityContextWrapper) ProcMount() api.ProcMountType {
+	return w.containerSC.ProcMount()
+}
+func (w *effectiveContainerSecurityContextWrapper) SELinuxOptions() *api.SELinuxOptions {
+	if v := w.containerSC.SELinuxOptions(); v != nil {
+		return v
+	}
+	return w.podSC.SELinuxOptions()
+}
+func (w *effectiveContainerSecurityContextWrapper) SetSELinuxOptions(v *api.SELinuxOptions) {
+	if !reflect.DeepEqual(w.SELinuxOptions(), v) {
+		w.containerSC.SetSELinuxOptions(v)
+	}
+}
+func (w *effectiveContainerSecurityContextWrapper) RunAsUser() *int64 {
+	if v := w.containerSC.RunAsUser(); v != nil {
+		return v
+	}
+	return w.podSC.RunAsUser()
+}
+func (w *effectiveContainerSecurityContextWrapper) SetRunAsUser(v *int64) {
+	if !reflect.DeepEqual(w.RunAsUser(), v) {
+		w.containerSC.SetRunAsUser(v)
+	}
+}
+func (w *effectiveContainerSecurityContextWrapper) RunAsGroup() *int64 {
+	if v := w.containerSC.RunAsGroup(); v != nil {
+		return v
+	}
+	return w.podSC.RunAsGroup()
+}
+func (w *effectiveContainerSecurityContextWrapper) SetRunAsGroup(v *int64) {
+	if !reflect.DeepEqual(w.RunAsGroup(), v) {
+		w.containerSC.SetRunAsGroup(v)
+	}
+}
+
+func (w *effectiveContainerSecurityContextWrapper) RunAsNonRoot() *bool {
+	if v := w.containerSC.RunAsNonRoot(); v != nil {
+		return v
+	}
+	return w.podSC.RunAsNonRoot()
+}
+func (w *effectiveContainerSecurityContextWrapper) SetRunAsNonRoot(v *bool) {
+	if !reflect.DeepEqual(w.RunAsNonRoot(), v) {
+		w.containerSC.SetRunAsNonRoot(v)
+	}
+}
+func (w *effectiveContainerSecurityContextWrapper) ReadOnlyRootFilesystem() *bool {
+	return w.containerSC.ReadOnlyRootFilesystem()
+}
+func (w *effectiveContainerSecurityContextWrapper) SetReadOnlyRootFilesystem(v *bool) {
+	if !reflect.DeepEqual(w.ReadOnlyRootFilesystem(), v) {
+		w.containerSC.SetReadOnlyRootFilesystem(v)
+	}
+}
+func (w *effectiveContainerSecurityContextWrapper) SeccompProfile() *api.SeccompProfile {
+	return w.containerSC.SeccompProfile()
+}
+func (w *effectiveContainerSecurityContextWrapper) SetSeccompProfile(p *api.SeccompProfile) {
+	if !reflect.DeepEqual(w.SeccompProfile(), p) {
+		w.containerSC.SetSeccompProfile(p)
+	}
+}
+func (w *effectiveContainerSecurityContextWrapper) AllowPrivilegeEscalation() *bool {
+	return w.containerSC.AllowPrivilegeEscalation()
+}
+func (w *effectiveContainerSecurityContextWrapper) SetAllowPrivilegeEscalation(v *bool) {
+	if !reflect.DeepEqual(w.AllowPrivilegeEscalation(), v) {
+		w.containerSC.SetAllowPrivilegeEscalation(v)
+	}
+}
diff --git a/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/provider.go b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/provider.go
index 2535000f94..dea78e1e83 100644
--- a/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/provider.go
+++ b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/provider.go
@@ -2,6 +2,7 @@ package sccmatching
 
 import (
 	"fmt"
+	"strings"
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -99,7 +100,7 @@ func NewSimpleProvider(scc *securityv1.SecurityContextConstraints) (SecurityCont
 // on the PodSecurityContext it will not be changed.  Validate should be used after the context
 // is created to ensure it complies with the required restrictions.
 func (s *simpleProvider) CreatePodSecurityContext(pod *api.Pod) (*api.PodSecurityContext, map[string]string, error) {
-	sc := securitycontext.NewPodSecurityContextMutator(pod.Spec.SecurityContext)
+	sc := NewPodSecurityContextMutator(pod.Spec.SecurityContext)
 
 	annotationsCopy := maps.CopySS(pod.Annotations)
 
@@ -138,6 +139,7 @@ func (s *simpleProvider) CreatePodSecurityContext(pod *api.Pod) (*api.PodSecurit
 			annotationsCopy = map[string]string{}
 		}
 		annotationsCopy[api.SeccompPodAnnotationKey] = seccompProfile
+		sc.SetSeccompProfile(seccompFieldForAnnotation(seccompProfile))
 	}
 
 	return sc.PodSecurityContext(), annotationsCopy, nil
@@ -147,9 +149,9 @@ func (s *simpleProvider) CreatePodSecurityContext(pod *api.Pod) (*api.PodSecurit
 // container's security context then it will not be changed.  Validation should be used after
 // the context is created to ensure it complies with the required restrictions.
 func (s *simpleProvider) CreateContainerSecurityContext(pod *api.Pod, container *api.Container) (*api.SecurityContext, error) {
-	sc := securitycontext.NewEffectiveContainerSecurityContextMutator(
-		securitycontext.NewPodSecurityContextAccessor(pod.Spec.SecurityContext),
-		securitycontext.NewContainerSecurityContextMutator(container.SecurityContext),
+	sc := NewEffectiveContainerSecurityContextMutator(
+		NewPodSecurityContextAccessor(pod.Spec.SecurityContext),
+		NewContainerSecurityContextMutator(container.SecurityContext),
 	)
 	if sc.RunAsUser() == nil {
 		uid, err := s.runAsUserStrategy.Generate(pod, container)
@@ -214,6 +216,11 @@ func (s *simpleProvider) CreateContainerSecurityContext(pod *api.Pod, container
 		}
 	}
 
+	containerSeccomp, ok := pod.Annotations[api.SeccompContainerAnnotationKeyPrefix+container.Name]
+	if ok {
+		sc.SetSeccompProfile(seccompFieldForAnnotation(containerSeccomp))
+	}
+
 	// if the SCC sets DefaultAllowPrivilegeEscalation and the container security context
 	// allowPrivilegeEscalation is not set, then default to that set by the SCC.
 	//
@@ -497,3 +504,34 @@ func allowsVolumeType(allowedVolumes sets.String, fsType securityv1.FSType, volu
 		fsType == securityv1.FSProjected &&
 		sccutil.IsOnlyServiceAccountTokenSources(volumeSource.Projected)
 }
+
+// seccompFieldForAnnotation takes a pod annotation and returns the converted
+// seccomp profile field.
+// SeccompAnnotations removal is planned for Kube 1.27, remove this logic afterwards
+func seccompFieldForAnnotation(annotation string) *api.SeccompProfile {
+	// If only seccomp annotations are specified, copy the values into the
+	// corresponding fields. This ensures that existing applications continue
+	// to enforce seccomp, and prevents the kubelet from needing to resolve
+	// annotations & fields.
+	if annotation == corev1.SeccompProfileNameUnconfined {
+		return &api.SeccompProfile{Type: api.SeccompProfileTypeUnconfined}
+	}
+
+	if annotation == api.SeccompProfileRuntimeDefault || annotation == api.DeprecatedSeccompProfileDockerDefault {
+		return &api.SeccompProfile{Type: api.SeccompProfileTypeRuntimeDefault}
+	}
+
+	if strings.HasPrefix(annotation, corev1.SeccompLocalhostProfileNamePrefix) {
+		localhostProfile := strings.TrimPrefix(annotation, corev1.SeccompLocalhostProfileNamePrefix)
+		if localhostProfile != "" {
+			return &api.SeccompProfile{
+				Type:             api.SeccompProfileTypeLocalhost,
+				LocalhostProfile: &localhostProfile,
+			}
+		}
+	}
+
+	// we can only reach this code path if the localhostProfile name has a zero
+	// length or if the annotation has an unrecognized value
+	return nil
+}
diff --git a/vendor/golang.org/x/net/html/doc.go b/vendor/golang.org/x/net/html/doc.go
index 822ed42a04..7a96eae331 100644
--- a/vendor/golang.org/x/net/html/doc.go
+++ b/vendor/golang.org/x/net/html/doc.go
@@ -92,6 +92,21 @@ example, to process each anchor node in depth-first order:
 The relevant specifications include:
 https://html.spec.whatwg.org/multipage/syntax.html and
 https://html.spec.whatwg.org/multipage/syntax.html#tokenization
+
+# Security Considerations
+
+Care should be taken when parsing and interpreting HTML, whether full documents
+or fragments, within the framework of the HTML specification, especially with
+regard to untrusted inputs.
+
+This package provides both a tokenizer and a parser. Only the parser constructs
+a DOM according to the HTML specification, resolving malformed and misplaced
+tags where appropriate. The tokenizer simply tokenizes the HTML presented to it,
+and as such does not resolve issues that may exist in the processed HTML,
+producing a literal interpretation of the input.
+
+If your use case requires semantically well-formed HTML, as defined by the
+WHATWG specifiction, the parser should be used rather than the tokenizer.
 */
 package html // import "golang.org/x/net/html"
 
diff --git a/vendor/golang.org/x/net/html/escape.go b/vendor/golang.org/x/net/html/escape.go
index d856139620..04c6bec210 100644
--- a/vendor/golang.org/x/net/html/escape.go
+++ b/vendor/golang.org/x/net/html/escape.go
@@ -193,6 +193,87 @@ func lower(b []byte) []byte {
 	return b
 }
 
+// escapeComment is like func escape but escapes its input bytes less often.
+// Per https://github.com/golang/go/issues/58246 some HTML comments are (1)
+// meaningful and (2) contain angle brackets that we'd like to avoid escaping
+// unless we have to.
+//
+// "We have to" includes the '&' byte, since that introduces other escapes.
+//
+// It also includes those bytes (not including EOF) that would otherwise end
+// the comment. Per the summary table at the bottom of comment_test.go, this is
+// the '>' byte that, per above, we'd like to avoid escaping unless we have to.
+//
+// Studying the summary table (and T actions in its '>' column) closely, we
+// only need to escape in states 43, 44, 49, 51 and 52. State 43 is at the
+// start of the comment data. State 52 is after a '!'. The other three states
+// are after a '-'.
+//
+// Our algorithm is thus to escape every '&' and to escape '>' if and only if:
+//   - The '>' is after a '!' or '-' (in the unescaped data) or
+//   - The '>' is at the start of the comment data (after the opening "<!--").
+func escapeComment(w writer, s string) error {
+	// When modifying this function, consider manually increasing the
+	// maxSuffixLen constant in func TestComments, from 6 to e.g. 9 or more.
+	// That increase should only be temporary, not committed, as it
+	// exponentially affects the test running time.
+
+	if len(s) == 0 {
+		return nil
+	}
+
+	// Loop:
+	//   - Grow j such that s[i:j] does not need escaping.
+	//   - If s[j] does need escaping, output s[i:j] and an escaped s[j],
+	//     resetting i and j to point past that s[j] byte.
+	i := 0
+	for j := 0; j < len(s); j++ {
+		escaped := ""
+		switch s[j] {
+		case '&':
+			escaped = "&amp;"
+
+		case '>':
+			if j > 0 {
+				if prev := s[j-1]; (prev != '!') && (prev != '-') {
+					continue
+				}
+			}
+			escaped = "&gt;"
+
+		default:
+			continue
+		}
+
+		if i < j {
+			if _, err := w.WriteString(s[i:j]); err != nil {
+				return err
+			}
+		}
+		if _, err := w.WriteString(escaped); err != nil {
+			return err
+		}
+		i = j + 1
+	}
+
+	if i < len(s) {
+		if _, err := w.WriteString(s[i:]); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// escapeCommentString is to EscapeString as escapeComment is to escape.
+func escapeCommentString(s string) string {
+	if strings.IndexAny(s, "&>") == -1 {
+		return s
+	}
+	var buf bytes.Buffer
+	escapeComment(&buf, s)
+	return buf.String()
+}
+
 const escapedChars = "&'<>\"\r"
 
 func escape(w writer, s string) error {
diff --git a/vendor/golang.org/x/net/html/render.go b/vendor/golang.org/x/net/html/render.go
index 497e132042..8b28031905 100644
--- a/vendor/golang.org/x/net/html/render.go
+++ b/vendor/golang.org/x/net/html/render.go
@@ -85,7 +85,7 @@ func render1(w writer, n *Node) error {
 		if _, err := w.WriteString("<!--"); err != nil {
 			return err
 		}
-		if err := escape(w, n.Data); err != nil {
+		if err := escapeComment(w, n.Data); err != nil {
 			return err
 		}
 		if _, err := w.WriteString("-->"); err != nil {
diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
index 50f7c6aac8..5c2a1f4efa 100644
--- a/vendor/golang.org/x/net/html/token.go
+++ b/vendor/golang.org/x/net/html/token.go
@@ -110,7 +110,7 @@ func (t Token) String() string {
 	case SelfClosingTagToken:
 		return "<" + t.tagString() + "/>"
 	case CommentToken:
-		return "<!--" + EscapeString(t.Data) + "-->"
+		return "<!--" + escapeCommentString(t.Data) + "-->"
 	case DoctypeToken:
 		return "<!DOCTYPE " + EscapeString(t.Data) + ">"
 	}
@@ -598,10 +598,10 @@ scriptDataDoubleEscapeEnd:
 // readComment reads the next comment token starting with "<!--". The opening
 // "<!--" has already been consumed.
 func (z *Tokenizer) readComment() {
-	// When modifying this function, consider manually increasing the suffixLen
-	// constant in func TestComments, from 6 to e.g. 9 or more. That increase
-	// should only be temporary, not committed, as it exponentially affects the
-	// test running time.
+	// When modifying this function, consider manually increasing the
+	// maxSuffixLen constant in func TestComments, from 6 to e.g. 9 or more.
+	// That increase should only be temporary, not committed, as it
+	// exponentially affects the test running time.
 
 	z.data.start = z.raw.end
 	defer func() {
diff --git a/vendor/golang.org/x/sync/singleflight/singleflight.go b/vendor/golang.org/x/sync/singleflight/singleflight.go
index 690eb85013..8473fb7922 100644
--- a/vendor/golang.org/x/sync/singleflight/singleflight.go
+++ b/vendor/golang.org/x/sync/singleflight/singleflight.go
@@ -52,10 +52,6 @@ type call struct {
 	val interface{}
 	err error
 
-	// forgotten indicates whether Forget was called with this call's key
-	// while the call was still in flight.
-	forgotten bool
-
 	// These fields are read and written with the singleflight
 	// mutex held before the WaitGroup is done, and are read but
 	// not written after the WaitGroup is done.
@@ -148,10 +144,10 @@ func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) {
 			c.err = errGoexit
 		}
 
-		c.wg.Done()
 		g.mu.Lock()
 		defer g.mu.Unlock()
-		if !c.forgotten {
+		c.wg.Done()
+		if g.m[key] == c {
 			delete(g.m, key)
 		}
 
@@ -204,9 +200,6 @@ func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) {
 // an earlier call to complete.
 func (g *Group) Forget(key string) {
 	g.mu.Lock()
-	if c, ok := g.m[key]; ok {
-		c.forgotten = true
-	}
 	delete(g.m, key)
 	g.mu.Unlock()
 }
diff --git a/vendor/golang.org/x/sys/cpu/hwcap_linux.go b/vendor/golang.org/x/sys/cpu/hwcap_linux.go
index f3baa37932..1d9d91f3ed 100644
--- a/vendor/golang.org/x/sys/cpu/hwcap_linux.go
+++ b/vendor/golang.org/x/sys/cpu/hwcap_linux.go
@@ -24,6 +24,21 @@ var hwCap uint
 var hwCap2 uint
 
 func readHWCAP() error {
+	// For Go 1.21+, get auxv from the Go runtime.
+	if a := getAuxv(); len(a) > 0 {
+		for len(a) >= 2 {
+			tag, val := a[0], uint(a[1])
+			a = a[2:]
+			switch tag {
+			case _AT_HWCAP:
+				hwCap = val
+			case _AT_HWCAP2:
+				hwCap2 = val
+			}
+		}
+		return nil
+	}
+
 	buf, err := ioutil.ReadFile(procAuxv)
 	if err != nil {
 		// e.g. on android /proc/self/auxv is not accessible, so silently
diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv.go b/vendor/golang.org/x/sys/cpu/runtime_auxv.go
new file mode 100644
index 0000000000..5f92ac9a2e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/runtime_auxv.go
@@ -0,0 +1,16 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+// getAuxvFn is non-nil on Go 1.21+ (via runtime_auxv_go121.go init)
+// on platforms that use auxv.
+var getAuxvFn func() []uintptr
+
+func getAuxv() []uintptr {
+	if getAuxvFn == nil {
+		return nil
+	}
+	return getAuxvFn()
+}
diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
new file mode 100644
index 0000000000..b975ea2a04
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
@@ -0,0 +1,19 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+// +build go1.21
+
+package cpu
+
+import (
+	_ "unsafe" // for linkname
+)
+
+//go:linkname runtime_getAuxv runtime.getAuxv
+func runtime_getAuxv() []uintptr
+
+func init() {
+	getAuxvFn = runtime_getAuxv
+}
diff --git a/vendor/golang.org/x/sys/execabs/execabs.go b/vendor/golang.org/x/sys/execabs/execabs.go
index b981cfbb4a..3bf40fdfec 100644
--- a/vendor/golang.org/x/sys/execabs/execabs.go
+++ b/vendor/golang.org/x/sys/execabs/execabs.go
@@ -63,7 +63,7 @@ func LookPath(file string) (string, error) {
 }
 
 func fixCmd(name string, cmd *exec.Cmd) {
-	if filepath.Base(name) == name && !filepath.IsAbs(cmd.Path) {
+	if filepath.Base(name) == name && !filepath.IsAbs(cmd.Path) && !isGo119ErrFieldSet(cmd) {
 		// exec.Command was called with a bare binary name and
 		// exec.LookPath returned a path which is not absolute.
 		// Set cmd.lookPathErr and clear cmd.Path so that it
diff --git a/vendor/golang.org/x/sys/execabs/execabs_go118.go b/vendor/golang.org/x/sys/execabs/execabs_go118.go
index 6ab5f50894..2000064a81 100644
--- a/vendor/golang.org/x/sys/execabs/execabs_go118.go
+++ b/vendor/golang.org/x/sys/execabs/execabs_go118.go
@@ -7,6 +7,12 @@
 
 package execabs
 
+import "os/exec"
+
 func isGo119ErrDot(err error) bool {
 	return false
 }
+
+func isGo119ErrFieldSet(cmd *exec.Cmd) bool {
+	return false
+}
diff --git a/vendor/golang.org/x/sys/execabs/execabs_go119.go b/vendor/golang.org/x/sys/execabs/execabs_go119.go
index 46c5b525e7..f364b34189 100644
--- a/vendor/golang.org/x/sys/execabs/execabs_go119.go
+++ b/vendor/golang.org/x/sys/execabs/execabs_go119.go
@@ -15,3 +15,7 @@ import (
 func isGo119ErrDot(err error) bool {
 	return errors.Is(err, exec.ErrDot)
 }
+
+func isGo119ErrFieldSet(cmd *exec.Cmd) bool {
+	return cmd.Err != nil
+}
diff --git a/vendor/golang.org/x/sys/unix/ioctl.go b/vendor/golang.org/x/sys/unix/ioctl.go
index 1c51b0ec2b..7ce8dd406f 100644
--- a/vendor/golang.org/x/sys/unix/ioctl.go
+++ b/vendor/golang.org/x/sys/unix/ioctl.go
@@ -8,7 +8,6 @@
 package unix
 
 import (
-	"runtime"
 	"unsafe"
 )
 
@@ -27,7 +26,7 @@ func IoctlSetInt(fd int, req uint, value int) error {
 // passing the integer value directly.
 func IoctlSetPointerInt(fd int, req uint, value int) error {
 	v := int32(value)
-	return ioctl(fd, req, uintptr(unsafe.Pointer(&v)))
+	return ioctlPtr(fd, req, unsafe.Pointer(&v))
 }
 
 // IoctlSetWinsize performs an ioctl on fd with a *Winsize argument.
@@ -36,9 +35,7 @@ func IoctlSetPointerInt(fd int, req uint, value int) error {
 func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
 	// TODO: if we get the chance, remove the req parameter and
 	// hardcode TIOCSWINSZ.
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
-	return err
+	return ioctlPtr(fd, req, unsafe.Pointer(value))
 }
 
 // IoctlSetTermios performs an ioctl on fd with a *Termios.
@@ -46,9 +43,7 @@ func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
 // The req value will usually be TCSETA or TIOCSETA.
 func IoctlSetTermios(fd int, req uint, value *Termios) error {
 	// TODO: if we get the chance, remove the req parameter.
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
-	return err
+	return ioctlPtr(fd, req, unsafe.Pointer(value))
 }
 
 // IoctlGetInt performs an ioctl operation which gets an integer value
@@ -58,18 +53,18 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error {
 // for those, IoctlRetInt should be used instead of this function.
 func IoctlGetInt(fd int, req uint) (int, error) {
 	var value int
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return value, err
 }
 
 func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
 	var value Winsize
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return &value, err
 }
 
 func IoctlGetTermios(fd int, req uint) (*Termios, error) {
 	var value Termios
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return &value, err
 }
diff --git a/vendor/golang.org/x/sys/unix/ioctl_zos.go b/vendor/golang.org/x/sys/unix/ioctl_zos.go
index 5384e7d91d..6532f09af2 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_zos.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_zos.go
@@ -27,9 +27,7 @@ func IoctlSetInt(fd int, req uint, value int) error {
 func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
 	// TODO: if we get the chance, remove the req parameter and
 	// hardcode TIOCSWINSZ.
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
-	return err
+	return ioctlPtr(fd, req, unsafe.Pointer(value))
 }
 
 // IoctlSetTermios performs an ioctl on fd with a *Termios.
@@ -51,13 +49,13 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error {
 // for those, IoctlRetInt should be used instead of this function.
 func IoctlGetInt(fd int, req uint) (int, error) {
 	var value int
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return value, err
 }
 
 func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
 	var value Winsize
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return &value, err
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/vendor/golang.org/x/sys/unix/ptrace_darwin.go
index 463c3eff7f..39dba6ca6a 100644
--- a/vendor/golang.org/x/sys/unix/ptrace_darwin.go
+++ b/vendor/golang.org/x/sys/unix/ptrace_darwin.go
@@ -7,6 +7,12 @@
 
 package unix
 
+import "unsafe"
+
 func ptrace(request int, pid int, addr uintptr, data uintptr) error {
 	return ptrace1(request, pid, addr, data)
 }
+
+func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) error {
+	return ptrace1Ptr(request, pid, addr, data)
+}
diff --git a/vendor/golang.org/x/sys/unix/ptrace_ios.go b/vendor/golang.org/x/sys/unix/ptrace_ios.go
index ed0509a011..9ea66330a9 100644
--- a/vendor/golang.org/x/sys/unix/ptrace_ios.go
+++ b/vendor/golang.org/x/sys/unix/ptrace_ios.go
@@ -7,6 +7,12 @@
 
 package unix
 
+import "unsafe"
+
 func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
 	return ENOTSUP
 }
+
+func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+	return ENOTSUP
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go
index 2db1b51e99..d9f5544ccf 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix.go
@@ -292,9 +292,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 				break
 			}
 		}
-
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
@@ -411,6 +409,7 @@ func (w WaitStatus) CoreDump() bool { return w&0x80 == 0x80 }
 func (w WaitStatus) TrapCause() int { return -1 }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = ioctl
 
 // fcntl must never be called with cmd=F_DUP2FD because it doesn't work on AIX
 // There is no way to create a custom fcntl and to keep //sys fcntl easily,
diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go
index eda42671f1..7705c3270b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -245,8 +245,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 				break
 			}
 		}
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go
index 192b071b3d..7064d6ebab 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go
@@ -14,7 +14,6 @@ package unix
 
 import (
 	"fmt"
-	"runtime"
 	"syscall"
 	"unsafe"
 )
@@ -376,11 +375,10 @@ func Flistxattr(fd int, dest []byte) (sz int, err error) {
 func Kill(pid int, signum syscall.Signal) (err error) { return kill(pid, int(signum), 1) }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 func IoctlCtlInfo(fd int, ctlInfo *CtlInfo) error {
-	err := ioctl(fd, CTLIOCGINFO, uintptr(unsafe.Pointer(ctlInfo)))
-	runtime.KeepAlive(ctlInfo)
-	return err
+	return ioctlPtr(fd, CTLIOCGINFO, unsafe.Pointer(ctlInfo))
 }
 
 // IfreqMTU is struct ifreq used to get or set a network device's MTU.
@@ -394,16 +392,14 @@ type IfreqMTU struct {
 func IoctlGetIfreqMTU(fd int, ifname string) (*IfreqMTU, error) {
 	var ifreq IfreqMTU
 	copy(ifreq.Name[:], ifname)
-	err := ioctl(fd, SIOCGIFMTU, uintptr(unsafe.Pointer(&ifreq)))
+	err := ioctlPtr(fd, SIOCGIFMTU, unsafe.Pointer(&ifreq))
 	return &ifreq, err
 }
 
 // IoctlSetIfreqMTU performs the SIOCSIFMTU ioctl operation on fd to set the MTU
 // of the network device specified by ifreq.Name.
 func IoctlSetIfreqMTU(fd int, ifreq *IfreqMTU) error {
-	err := ioctl(fd, SIOCSIFMTU, uintptr(unsafe.Pointer(ifreq)))
-	runtime.KeepAlive(ifreq)
-	return err
+	return ioctlPtr(fd, SIOCSIFMTU, unsafe.Pointer(ifreq))
 }
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS_SYSCTL
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
index b37310ce9b..9fa879806b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
@@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr,
 //sys	getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT64
 //sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
 //sys	ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace
+//sys	ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace
 //sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
 //sys	Statfs(path string, stat *Statfs_t) (err error) = SYS_STATFS64
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
index d51ec99630..f17b8c526a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
@@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr,
 //sys	getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT
 //sys	Lstat(path string, stat *Stat_t) (err error)
 //sys	ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace
+//sys	ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace
 //sys	Stat(path string, stat *Stat_t) (err error)
 //sys	Statfs(path string, stat *Statfs_t) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
index a41111a794..221efc26bc 100644
--- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
+++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
@@ -172,6 +172,7 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
 }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
index d50b9dc250..5bdde03e4a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
@@ -161,7 +161,8 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
 	return
 }
 
-//sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
@@ -253,6 +254,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 //sys	ptrace(request int, pid int, addr uintptr, data int) (err error)
+//sys	ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) = SYS_PTRACE
 
 func PtraceAttach(pid int) (err error) {
 	return ptrace(PT_ATTACH, pid, 0, 0)
@@ -267,19 +269,36 @@ func PtraceDetach(pid int) (err error) {
 }
 
 func PtraceGetFpRegs(pid int, fpregsout *FpReg) (err error) {
-	return ptrace(PT_GETFPREGS, pid, uintptr(unsafe.Pointer(fpregsout)), 0)
+	return ptracePtr(PT_GETFPREGS, pid, unsafe.Pointer(fpregsout), 0)
 }
 
 func PtraceGetRegs(pid int, regsout *Reg) (err error) {
-	return ptrace(PT_GETREGS, pid, uintptr(unsafe.Pointer(regsout)), 0)
+	return ptracePtr(PT_GETREGS, pid, unsafe.Pointer(regsout), 0)
+}
+
+func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
+	ioDesc := PtraceIoDesc{
+		Op:   int32(req),
+		Offs: offs,
+	}
+	if countin > 0 {
+		_ = out[:countin] // check bounds
+		ioDesc.Addr = &out[0]
+	} else if out != nil {
+		ioDesc.Addr = (*byte)(unsafe.Pointer(&_zero))
+	}
+	ioDesc.SetLen(countin)
+
+	err = ptracePtr(PT_IO, pid, unsafe.Pointer(&ioDesc), 0)
+	return int(ioDesc.Len), err
 }
 
 func PtraceLwpEvents(pid int, enable int) (err error) {
 	return ptrace(PT_LWP_EVENTS, pid, 0, enable)
 }
 
-func PtraceLwpInfo(pid int, info uintptr) (err error) {
-	return ptrace(PT_LWPINFO, pid, info, int(unsafe.Sizeof(PtraceLwpInfoStruct{})))
+func PtraceLwpInfo(pid int, info *PtraceLwpInfoStruct) (err error) {
+	return ptracePtr(PT_LWPINFO, pid, unsafe.Pointer(info), int(unsafe.Sizeof(*info)))
 }
 
 func PtracePeekData(pid int, addr uintptr, out []byte) (count int, err error) {
@@ -299,13 +318,25 @@ func PtracePokeText(pid int, addr uintptr, data []byte) (count int, err error) {
 }
 
 func PtraceSetRegs(pid int, regs *Reg) (err error) {
-	return ptrace(PT_SETREGS, pid, uintptr(unsafe.Pointer(regs)), 0)
+	return ptracePtr(PT_SETREGS, pid, unsafe.Pointer(regs), 0)
 }
 
 func PtraceSingleStep(pid int) (err error) {
 	return ptrace(PT_STEP, pid, 1, 0)
 }
 
+func Dup3(oldfd, newfd, flags int) error {
+	if oldfd == newfd || flags&^O_CLOEXEC != 0 {
+		return EINVAL
+	}
+	how := F_DUP2FD
+	if flags&O_CLOEXEC != 0 {
+		how = F_DUP2FD_CLOEXEC
+	}
+	_, err := fcntl(oldfd, how, newfd)
+	return err
+}
+
 /*
  * Exposed directly
  */
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
index 6a91d471d0..b8da510043 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
+func (d *PtraceIoDesc) SetLen(length int) {
+	d.Len = uint32(length)
+}
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	var writtenOut uint64 = 0
 	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0)
@@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
 func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
-	return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
-}
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{
-		Op:   int32(req),
-		Offs: offs,
-		Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
-		Len:  uint32(countin),
-	}
-	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
-	return int(ioDesc.Len), err
+	return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
index 48110a0abb..47155c4839 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
+func (d *PtraceIoDesc) SetLen(length int) {
+	d.Len = uint64(length)
+}
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	var writtenOut uint64 = 0
 	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
@@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
 func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
-	return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
-}
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{
-		Op:   int32(req),
-		Offs: offs,
-		Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
-		Len:  uint64(countin),
-	}
-	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
-	return int(ioDesc.Len), err
+	return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
index 52f1d4b75a..08932093fa 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
+func (d *PtraceIoDesc) SetLen(length int) {
+	d.Len = uint32(length)
+}
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	var writtenOut uint64 = 0
 	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0)
@@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{
-		Op:   int32(req),
-		Offs: offs,
-		Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
-		Len:  uint32(countin),
-	}
-	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
-	return int(ioDesc.Len), err
-}
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
index 5537ee4f2e..d151a0d0e5 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
+func (d *PtraceIoDesc) SetLen(length int) {
+	d.Len = uint64(length)
+}
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	var writtenOut uint64 = 0
 	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
@@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{
-		Op:   int32(req),
-		Offs: offs,
-		Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
-		Len:  uint64(countin),
-	}
-	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
-	return int(ioDesc.Len), err
-}
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
index 164abd5d21..d5cd64b378 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
+func (d *PtraceIoDesc) SetLen(length int) {
+	d.Len = uint64(length)
+}
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	var writtenOut uint64 = 0
 	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
@@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{
-		Op:   int32(req),
-		Offs: offs,
-		Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
-		Len:  uint64(countin),
-	}
-	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
-	return int(ioDesc.Len), err
-}
diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd.go b/vendor/golang.org/x/sys/unix/syscall_hurd.go
index 4ffb64808d..381fd4673b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_hurd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_hurd.go
@@ -20,3 +20,11 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	}
 	return
 }
+
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	r0, er := C.ioctl(C.int(fd), C.ulong(req), C.uintptr_t(uintptr(arg)))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index 5443dddd48..9735331530 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -1015,8 +1015,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		for n < len(pp.Path) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
@@ -1365,6 +1364,10 @@ func SetsockoptTCPRepairOpt(fd, level, opt int, o []TCPRepairOpt) (err error) {
 	return setsockopt(fd, level, opt, unsafe.Pointer(&o[0]), uintptr(SizeofTCPRepairOpt*len(o)))
 }
 
+func SetsockoptTCPMD5Sig(fd, level, opt int, s *TCPMD5Sig) error {
+	return setsockopt(fd, level, opt, unsafe.Pointer(s), unsafe.Sizeof(*s))
+}
+
 // Keyctl Commands (http://man7.org/linux/man-pages/man2/keyctl.2.html)
 
 // KeyctlInt calls keyctl commands in which each argument is an int.
@@ -1579,6 +1582,7 @@ func BindToDevice(fd int, device string) (err error) {
 }
 
 //sys	ptrace(request int, pid int, addr uintptr, data uintptr) (err error)
+//sys	ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) = SYS_PTRACE
 
 func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err error) {
 	// The peek requests are machine-size oriented, so we wrap it
@@ -1596,7 +1600,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro
 	// boundary.
 	n := 0
 	if addr%SizeofPtr != 0 {
-		err = ptrace(req, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0])))
+		err = ptracePtr(req, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0]))
 		if err != nil {
 			return 0, err
 		}
@@ -1608,7 +1612,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro
 	for len(out) > 0 {
 		// We use an internal buffer to guarantee alignment.
 		// It's not documented if this is necessary, but we're paranoid.
-		err = ptrace(req, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0])))
+		err = ptracePtr(req, pid, addr+uintptr(n), unsafe.Pointer(&buf[0]))
 		if err != nil {
 			return n, err
 		}
@@ -1640,7 +1644,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c
 	n := 0
 	if addr%SizeofPtr != 0 {
 		var buf [SizeofPtr]byte
-		err = ptrace(peekReq, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0])))
+		err = ptracePtr(peekReq, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0]))
 		if err != nil {
 			return 0, err
 		}
@@ -1667,7 +1671,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c
 	// Trailing edge.
 	if len(data) > 0 {
 		var buf [SizeofPtr]byte
-		err = ptrace(peekReq, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0])))
+		err = ptracePtr(peekReq, pid, addr+uintptr(n), unsafe.Pointer(&buf[0]))
 		if err != nil {
 			return n, err
 		}
@@ -1696,11 +1700,11 @@ func PtracePokeUser(pid int, addr uintptr, data []byte) (count int, err error) {
 }
 
 func PtraceGetRegs(pid int, regsout *PtraceRegs) (err error) {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 func PtraceSetRegs(pid int, regs *PtraceRegs) (err error) {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
 
 func PtraceSetOptions(pid int, options int) (err error) {
@@ -1709,7 +1713,7 @@ func PtraceSetOptions(pid int, options int) (err error) {
 
 func PtraceGetEventMsg(pid int) (msg uint, err error) {
 	var data _C_long
-	err = ptrace(PTRACE_GETEVENTMSG, pid, 0, uintptr(unsafe.Pointer(&data)))
+	err = ptracePtr(PTRACE_GETEVENTMSG, pid, 0, unsafe.Pointer(&data))
 	msg = uint(data)
 	return
 }
@@ -2154,6 +2158,14 @@ func isGroupMember(gid int) bool {
 	return false
 }
 
+func isCapDacOverrideSet() bool {
+	hdr := CapUserHeader{Version: LINUX_CAPABILITY_VERSION_3}
+	data := [2]CapUserData{}
+	err := Capget(&hdr, &data[0])
+
+	return err == nil && data[0].Effective&(1<<CAP_DAC_OVERRIDE) != 0
+}
+
 //sys	faccessat(dirfd int, path string, mode uint32) (err error)
 //sys	Faccessat2(dirfd int, path string, mode uint32, flags int) (err error)
 
@@ -2189,6 +2201,12 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 	var uid int
 	if flags&AT_EACCESS != 0 {
 		uid = Geteuid()
+		if uid != 0 && isCapDacOverrideSet() {
+			// If CAP_DAC_OVERRIDE is set, file access check is
+			// done by the kernel in the same way as for root
+			// (see generic_permission() in the Linux sources).
+			uid = 0
+		}
 	} else {
 		uid = Getuid()
 	}
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/vendor/golang.org/x/sys/unix/syscall_netbsd.go
index 35a3ad758f..e66865dccb 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd.go
@@ -13,7 +13,6 @@
 package unix
 
 import (
-	"runtime"
 	"syscall"
 	"unsafe"
 )
@@ -178,13 +177,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
 func IoctlGetPtmget(fd int, req uint) (*Ptmget, error) {
 	var value Ptmget
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	runtime.KeepAlive(value)
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return &value, err
 }
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
index 9b67b908e5..5e9de23ae3 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
@@ -152,6 +152,7 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
 }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go
index 07ac56109a..d3444b64d6 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -408,8 +408,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		for n < len(pp.Path) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
@@ -547,21 +546,25 @@ func Minor(dev uint64) uint32 {
  */
 
 //sys	ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) = libc.ioctl
+//sys	ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) = libc.ioctl
 
 func ioctl(fd int, req uint, arg uintptr) (err error) {
 	_, err = ioctlRet(fd, req, arg)
 	return err
 }
 
-func IoctlSetTermio(fd int, req uint, value *Termio) error {
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, err = ioctlPtrRet(fd, req, arg)
 	return err
 }
 
+func IoctlSetTermio(fd int, req uint, value *Termio) error {
+	return ioctlPtr(fd, req, unsafe.Pointer(value))
+}
+
 func IoctlGetTermio(fd int, req uint) (*Termio, error) {
 	var value Termio
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return &value, err
 }
 
@@ -1084,7 +1087,7 @@ func IoctlSetIntRetInt(fd int, req uint, arg int) (int, error) {
 func IoctlSetString(fd int, req uint, val string) error {
 	bs := make([]byte, len(val)+1)
 	copy(bs[:len(bs)-1], val)
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&bs[0])))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&bs[0]))
 	runtime.KeepAlive(&bs[0])
 	return err
 }
@@ -1118,7 +1121,7 @@ func (l *Lifreq) GetLifruUint() uint {
 }
 
 func IoctlLifreq(fd int, req uint, l *Lifreq) error {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(l)))
+	return ioctlPtr(fd, req, unsafe.Pointer(l))
 }
 
 // Strioctl Helpers
@@ -1129,5 +1132,5 @@ func (s *Strioctl) SetInt(i int) {
 }
 
 func IoctlSetStrioctlRetInt(fd int, req uint, s *Strioctl) (int, error) {
-	return ioctlRet(fd, req, uintptr(unsafe.Pointer(s)))
+	return ioctlPtrRet(fd, req, unsafe.Pointer(s))
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
index 68b2f3e1cd..b295497ae4 100644
--- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
@@ -139,8 +139,7 @@ func anyToSockaddr(_ int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		for n < int(pp.Len) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
@@ -214,6 +213,7 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 //sys   mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) = SYS_MMAP
 //sys   munmap(addr uintptr, length uintptr) (err error) = SYS_MUNMAP
 //sys   ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL
+//sys   ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 //sys   Access(path string, mode uint32) (err error) = SYS___ACCESS_A
 //sys   Chdir(path string) (err error) = SYS___CHDIR_A
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index e174685adb..398c37e52d 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -70,6 +70,7 @@ const (
 	ALG_SET_DRBG_ENTROPY                        = 0x6
 	ALG_SET_IV                                  = 0x2
 	ALG_SET_KEY                                 = 0x1
+	ALG_SET_KEY_BY_KEY_SERIAL                   = 0x7
 	ALG_SET_OP                                  = 0x3
 	ANON_INODE_FS_MAGIC                         = 0x9041934
 	ARPHRD_6LOWPAN                              = 0x339
@@ -774,6 +775,8 @@ const (
 	DEVLINK_GENL_MCGRP_CONFIG_NAME              = "config"
 	DEVLINK_GENL_NAME                           = "devlink"
 	DEVLINK_GENL_VERSION                        = 0x1
+	DEVLINK_PORT_FN_CAP_MIGRATABLE              = 0x2
+	DEVLINK_PORT_FN_CAP_ROCE                    = 0x1
 	DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX           = 0x14
 	DEVLINK_SUPPORTED_FLASH_OVERWRITE_SECTIONS  = 0x3
 	DEVMEM_MAGIC                                = 0x454d444d
@@ -1262,6 +1265,8 @@ const (
 	FSCRYPT_MODE_AES_256_CTS                    = 0x4
 	FSCRYPT_MODE_AES_256_HCTR2                  = 0xa
 	FSCRYPT_MODE_AES_256_XTS                    = 0x1
+	FSCRYPT_MODE_SM4_CTS                        = 0x8
+	FSCRYPT_MODE_SM4_XTS                        = 0x7
 	FSCRYPT_POLICY_FLAGS_PAD_16                 = 0x2
 	FSCRYPT_POLICY_FLAGS_PAD_32                 = 0x3
 	FSCRYPT_POLICY_FLAGS_PAD_4                  = 0x0
@@ -1280,8 +1285,6 @@ const (
 	FS_ENCRYPTION_MODE_AES_256_GCM              = 0x2
 	FS_ENCRYPTION_MODE_AES_256_XTS              = 0x1
 	FS_ENCRYPTION_MODE_INVALID                  = 0x0
-	FS_ENCRYPTION_MODE_SPECK128_256_CTS         = 0x8
-	FS_ENCRYPTION_MODE_SPECK128_256_XTS         = 0x7
 	FS_IOC_ADD_ENCRYPTION_KEY                   = 0xc0506617
 	FS_IOC_GET_ENCRYPTION_KEY_STATUS            = 0xc080661a
 	FS_IOC_GET_ENCRYPTION_POLICY_EX             = 0xc0096616
@@ -1770,6 +1773,7 @@ const (
 	LANDLOCK_ACCESS_FS_REFER                    = 0x2000
 	LANDLOCK_ACCESS_FS_REMOVE_DIR               = 0x10
 	LANDLOCK_ACCESS_FS_REMOVE_FILE              = 0x20
+	LANDLOCK_ACCESS_FS_TRUNCATE                 = 0x4000
 	LANDLOCK_ACCESS_FS_WRITE_FILE               = 0x2
 	LANDLOCK_CREATE_RULESET_VERSION             = 0x1
 	LINUX_REBOOT_CMD_CAD_OFF                    = 0x0
@@ -1809,6 +1813,7 @@ const (
 	LWTUNNEL_IP_OPT_GENEVE_MAX                  = 0x3
 	LWTUNNEL_IP_OPT_VXLAN_MAX                   = 0x1
 	MADV_COLD                                   = 0x14
+	MADV_COLLAPSE                               = 0x19
 	MADV_DODUMP                                 = 0x11
 	MADV_DOFORK                                 = 0xb
 	MADV_DONTDUMP                               = 0x10
@@ -2163,6 +2168,7 @@ const (
 	PACKET_FANOUT_DATA                          = 0x16
 	PACKET_FANOUT_EBPF                          = 0x7
 	PACKET_FANOUT_FLAG_DEFRAG                   = 0x8000
+	PACKET_FANOUT_FLAG_IGNORE_OUTGOING          = 0x4000
 	PACKET_FANOUT_FLAG_ROLLOVER                 = 0x1000
 	PACKET_FANOUT_FLAG_UNIQUEID                 = 0x2000
 	PACKET_FANOUT_HASH                          = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
index bd001a6e1c..97f20ca282 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
@@ -15,12 +15,12 @@ type PtraceRegsArm struct {
 
 // PtraceGetRegsArm fetches the registers used by arm binaries.
 func PtraceGetRegsArm(pid int, regsout *PtraceRegsArm) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsArm sets the registers used by arm binaries.
 func PtraceSetRegsArm(pid int, regs *PtraceRegsArm) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
 
 // PtraceRegsArm64 is the registers used by arm64 binaries.
@@ -33,10 +33,10 @@ type PtraceRegsArm64 struct {
 
 // PtraceGetRegsArm64 fetches the registers used by arm64 binaries.
 func PtraceGetRegsArm64(pid int, regsout *PtraceRegsArm64) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsArm64 sets the registers used by arm64 binaries.
 func PtraceSetRegsArm64(pid int, regs *PtraceRegsArm64) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
diff --git a/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go b/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go
index 6cb6d688aa..834d2856dd 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go
@@ -7,11 +7,11 @@ import "unsafe"
 // PtraceGetRegSetArm64 fetches the registers used by arm64 binaries.
 func PtraceGetRegSetArm64(pid, addr int, regsout *PtraceRegsArm64) error {
 	iovec := Iovec{(*byte)(unsafe.Pointer(regsout)), uint64(unsafe.Sizeof(*regsout))}
-	return ptrace(PTRACE_GETREGSET, pid, uintptr(addr), uintptr(unsafe.Pointer(&iovec)))
+	return ptracePtr(PTRACE_GETREGSET, pid, uintptr(addr), unsafe.Pointer(&iovec))
 }
 
 // PtraceSetRegSetArm64 sets the registers used by arm64 binaries.
 func PtraceSetRegSetArm64(pid, addr int, regs *PtraceRegsArm64) error {
 	iovec := Iovec{(*byte)(unsafe.Pointer(regs)), uint64(unsafe.Sizeof(*regs))}
-	return ptrace(PTRACE_SETREGSET, pid, uintptr(addr), uintptr(unsafe.Pointer(&iovec)))
+	return ptracePtr(PTRACE_SETREGSET, pid, uintptr(addr), unsafe.Pointer(&iovec))
 }
diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
index c34d0639be..0b5f794305 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
@@ -21,12 +21,12 @@ type PtraceRegsMips struct {
 
 // PtraceGetRegsMips fetches the registers used by mips binaries.
 func PtraceGetRegsMips(pid int, regsout *PtraceRegsMips) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsMips sets the registers used by mips binaries.
 func PtraceSetRegsMips(pid int, regs *PtraceRegsMips) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
 
 // PtraceRegsMips64 is the registers used by mips64 binaries.
@@ -42,10 +42,10 @@ type PtraceRegsMips64 struct {
 
 // PtraceGetRegsMips64 fetches the registers used by mips64 binaries.
 func PtraceGetRegsMips64(pid int, regsout *PtraceRegsMips64) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsMips64 sets the registers used by mips64 binaries.
 func PtraceSetRegsMips64(pid int, regs *PtraceRegsMips64) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
index 3ccf0c0c4a..2807f7e646 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
@@ -21,12 +21,12 @@ type PtraceRegsMipsle struct {
 
 // PtraceGetRegsMipsle fetches the registers used by mipsle binaries.
 func PtraceGetRegsMipsle(pid int, regsout *PtraceRegsMipsle) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsMipsle sets the registers used by mipsle binaries.
 func PtraceSetRegsMipsle(pid int, regs *PtraceRegsMipsle) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
 
 // PtraceRegsMips64le is the registers used by mips64le binaries.
@@ -42,10 +42,10 @@ type PtraceRegsMips64le struct {
 
 // PtraceGetRegsMips64le fetches the registers used by mips64le binaries.
 func PtraceGetRegsMips64le(pid int, regsout *PtraceRegsMips64le) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsMips64le sets the registers used by mips64le binaries.
 func PtraceSetRegsMips64le(pid int, regs *PtraceRegsMips64le) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
diff --git a/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
index 7d65857004..281ea64e34 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
@@ -31,12 +31,12 @@ type PtraceRegs386 struct {
 
 // PtraceGetRegs386 fetches the registers used by 386 binaries.
 func PtraceGetRegs386(pid int, regsout *PtraceRegs386) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegs386 sets the registers used by 386 binaries.
 func PtraceSetRegs386(pid int, regs *PtraceRegs386) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
 
 // PtraceRegsAmd64 is the registers used by amd64 binaries.
@@ -72,10 +72,10 @@ type PtraceRegsAmd64 struct {
 
 // PtraceGetRegsAmd64 fetches the registers used by amd64 binaries.
 func PtraceGetRegsAmd64(pid int, regsout *PtraceRegsAmd64) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsAmd64 sets the registers used by amd64 binaries.
 func PtraceSetRegsAmd64(pid int, regs *PtraceRegsAmd64) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
index 870215d2c4..ef9dcd1bef 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
@@ -223,6 +223,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	r0, er := C.ioctl(C.int(fd), C.int(req), C.uintptr_t(uintptr(arg)))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func FcntlInt(fd uintptr, cmd int, arg int) (r int, err error) {
 	r0, er := C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg))
 	r = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
index a89b0bfa53..f86a945923 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
@@ -103,6 +103,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, e1 := callioctl_ptr(fd, int(req), arg)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func FcntlInt(fd uintptr, cmd int, arg int) (r int, err error) {
 	r0, e1 := callfcntl(fd, cmd, uintptr(arg))
 	r = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
index 2caa5adf95..d32a84cae2 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
@@ -423,6 +423,13 @@ func callioctl(fd int, req int, arg uintptr) (r1 uintptr, e1 Errno) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func callioctl_ptr(fd int, req int, arg unsafe.Pointer) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_ioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func callfcntl(fd uintptr, cmd int, arg uintptr) (r1 uintptr, e1 Errno) {
 	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fcntl)), 3, fd, uintptr(cmd), arg, 0, 0, 0)
 	return
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
index 944a714b1a..d7d8baf819 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
@@ -191,6 +191,14 @@ func callioctl(fd int, req int, arg uintptr) (r1 uintptr, e1 Errno) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func callioctl_ptr(fd int, req int, arg unsafe.Pointer) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.ioctl(C.int(fd), C.int(req), C.uintptr_t(uintptr(arg))))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func callfcntl(fd uintptr, cmd int, arg uintptr) (r1 uintptr, e1 Errno) {
 	r1 = uintptr(C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg)))
 	e1 = syscall.GetErrno()
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
index c2461c4967..a29ffdd566 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
@@ -725,6 +725,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib"
@@ -2502,6 +2510,14 @@ func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) {
 	return
 }
 
+func ptrace1Ptr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), addr, uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ptrace_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
index 26a0fdc505..2fd4590bb7 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
@@ -725,6 +725,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib"
@@ -2502,6 +2510,14 @@ func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) {
 	return
 }
 
+func ptrace1Ptr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), addr, uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ptrace_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
index 54749f9c5e..3b85134707 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
@@ -436,6 +436,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
index 77479d4581..1129065624 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
index 2e966d4d7a..55f5abfe59 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
index d65a7c0fa6..d39651c2b5 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
index 6f0b97c6db..ddb7408680 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
index e1c23b5272..09a53a616c 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index 36ea3a55b7..430cb24de7 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -379,6 +379,16 @@ func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(arg)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
index 79f7389963..8e1d9c8f66 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
index fb161f3a26..21c6950400 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
index 4c8ac993a8..298168f90a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
index 76dd8ec4fd..68b8bd492f 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
index caeb807bd4..0b0f910e1a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
index a05e5f4fff..48ff5de75b 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
index b2da8e50cc..2452a641da 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
index 048b2655e6..5e35600a60 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
index 6f33e37e72..b04cef1a19 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
index 330cf7f7ac..47a07ee0c2 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
index 5f24de0d9d..573378fdb9 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
index 78d4a4240e..4873a1e5d3 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
@@ -657,6 +657,17 @@ func ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpoll)), 3, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout), 0, 0, 0)
 	n = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
index f2079457c6..07bfe2ef9a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
@@ -267,6 +267,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
index d9c78cdcbc..29dc483378 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
@@ -362,7 +362,7 @@ type FpExtendedPrecision struct{}
 type PtraceIoDesc struct {
 	Op   int32
 	Offs uintptr
-	Addr uintptr
+	Addr *byte
 	Len  uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
index 26991b1655..0a89b28906 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
@@ -367,7 +367,7 @@ type FpExtendedPrecision struct{}
 type PtraceIoDesc struct {
 	Op   int32
 	Offs uintptr
-	Addr uintptr
+	Addr *byte
 	Len  uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
index f8324e7e7f..c8666bb152 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -350,7 +350,7 @@ type FpExtendedPrecision struct {
 type PtraceIoDesc struct {
 	Op   int32
 	Offs uintptr
-	Addr uintptr
+	Addr *byte
 	Len  uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
index 4220411f34..88fb48a887 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
@@ -347,7 +347,7 @@ type FpExtendedPrecision struct{}
 type PtraceIoDesc struct {
 	Op   int32
 	Offs uintptr
-	Addr uintptr
+	Addr *byte
 	Len  uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
index 0660fd45c7..698dc975e9 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
@@ -348,7 +348,7 @@ type FpExtendedPrecision struct{}
 type PtraceIoDesc struct {
 	Op   int32
 	Offs uintptr
-	Addr uintptr
+	Addr *byte
 	Len  uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 7d9fc8f1c9..ca84727cfe 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -456,36 +456,60 @@ type Ucred struct {
 }
 
 type TCPInfo struct {
-	State          uint8
-	Ca_state       uint8
-	Retransmits    uint8
-	Probes         uint8
-	Backoff        uint8
-	Options        uint8
-	Rto            uint32
-	Ato            uint32
-	Snd_mss        uint32
-	Rcv_mss        uint32
-	Unacked        uint32
-	Sacked         uint32
-	Lost           uint32
-	Retrans        uint32
-	Fackets        uint32
-	Last_data_sent uint32
-	Last_ack_sent  uint32
-	Last_data_recv uint32
-	Last_ack_recv  uint32
-	Pmtu           uint32
-	Rcv_ssthresh   uint32
-	Rtt            uint32
-	Rttvar         uint32
-	Snd_ssthresh   uint32
-	Snd_cwnd       uint32
-	Advmss         uint32
-	Reordering     uint32
-	Rcv_rtt        uint32
-	Rcv_space      uint32
-	Total_retrans  uint32
+	State           uint8
+	Ca_state        uint8
+	Retransmits     uint8
+	Probes          uint8
+	Backoff         uint8
+	Options         uint8
+	Rto             uint32
+	Ato             uint32
+	Snd_mss         uint32
+	Rcv_mss         uint32
+	Unacked         uint32
+	Sacked          uint32
+	Lost            uint32
+	Retrans         uint32
+	Fackets         uint32
+	Last_data_sent  uint32
+	Last_ack_sent   uint32
+	Last_data_recv  uint32
+	Last_ack_recv   uint32
+	Pmtu            uint32
+	Rcv_ssthresh    uint32
+	Rtt             uint32
+	Rttvar          uint32
+	Snd_ssthresh    uint32
+	Snd_cwnd        uint32
+	Advmss          uint32
+	Reordering      uint32
+	Rcv_rtt         uint32
+	Rcv_space       uint32
+	Total_retrans   uint32
+	Pacing_rate     uint64
+	Max_pacing_rate uint64
+	Bytes_acked     uint64
+	Bytes_received  uint64
+	Segs_out        uint32
+	Segs_in         uint32
+	Notsent_bytes   uint32
+	Min_rtt         uint32
+	Data_segs_in    uint32
+	Data_segs_out   uint32
+	Delivery_rate   uint64
+	Busy_time       uint64
+	Rwnd_limited    uint64
+	Sndbuf_limited  uint64
+	Delivered       uint32
+	Delivered_ce    uint32
+	Bytes_sent      uint64
+	Bytes_retrans   uint64
+	Dsack_dups      uint32
+	Reord_seen      uint32
+	Rcv_ooopack     uint32
+	Snd_wnd         uint32
+	Rcv_wnd         uint32
+	Rehash          uint32
 }
 
 type CanFilter struct {
@@ -528,7 +552,7 @@ const (
 	SizeofIPv6MTUInfo       = 0x20
 	SizeofICMPv6Filter      = 0x20
 	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0x68
+	SizeofTCPInfo           = 0xf0
 	SizeofCanFilter         = 0x8
 	SizeofTCPRepairOpt      = 0x8
 )
@@ -1043,6 +1067,7 @@ const (
 	PerfBitCommExec                      = CBitFieldMaskBit24
 	PerfBitUseClockID                    = CBitFieldMaskBit25
 	PerfBitContextSwitch                 = CBitFieldMaskBit26
+	PerfBitWriteBackward                 = CBitFieldMaskBit27
 )
 
 const (
@@ -1239,7 +1264,7 @@ type TCPMD5Sig struct {
 	Flags     uint8
 	Prefixlen uint8
 	Keylen    uint16
-	_         uint32
+	Ifindex   int32
 	Key       [80]uint8
 }
 
@@ -1939,7 +1964,11 @@ const (
 	NFT_MSG_GETOBJ                    = 0x13
 	NFT_MSG_DELOBJ                    = 0x14
 	NFT_MSG_GETOBJ_RESET              = 0x15
-	NFT_MSG_MAX                       = 0x19
+	NFT_MSG_NEWFLOWTABLE              = 0x16
+	NFT_MSG_GETFLOWTABLE              = 0x17
+	NFT_MSG_DELFLOWTABLE              = 0x18
+	NFT_MSG_GETRULE_RESET             = 0x19
+	NFT_MSG_MAX                       = 0x1a
 	NFTA_LIST_UNSPEC                  = 0x0
 	NFTA_LIST_ELEM                    = 0x1
 	NFTA_HOOK_UNSPEC                  = 0x0
@@ -2443,9 +2472,11 @@ const (
 	SOF_TIMESTAMPING_OPT_STATS    = 0x1000
 	SOF_TIMESTAMPING_OPT_PKTINFO  = 0x2000
 	SOF_TIMESTAMPING_OPT_TX_SWHW  = 0x4000
+	SOF_TIMESTAMPING_BIND_PHC     = 0x8000
+	SOF_TIMESTAMPING_OPT_ID_TCP   = 0x10000
 
-	SOF_TIMESTAMPING_LAST = 0x8000
-	SOF_TIMESTAMPING_MASK = 0xffff
+	SOF_TIMESTAMPING_LAST = 0x10000
+	SOF_TIMESTAMPING_MASK = 0x1ffff
 
 	SCM_TSTAMP_SND   = 0x0
 	SCM_TSTAMP_SCHED = 0x1
@@ -3265,7 +3296,7 @@ const (
 	DEVLINK_ATTR_LINECARD_SUPPORTED_TYPES              = 0xae
 	DEVLINK_ATTR_NESTED_DEVLINK                        = 0xaf
 	DEVLINK_ATTR_SELFTESTS                             = 0xb0
-	DEVLINK_ATTR_MAX                                   = 0xb0
+	DEVLINK_ATTR_MAX                                   = 0xb3
 	DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE              = 0x0
 	DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX           = 0x1
 	DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT               = 0x0
@@ -3281,7 +3312,8 @@ const (
 	DEVLINK_PORT_FUNCTION_ATTR_HW_ADDR                 = 0x1
 	DEVLINK_PORT_FN_ATTR_STATE                         = 0x2
 	DEVLINK_PORT_FN_ATTR_OPSTATE                       = 0x3
-	DEVLINK_PORT_FUNCTION_ATTR_MAX                     = 0x3
+	DEVLINK_PORT_FN_ATTR_CAPS                          = 0x4
+	DEVLINK_PORT_FUNCTION_ATTR_MAX                     = 0x4
 )
 
 type FsverityDigest struct {
@@ -3572,7 +3604,8 @@ const (
 	ETHTOOL_MSG_MODULE_SET                    = 0x23
 	ETHTOOL_MSG_PSE_GET                       = 0x24
 	ETHTOOL_MSG_PSE_SET                       = 0x25
-	ETHTOOL_MSG_USER_MAX                      = 0x25
+	ETHTOOL_MSG_RSS_GET                       = 0x26
+	ETHTOOL_MSG_USER_MAX                      = 0x26
 	ETHTOOL_MSG_KERNEL_NONE                   = 0x0
 	ETHTOOL_MSG_STRSET_GET_REPLY              = 0x1
 	ETHTOOL_MSG_LINKINFO_GET_REPLY            = 0x2
@@ -3611,7 +3644,8 @@ const (
 	ETHTOOL_MSG_MODULE_GET_REPLY              = 0x23
 	ETHTOOL_MSG_MODULE_NTF                    = 0x24
 	ETHTOOL_MSG_PSE_GET_REPLY                 = 0x25
-	ETHTOOL_MSG_KERNEL_MAX                    = 0x25
+	ETHTOOL_MSG_RSS_GET_REPLY                 = 0x26
+	ETHTOOL_MSG_KERNEL_MAX                    = 0x26
 	ETHTOOL_A_HEADER_UNSPEC                   = 0x0
 	ETHTOOL_A_HEADER_DEV_INDEX                = 0x1
 	ETHTOOL_A_HEADER_DEV_NAME                 = 0x2
@@ -3679,7 +3713,8 @@ const (
 	ETHTOOL_A_LINKSTATE_SQI_MAX               = 0x4
 	ETHTOOL_A_LINKSTATE_EXT_STATE             = 0x5
 	ETHTOOL_A_LINKSTATE_EXT_SUBSTATE          = 0x6
-	ETHTOOL_A_LINKSTATE_MAX                   = 0x6
+	ETHTOOL_A_LINKSTATE_EXT_DOWN_CNT          = 0x7
+	ETHTOOL_A_LINKSTATE_MAX                   = 0x7
 	ETHTOOL_A_DEBUG_UNSPEC                    = 0x0
 	ETHTOOL_A_DEBUG_HEADER                    = 0x1
 	ETHTOOL_A_DEBUG_MSGMASK                   = 0x2
@@ -4409,7 +4444,7 @@ const (
 	NL80211_ATTR_MAC_HINT                                   = 0xc8
 	NL80211_ATTR_MAC_MASK                                   = 0xd7
 	NL80211_ATTR_MAX_AP_ASSOC_STA                           = 0xca
-	NL80211_ATTR_MAX                                        = 0x140
+	NL80211_ATTR_MAX                                        = 0x141
 	NL80211_ATTR_MAX_CRIT_PROT_DURATION                     = 0xb4
 	NL80211_ATTR_MAX_CSA_COUNTERS                           = 0xce
 	NL80211_ATTR_MAX_MATCH_SETS                             = 0x85
@@ -4552,6 +4587,7 @@ const (
 	NL80211_ATTR_SUPPORT_MESH_AUTH                          = 0x73
 	NL80211_ATTR_SURVEY_INFO                                = 0x54
 	NL80211_ATTR_SURVEY_RADIO_STATS                         = 0xda
+	NL80211_ATTR_TD_BITMAP                                  = 0x141
 	NL80211_ATTR_TDLS_ACTION                                = 0x88
 	NL80211_ATTR_TDLS_DIALOG_TOKEN                          = 0x89
 	NL80211_ATTR_TDLS_EXTERNAL_SETUP                        = 0x8c
@@ -5752,3 +5788,25 @@ const (
 	AUDIT_NLGRP_NONE    = 0x0
 	AUDIT_NLGRP_READLOG = 0x1
 )
+
+const (
+	TUN_F_CSUM    = 0x1
+	TUN_F_TSO4    = 0x2
+	TUN_F_TSO6    = 0x4
+	TUN_F_TSO_ECN = 0x8
+	TUN_F_UFO     = 0x10
+)
+
+const (
+	VIRTIO_NET_HDR_F_NEEDS_CSUM = 0x1
+	VIRTIO_NET_HDR_F_DATA_VALID = 0x2
+	VIRTIO_NET_HDR_F_RSC_INFO   = 0x4
+)
+
+const (
+	VIRTIO_NET_HDR_GSO_NONE  = 0x0
+	VIRTIO_NET_HDR_GSO_TCPV4 = 0x1
+	VIRTIO_NET_HDR_GSO_UDP   = 0x3
+	VIRTIO_NET_HDR_GSO_TCPV6 = 0x4
+	VIRTIO_NET_HDR_GSO_ECN   = 0x80
+)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index 89c516a29a..4ecc1495cd 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -414,7 +414,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [122]int8
+	Data   [122]byte
 	_      uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index 62b4fb2699..34fddff964 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -427,7 +427,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index e86b35893e..3b14a6031f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -405,7 +405,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [122]uint8
+	Data   [122]byte
 	_      uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index 6c6be4c911..0517651ab3 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -406,7 +406,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
index 4982ea355a..3b0c518134 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
@@ -407,7 +407,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 173141a670..fccdf4dd0f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -410,7 +410,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [122]int8
+	Data   [122]byte
 	_      uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index 93ae4c5167..500de8fc07 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -409,7 +409,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 4e4e510ca5..d0434cd2c6 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -409,7 +409,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index 3f5ba013d9..84206ba534 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -410,7 +410,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [122]int8
+	Data   [122]byte
 	_      uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
index 71dfe7cdb4..ab078cf1f5 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
@@ -417,7 +417,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [122]uint8
+	Data   [122]byte
 	_      uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index 3a2b7f0a66..42eb2c4cef 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -416,7 +416,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]uint8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index a52d627563..31304a4e8b 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -416,7 +416,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]uint8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
index dfc007d8a6..c311f9612d 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -434,7 +434,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]uint8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index b53cb9103d..bba3cefac1 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -429,7 +429,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index fe0aa35472..ad8a013804 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -411,7 +411,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 41cb3c01fd..3723b2c224 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -824,6 +824,9 @@ const socket_error = uintptr(^uint32(0))
 //sys	WSAStartup(verreq uint32, data *WSAData) (sockerr error) = ws2_32.WSAStartup
 //sys	WSACleanup() (err error) [failretval==socket_error] = ws2_32.WSACleanup
 //sys	WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbob uint32, cbbr *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) [failretval==socket_error] = ws2_32.WSAIoctl
+//sys	WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceBeginW
+//sys	WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceNextW
+//sys	WSALookupServiceEnd(handle Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceEnd
 //sys	socket(af int32, typ int32, protocol int32) (handle Handle, err error) [failretval==InvalidHandle] = ws2_32.socket
 //sys	sendto(s Handle, buf []byte, flags int32, to unsafe.Pointer, tolen int32) (err error) [failretval==socket_error] = ws2_32.sendto
 //sys	recvfrom(s Handle, buf []byte, flags int32, from *RawSockaddrAny, fromlen *int32) (n int32, err error) [failretval==-1] = ws2_32.recvfrom
@@ -1019,8 +1022,7 @@ func (rsa *RawSockaddrAny) Sockaddr() (Sockaddr, error) {
 		for n < len(pp.Path) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index 0c4add9741..857acf1032 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -1243,6 +1243,51 @@ const (
 	DnsSectionAdditional = 0x0003
 )
 
+const (
+	// flags of WSALookupService
+	LUP_DEEP                = 0x0001
+	LUP_CONTAINERS          = 0x0002
+	LUP_NOCONTAINERS        = 0x0004
+	LUP_NEAREST             = 0x0008
+	LUP_RETURN_NAME         = 0x0010
+	LUP_RETURN_TYPE         = 0x0020
+	LUP_RETURN_VERSION      = 0x0040
+	LUP_RETURN_COMMENT      = 0x0080
+	LUP_RETURN_ADDR         = 0x0100
+	LUP_RETURN_BLOB         = 0x0200
+	LUP_RETURN_ALIASES      = 0x0400
+	LUP_RETURN_QUERY_STRING = 0x0800
+	LUP_RETURN_ALL          = 0x0FF0
+	LUP_RES_SERVICE         = 0x8000
+
+	LUP_FLUSHCACHE    = 0x1000
+	LUP_FLUSHPREVIOUS = 0x2000
+
+	LUP_NON_AUTHORITATIVE      = 0x4000
+	LUP_SECURE                 = 0x8000
+	LUP_RETURN_PREFERRED_NAMES = 0x10000
+	LUP_DNS_ONLY               = 0x20000
+
+	LUP_ADDRCONFIG           = 0x100000
+	LUP_DUAL_ADDR            = 0x200000
+	LUP_FILESERVER           = 0x400000
+	LUP_DISABLE_IDN_ENCODING = 0x00800000
+	LUP_API_ANSI             = 0x01000000
+
+	LUP_RESOLUTION_HANDLE = 0x80000000
+)
+
+const (
+	// values of WSAQUERYSET's namespace
+	NS_ALL       = 0
+	NS_DNS       = 12
+	NS_NLA       = 15
+	NS_BTH       = 16
+	NS_EMAIL     = 37
+	NS_PNRPNAME  = 38
+	NS_PNRPCLOUD = 39
+)
+
 type DNSSRVData struct {
 	Target   *uint16
 	Priority uint16
@@ -3258,3 +3303,43 @@ const (
 	DWMWA_TEXT_COLOR                     = 36
 	DWMWA_VISIBLE_FRAME_BORDER_THICKNESS = 37
 )
+
+type WSAQUERYSET struct {
+	Size                uint32
+	ServiceInstanceName *uint16
+	ServiceClassId      *GUID
+	Version             *WSAVersion
+	Comment             *uint16
+	NameSpace           uint32
+	NSProviderId        *GUID
+	Context             *uint16
+	NumberOfProtocols   uint32
+	AfpProtocols        *AFProtocols
+	QueryString         *uint16
+	NumberOfCsAddrs     uint32
+	SaBuffer            *CSAddrInfo
+	OutputFlags         uint32
+	Blob                *BLOB
+}
+
+type WSAVersion struct {
+	Version                 uint32
+	EnumerationOfComparison int32
+}
+
+type AFProtocols struct {
+	AddressFamily int32
+	Protocol      int32
+}
+
+type CSAddrInfo struct {
+	LocalAddr  SocketAddress
+	RemoteAddr SocketAddress
+	SocketType int32
+	Protocol   int32
+}
+
+type BLOB struct {
+	Size     uint32
+	BlobData *byte
+}
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index ac60052e44..6d2a268534 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -474,6 +474,9 @@ var (
 	procWSAEnumProtocolsW                                    = modws2_32.NewProc("WSAEnumProtocolsW")
 	procWSAGetOverlappedResult                               = modws2_32.NewProc("WSAGetOverlappedResult")
 	procWSAIoctl                                             = modws2_32.NewProc("WSAIoctl")
+	procWSALookupServiceBeginW                               = modws2_32.NewProc("WSALookupServiceBeginW")
+	procWSALookupServiceEnd                                  = modws2_32.NewProc("WSALookupServiceEnd")
+	procWSALookupServiceNextW                                = modws2_32.NewProc("WSALookupServiceNextW")
 	procWSARecv                                              = modws2_32.NewProc("WSARecv")
 	procWSARecvFrom                                          = modws2_32.NewProc("WSARecvFrom")
 	procWSASend                                              = modws2_32.NewProc("WSASend")
@@ -4067,6 +4070,30 @@ func WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbo
 	return
 }
 
+func WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procWSALookupServiceBeginW.Addr(), 3, uintptr(unsafe.Pointer(querySet)), uintptr(flags), uintptr(unsafe.Pointer(handle)))
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WSALookupServiceEnd(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procWSALookupServiceEnd.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) {
+	r1, _, e1 := syscall.Syscall6(procWSALookupServiceNextW.Addr(), 4, uintptr(handle), uintptr(flags), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(querySet)), 0, 0)
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func WSARecv(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, overlapped *Overlapped, croutine *byte) (err error) {
 	r1, _, e1 := syscall.Syscall9(procWSARecv.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0)
 	if r1 == socket_error {
diff --git a/vendor/golang.org/x/text/encoding/internal/internal.go b/vendor/golang.org/x/text/encoding/internal/internal.go
index 75a5fd1658..413e6fc6d7 100644
--- a/vendor/golang.org/x/text/encoding/internal/internal.go
+++ b/vendor/golang.org/x/text/encoding/internal/internal.go
@@ -64,7 +64,7 @@ func (e FuncEncoding) NewEncoder() *encoding.Encoder {
 // byte.
 type RepertoireError byte
 
-// Error implements the error interrface.
+// Error implements the error interface.
 func (r RepertoireError) Error() string {
 	return "encoding: rune not supported by encoding."
 }
diff --git a/vendor/golang.org/x/text/unicode/norm/forminfo.go b/vendor/golang.org/x/text/unicode/norm/forminfo.go
index d69ccb4f97..487335d14d 100644
--- a/vendor/golang.org/x/text/unicode/norm/forminfo.go
+++ b/vendor/golang.org/x/text/unicode/norm/forminfo.go
@@ -13,7 +13,7 @@ import "encoding/binary"
 // a rune to a uint16. The values take two forms.  For v >= 0x8000:
 //   bits
 //   15:    1 (inverse of NFD_QC bit of qcInfo)
-//   13..7: qcInfo (see below). isYesD is always true (no decompostion).
+//   13..7: qcInfo (see below). isYesD is always true (no decomposition).
 //    6..0: ccc (compressed CCC value).
 // For v < 0x8000, the respective rune has a decomposition and v is an index
 // into a byte array of UTF-8 decomposition sequences and additional info and
diff --git a/vendor/golang.org/x/tools/internal/gocommand/version.go b/vendor/golang.org/x/tools/internal/gocommand/version.go
index 8db5ceb9d5..307a76d474 100644
--- a/vendor/golang.org/x/tools/internal/gocommand/version.go
+++ b/vendor/golang.org/x/tools/internal/gocommand/version.go
@@ -7,6 +7,7 @@ package gocommand
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"strings"
 )
 
@@ -56,3 +57,25 @@ func GoVersion(ctx context.Context, inv Invocation, r *Runner) (int, error) {
 	}
 	return 0, fmt.Errorf("no parseable ReleaseTags in %v", tags)
 }
+
+// GoVersionOutput returns the complete output of the go version command.
+func GoVersionOutput(ctx context.Context, inv Invocation, r *Runner) (string, error) {
+	inv.Verb = "version"
+	goVersion, err := r.Run(ctx, inv)
+	if err != nil {
+		return "", err
+	}
+	return goVersion.String(), nil
+}
+
+// ParseGoVersionOutput extracts the Go version string
+// from the output of the "go version" command.
+// Given an unrecognized form, it returns an empty string.
+func ParseGoVersionOutput(data string) string {
+	re := regexp.MustCompile(`^go version (go\S+|devel \S+)`)
+	m := re.FindStringSubmatch(data)
+	if len(m) != 2 {
+		return "" // unrecognized version
+	}
+	return m[1]
+}
diff --git a/vendor/golang.org/x/tools/internal/imports/fix.go b/vendor/golang.org/x/tools/internal/imports/fix.go
index 9b7b106fde..642a5ac2d7 100644
--- a/vendor/golang.org/x/tools/internal/imports/fix.go
+++ b/vendor/golang.org/x/tools/internal/imports/fix.go
@@ -697,6 +697,9 @@ func candidateImportName(pkg *pkg) string {
 
 // GetAllCandidates calls wrapped for each package whose name starts with
 // searchPrefix, and can be imported from filename with the package name filePkg.
+//
+// Beware that the wrapped function may be called multiple times concurrently.
+// TODO(adonovan): encapsulate the concurrency.
 func GetAllCandidates(ctx context.Context, wrapped func(ImportFix), searchPrefix, filename, filePkg string, env *ProcessEnv) error {
 	callback := &scanCallback{
 		rootFound: func(gopathwalk.Root) bool {
@@ -796,7 +799,7 @@ func GetPackageExports(ctx context.Context, wrapped func(PackageExport), searchP
 	return getCandidatePkgs(ctx, callback, filename, filePkg, env)
 }
 
-var RequiredGoEnvVars = []string{"GO111MODULE", "GOFLAGS", "GOINSECURE", "GOMOD", "GOMODCACHE", "GONOPROXY", "GONOSUMDB", "GOPATH", "GOPROXY", "GOROOT", "GOSUMDB", "GOWORK"}
+var requiredGoEnvVars = []string{"GO111MODULE", "GOFLAGS", "GOINSECURE", "GOMOD", "GOMODCACHE", "GONOPROXY", "GONOSUMDB", "GOPATH", "GOPROXY", "GOROOT", "GOSUMDB", "GOWORK"}
 
 // ProcessEnv contains environment variables and settings that affect the use of
 // the go command, the go/build package, etc.
@@ -866,7 +869,7 @@ func (e *ProcessEnv) init() error {
 	}
 
 	foundAllRequired := true
-	for _, k := range RequiredGoEnvVars {
+	for _, k := range requiredGoEnvVars {
 		if _, ok := e.Env[k]; !ok {
 			foundAllRequired = false
 			break
@@ -882,7 +885,7 @@ func (e *ProcessEnv) init() error {
 	}
 
 	goEnv := map[string]string{}
-	stdout, err := e.invokeGo(context.TODO(), "env", append([]string{"-json"}, RequiredGoEnvVars...)...)
+	stdout, err := e.invokeGo(context.TODO(), "env", append([]string{"-json"}, requiredGoEnvVars...)...)
 	if err != nil {
 		return err
 	}
diff --git a/vendor/golang.org/x/tools/internal/imports/sortimports.go b/vendor/golang.org/x/tools/internal/imports/sortimports.go
index 85144db1df..1a0a7ebd9e 100644
--- a/vendor/golang.org/x/tools/internal/imports/sortimports.go
+++ b/vendor/golang.org/x/tools/internal/imports/sortimports.go
@@ -52,6 +52,7 @@ func sortImports(localPrefix string, tokFile *token.File, f *ast.File) {
 		d.Specs = specs
 
 		// Deduping can leave a blank line before the rparen; clean that up.
+		// Ignore line directives.
 		if len(d.Specs) > 0 {
 			lastSpec := d.Specs[len(d.Specs)-1]
 			lastLine := tokFile.PositionFor(lastSpec.Pos(), false).Line
diff --git a/vendor/golang.org/x/tools/internal/imports/zstdlib.go b/vendor/golang.org/x/tools/internal/imports/zstdlib.go
index 5db9b2d4c7..31a75949cd 100644
--- a/vendor/golang.org/x/tools/internal/imports/zstdlib.go
+++ b/vendor/golang.org/x/tools/internal/imports/zstdlib.go
@@ -10,6 +10,7 @@ var stdlib = map[string][]string{
 	"archive/tar": {
 		"ErrFieldTooLong",
 		"ErrHeader",
+		"ErrInsecurePath",
 		"ErrWriteAfterClose",
 		"ErrWriteTooLong",
 		"FileInfoHeader",
@@ -45,6 +46,7 @@ var stdlib = map[string][]string{
 		"ErrAlgorithm",
 		"ErrChecksum",
 		"ErrFormat",
+		"ErrInsecurePath",
 		"File",
 		"FileHeader",
 		"FileInfoHeader",
@@ -87,12 +89,15 @@ var stdlib = map[string][]string{
 	},
 	"bytes": {
 		"Buffer",
+		"Clone",
 		"Compare",
 		"Contains",
 		"ContainsAny",
 		"ContainsRune",
 		"Count",
 		"Cut",
+		"CutPrefix",
+		"CutSuffix",
 		"Equal",
 		"EqualFold",
 		"ErrTooLarge",
@@ -224,12 +229,15 @@ var stdlib = map[string][]string{
 	},
 	"context": {
 		"Background",
+		"CancelCauseFunc",
 		"CancelFunc",
 		"Canceled",
+		"Cause",
 		"Context",
 		"DeadlineExceeded",
 		"TODO",
 		"WithCancel",
+		"WithCancelCause",
 		"WithDeadline",
 		"WithTimeout",
 		"WithValue",
@@ -306,6 +314,15 @@ var stdlib = map[string][]string{
 		"Sign",
 		"Verify",
 	},
+	"crypto/ecdh": {
+		"Curve",
+		"P256",
+		"P384",
+		"P521",
+		"PrivateKey",
+		"PublicKey",
+		"X25519",
+	},
 	"crypto/ecdsa": {
 		"GenerateKey",
 		"PrivateKey",
@@ -318,6 +335,7 @@ var stdlib = map[string][]string{
 	"crypto/ed25519": {
 		"GenerateKey",
 		"NewKeyFromSeed",
+		"Options",
 		"PrivateKey",
 		"PrivateKeySize",
 		"PublicKey",
@@ -326,6 +344,7 @@ var stdlib = map[string][]string{
 		"Sign",
 		"SignatureSize",
 		"Verify",
+		"VerifyWithOptions",
 	},
 	"crypto/elliptic": {
 		"Curve",
@@ -423,10 +442,12 @@ var stdlib = map[string][]string{
 		"ConstantTimeEq",
 		"ConstantTimeLessOrEq",
 		"ConstantTimeSelect",
+		"XORBytes",
 	},
 	"crypto/tls": {
 		"Certificate",
 		"CertificateRequestInfo",
+		"CertificateVerificationError",
 		"CipherSuite",
 		"CipherSuiteName",
 		"CipherSuites",
@@ -604,6 +625,7 @@ var stdlib = map[string][]string{
 		"SHA384WithRSAPSS",
 		"SHA512WithRSA",
 		"SHA512WithRSAPSS",
+		"SetFallbackRoots",
 		"SignatureAlgorithm",
 		"SystemCertPool",
 		"SystemRootsError",
@@ -1828,19 +1850,42 @@ var stdlib = map[string][]string{
 		"R_INFO32",
 		"R_LARCH",
 		"R_LARCH_32",
+		"R_LARCH_32_PCREL",
 		"R_LARCH_64",
+		"R_LARCH_ABS64_HI12",
+		"R_LARCH_ABS64_LO20",
+		"R_LARCH_ABS_HI20",
+		"R_LARCH_ABS_LO12",
 		"R_LARCH_ADD16",
 		"R_LARCH_ADD24",
 		"R_LARCH_ADD32",
 		"R_LARCH_ADD64",
 		"R_LARCH_ADD8",
+		"R_LARCH_B16",
+		"R_LARCH_B21",
+		"R_LARCH_B26",
 		"R_LARCH_COPY",
+		"R_LARCH_GNU_VTENTRY",
+		"R_LARCH_GNU_VTINHERIT",
+		"R_LARCH_GOT64_HI12",
+		"R_LARCH_GOT64_LO20",
+		"R_LARCH_GOT64_PC_HI12",
+		"R_LARCH_GOT64_PC_LO20",
+		"R_LARCH_GOT_HI20",
+		"R_LARCH_GOT_LO12",
+		"R_LARCH_GOT_PC_HI20",
+		"R_LARCH_GOT_PC_LO12",
 		"R_LARCH_IRELATIVE",
 		"R_LARCH_JUMP_SLOT",
 		"R_LARCH_MARK_LA",
 		"R_LARCH_MARK_PCREL",
 		"R_LARCH_NONE",
+		"R_LARCH_PCALA64_HI12",
+		"R_LARCH_PCALA64_LO20",
+		"R_LARCH_PCALA_HI20",
+		"R_LARCH_PCALA_LO12",
 		"R_LARCH_RELATIVE",
+		"R_LARCH_RELAX",
 		"R_LARCH_SOP_ADD",
 		"R_LARCH_SOP_AND",
 		"R_LARCH_SOP_ASSERT",
@@ -1875,6 +1920,22 @@ var stdlib = map[string][]string{
 		"R_LARCH_TLS_DTPMOD64",
 		"R_LARCH_TLS_DTPREL32",
 		"R_LARCH_TLS_DTPREL64",
+		"R_LARCH_TLS_GD_HI20",
+		"R_LARCH_TLS_GD_PC_HI20",
+		"R_LARCH_TLS_IE64_HI12",
+		"R_LARCH_TLS_IE64_LO20",
+		"R_LARCH_TLS_IE64_PC_HI12",
+		"R_LARCH_TLS_IE64_PC_LO20",
+		"R_LARCH_TLS_IE_HI20",
+		"R_LARCH_TLS_IE_LO12",
+		"R_LARCH_TLS_IE_PC_HI20",
+		"R_LARCH_TLS_IE_PC_LO12",
+		"R_LARCH_TLS_LD_HI20",
+		"R_LARCH_TLS_LD_PC_HI20",
+		"R_LARCH_TLS_LE64_HI12",
+		"R_LARCH_TLS_LE64_LO20",
+		"R_LARCH_TLS_LE_HI20",
+		"R_LARCH_TLS_LE_LO12",
 		"R_LARCH_TLS_TPREL32",
 		"R_LARCH_TLS_TPREL64",
 		"R_MIPS",
@@ -1938,15 +1999,25 @@ var stdlib = map[string][]string{
 		"R_PPC64_ADDR16_HIGH",
 		"R_PPC64_ADDR16_HIGHA",
 		"R_PPC64_ADDR16_HIGHER",
+		"R_PPC64_ADDR16_HIGHER34",
 		"R_PPC64_ADDR16_HIGHERA",
+		"R_PPC64_ADDR16_HIGHERA34",
 		"R_PPC64_ADDR16_HIGHEST",
+		"R_PPC64_ADDR16_HIGHEST34",
 		"R_PPC64_ADDR16_HIGHESTA",
+		"R_PPC64_ADDR16_HIGHESTA34",
 		"R_PPC64_ADDR16_LO",
 		"R_PPC64_ADDR16_LO_DS",
 		"R_PPC64_ADDR24",
 		"R_PPC64_ADDR32",
 		"R_PPC64_ADDR64",
 		"R_PPC64_ADDR64_LOCAL",
+		"R_PPC64_COPY",
+		"R_PPC64_D28",
+		"R_PPC64_D34",
+		"R_PPC64_D34_HA30",
+		"R_PPC64_D34_HI30",
+		"R_PPC64_D34_LO",
 		"R_PPC64_DTPMOD64",
 		"R_PPC64_DTPREL16",
 		"R_PPC64_DTPREL16_DS",
@@ -1960,8 +2031,12 @@ var stdlib = map[string][]string{
 		"R_PPC64_DTPREL16_HIGHESTA",
 		"R_PPC64_DTPREL16_LO",
 		"R_PPC64_DTPREL16_LO_DS",
+		"R_PPC64_DTPREL34",
 		"R_PPC64_DTPREL64",
 		"R_PPC64_ENTRY",
+		"R_PPC64_GLOB_DAT",
+		"R_PPC64_GNU_VTENTRY",
+		"R_PPC64_GNU_VTINHERIT",
 		"R_PPC64_GOT16",
 		"R_PPC64_GOT16_DS",
 		"R_PPC64_GOT16_HA",
@@ -1972,29 +2047,50 @@ var stdlib = map[string][]string{
 		"R_PPC64_GOT_DTPREL16_HA",
 		"R_PPC64_GOT_DTPREL16_HI",
 		"R_PPC64_GOT_DTPREL16_LO_DS",
+		"R_PPC64_GOT_DTPREL_PCREL34",
+		"R_PPC64_GOT_PCREL34",
 		"R_PPC64_GOT_TLSGD16",
 		"R_PPC64_GOT_TLSGD16_HA",
 		"R_PPC64_GOT_TLSGD16_HI",
 		"R_PPC64_GOT_TLSGD16_LO",
+		"R_PPC64_GOT_TLSGD_PCREL34",
 		"R_PPC64_GOT_TLSLD16",
 		"R_PPC64_GOT_TLSLD16_HA",
 		"R_PPC64_GOT_TLSLD16_HI",
 		"R_PPC64_GOT_TLSLD16_LO",
+		"R_PPC64_GOT_TLSLD_PCREL34",
 		"R_PPC64_GOT_TPREL16_DS",
 		"R_PPC64_GOT_TPREL16_HA",
 		"R_PPC64_GOT_TPREL16_HI",
 		"R_PPC64_GOT_TPREL16_LO_DS",
+		"R_PPC64_GOT_TPREL_PCREL34",
 		"R_PPC64_IRELATIVE",
 		"R_PPC64_JMP_IREL",
 		"R_PPC64_JMP_SLOT",
 		"R_PPC64_NONE",
+		"R_PPC64_PCREL28",
+		"R_PPC64_PCREL34",
+		"R_PPC64_PCREL_OPT",
+		"R_PPC64_PLT16_HA",
+		"R_PPC64_PLT16_HI",
+		"R_PPC64_PLT16_LO",
 		"R_PPC64_PLT16_LO_DS",
+		"R_PPC64_PLT32",
+		"R_PPC64_PLT64",
+		"R_PPC64_PLTCALL",
+		"R_PPC64_PLTCALL_NOTOC",
 		"R_PPC64_PLTGOT16",
 		"R_PPC64_PLTGOT16_DS",
 		"R_PPC64_PLTGOT16_HA",
 		"R_PPC64_PLTGOT16_HI",
 		"R_PPC64_PLTGOT16_LO",
 		"R_PPC64_PLTGOT_LO_DS",
+		"R_PPC64_PLTREL32",
+		"R_PPC64_PLTREL64",
+		"R_PPC64_PLTSEQ",
+		"R_PPC64_PLTSEQ_NOTOC",
+		"R_PPC64_PLT_PCREL34",
+		"R_PPC64_PLT_PCREL34_NOTOC",
 		"R_PPC64_REL14",
 		"R_PPC64_REL14_BRNTAKEN",
 		"R_PPC64_REL14_BRTAKEN",
@@ -2002,13 +2098,28 @@ var stdlib = map[string][]string{
 		"R_PPC64_REL16DX_HA",
 		"R_PPC64_REL16_HA",
 		"R_PPC64_REL16_HI",
+		"R_PPC64_REL16_HIGH",
+		"R_PPC64_REL16_HIGHA",
+		"R_PPC64_REL16_HIGHER",
+		"R_PPC64_REL16_HIGHER34",
+		"R_PPC64_REL16_HIGHERA",
+		"R_PPC64_REL16_HIGHERA34",
+		"R_PPC64_REL16_HIGHEST",
+		"R_PPC64_REL16_HIGHEST34",
+		"R_PPC64_REL16_HIGHESTA",
+		"R_PPC64_REL16_HIGHESTA34",
 		"R_PPC64_REL16_LO",
 		"R_PPC64_REL24",
 		"R_PPC64_REL24_NOTOC",
+		"R_PPC64_REL30",
 		"R_PPC64_REL32",
 		"R_PPC64_REL64",
 		"R_PPC64_RELATIVE",
+		"R_PPC64_SECTOFF",
 		"R_PPC64_SECTOFF_DS",
+		"R_PPC64_SECTOFF_HA",
+		"R_PPC64_SECTOFF_HI",
+		"R_PPC64_SECTOFF_LO",
 		"R_PPC64_SECTOFF_LO_DS",
 		"R_PPC64_TLS",
 		"R_PPC64_TLSGD",
@@ -2033,7 +2144,11 @@ var stdlib = map[string][]string{
 		"R_PPC64_TPREL16_HIGHESTA",
 		"R_PPC64_TPREL16_LO",
 		"R_PPC64_TPREL16_LO_DS",
+		"R_PPC64_TPREL34",
 		"R_PPC64_TPREL64",
+		"R_PPC64_UADDR16",
+		"R_PPC64_UADDR32",
+		"R_PPC64_UADDR64",
 		"R_PPC_ADDR14",
 		"R_PPC_ADDR14_BRNTAKEN",
 		"R_PPC_ADDR14_BRTAKEN",
@@ -2581,6 +2696,9 @@ var stdlib = map[string][]string{
 		"IMAGE_FILE_MACHINE_POWERPC",
 		"IMAGE_FILE_MACHINE_POWERPCFP",
 		"IMAGE_FILE_MACHINE_R4000",
+		"IMAGE_FILE_MACHINE_RISCV128",
+		"IMAGE_FILE_MACHINE_RISCV32",
+		"IMAGE_FILE_MACHINE_RISCV64",
 		"IMAGE_FILE_MACHINE_SH3",
 		"IMAGE_FILE_MACHINE_SH3DSP",
 		"IMAGE_FILE_MACHINE_SH4",
@@ -2846,6 +2964,7 @@ var stdlib = map[string][]string{
 	"errors": {
 		"As",
 		"Is",
+		"Join",
 		"New",
 		"Unwrap",
 	},
@@ -2916,6 +3035,7 @@ var stdlib = map[string][]string{
 		"Appendf",
 		"Appendln",
 		"Errorf",
+		"FormatString",
 		"Formatter",
 		"Fprint",
 		"Fprintf",
@@ -3401,6 +3521,7 @@ var stdlib = map[string][]string{
 		"RecvOnly",
 		"RelativeTo",
 		"Rune",
+		"Satisfies",
 		"Scope",
 		"Selection",
 		"SelectionKind",
@@ -3702,8 +3823,10 @@ var stdlib = map[string][]string{
 		"LimitedReader",
 		"MultiReader",
 		"MultiWriter",
+		"NewOffsetWriter",
 		"NewSectionReader",
 		"NopCloser",
+		"OffsetWriter",
 		"Pipe",
 		"PipeReader",
 		"PipeWriter",
@@ -3770,6 +3893,7 @@ var stdlib = map[string][]string{
 		"ReadDirFile",
 		"ReadFile",
 		"ReadFileFS",
+		"SkipAll",
 		"SkipDir",
 		"Stat",
 		"StatFS",
@@ -4140,6 +4264,7 @@ var stdlib = map[string][]string{
 		"FlagLoopback",
 		"FlagMulticast",
 		"FlagPointToPoint",
+		"FlagRunning",
 		"FlagUp",
 		"Flags",
 		"HardwareAddr",
@@ -4284,6 +4409,7 @@ var stdlib = map[string][]string{
 		"NewFileTransport",
 		"NewRequest",
 		"NewRequestWithContext",
+		"NewResponseController",
 		"NewServeMux",
 		"NoBody",
 		"NotFound",
@@ -4303,6 +4429,7 @@ var stdlib = map[string][]string{
 		"RedirectHandler",
 		"Request",
 		"Response",
+		"ResponseController",
 		"ResponseWriter",
 		"RoundTripper",
 		"SameSite",
@@ -4445,6 +4572,7 @@ var stdlib = map[string][]string{
 		"NewProxyClientConn",
 		"NewServerConn",
 		"NewSingleHostReverseProxy",
+		"ProxyRequest",
 		"ReverseProxy",
 		"ServerConn",
 	},
@@ -4476,6 +4604,8 @@ var stdlib = map[string][]string{
 		"AddrPortFrom",
 		"IPv4Unspecified",
 		"IPv6LinkLocalAllNodes",
+		"IPv6LinkLocalAllRouters",
+		"IPv6Loopback",
 		"IPv6Unspecified",
 		"MustParseAddr",
 		"MustParseAddrPort",
@@ -4686,6 +4816,7 @@ var stdlib = map[string][]string{
 		"CommandContext",
 		"ErrDot",
 		"ErrNotFound",
+		"ErrWaitDelay",
 		"Error",
 		"ExitError",
 		"LookPath",
@@ -4734,11 +4865,13 @@ var stdlib = map[string][]string{
 		"Glob",
 		"HasPrefix",
 		"IsAbs",
+		"IsLocal",
 		"Join",
 		"ListSeparator",
 		"Match",
 		"Rel",
 		"Separator",
+		"SkipAll",
 		"SkipDir",
 		"Split",
 		"SplitList",
@@ -4860,6 +4993,7 @@ var stdlib = map[string][]string{
 		"ErrInvalidRepeatOp",
 		"ErrInvalidRepeatSize",
 		"ErrInvalidUTF8",
+		"ErrLarge",
 		"ErrMissingBracket",
 		"ErrMissingParen",
 		"ErrMissingRepeatArgument",
@@ -4968,8 +5102,16 @@ var stdlib = map[string][]string{
 	},
 	"runtime/cgo": {
 		"Handle",
+		"Incomplete",
 		"NewHandle",
 	},
+	"runtime/coverage": {
+		"ClearCounters",
+		"WriteCounters",
+		"WriteCountersDir",
+		"WriteMeta",
+		"WriteMetaDir",
+	},
 	"runtime/debug": {
 		"BuildInfo",
 		"BuildSetting",
@@ -5103,6 +5245,8 @@ var stdlib = map[string][]string{
 		"ContainsRune",
 		"Count",
 		"Cut",
+		"CutPrefix",
+		"CutSuffix",
 		"EqualFold",
 		"Fields",
 		"FieldsFunc",
@@ -5272,6 +5416,7 @@ var stdlib = map[string][]string{
 		"AF_TIPC",
 		"AF_UNIX",
 		"AF_UNSPEC",
+		"AF_UTUN",
 		"AF_VENDOR00",
 		"AF_VENDOR01",
 		"AF_VENDOR02",
@@ -5610,20 +5755,25 @@ var stdlib = map[string][]string{
 		"CLOCAL",
 		"CLONE_CHILD_CLEARTID",
 		"CLONE_CHILD_SETTID",
+		"CLONE_CLEAR_SIGHAND",
 		"CLONE_CSIGNAL",
 		"CLONE_DETACHED",
 		"CLONE_FILES",
 		"CLONE_FS",
+		"CLONE_INTO_CGROUP",
 		"CLONE_IO",
+		"CLONE_NEWCGROUP",
 		"CLONE_NEWIPC",
 		"CLONE_NEWNET",
 		"CLONE_NEWNS",
 		"CLONE_NEWPID",
+		"CLONE_NEWTIME",
 		"CLONE_NEWUSER",
 		"CLONE_NEWUTS",
 		"CLONE_PARENT",
 		"CLONE_PARENT_SETTID",
 		"CLONE_PID",
+		"CLONE_PIDFD",
 		"CLONE_PTRACE",
 		"CLONE_SETTLS",
 		"CLONE_SIGHAND",
@@ -6166,6 +6316,7 @@ var stdlib = map[string][]string{
 		"EPROTONOSUPPORT",
 		"EPROTOTYPE",
 		"EPWROFF",
+		"EQFULL",
 		"ERANGE",
 		"EREMCHG",
 		"EREMOTE",
@@ -6592,6 +6743,7 @@ var stdlib = map[string][]string{
 		"F_DUPFD",
 		"F_DUPFD_CLOEXEC",
 		"F_EXLCK",
+		"F_FINDSIGS",
 		"F_FLUSH_DATA",
 		"F_FREEZE_FS",
 		"F_FSCTL",
@@ -6602,6 +6754,7 @@ var stdlib = map[string][]string{
 		"F_FSPRIV",
 		"F_FSVOID",
 		"F_FULLFSYNC",
+		"F_GETCODEDIR",
 		"F_GETFD",
 		"F_GETFL",
 		"F_GETLEASE",
@@ -6615,6 +6768,7 @@ var stdlib = map[string][]string{
 		"F_GETPATH_MTMINFO",
 		"F_GETPIPE_SZ",
 		"F_GETPROTECTIONCLASS",
+		"F_GETPROTECTIONLEVEL",
 		"F_GETSIG",
 		"F_GLOBAL_NOCACHE",
 		"F_LOCK",
@@ -6647,6 +6801,7 @@ var stdlib = map[string][]string{
 		"F_SETLK64",
 		"F_SETLKW",
 		"F_SETLKW64",
+		"F_SETLKWTIMEOUT",
 		"F_SETLK_REMOTE",
 		"F_SETNOSIGPIPE",
 		"F_SETOWN",
@@ -6656,9 +6811,11 @@ var stdlib = map[string][]string{
 		"F_SETSIG",
 		"F_SETSIZE",
 		"F_SHLCK",
+		"F_SINGLE_WRITER",
 		"F_TEST",
 		"F_THAW_FS",
 		"F_TLOCK",
+		"F_TRANSCODEKEY",
 		"F_ULOCK",
 		"F_UNLCK",
 		"F_UNLCKSYS",
@@ -7854,12 +8011,20 @@ var stdlib = map[string][]string{
 		"NOFLSH",
 		"NOTE_ABSOLUTE",
 		"NOTE_ATTRIB",
+		"NOTE_BACKGROUND",
 		"NOTE_CHILD",
+		"NOTE_CRITICAL",
 		"NOTE_DELETE",
 		"NOTE_EOF",
 		"NOTE_EXEC",
 		"NOTE_EXIT",
 		"NOTE_EXITSTATUS",
+		"NOTE_EXIT_CSERROR",
+		"NOTE_EXIT_DECRYPTFAIL",
+		"NOTE_EXIT_DETAIL",
+		"NOTE_EXIT_DETAIL_MASK",
+		"NOTE_EXIT_MEMORY",
+		"NOTE_EXIT_REPARENTED",
 		"NOTE_EXTEND",
 		"NOTE_FFAND",
 		"NOTE_FFCOPY",
@@ -7868,6 +8033,7 @@ var stdlib = map[string][]string{
 		"NOTE_FFNOP",
 		"NOTE_FFOR",
 		"NOTE_FORK",
+		"NOTE_LEEWAY",
 		"NOTE_LINK",
 		"NOTE_LOWAT",
 		"NOTE_NONE",
@@ -7946,6 +8112,7 @@ var stdlib = map[string][]string{
 		"O_CREAT",
 		"O_DIRECT",
 		"O_DIRECTORY",
+		"O_DP_GETRAWENCRYPTED",
 		"O_DSYNC",
 		"O_EVTONLY",
 		"O_EXCL",
@@ -8235,6 +8402,7 @@ var stdlib = map[string][]string{
 		"RLIMIT_AS",
 		"RLIMIT_CORE",
 		"RLIMIT_CPU",
+		"RLIMIT_CPU_USAGE_MONITOR",
 		"RLIMIT_DATA",
 		"RLIMIT_FSIZE",
 		"RLIMIT_NOFILE",
@@ -8347,9 +8515,11 @@ var stdlib = map[string][]string{
 		"RTF_PROTO1",
 		"RTF_PROTO2",
 		"RTF_PROTO3",
+		"RTF_PROXY",
 		"RTF_REINSTATE",
 		"RTF_REJECT",
 		"RTF_RNH_LOCKED",
+		"RTF_ROUTER",
 		"RTF_SOURCE",
 		"RTF_SRC",
 		"RTF_STATIC",
@@ -8868,6 +9038,7 @@ var stdlib = map[string][]string{
 		"SO_NO_OFFLOAD",
 		"SO_NP_EXTENSIONS",
 		"SO_NREAD",
+		"SO_NUMRCVPKT",
 		"SO_NWRITE",
 		"SO_OOBINLINE",
 		"SO_OVERFLOWED",
@@ -9037,6 +9208,7 @@ var stdlib = map[string][]string{
 		"SYS_CREAT",
 		"SYS_CREATE_MODULE",
 		"SYS_CSOPS",
+		"SYS_CSOPS_AUDITTOKEN",
 		"SYS_DELETE",
 		"SYS_DELETE_MODULE",
 		"SYS_DUP",
@@ -9223,6 +9395,7 @@ var stdlib = map[string][]string{
 		"SYS_JAIL_GET",
 		"SYS_JAIL_REMOVE",
 		"SYS_JAIL_SET",
+		"SYS_KAS_INFO",
 		"SYS_KDEBUG_TRACE",
 		"SYS_KENV",
 		"SYS_KEVENT",
@@ -9250,6 +9423,7 @@ var stdlib = map[string][]string{
 		"SYS_LCHMOD",
 		"SYS_LCHOWN",
 		"SYS_LCHOWN32",
+		"SYS_LEDGER",
 		"SYS_LGETFH",
 		"SYS_LGETXATTR",
 		"SYS_LINK",
@@ -9346,6 +9520,7 @@ var stdlib = map[string][]string{
 		"SYS_OPENAT",
 		"SYS_OPENBSD_POLL",
 		"SYS_OPEN_BY_HANDLE_AT",
+		"SYS_OPEN_DPROTECTED_NP",
 		"SYS_OPEN_EXTENDED",
 		"SYS_OPEN_NOCANCEL",
 		"SYS_OVADVISE",
@@ -9978,6 +10153,7 @@ var stdlib = map[string][]string{
 		"TCP_CONNECTIONTIMEOUT",
 		"TCP_CORK",
 		"TCP_DEFER_ACCEPT",
+		"TCP_ENABLE_ECN",
 		"TCP_INFO",
 		"TCP_KEEPALIVE",
 		"TCP_KEEPCNT",
@@ -10000,11 +10176,13 @@ var stdlib = map[string][]string{
 		"TCP_NODELAY",
 		"TCP_NOOPT",
 		"TCP_NOPUSH",
+		"TCP_NOTSENT_LOWAT",
 		"TCP_NSTATES",
 		"TCP_QUICKACK",
 		"TCP_RXT_CONNDROPTIME",
 		"TCP_RXT_FINDROP",
 		"TCP_SACK_ENABLE",
+		"TCP_SENDMOREACKS",
 		"TCP_SYNCNT",
 		"TCP_VENDOR",
 		"TCP_WINDOW_CLAMP",
@@ -10540,6 +10718,8 @@ var stdlib = map[string][]string{
 		"April",
 		"August",
 		"Date",
+		"DateOnly",
+		"DateTime",
 		"December",
 		"Duration",
 		"February",
@@ -10594,6 +10774,7 @@ var stdlib = map[string][]string{
 		"Tick",
 		"Ticker",
 		"Time",
+		"TimeOnly",
 		"Timer",
 		"Tuesday",
 		"UTC",
@@ -10892,6 +11073,7 @@ var stdlib = map[string][]string{
 		"Zs",
 	},
 	"unicode/utf16": {
+		"AppendRune",
 		"Decode",
 		"DecodeRune",
 		"Encode",
@@ -10920,10 +11102,14 @@ var stdlib = map[string][]string{
 		"ValidString",
 	},
 	"unsafe": {
+		"Add",
 		"Alignof",
-		"ArbitraryType",
 		"Offsetof",
 		"Pointer",
 		"Sizeof",
+		"Slice",
+		"SliceData",
+		"String",
+		"StringData",
 	},
 }
diff --git a/vendor/k8s.io/api/core/v1/generated.proto b/vendor/k8s.io/api/core/v1/generated.proto
index 9264bfd98b..416811e291 100644
--- a/vendor/k8s.io/api/core/v1/generated.proto
+++ b/vendor/k8s.io/api/core/v1/generated.proto
@@ -4512,7 +4512,7 @@ message ResourceRequirements {
   // This is an alpha field and requires enabling the
   // DynamicResourceAllocation feature gate.
   //
-  // This field is immutable.
+  // This field is immutable. It can only be set for containers.
   //
   // +listType=map
   // +listMapKey=name
diff --git a/vendor/k8s.io/api/core/v1/types.go b/vendor/k8s.io/api/core/v1/types.go
index 4be1df0c1d..0101e95d91 100644
--- a/vendor/k8s.io/api/core/v1/types.go
+++ b/vendor/k8s.io/api/core/v1/types.go
@@ -2320,7 +2320,7 @@ type ResourceRequirements struct {
 	// This is an alpha field and requires enabling the
 	// DynamicResourceAllocation feature gate.
 	//
-	// This field is immutable.
+	// This field is immutable. It can only be set for containers.
 	//
 	// +listType=map
 	// +listMapKey=name
diff --git a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
index 6c6fe2e006..99391a423d 100644
--- a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
@@ -2041,7 +2041,7 @@ var map_ResourceRequirements = map[string]string{
 	"":         "ResourceRequirements describes the compute resource requirements.",
 	"limits":   "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/",
 	"requests": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/",
-	"claims":   "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable.",
+	"claims":   "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.",
 }
 
 func (ResourceRequirements) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/client-go/discovery/aggregated_discovery.go b/vendor/k8s.io/client-go/discovery/aggregated_discovery.go
index 033a4c8fc3..758b0a3ac8 100644
--- a/vendor/k8s.io/client-go/discovery/aggregated_discovery.go
+++ b/vendor/k8s.io/client-go/discovery/aggregated_discovery.go
@@ -24,19 +24,36 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
+// StaleGroupVersionError encasulates failed GroupVersion marked "stale"
+// in the returned AggregatedDiscovery format.
+type StaleGroupVersionError struct {
+	gv schema.GroupVersion
+}
+
+func (s StaleGroupVersionError) Error() string {
+	return fmt.Sprintf("stale GroupVersion discovery: %v", s.gv)
+}
+
 // SplitGroupsAndResources transforms "aggregated" discovery top-level structure into
 // the previous "unaggregated" discovery groups and resources.
-func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList) (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList) {
+func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList) (
+	*metav1.APIGroupList,
+	map[schema.GroupVersion]*metav1.APIResourceList,
+	map[schema.GroupVersion]error) {
 	// Aggregated group list will contain the entirety of discovery, including
-	// groups, versions, and resources.
+	// groups, versions, and resources. GroupVersions marked "stale" are failed.
 	groups := []*metav1.APIGroup{}
+	failedGVs := map[schema.GroupVersion]error{}
 	resourcesByGV := map[schema.GroupVersion]*metav1.APIResourceList{}
 	for _, aggGroup := range aggregatedGroups.Items {
-		group, resources := convertAPIGroup(aggGroup)
+		group, resources, failed := convertAPIGroup(aggGroup)
 		groups = append(groups, group)
 		for gv, resourceList := range resources {
 			resourcesByGV[gv] = resourceList
 		}
+		for gv, err := range failed {
+			failedGVs[gv] = err
+		}
 	}
 	// Transform slice of groups to group list before returning.
 	groupList := &metav1.APIGroupList{}
@@ -44,23 +61,32 @@ func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList
 	for _, group := range groups {
 		groupList.Groups = append(groupList.Groups, *group)
 	}
-	return groupList, resourcesByGV
+	return groupList, resourcesByGV, failedGVs
 }
 
 // convertAPIGroup tranforms an "aggregated" APIGroupDiscovery to an "legacy" APIGroup,
 // also returning the map of APIResourceList for resources within GroupVersions.
-func convertAPIGroup(g apidiscovery.APIGroupDiscovery) (*metav1.APIGroup, map[schema.GroupVersion]*metav1.APIResourceList) {
+func convertAPIGroup(g apidiscovery.APIGroupDiscovery) (
+	*metav1.APIGroup,
+	map[schema.GroupVersion]*metav1.APIResourceList,
+	map[schema.GroupVersion]error) {
 	// Iterate through versions to convert to group and resources.
 	group := &metav1.APIGroup{}
 	gvResources := map[schema.GroupVersion]*metav1.APIResourceList{}
+	failedGVs := map[schema.GroupVersion]error{}
 	group.Name = g.ObjectMeta.Name
-	for i, v := range g.Versions {
-		version := metav1.GroupVersionForDiscovery{}
+	for _, v := range g.Versions {
 		gv := schema.GroupVersion{Group: g.Name, Version: v.Version}
+		if v.Freshness == apidiscovery.DiscoveryFreshnessStale {
+			failedGVs[gv] = StaleGroupVersionError{gv: gv}
+			continue
+		}
+		version := metav1.GroupVersionForDiscovery{}
 		version.GroupVersion = gv.String()
 		version.Version = v.Version
 		group.Versions = append(group.Versions, version)
-		if i == 0 {
+		// PreferredVersion is first non-stale Version
+		if group.PreferredVersion == (metav1.GroupVersionForDiscovery{}) {
 			group.PreferredVersion = version
 		}
 		resourceList := &metav1.APIResourceList{}
@@ -76,7 +102,7 @@ func convertAPIGroup(g apidiscovery.APIGroupDiscovery) (*metav1.APIGroup, map[sc
 		}
 		gvResources[gv] = resourceList
 	}
-	return group, gvResources
+	return group, gvResources, failedGVs
 }
 
 // convertAPIResource tranforms a APIResourceDiscovery to an APIResource.
diff --git a/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go b/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go
index 0a41018474..9143ce00ab 100644
--- a/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go
+++ b/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go
@@ -33,6 +33,7 @@ import (
 	"k8s.io/client-go/openapi"
 	cachedopenapi "k8s.io/client-go/openapi/cached"
 	restclient "k8s.io/client-go/rest"
+	"k8s.io/klog/v2"
 )
 
 type cacheEntry struct {
@@ -61,6 +62,15 @@ var (
 	ErrCacheNotFound = errors.New("not found")
 )
 
+// Server returning empty ResourceList for Group/Version.
+type emptyResponseError struct {
+	gv string
+}
+
+func (e *emptyResponseError) Error() string {
+	return fmt.Sprintf("received empty response for: %s", e.gv)
+}
+
 var _ discovery.CachedDiscoveryInterface = &memCacheClient{}
 
 // isTransientConnectionError checks whether given error is "Connection refused" or
@@ -103,7 +113,13 @@ func (d *memCacheClient) ServerResourcesForGroupVersion(groupVersion string) (*m
 	if cachedVal.err != nil && isTransientError(cachedVal.err) {
 		r, err := d.serverResourcesForGroupVersion(groupVersion)
 		if err != nil {
-			utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", groupVersion, err))
+			// Don't log "empty response" as an error; it is a common response for metrics.
+			if _, emptyErr := err.(*emptyResponseError); emptyErr {
+				// Log at same verbosity as disk cache.
+				klog.V(3).Infof("%v", err)
+			} else {
+				utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", groupVersion, err))
+			}
 		}
 		cachedVal = &cacheEntry{r, err}
 		d.groupToServerResources[groupVersion] = cachedVal
@@ -120,32 +136,38 @@ func (d *memCacheClient) ServerGroupsAndResources() ([]*metav1.APIGroup, []*meta
 // GroupsAndMaybeResources returns the list of APIGroups, and possibly the map of group/version
 // to resources. The returned groups will never be nil, but the resources map can be nil
 // if there are no cached resources.
-func (d *memCacheClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) {
+func (d *memCacheClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, map[schema.GroupVersion]error, error) {
 	d.lock.Lock()
 	defer d.lock.Unlock()
 
 	if !d.cacheValid {
 		if err := d.refreshLocked(); err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
 	}
 	// Build the resourceList from the cache?
 	var resourcesMap map[schema.GroupVersion]*metav1.APIResourceList
+	var failedGVs map[schema.GroupVersion]error
 	if d.receivedAggregatedDiscovery && len(d.groupToServerResources) > 0 {
 		resourcesMap = map[schema.GroupVersion]*metav1.APIResourceList{}
+		failedGVs = map[schema.GroupVersion]error{}
 		for gv, cacheEntry := range d.groupToServerResources {
 			groupVersion, err := schema.ParseGroupVersion(gv)
 			if err != nil {
-				return nil, nil, fmt.Errorf("failed to parse group version (%v): %v", gv, err)
+				return nil, nil, nil, fmt.Errorf("failed to parse group version (%v): %v", gv, err)
+			}
+			if cacheEntry.err != nil {
+				failedGVs[groupVersion] = cacheEntry.err
+			} else {
+				resourcesMap[groupVersion] = cacheEntry.resourceList
 			}
-			resourcesMap[groupVersion] = cacheEntry.resourceList
 		}
 	}
-	return d.groupList, resourcesMap, nil
+	return d.groupList, resourcesMap, failedGVs, nil
 }
 
 func (d *memCacheClient) ServerGroups() (*metav1.APIGroupList, error) {
-	groups, _, err := d.GroupsAndMaybeResources()
+	groups, _, _, err := d.GroupsAndMaybeResources()
 	if err != nil {
 		return nil, err
 	}
@@ -219,7 +241,8 @@ func (d *memCacheClient) refreshLocked() error {
 
 	if ad, ok := d.delegate.(discovery.AggregatedDiscoveryInterface); ok {
 		var resources map[schema.GroupVersion]*metav1.APIResourceList
-		gl, resources, err = ad.GroupsAndMaybeResources()
+		var failedGVs map[schema.GroupVersion]error
+		gl, resources, failedGVs, err = ad.GroupsAndMaybeResources()
 		if resources != nil && err == nil {
 			// Cache the resources.
 			d.groupToServerResources = map[string]*cacheEntry{}
@@ -227,6 +250,10 @@ func (d *memCacheClient) refreshLocked() error {
 			for gv, resources := range resources {
 				d.groupToServerResources[gv.String()] = &cacheEntry{resources, nil}
 			}
+			// Cache GroupVersion discovery errors
+			for gv, err := range failedGVs {
+				d.groupToServerResources[gv.String()] = &cacheEntry{nil, err}
+			}
 			d.receivedAggregatedDiscovery = true
 			d.cacheValid = true
 			return nil
@@ -252,7 +279,13 @@ func (d *memCacheClient) refreshLocked() error {
 
 				r, err := d.serverResourcesForGroupVersion(gv)
 				if err != nil {
-					utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", gv, err))
+					// Don't log "empty response" as an error; it is a common response for metrics.
+					if _, emptyErr := err.(*emptyResponseError); emptyErr {
+						// Log at same verbosity as disk cache.
+						klog.V(3).Infof("%v", err)
+					} else {
+						utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", gv, err))
+					}
 				}
 
 				resultLock.Lock()
@@ -274,7 +307,7 @@ func (d *memCacheClient) serverResourcesForGroupVersion(groupVersion string) (*m
 		return r, err
 	}
 	if len(r.APIResources) == 0 {
-		return r, fmt.Errorf("Got empty response for: %v", groupVersion)
+		return r, &emptyResponseError{gv: groupVersion}
 	}
 	return r, nil
 }
diff --git a/vendor/k8s.io/client-go/discovery/discovery_client.go b/vendor/k8s.io/client-go/discovery/discovery_client.go
index 43906190fb..641568008b 100644
--- a/vendor/k8s.io/client-go/discovery/discovery_client.go
+++ b/vendor/k8s.io/client-go/discovery/discovery_client.go
@@ -86,7 +86,7 @@ type DiscoveryInterface interface {
 type AggregatedDiscoveryInterface interface {
 	DiscoveryInterface
 
-	GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error)
+	GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, map[schema.GroupVersion]error, error)
 }
 
 // CachedDiscoveryInterface is a DiscoveryInterface with cache invalidation and freshness.
@@ -186,18 +186,23 @@ func apiVersionsToAPIGroup(apiVersions *metav1.APIVersions) (apiGroup metav1.API
 // and resources from /api and /apis (either aggregated or not). Legacy groups
 // must be ordered first. The server will either return both endpoints (/api, /apis)
 // as aggregated discovery format or legacy format. For safety, resources will only
-// be returned if both endpoints returned resources.
-func (d *DiscoveryClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) {
+// be returned if both endpoints returned resources. Returned "failedGVs" can be
+// empty, but will only be nil in the case an error is returned.
+func (d *DiscoveryClient) GroupsAndMaybeResources() (
+	*metav1.APIGroupList,
+	map[schema.GroupVersion]*metav1.APIResourceList,
+	map[schema.GroupVersion]error,
+	error) {
 	// Legacy group ordered first (there is only one -- core/v1 group). Returned groups must
 	// be non-nil, but it could be empty. Returned resources, apiResources map could be nil.
-	groups, resources, err := d.downloadLegacy()
+	groups, resources, failedGVs, err := d.downloadLegacy()
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, nil, err
 	}
 	// Discovery groups and (possibly) resources downloaded from /apis.
-	apiGroups, apiResources, aerr := d.downloadAPIs()
+	apiGroups, apiResources, failedApisGVs, aerr := d.downloadAPIs()
 	if aerr != nil {
-		return nil, nil, aerr
+		return nil, nil, nil, aerr
 	}
 	// Merge apis groups into the legacy groups.
 	for _, group := range apiGroups.Groups {
@@ -211,14 +216,23 @@ func (d *DiscoveryClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[s
 	} else if resources != nil {
 		resources = nil
 	}
-	return groups, resources, err
+	// Merge failed GroupVersions from /api and /apis
+	for gv, err := range failedApisGVs {
+		failedGVs[gv] = err
+	}
+	return groups, resources, failedGVs, err
 }
 
 // downloadLegacy returns the discovery groups and possibly resources
 // for the legacy v1 GVR at /api, or an error if one occurred. It is
 // possible for the resource map to be nil if the server returned
-// the unaggregated discovery.
-func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) {
+// the unaggregated discovery. Returned "failedGVs" can be empty, but
+// will only be nil in the case of a returned error.
+func (d *DiscoveryClient) downloadLegacy() (
+	*metav1.APIGroupList,
+	map[schema.GroupVersion]*metav1.APIResourceList,
+	map[schema.GroupVersion]error,
+	error) {
 	accept := acceptDiscoveryFormats
 	if d.UseLegacyDiscovery {
 		accept = AcceptV1
@@ -230,16 +244,19 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro
 		Do(context.TODO()).
 		ContentType(&responseContentType).
 		Raw()
-	// Special error handling for 403 or 404 to be compatible with older v1.0 servers.
-	// Return empty group list to be merged with /apis.
-	if err != nil && !errors.IsNotFound(err) && !errors.IsForbidden(err) {
-		return nil, nil, err
-	}
-	if err != nil && (errors.IsNotFound(err) || errors.IsForbidden(err)) {
-		return &metav1.APIGroupList{}, nil, nil
+	apiGroupList := &metav1.APIGroupList{}
+	failedGVs := map[schema.GroupVersion]error{}
+	if err != nil {
+		// Tolerate 404, since aggregated api servers can return it.
+		if errors.IsNotFound(err) {
+			// Return empty structures and no error.
+			emptyGVMap := map[schema.GroupVersion]*metav1.APIResourceList{}
+			return apiGroupList, emptyGVMap, failedGVs, nil
+		} else {
+			return nil, nil, nil, err
+		}
 	}
 
-	apiGroupList := &metav1.APIGroupList{}
 	var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList
 	// Switch on content-type server responded with: aggregated or unaggregated.
 	switch responseContentType {
@@ -247,7 +264,7 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro
 		var v metav1.APIVersions
 		err = json.Unmarshal(body, &v)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
 		apiGroup := metav1.APIGroup{}
 		if len(v.Versions) != 0 {
@@ -258,20 +275,25 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro
 		var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList
 		err = json.Unmarshal(body, &aggregatedDiscovery)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
-		apiGroupList, resourcesByGV = SplitGroupsAndResources(aggregatedDiscovery)
+		apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery)
 	default:
-		return nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType)
+		return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType)
 	}
 
-	return apiGroupList, resourcesByGV, nil
+	return apiGroupList, resourcesByGV, failedGVs, nil
 }
 
 // downloadAPIs returns the discovery groups and (if aggregated format) the
 // discovery resources. The returned groups will always exist, but the
-// resources map may be nil.
-func (d *DiscoveryClient) downloadAPIs() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) {
+// resources map may be nil. Returned "failedGVs" can be empty, but will
+// only be nil in the case of a returned error.
+func (d *DiscoveryClient) downloadAPIs() (
+	*metav1.APIGroupList,
+	map[schema.GroupVersion]*metav1.APIResourceList,
+	map[schema.GroupVersion]error,
+	error) {
 	accept := acceptDiscoveryFormats
 	if d.UseLegacyDiscovery {
 		accept = AcceptV1
@@ -283,42 +305,38 @@ func (d *DiscoveryClient) downloadAPIs() (*metav1.APIGroupList, map[schema.Group
 		Do(context.TODO()).
 		ContentType(&responseContentType).
 		Raw()
-	// Special error handling for 403 or 404 to be compatible with older v1.0 servers.
-	// Return empty group list to be merged with /api.
-	if err != nil && !errors.IsNotFound(err) && !errors.IsForbidden(err) {
-		return nil, nil, err
-	}
-	if err != nil && (errors.IsNotFound(err) || errors.IsForbidden(err)) {
-		return &metav1.APIGroupList{}, nil, nil
+	if err != nil {
+		return nil, nil, nil, err
 	}
 
 	apiGroupList := &metav1.APIGroupList{}
+	failedGVs := map[schema.GroupVersion]error{}
 	var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList
 	// Switch on content-type server responded with: aggregated or unaggregated.
 	switch responseContentType {
 	case AcceptV1:
 		err = json.Unmarshal(body, apiGroupList)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
 	case AcceptV2Beta1:
 		var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList
 		err = json.Unmarshal(body, &aggregatedDiscovery)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
-		apiGroupList, resourcesByGV = SplitGroupsAndResources(aggregatedDiscovery)
+		apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery)
 	default:
-		return nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType)
+		return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType)
 	}
 
-	return apiGroupList, resourcesByGV, nil
+	return apiGroupList, resourcesByGV, failedGVs, nil
 }
 
 // ServerGroups returns the supported groups, with information like supported versions and the
 // preferred version.
 func (d *DiscoveryClient) ServerGroups() (*metav1.APIGroupList, error) {
-	groups, _, err := d.GroupsAndMaybeResources()
+	groups, _, _, err := d.GroupsAndMaybeResources()
 	if err != nil {
 		return nil, err
 	}
@@ -341,8 +359,10 @@ func (d *DiscoveryClient) ServerResourcesForGroupVersion(groupVersion string) (r
 	}
 	err = d.restClient.Get().AbsPath(url.String()).Do(context.TODO()).Into(resources)
 	if err != nil {
-		// ignore 403 or 404 error to be compatible with an v1.0 server.
-		if groupVersion == "v1" && (errors.IsNotFound(err) || errors.IsForbidden(err)) {
+		// Tolerate core/v1 not found response by returning empty resource list;
+		// this probably should not happen. But we should verify all callers are
+		// not depending on this toleration before removal.
+		if groupVersion == "v1" && errors.IsNotFound(err) {
 			return resources, nil
 		}
 		return nil, err
@@ -383,13 +403,14 @@ func IsGroupDiscoveryFailedError(err error) bool {
 func ServerGroupsAndResources(d DiscoveryInterface) ([]*metav1.APIGroup, []*metav1.APIResourceList, error) {
 	var sgs *metav1.APIGroupList
 	var resources []*metav1.APIResourceList
+	var failedGVs map[schema.GroupVersion]error
 	var err error
 
 	// If the passed discovery object implements the wider AggregatedDiscoveryInterface,
 	// then attempt to retrieve aggregated discovery with both groups and the resources.
 	if ad, ok := d.(AggregatedDiscoveryInterface); ok {
 		var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList
-		sgs, resourcesByGV, err = ad.GroupsAndMaybeResources()
+		sgs, resourcesByGV, failedGVs, err = ad.GroupsAndMaybeResources()
 		for _, resourceList := range resourcesByGV {
 			resources = append(resources, resourceList)
 		}
@@ -404,8 +425,15 @@ func ServerGroupsAndResources(d DiscoveryInterface) ([]*metav1.APIGroup, []*meta
 	for i := range sgs.Groups {
 		resultGroups = append(resultGroups, &sgs.Groups[i])
 	}
+	// resources is non-nil if aggregated discovery succeeded.
 	if resources != nil {
-		return resultGroups, resources, nil
+		// Any stale Group/Versions returned by aggregated discovery
+		// must be surfaced to the caller as failed Group/Versions.
+		var ferr error
+		if len(failedGVs) > 0 {
+			ferr = &ErrGroupDiscoveryFailed{Groups: failedGVs}
+		}
+		return resultGroups, resources, ferr
 	}
 
 	groupVersionResources, failedGroups := fetchGroupVersionResources(d, sgs)
@@ -436,16 +464,18 @@ func ServerPreferredResources(d DiscoveryInterface) ([]*metav1.APIResourceList,
 	var err error
 
 	// If the passed discovery object implements the wider AggregatedDiscoveryInterface,
-	// then it is attempt to retrieve both the groups and the resources.
+	// then it is attempt to retrieve both the groups and the resources. "failedGroups"
+	// are Group/Versions returned as stale in AggregatedDiscovery format.
 	ad, ok := d.(AggregatedDiscoveryInterface)
 	if ok {
-		serverGroupList, groupVersionResources, err = ad.GroupsAndMaybeResources()
+		serverGroupList, groupVersionResources, failedGroups, err = ad.GroupsAndMaybeResources()
 	} else {
 		serverGroupList, err = d.ServerGroups()
 	}
 	if err != nil {
 		return nil, err
 	}
+	// Non-aggregated discovery must fetch resources from Groups.
 	if groupVersionResources == nil {
 		groupVersionResources, failedGroups = fetchGroupVersionResources(d, serverGroupList)
 	}
diff --git a/vendor/k8s.io/kube-aggregator/pkg/apiserver/handler_discovery.go b/vendor/k8s.io/kube-aggregator/pkg/apiserver/handler_discovery.go
index 860806e689..a56b19740b 100644
--- a/vendor/k8s.io/kube-aggregator/pkg/apiserver/handler_discovery.go
+++ b/vendor/k8s.io/kube-aggregator/pkg/apiserver/handler_discovery.go
@@ -61,14 +61,10 @@ type DiscoveryAggregationController interface {
 	// Spwans a worker which waits for added/updated apiservices and updates
 	// the unified discovery document by contacting the aggregated api services
 	Run(stopCh <-chan struct{})
-
-	// Returns true if all non-local APIServices that have been added
-	// are synced at least once to the discovery document
-	ExternalServicesSynced() bool
 }
 
 type discoveryManager struct {
-	// Locks `services`
+	// Locks `apiServices`
 	servicesLock sync.RWMutex
 
 	// Map from APIService's name (or a unique string for local servers)
@@ -147,9 +143,6 @@ type groupVersionInfo struct {
 	// was stored, the discovery document will always be re-fetched.
 	lastMarkedDirty time.Time
 
-	// Last time sync function was run for this GV.
-	lastReconciled time.Time
-
 	// ServiceReference of this GroupVersion. This identifies the Service which
 	// describes how to contact the server responsible for this GroupVersion.
 	service serviceKey
@@ -299,9 +292,9 @@ func (dm *discoveryManager) fetchFreshDiscoveryForService(gv metav1.GroupVersion
 			lastUpdated: now,
 		}
 
-		// Save the resolve, because it is still useful in case other services
-		// are already marked dirty. THey can use it without making http request
-		dm.setCacheEntryForService(info.service, cached)
+		// Do not save the resolve as the legacy fallback only fetches
+		// one group version and an API Service may serve multiple
+		// group versions.
 		return &cached, nil
 
 	case http.StatusOK:
@@ -350,12 +343,8 @@ func (dm *discoveryManager) syncAPIService(apiServiceName string) error {
 	}
 
 	// Lookup last cached result for this apiservice's service.
-	now := time.Now()
 	cached, err := dm.fetchFreshDiscoveryForService(mgv, info)
 
-	info.lastReconciled = now
-	dm.setInfoForAPIService(apiServiceName, &info)
-
 	var entry apidiscoveryv2beta1.APIVersionDiscovery
 
 	// Extract the APIService's specific resource information from the
@@ -477,18 +466,6 @@ func (dm *discoveryManager) RemoveAPIService(apiServiceName string) {
 	}
 }
 
-func (dm *discoveryManager) ExternalServicesSynced() bool {
-	dm.servicesLock.RLock()
-	defer dm.servicesLock.RUnlock()
-	for _, info := range dm.apiServices {
-		if info.lastReconciled.IsZero() {
-			return false
-		}
-	}
-
-	return true
-}
-
 //
 // Lock-protected accessors
 //
diff --git a/vendor/k8s.io/kubernetes/pkg/api/persistentvolumeclaim/util.go b/vendor/k8s.io/kubernetes/pkg/api/persistentvolumeclaim/util.go
index 4334afcca5..1304c1fe04 100644
--- a/vendor/k8s.io/kubernetes/pkg/api/persistentvolumeclaim/util.go
+++ b/vendor/k8s.io/kubernetes/pkg/api/persistentvolumeclaim/util.go
@@ -49,6 +49,10 @@ func DropDisabledFields(pvcSpec, oldPVCSpec *core.PersistentVolumeClaimSpec) {
 			pvcSpec.DataSourceRef = nil
 		}
 	}
+
+	// Setting VolumeClaimTemplate.Resources.Claims should have been caught by validation when
+	// extending ResourceRequirements in 1.26. Now we can only accept it and drop the field.
+	pvcSpec.Resources.Claims = nil
 }
 
 // EnforceDataSourceBackwardsCompatibility drops the data source field under certain conditions
diff --git a/vendor/k8s.io/kubernetes/pkg/api/pod/util.go b/vendor/k8s.io/kubernetes/pkg/api/pod/util.go
index c99a8e34f3..d6b0fb670f 100644
--- a/vendor/k8s.io/kubernetes/pkg/api/pod/util.go
+++ b/vendor/k8s.io/kubernetes/pkg/api/pod/util.go
@@ -563,6 +563,16 @@ func dropDisabledDynamicResourceAllocationFields(podSpec, oldPodSpec *api.PodSpe
 		dropEphemeralResourceClaimRequests(podSpec.EphemeralContainers)
 		podSpec.ResourceClaims = nil
 	}
+
+	// Setting VolumeClaimTemplate.Resources.Claims should have been
+	// treated as an error by validation when extending
+	// ResourceRequirements in 1.26. Now we can only accept it and drop the
+	// field.
+	for i := range podSpec.Volumes {
+		if podSpec.Volumes[i].Ephemeral != nil && podSpec.Volumes[i].Ephemeral.VolumeClaimTemplate != nil {
+			podSpec.Volumes[i].Ephemeral.VolumeClaimTemplate.Spec.Resources.Claims = nil
+		}
+	}
 }
 
 func dynamicResourceAllocationInUse(podSpec *api.PodSpec) bool {
diff --git a/vendor/k8s.io/kubernetes/pkg/apis/apps/validation/validation.go b/vendor/k8s.io/kubernetes/pkg/apis/apps/validation/validation.go
index 7fb8160c1a..5cda03082a 100644
--- a/vendor/k8s.io/kubernetes/pkg/apis/apps/validation/validation.go
+++ b/vendor/k8s.io/kubernetes/pkg/apis/apps/validation/validation.go
@@ -28,11 +28,9 @@ import (
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/validation"
 	"k8s.io/apimachinery/pkg/util/validation/field"
-	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	"k8s.io/kubernetes/pkg/apis/apps"
 	api "k8s.io/kubernetes/pkg/apis/core"
 	apivalidation "k8s.io/kubernetes/pkg/apis/core/validation"
-	"k8s.io/kubernetes/pkg/features"
 )
 
 // ValidateStatefulSetName can be used to check whether the given StatefulSet name is valid.
@@ -130,11 +128,9 @@ func ValidateStatefulSetSpec(spec *apps.StatefulSetSpec, fldPath *field.Path, op
 
 	allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(spec.Replicas), fldPath.Child("replicas"))...)
 	allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(spec.MinReadySeconds), fldPath.Child("minReadySeconds"))...)
-	if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetStartOrdinal) {
-		if spec.Ordinals != nil {
-			replicaStartOrdinal := spec.Ordinals.Start
-			allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(replicaStartOrdinal), fldPath.Child("ordinals.start"))...)
-		}
+	if spec.Ordinals != nil {
+		replicaStartOrdinal := spec.Ordinals.Start
+		allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(replicaStartOrdinal), fldPath.Child("ordinals.start"))...)
 	}
 
 	if spec.Selector == nil {
@@ -185,17 +181,11 @@ func ValidateStatefulSetUpdate(statefulSet, oldStatefulSet *apps.StatefulSet, op
 	newStatefulSetClone.Spec.Template = oldStatefulSet.Spec.Template               // +k8s:verify-mutation:reason=clone
 	newStatefulSetClone.Spec.UpdateStrategy = oldStatefulSet.Spec.UpdateStrategy   // +k8s:verify-mutation:reason=clone
 	newStatefulSetClone.Spec.MinReadySeconds = oldStatefulSet.Spec.MinReadySeconds // +k8s:verify-mutation:reason=clone
-	if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetStartOrdinal) {
-		newStatefulSetClone.Spec.Ordinals = oldStatefulSet.Spec.Ordinals // +k8s:verify-mutation:reason=clone
-	}
+	newStatefulSetClone.Spec.Ordinals = oldStatefulSet.Spec.Ordinals               // +k8s:verify-mutation:reason=clone
 
 	newStatefulSetClone.Spec.PersistentVolumeClaimRetentionPolicy = oldStatefulSet.Spec.PersistentVolumeClaimRetentionPolicy // +k8s:verify-mutation:reason=clone
 	if !apiequality.Semantic.DeepEqual(newStatefulSetClone.Spec, oldStatefulSet.Spec) {
-		if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetStartOrdinal) {
-			allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "updates to statefulset spec for fields other than 'replicas', 'ordinals', 'template', 'updateStrategy', 'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden"))
-		} else {
-			allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "updates to statefulset spec for fields other than 'replicas', 'template', 'updateStrategy', 'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden"))
-		}
+		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "updates to statefulset spec for fields other than 'replicas', 'ordinals', 'template', 'updateStrategy', 'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden"))
 	}
 
 	return allErrs
diff --git a/vendor/k8s.io/kubernetes/pkg/apis/core/types.go b/vendor/k8s.io/kubernetes/pkg/apis/core/types.go
index fbbecb00d5..be71573e1c 100644
--- a/vendor/k8s.io/kubernetes/pkg/apis/core/types.go
+++ b/vendor/k8s.io/kubernetes/pkg/apis/core/types.go
@@ -2191,7 +2191,7 @@ type ResourceRequirements struct {
 	// This is an alpha field and requires enabling the
 	// DynamicResourceAllocation feature gate.
 	//
-	// This field is immutable.
+	// This field is immutable. It can only be set for containers.
 	//
 	// +featureGate=DynamicResourceAllocation
 	// +optional
diff --git a/vendor/k8s.io/kubernetes/pkg/controller/util/endpointslice/endpointset.go b/vendor/k8s.io/kubernetes/pkg/controller/util/endpointslice/endpointset.go
index f6c7df669b..82a0744847 100644
--- a/vendor/k8s.io/kubernetes/pkg/controller/util/endpointslice/endpointset.go
+++ b/vendor/k8s.io/kubernetes/pkg/controller/util/endpointslice/endpointset.go
@@ -25,11 +25,13 @@ import (
 
 // endpointHash is used to uniquely identify endpoints. Only including addresses
 // and hostnames as unique identifiers allows us to do more in place updates
-// should attributes such as topology, conditions, or targetRef change.
+// should attributes such as topology or conditions change.
 type endpointHash string
 type endpointHashObj struct {
 	Addresses []string
 	Hostname  string
+	Namespace string
+	Name      string
 }
 
 func hashEndpoint(endpoint *discovery.Endpoint) endpointHash {
@@ -38,6 +40,10 @@ func hashEndpoint(endpoint *discovery.Endpoint) endpointHash {
 	if endpoint.Hostname != nil {
 		hashObj.Hostname = *endpoint.Hostname
 	}
+	if endpoint.TargetRef != nil {
+		hashObj.Namespace = endpoint.TargetRef.Namespace
+		hashObj.Name = endpoint.TargetRef.Name
+	}
 
 	return endpointHash(endpointutil.DeepHashObjectToString(hashObj))
 }
diff --git a/vendor/k8s.io/kubernetes/pkg/controller/volume/attachdetach/util/util.go b/vendor/k8s.io/kubernetes/pkg/controller/volume/attachdetach/util/util.go
index 3abb4d68b3..73c858a445 100644
--- a/vendor/k8s.io/kubernetes/pkg/controller/volume/attachdetach/util/util.go
+++ b/vendor/k8s.io/kubernetes/pkg/controller/volume/attachdetach/util/util.go
@@ -371,22 +371,5 @@ func isCSIMigrationSupportedOnNode(nodeName types.NodeName, spec *volume.Spec, v
 
 	isMigratedOnNode := mpaSet.Has(pluginName)
 
-	if isMigratedOnNode {
-		installed := false
-		driverName, err := csiMigratedPluginManager.GetCSINameFromInTreeName(pluginName)
-		if err != nil {
-			return isMigratedOnNode, err
-		}
-		for _, driver := range csiNode.Spec.Drivers {
-			if driver.Name == driverName {
-				installed = true
-				break
-			}
-		}
-		if !installed {
-			return true, fmt.Errorf("in-tree plugin %s is migrated on node %s but driver %s is not installed", pluginName, string(nodeName), driverName)
-		}
-	}
-
 	return isMigratedOnNode, nil
 }
diff --git a/vendor/k8s.io/kubernetes/pkg/controller/volume/persistentvolume/pv_controller.go b/vendor/k8s.io/kubernetes/pkg/controller/volume/persistentvolume/pv_controller.go
index 0e747afc5d..c3514af2de 100644
--- a/vendor/k8s.io/kubernetes/pkg/controller/volume/persistentvolume/pv_controller.go
+++ b/vendor/k8s.io/kubernetes/pkg/controller/volume/persistentvolume/pv_controller.go
@@ -937,7 +937,7 @@ func (ctrl *PersistentVolumeController) updateVolumePhaseWithEvent(volume *v1.Pe
 // Ignores claims that already have a storage class.
 // TODO: if resync is ever changed to a larger period, we might need to change how we set the default class on existing unbound claims
 func (ctrl *PersistentVolumeController) assignDefaultStorageClass(claim *v1.PersistentVolumeClaim) (bool, error) {
-	if claim.Spec.StorageClassName != nil {
+	if storagehelpers.GetPersistentVolumeClaimClass(claim) != "" {
 		return false, nil
 	}
 
diff --git a/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go b/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go
index 7205a3189f..b14eabc207 100644
--- a/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go
+++ b/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go
@@ -25059,7 +25059,7 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback)
 							},
 						},
 						SchemaProps: spec.SchemaProps{
-							Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable.",
+							Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.",
 							Type:        []string{"array"},
 							Items: &spec.SchemaOrArray{
 								Schema: &spec.Schema{
diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/cm/cgroup_manager_linux.go b/vendor/k8s.io/kubernetes/pkg/kubelet/cm/cgroup_manager_linux.go
index 4db702a100..e7c6fc66c0 100644
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/cm/cgroup_manager_linux.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/cm/cgroup_manager_linux.go
@@ -26,6 +26,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/opencontainers/runc/libcontainer/cgroups"
 	libcontainercgroups "github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/opencontainers/runc/libcontainer/cgroups/fscommon"
 	"github.com/opencontainers/runc/libcontainer/cgroups/manager"
@@ -37,6 +38,7 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/sets"
 	cmutil "k8s.io/kubernetes/pkg/kubelet/cm/util"
+	"k8s.io/kubernetes/pkg/kubelet/managed"
 	"k8s.io/kubernetes/pkg/kubelet/metrics"
 )
 
@@ -472,6 +474,19 @@ func (m *cgroupManagerImpl) Create(cgroupConfig *CgroupConfig) error {
 		utilruntime.HandleError(fmt.Errorf("cgroup manager.Set failed: %w", err))
 	}
 
+	// Disable cpuset.sched_load_balance for all cgroups Kubelet creates when kubelet has workloads to manage.
+	// This way, CRI can disable sched_load_balance for pods that must have load balance
+	// disabled, but the slices can contain all cpus (as the guaranteed cpus are known dynamically).
+	if managed.IsEnabled() && !libcontainercgroups.IsCgroup2UnifiedMode() {
+		path := manager.Path("cpuset")
+		if path == "" {
+			return fmt.Errorf("Failed to find cpuset for newly created cgroup")
+		}
+		if err := cgroups.WriteFile(path, "cpuset.sched_load_balance", "0"); err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 
diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/interface.go b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/interface.go
index 0049e7acb1..9f9b5fd162 100644
--- a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/interface.go
+++ b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/interface.go
@@ -608,6 +608,9 @@ type Framework interface {
 
 	// PercentageOfNodesToScore returns percentageOfNodesToScore associated to a profile.
 	PercentageOfNodesToScore() *int32
+
+	// SetPodNominator sets the PodNominator
+	SetPodNominator(nominator PodNominator)
 }
 
 // Handle provides data and some tools that plugins can use. It is
diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/parallelize/parallelism.go b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/parallelize/parallelism.go
index 6b137d31e9..94441b97d9 100644
--- a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/parallelize/parallelism.go
+++ b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/parallelize/parallelism.go
@@ -54,10 +54,11 @@ func chunkSizeFor(n, parallelism int) int {
 // Until is a wrapper around workqueue.ParallelizeUntil to use in scheduling algorithms.
 // A given operation will be a label that is recorded in the goroutine metric.
 func (p Parallelizer) Until(ctx context.Context, pieces int, doWorkPiece workqueue.DoWorkPieceFunc, operation string) {
+	goroutinesMetric := metrics.Goroutines.WithLabelValues(operation)
 	withMetrics := func(piece int) {
-		metrics.Goroutines.WithLabelValues(operation).Inc()
-		defer metrics.Goroutines.WithLabelValues(operation).Dec()
+		goroutinesMetric.Inc()
 		doWorkPiece(piece)
+		goroutinesMetric.Dec()
 	}
 
 	workqueue.ParallelizeUntil(ctx, p.parallelism, pieces, withMetrics, workqueue.WithChunkSize(chunkSizeFor(pieces, p.parallelism)))
diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/plugins/volumebinding/binder.go b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/plugins/volumebinding/binder.go
index a4be0899ad..362588601f 100644
--- a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/plugins/volumebinding/binder.go
+++ b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/plugins/volumebinding/binder.go
@@ -500,16 +500,14 @@ func (b *volumeBinder) bindAPIUpdate(ctx context.Context, pod *v1.Pod, bindings
 	// Do the actual prebinding. Let the PV controller take care of the rest
 	// There is no API rollback if the actual binding fails
 	for _, binding = range bindings {
-		klog.V(5).InfoS("bindAPIUpdate: binding PV to PVC", "pod", klog.KObj(pod), "PV", klog.KObj(binding.pv), "PVC", klog.KObj(binding.pvc))
 		// TODO: does it hurt if we make an api call and nothing needs to be updated?
-		klog.V(2).InfoS("Claim bound to volume", "PVC", klog.KObj(binding.pvc), "PV", klog.KObj(binding.pv))
+		klog.V(5).InfoS("Updating PersistentVolume: binding to claim", "pod", klog.KObj(pod), "PV", klog.KObj(binding.pv), "PVC", klog.KObj(binding.pvc))
 		newPV, err := b.kubeClient.CoreV1().PersistentVolumes().Update(ctx, binding.pv, metav1.UpdateOptions{})
 		if err != nil {
-			klog.V(4).InfoS("Updating PersistentVolume: binding to claim failed", "PV", klog.KObj(binding.pv), "PVC", klog.KObj(binding.pvc), "err", err)
+			klog.V(4).InfoS("Updating PersistentVolume: binding to claim failed", "pod", klog.KObj(pod), "PV", klog.KObj(binding.pv), "PVC", klog.KObj(binding.pvc), "err", err)
 			return err
 		}
-
-		klog.V(4).InfoS("Updating PersistentVolume: bound to claim", "PV", klog.KObj(binding.pv), "PVC", klog.KObj(binding.pvc))
+		klog.V(2).InfoS("Updated PersistentVolume with claim. Waiting for binding to complete", "pod", klog.KObj(pod), "PV", klog.KObj(binding.pv), "PVC", klog.KObj(binding.pvc))
 		// Save updated object from apiserver for later checking.
 		binding.pv = newPV
 		lastProcessedBinding++
@@ -672,7 +670,7 @@ func (b *volumeBinder) checkBindings(pod *v1.Pod, bindings []*BindingInfo, claim
 	}
 
 	// All pvs and pvcs that we operated on are bound
-	klog.V(4).InfoS("All PVCs for pod are bound", "pod", klog.KObj(pod))
+	klog.V(2).InfoS("All PVCs for pod are bound", "pod", klog.KObj(pod))
 	return true, nil
 }
 
diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/runtime/framework.go b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/runtime/framework.go
index 3a17cb28dd..cc7ef65bbb 100644
--- a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/runtime/framework.go
+++ b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/runtime/framework.go
@@ -368,6 +368,10 @@ func NewFramework(r Registry, profile *config.KubeSchedulerProfile, stopCh <-cha
 	return f, nil
 }
 
+func (f *frameworkImpl) SetPodNominator(n framework.PodNominator) {
+	f.PodNominator = n
+}
+
 // getScoreWeights makes sure that, between MultiPoint-Score plugin weights and individual Score
 // plugin weights there is not an overflow of MaxTotalScore.
 func getScoreWeights(f *frameworkImpl, pluginsMap map[string]framework.Plugin, plugins []config.Plugin) error {
diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/internal/queue/scheduling_queue.go b/vendor/k8s.io/kubernetes/pkg/scheduler/internal/queue/scheduling_queue.go
index 2486792078..a0af8d0740 100644
--- a/vendor/k8s.io/kubernetes/pkg/scheduler/internal/queue/scheduling_queue.go
+++ b/vendor/k8s.io/kubernetes/pkg/scheduler/internal/queue/scheduling_queue.go
@@ -34,7 +34,6 @@ import (
 	"time"
 
 	v1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -141,8 +140,7 @@ func NominatedNodeName(pod *v1.Pod) string {
 //   - unschedulablePods holds pods that were already attempted for scheduling and
 //     are currently determined to be unschedulable.
 type PriorityQueue struct {
-	// PodNominator abstracts the operations to maintain nominated Pods.
-	framework.PodNominator
+	*nominator
 
 	stop  chan struct{}
 	clock clock.Clock
@@ -154,7 +152,6 @@ type PriorityQueue struct {
 	// the maximum time a pod can stay in the unschedulablePods.
 	podMaxInUnschedulablePodsDuration time.Duration
 
-	lock sync.RWMutex
 	cond sync.Cond
 
 	// activeQ is heap structure that scheduler actively looks at to find pods to
@@ -190,7 +187,7 @@ type priorityQueueOptions struct {
 	podInitialBackoffDuration         time.Duration
 	podMaxBackoffDuration             time.Duration
 	podMaxInUnschedulablePodsDuration time.Duration
-	podNominator                      framework.PodNominator
+	podLister                         listersv1.PodLister
 	clusterEventMap                   map[framework.ClusterEvent]sets.String
 	preEnqueuePluginMap               map[string][]framework.PreEnqueuePlugin
 }
@@ -219,10 +216,10 @@ func WithPodMaxBackoffDuration(duration time.Duration) Option {
 	}
 }
 
-// WithPodNominator sets pod nominator for PriorityQueue.
-func WithPodNominator(pn framework.PodNominator) Option {
+// WithPodLister sets pod lister for PriorityQueue.
+func WithPodLister(pl listersv1.PodLister) Option {
 	return func(o *priorityQueueOptions) {
-		o.podNominator = pn
+		o.podLister = pl
 	}
 }
 
@@ -274,6 +271,9 @@ func NewPriorityQueue(
 	opts ...Option,
 ) *PriorityQueue {
 	options := defaultPriorityQueueOptions
+	if options.podLister == nil {
+		options.podLister = informerFactory.Core().V1().Pods().Lister()
+	}
 	for _, opt := range opts {
 		opt(&options)
 	}
@@ -284,12 +284,8 @@ func NewPriorityQueue(
 		return lessFn(pInfo1, pInfo2)
 	}
 
-	if options.podNominator == nil {
-		options.podNominator = NewPodNominator(informerFactory.Core().V1().Pods().Lister())
-	}
-
 	pq := &PriorityQueue{
-		PodNominator:                      options.podNominator,
+		nominator:                         newPodNominator(options.podLister),
 		clock:                             options.clock,
 		stop:                              make(chan struct{}),
 		podInitialBackoffDuration:         options.podInitialBackoffDuration,
@@ -382,7 +378,7 @@ func (p *PriorityQueue) Add(pod *v1.Pod) error {
 	}
 	klog.V(5).InfoS("Pod moved to an internal scheduling queue", "pod", klog.KObj(pod), "event", PodAdd, "queue", activeQName)
 	metrics.SchedulerQueueIncomingPods.WithLabelValues("active", PodAdd).Inc()
-	p.PodNominator.AddNominatedPod(pInfo.PodInfo, nil)
+	p.addNominatedPodUnlocked(pInfo.PodInfo, nil)
 	p.cond.Broadcast()
 
 	return nil
@@ -436,7 +432,7 @@ func (p *PriorityQueue) activate(pod *v1.Pod) bool {
 	p.unschedulablePods.delete(pInfo.Pod, gated)
 	p.podBackoffQ.Delete(pInfo)
 	metrics.SchedulerQueueIncomingPods.WithLabelValues("active", ForceActivate).Inc()
-	p.PodNominator.AddNominatedPod(pInfo.PodInfo, nil)
+	p.addNominatedPodUnlocked(pInfo.PodInfo, nil)
 	return true
 }
 
@@ -497,7 +493,7 @@ func (p *PriorityQueue) AddUnschedulableIfNotPresent(pInfo *framework.QueuedPodI
 
 	}
 
-	p.PodNominator.AddNominatedPod(pInfo.PodInfo, nil)
+	p.addNominatedPodUnlocked(pInfo.PodInfo, nil)
 	return nil
 }
 
@@ -606,14 +602,14 @@ func (p *PriorityQueue) Update(oldPod, newPod *v1.Pod) error {
 		// If the pod is already in the active queue, just update it there.
 		if oldPodInfo, exists, _ := p.activeQ.Get(oldPodInfo); exists {
 			pInfo := updatePod(oldPodInfo, newPod)
-			p.PodNominator.UpdateNominatedPod(oldPod, pInfo.PodInfo)
+			p.updateNominatedPodUnlocked(oldPod, pInfo.PodInfo)
 			return p.activeQ.Update(pInfo)
 		}
 
 		// If the pod is in the backoff queue, update it there.
 		if oldPodInfo, exists, _ := p.podBackoffQ.Get(oldPodInfo); exists {
 			pInfo := updatePod(oldPodInfo, newPod)
-			p.PodNominator.UpdateNominatedPod(oldPod, pInfo.PodInfo)
+			p.updateNominatedPodUnlocked(oldPod, pInfo.PodInfo)
 			return p.podBackoffQ.Update(pInfo)
 		}
 	}
@@ -621,7 +617,7 @@ func (p *PriorityQueue) Update(oldPod, newPod *v1.Pod) error {
 	// If the pod is in the unschedulable queue, updating it may make it schedulable.
 	if usPodInfo := p.unschedulablePods.get(newPod); usPodInfo != nil {
 		pInfo := updatePod(usPodInfo, newPod)
-		p.PodNominator.UpdateNominatedPod(oldPod, pInfo.PodInfo)
+		p.updateNominatedPodUnlocked(oldPod, pInfo.PodInfo)
 		if isPodUpdated(oldPod, newPod) {
 			gated := usPodInfo.Gated
 			if p.isPodBackingoff(usPodInfo) {
@@ -650,7 +646,7 @@ func (p *PriorityQueue) Update(oldPod, newPod *v1.Pod) error {
 	if added, err := p.addToActiveQ(pInfo); !added {
 		return err
 	}
-	p.PodNominator.AddNominatedPod(pInfo.PodInfo, nil)
+	p.addNominatedPodUnlocked(pInfo.PodInfo, nil)
 	klog.V(5).InfoS("Pod moved to an internal scheduling queue", "pod", klog.KObj(pInfo.Pod), "event", PodUpdate, "queue", activeQName)
 	p.cond.Broadcast()
 	return nil
@@ -661,7 +657,7 @@ func (p *PriorityQueue) Update(oldPod, newPod *v1.Pod) error {
 func (p *PriorityQueue) Delete(pod *v1.Pod) error {
 	p.lock.Lock()
 	defer p.lock.Unlock()
-	p.PodNominator.DeleteNominatedPodIfExists(pod)
+	p.deleteNominatedPodIfExistsUnlocked(pod)
 	pInfo := newQueuedPodInfoForLookup(pod)
 	if err := p.activeQ.Delete(pInfo); err != nil {
 		// The item was probably not found in the activeQ.
@@ -745,8 +741,7 @@ func (p *PriorityQueue) movePodsToActiveOrBackoffQueue(podInfoList []*framework.
 // any affinity term that matches "pod".
 // NOTE: this function assumes lock has been acquired in caller.
 func (p *PriorityQueue) getUnschedulablePodsWithMatchingAffinityTerm(pod *v1.Pod) []*framework.QueuedPodInfo {
-	var nsLabels labels.Set
-	nsLabels = interpodaffinity.GetNamespaceLabelsSnapshot(pod.Namespace, p.nsLister)
+	nsLabels := interpodaffinity.GetNamespaceLabelsSnapshot(pod.Namespace, p.nsLister)
 
 	var podsToMove []*framework.QueuedPodInfo
 	for _, pInfo := range p.unschedulablePods.podInfoMap {
@@ -793,9 +788,13 @@ func (p *PriorityQueue) Close() {
 
 // DeleteNominatedPodIfExists deletes <pod> from nominatedPods.
 func (npm *nominator) DeleteNominatedPodIfExists(pod *v1.Pod) {
-	npm.Lock()
+	npm.lock.Lock()
+	npm.deleteNominatedPodIfExistsUnlocked(pod)
+	npm.lock.Unlock()
+}
+
+func (npm *nominator) deleteNominatedPodIfExistsUnlocked(pod *v1.Pod) {
 	npm.delete(pod)
-	npm.Unlock()
 }
 
 // AddNominatedPod adds a pod to the nominated pods of the given node.
@@ -803,16 +802,16 @@ func (npm *nominator) DeleteNominatedPodIfExists(pod *v1.Pod) {
 // the pod. We update the structure before sending a request to update the pod
 // object to avoid races with the following scheduling cycles.
 func (npm *nominator) AddNominatedPod(pi *framework.PodInfo, nominatingInfo *framework.NominatingInfo) {
-	npm.Lock()
-	npm.add(pi, nominatingInfo)
-	npm.Unlock()
+	npm.lock.Lock()
+	npm.addNominatedPodUnlocked(pi, nominatingInfo)
+	npm.lock.Unlock()
 }
 
 // NominatedPodsForNode returns a copy of pods that are nominated to run on the given node,
 // but they are waiting for other pods to be removed from the node.
 func (npm *nominator) NominatedPodsForNode(nodeName string) []*framework.PodInfo {
-	npm.RLock()
-	defer npm.RUnlock()
+	npm.lock.RLock()
+	defer npm.lock.RUnlock()
 	// Make a copy of the nominated Pods so the caller can mutate safely.
 	pods := make([]*framework.PodInfo, len(npm.nominatedPods[nodeName]))
 	for i := 0; i < len(pods); i++ {
@@ -954,10 +953,10 @@ type nominator struct {
 	// nominated.
 	nominatedPodToNode map[types.UID]string
 
-	sync.RWMutex
+	lock sync.RWMutex
 }
 
-func (npm *nominator) add(pi *framework.PodInfo, nominatingInfo *framework.NominatingInfo) {
+func (npm *nominator) addNominatedPodUnlocked(pi *framework.PodInfo, nominatingInfo *framework.NominatingInfo) {
 	// Always delete the pod if it already exists, to ensure we never store more than
 	// one instance of the pod.
 	npm.delete(pi.Pod)
@@ -1014,8 +1013,12 @@ func (npm *nominator) delete(p *v1.Pod) {
 
 // UpdateNominatedPod updates the <oldPod> with <newPod>.
 func (npm *nominator) UpdateNominatedPod(oldPod *v1.Pod, newPodInfo *framework.PodInfo) {
-	npm.Lock()
-	defer npm.Unlock()
+	npm.lock.Lock()
+	defer npm.lock.Unlock()
+	npm.updateNominatedPodUnlocked(oldPod, newPodInfo)
+}
+
+func (npm *nominator) updateNominatedPodUnlocked(oldPod *v1.Pod, newPodInfo *framework.PodInfo) {
 	// In some cases, an Update event with no "NominatedNode" present is received right
 	// after a node("NominatedNode") is reserved for this pod in memory.
 	// In this case, we need to keep reserving the NominatedNode when updating the pod pointer.
@@ -1036,13 +1039,17 @@ func (npm *nominator) UpdateNominatedPod(oldPod *v1.Pod, newPodInfo *framework.P
 	// We update irrespective of the nominatedNodeName changed or not, to ensure
 	// that pod pointer is updated.
 	npm.delete(oldPod)
-	npm.add(newPodInfo, nominatingInfo)
+	npm.addNominatedPodUnlocked(newPodInfo, nominatingInfo)
 }
 
 // NewPodNominator creates a nominator as a backing of framework.PodNominator.
 // A podLister is passed in so as to check if the pod exists
 // before adding its nominatedNode info.
 func NewPodNominator(podLister listersv1.PodLister) framework.PodNominator {
+	return newPodNominator(podLister)
+}
+
+func newPodNominator(podLister listersv1.PodLister) *nominator {
 	return &nominator{
 		podLister:          podLister,
 		nominatedPods:      make(map[string][]*framework.PodInfo),
diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/scheduler.go b/vendor/k8s.io/kubernetes/pkg/scheduler/scheduler.go
index 581c792a7c..958b9ce806 100644
--- a/vendor/k8s.io/kubernetes/pkg/scheduler/scheduler.go
+++ b/vendor/k8s.io/kubernetes/pkg/scheduler/scheduler.go
@@ -284,8 +284,6 @@ func New(client clientset.Interface,
 	podLister := informerFactory.Core().V1().Pods().Lister()
 	nodeLister := informerFactory.Core().V1().Nodes().Lister()
 
-	// The nominator will be passed all the way to framework instantiation.
-	nominator := internalqueue.NewPodNominator(podLister)
 	snapshot := internalcache.NewEmptySnapshot()
 	clusterEventMap := make(map[framework.ClusterEvent]sets.String)
 
@@ -295,7 +293,6 @@ func New(client clientset.Interface,
 		frameworkruntime.WithKubeConfig(options.kubeConfig),
 		frameworkruntime.WithInformerFactory(informerFactory),
 		frameworkruntime.WithSnapshotSharedLister(snapshot),
-		frameworkruntime.WithPodNominator(nominator),
 		frameworkruntime.WithCaptureProfile(frameworkruntime.CaptureProfile(options.frameworkCapturer)),
 		frameworkruntime.WithClusterEventMap(clusterEventMap),
 		frameworkruntime.WithParallelism(int(options.parallelism)),
@@ -318,12 +315,16 @@ func New(client clientset.Interface,
 		informerFactory,
 		internalqueue.WithPodInitialBackoffDuration(time.Duration(options.podInitialBackoffSeconds)*time.Second),
 		internalqueue.WithPodMaxBackoffDuration(time.Duration(options.podMaxBackoffSeconds)*time.Second),
-		internalqueue.WithPodNominator(nominator),
+		internalqueue.WithPodLister(podLister),
 		internalqueue.WithClusterEventMap(clusterEventMap),
 		internalqueue.WithPodMaxInUnschedulablePodsDuration(options.podMaxInUnschedulablePodsDuration),
 		internalqueue.WithPreEnqueuePluginMap(preEnqueuePluginMap),
 	)
 
+	for _, fwk := range profiles {
+		fwk.SetPodNominator(podQueue)
+	}
+
 	schedulerCache := internalcache.New(durationToExpireAssumedPod, stopEverything)
 
 	// Setup cache debugger.
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/operationexecutor/operation_generator.go b/vendor/k8s.io/kubernetes/pkg/volume/util/operationexecutor/operation_generator.go
index 13348a54bc..c6dcd464d3 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/util/operationexecutor/operation_generator.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/util/operationexecutor/operation_generator.go
@@ -669,6 +669,16 @@ func (og *operationGenerator) GenerateMountVolumeFunc(
 			resizeOptions.DeviceStagePath = deviceMountPath
 		}
 
+		if volumeDeviceMounter != nil && resizeOptions.DeviceStagePath == "" {
+			deviceStagePath, err := volumeDeviceMounter.GetDeviceMountPath(volumeToMount.VolumeSpec)
+			if err != nil {
+				// On failure, return error. Caller will log and retry.
+				eventErr, detailedErr := volumeToMount.GenerateError("MountVolume.GetDeviceMountPath failed for expansion", err)
+				return volumetypes.NewOperationContext(eventErr, detailedErr, migrated)
+			}
+			resizeOptions.DeviceStagePath = deviceStagePath
+		}
+
 		// No mapping is needed for hostUID/hostGID if userns is not used.
 		// Therefore, just assign the container users to host UID/GID.
 		hostUID := util.FsUserFrom(volumeToMount.Pod)
diff --git a/vendor/k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity/patch_podspecextractor.go b/vendor/k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity/patch_podspecextractor.go
index 2da7d4e4ca..fb8b8488a6 100644
--- a/vendor/k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity/patch_podspecextractor.go
+++ b/vendor/k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity/patch_podspecextractor.go
@@ -17,6 +17,7 @@ import (
 	"k8s.io/klog/v2"
 	"k8s.io/kubernetes/pkg/apis/core"
 	v1 "k8s.io/kubernetes/pkg/apis/core/v1"
+	saadmission "k8s.io/kubernetes/plugin/pkg/admission/serviceaccount"
 	podsecurityadmission "k8s.io/pod-security-admission/admission"
 )
 
@@ -69,6 +70,9 @@ func (s *SCCMutatingPodSpecExtractor) ExtractPodSpec(obj runtime.Object) (*metav
 	if len(pod.Name) == 0 {
 		pod.Name = "pod-for-container-named-" + objectMeta.GetName()
 	}
+	if len(pod.Spec.ServiceAccountName) == 0 {
+		pod.Spec.ServiceAccountName = saadmission.DefaultServiceAccountName
+	}
 	internalPod := &core.Pod{}
 	if err := v1.Convert_v1_Pod_To_core_Pod(pod, internalPod, nil); err != nil {
 		return nil, nil, err
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 2f3d3849f7..a42c0e700d 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -521,8 +521,8 @@ github.com/mxk/go-flowrate/flowrate
 # github.com/opencontainers/go-digest v1.0.0
 ## explicit; go 1.13
 github.com/opencontainers/go-digest
-# github.com/opencontainers/runc v1.1.4
-## explicit; go 1.16
+# github.com/opencontainers/runc v1.1.6
+## explicit; go 1.17
 github.com/opencontainers/runc/libcontainer
 github.com/opencontainers/runc/libcontainer/apparmor
 github.com/opencontainers/runc/libcontainer/capabilities
@@ -628,7 +628,7 @@ github.com/openshift/api/template
 github.com/openshift/api/template/v1
 github.com/openshift/api/user
 github.com/openshift/api/user/v1
-# github.com/openshift/apiserver-library-go v0.0.0-20230120221150-cefee9e0162b
+# github.com/openshift/apiserver-library-go v0.0.0-20230411124846-9fe2aa032a6f
 ## explicit; go 1.19
 github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy
 github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/apis/imagepolicy/v1
@@ -1123,12 +1123,12 @@ golang.org/x/crypto/pbkdf2
 golang.org/x/crypto/pkcs12
 golang.org/x/crypto/pkcs12/internal/rc2
 golang.org/x/crypto/salsa20/salsa
-# golang.org/x/mod v0.6.0
+# golang.org/x/mod v0.8.0
 ## explicit; go 1.17
 golang.org/x/mod/internal/lazyregexp
 golang.org/x/mod/module
 golang.org/x/mod/semver
-# golang.org/x/net v0.7.0
+# golang.org/x/net v0.8.0
 ## explicit; go 1.17
 golang.org/x/net/bpf
 golang.org/x/net/context
@@ -1157,10 +1157,10 @@ golang.org/x/oauth2/google/internal/externalaccount
 golang.org/x/oauth2/internal
 golang.org/x/oauth2/jws
 golang.org/x/oauth2/jwt
-# golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
+# golang.org/x/sync v0.1.0
 ## explicit
 golang.org/x/sync/singleflight
-# golang.org/x/sys v0.5.0
+# golang.org/x/sys v0.6.0
 ## explicit; go 1.17
 golang.org/x/sys/cpu
 golang.org/x/sys/execabs
@@ -1170,10 +1170,10 @@ golang.org/x/sys/unix
 golang.org/x/sys/windows
 golang.org/x/sys/windows/registry
 golang.org/x/sys/windows/svc
-# golang.org/x/term v0.5.0
+# golang.org/x/term v0.6.0
 ## explicit; go 1.17
 golang.org/x/term
-# golang.org/x/text v0.7.0
+# golang.org/x/text v0.8.0
 ## explicit; go 1.17
 golang.org/x/text/encoding
 golang.org/x/text/encoding/internal
@@ -1189,7 +1189,7 @@ golang.org/x/text/width
 # golang.org/x/time v0.0.0-20220210224613-90d013bbcef8
 ## explicit
 golang.org/x/time/rate
-# golang.org/x/tools v0.2.0
+# golang.org/x/tools v0.6.0
 ## explicit; go 1.18
 golang.org/x/tools/container/intsets
 golang.org/x/tools/go/ast/astutil
@@ -1362,7 +1362,7 @@ gopkg.in/yaml.v2
 # gopkg.in/yaml.v3 v3.0.1
 ## explicit
 gopkg.in/yaml.v3
-# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4
+# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/api/admission/v1
 k8s.io/api/admission/v1beta1
@@ -1418,7 +1418,7 @@ k8s.io/api/scheduling/v1beta1
 k8s.io/api/storage/v1
 k8s.io/api/storage/v1alpha1
 k8s.io/api/storage/v1beta1
-# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4
+# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/apiextensions-apiserver/pkg/apihelpers
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions
@@ -1462,7 +1462,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi
 k8s.io/apiextensions-apiserver/pkg/registry/customresource
 k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor
 k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition
-# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4
+# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/apimachinery/pkg/api/equality
 k8s.io/apimachinery/pkg/api/errors
@@ -1526,7 +1526,7 @@ k8s.io/apimachinery/pkg/watch
 k8s.io/apimachinery/third_party/forked/golang/json
 k8s.io/apimachinery/third_party/forked/golang/netutil
 k8s.io/apimachinery/third_party/forked/golang/reflect
-# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4
+# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/apiserver/pkg/admission
 k8s.io/apiserver/pkg/admission/cel
@@ -1680,12 +1680,12 @@ k8s.io/apiserver/plugin/pkg/audit/webhook
 k8s.io/apiserver/plugin/pkg/authenticator/token/oidc
 k8s.io/apiserver/plugin/pkg/authenticator/token/webhook
 k8s.io/apiserver/plugin/pkg/authorizer/webhook
-# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4
+# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/cli-runtime/pkg/genericclioptions
 k8s.io/cli-runtime/pkg/printers
 k8s.io/cli-runtime/pkg/resource
-# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4
+# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/client-go/applyconfigurations/admissionregistration/v1
 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1
@@ -2015,7 +2015,7 @@ k8s.io/client-go/util/jsonpath
 k8s.io/client-go/util/keyutil
 k8s.io/client-go/util/retry
 k8s.io/client-go/util/workqueue
-# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4
+# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/cloud-provider
 k8s.io/cloud-provider/api
@@ -2035,14 +2035,14 @@ k8s.io/cloud-provider/service/helpers
 k8s.io/cloud-provider/volume
 k8s.io/cloud-provider/volume/errors
 k8s.io/cloud-provider/volume/helpers
-# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4
+# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/cluster-bootstrap/token/api
 k8s.io/cluster-bootstrap/token/jws
 k8s.io/cluster-bootstrap/token/util
 k8s.io/cluster-bootstrap/util/secrets
 k8s.io/cluster-bootstrap/util/tokens
-# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4
+# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/component-base/cli
 k8s.io/component-base/cli/flag
@@ -2075,7 +2075,7 @@ k8s.io/component-base/tracing
 k8s.io/component-base/tracing/api/v1
 k8s.io/component-base/version
 k8s.io/component-base/version/verflag
-# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4
+# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/component-helpers/apimachinery/lease
 k8s.io/component-helpers/apps/poddisruptionbudget
@@ -2088,7 +2088,7 @@ k8s.io/component-helpers/scheduling/corev1
 k8s.io/component-helpers/scheduling/corev1/nodeaffinity
 k8s.io/component-helpers/storage/ephemeral
 k8s.io/component-helpers/storage/volume
-# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4
+# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/controller-manager/app
 k8s.io/controller-manager/config
@@ -2105,16 +2105,16 @@ k8s.io/controller-manager/pkg/informerfactory
 k8s.io/controller-manager/pkg/leadermigration
 k8s.io/controller-manager/pkg/leadermigration/config
 k8s.io/controller-manager/pkg/leadermigration/options
-# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4
+# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/cri-api/pkg/apis
 k8s.io/cri-api/pkg/apis/runtime/v1
 k8s.io/cri-api/pkg/errors
-# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4
+# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/csi-translation-lib
 k8s.io/csi-translation-lib/plugins
-# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4
+# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/dynamic-resource-allocation/resourceclaim
 # k8s.io/gengo v0.0.0-20220902162205-c0856e24416d
@@ -2133,11 +2133,11 @@ k8s.io/klog/v2/internal/clock
 k8s.io/klog/v2/internal/dbg
 k8s.io/klog/v2/internal/serialize
 k8s.io/klog/v2/internal/severity
-# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4
+# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/kms/apis/v1beta1
 k8s.io/kms/apis/v2alpha1
-# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4
+# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/kube-aggregator/pkg/apis/apiregistration
 k8s.io/kube-aggregator/pkg/apis/apiregistration/install
@@ -2168,7 +2168,7 @@ k8s.io/kube-aggregator/pkg/controllers/status
 k8s.io/kube-aggregator/pkg/registry/apiservice
 k8s.io/kube-aggregator/pkg/registry/apiservice/etcd
 k8s.io/kube-aggregator/pkg/registry/apiservice/rest
-# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4
+# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/kube-controller-manager/config/v1alpha1
 # k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280
@@ -2201,13 +2201,13 @@ k8s.io/kube-openapi/pkg/validation/spec
 k8s.io/kube-openapi/pkg/validation/strfmt
 k8s.io/kube-openapi/pkg/validation/strfmt/bson
 k8s.io/kube-openapi/pkg/validation/validate
-# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4
+# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/kube-scheduler/config/v1
 k8s.io/kube-scheduler/config/v1beta2
 k8s.io/kube-scheduler/config/v1beta3
 k8s.io/kube-scheduler/extender/v1
-# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4
+# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/kubectl/pkg/apps
 k8s.io/kubectl/pkg/cmd/apiresources
@@ -2243,7 +2243,7 @@ k8s.io/kubectl/pkg/util/storage
 k8s.io/kubectl/pkg/util/templates
 k8s.io/kubectl/pkg/util/term
 k8s.io/kubectl/pkg/validation
-# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4
+# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/kubelet/config/v1
 k8s.io/kubelet/config/v1alpha1
@@ -2260,7 +2260,7 @@ k8s.io/kubelet/pkg/apis/pluginregistration/v1
 k8s.io/kubelet/pkg/apis/podresources/v1
 k8s.io/kubelet/pkg/apis/podresources/v1alpha1
 k8s.io/kubelet/pkg/apis/stats/v1alpha1
-# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4
+# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/kubernetes/cmd/kube-apiserver/app
 k8s.io/kubernetes/cmd/kube-apiserver/app/options
@@ -3048,7 +3048,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph
 k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear
 k8s.io/kubernetes/third_party/forked/gonum/graph/simple
 k8s.io/kubernetes/third_party/forked/gonum/graph/traverse
-# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4
+# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/legacy-cloud-providers/aws
 k8s.io/legacy-cloud-providers/azure
@@ -3091,7 +3091,7 @@ k8s.io/legacy-cloud-providers/gce/gcpcredential
 k8s.io/legacy-cloud-providers/vsphere
 k8s.io/legacy-cloud-providers/vsphere/vclib
 k8s.io/legacy-cloud-providers/vsphere/vclib/diskmanagers
-# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4
+# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/metrics/pkg/apis/custom_metrics
 k8s.io/metrics/pkg/apis/custom_metrics/v1beta1
@@ -3106,10 +3106,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1
 k8s.io/metrics/pkg/client/custom_metrics
 k8s.io/metrics/pkg/client/custom_metrics/scheme
 k8s.io/metrics/pkg/client/external_metrics
-# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4
+# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/mount-utils
-# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4
+# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/pod-security-admission/admission
 k8s.io/pod-security-admission/admission/api
@@ -3142,7 +3142,7 @@ k8s.io/utils/pointer
 k8s.io/utils/strings
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35
+# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36
 ## explicit; go 1.17
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics
@@ -3252,33 +3252,33 @@ sigs.k8s.io/structured-merge-diff/v4/value
 ## explicit; go 1.12
 sigs.k8s.io/yaml
 # github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870
-# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4
-# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4
-# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4
-# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4
-# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4
-# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4
-# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4
-# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4
-# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4
-# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4
-# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4
-# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4
-# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4
-# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4
-# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4
-# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4
-# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4
-# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4
-# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230412020409-0c79814882f4
-# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4
-# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4
-# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4
-# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4
-# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4
-# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4
-# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4
-# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4
-# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230412020409-0c79814882f4
-# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230412020409-0c79814882f4
-# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230412020409-0c79814882f4
+# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682
+# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682
+# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682
+# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682
+# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682
+# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682
+# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682
+# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682
+# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682
+# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682
+# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682
+# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682
+# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682
+# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682
+# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682
+# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682
+# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682
+# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682
+# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230414060647-19816eefa682
+# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682
+# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682
+# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682
+# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682
+# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682
+# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682
+# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682
+# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682
+# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230414060647-19816eefa682
+# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230414060647-19816eefa682
+# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230414060647-19816eefa682
diff --git a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go
index cb186cefc2..68a3ebf12c 100644
--- a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go
+++ b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go
@@ -118,6 +118,8 @@ func (cm *connectionManager) closeAll() {
 // grpcTunnel implements Tunnel
 type grpcTunnel struct {
 	stream      client.ProxyService_ProxyClient
+	sendLock    sync.Mutex
+	recvLock    sync.Mutex
 	clientConn  clientConn
 	pendingDial pendingDialManager
 	conns       connectionManager
@@ -243,20 +245,17 @@ func (t *grpcTunnel) serve(tunnelCtx context.Context) {
 	}()
 
 	for {
-		pkt, err := t.stream.Recv()
+		pkt, err := t.Recv()
 		if err == io.EOF {
 			return
 		}
-		const segment = commonmetrics.SegmentToClient
 		isClosing := t.isClosing()
 		if err != nil || pkt == nil {
 			if !isClosing {
 				klog.ErrorS(err, "stream read failure")
 			}
-			metrics.Metrics.ObserveStreamErrorNoPacket(segment, err)
 			return
 		}
-		metrics.Metrics.ObservePacket(segment, pkt.Type)
 		if isClosing {
 			return
 		}
@@ -335,11 +334,23 @@ func (t *grpcTunnel) serve(tunnelCtx context.Context) {
 
 		case client.PacketType_DATA:
 			resp := pkt.GetData()
+			if resp.ConnectID == 0 {
+				klog.ErrorS(nil, "Received packet missing ConnectID", "packetType", "DATA")
+				continue
+			}
 			// TODO: flow control
 			conn, ok := t.conns.get(resp.ConnectID)
 
 			if !ok {
-				klog.V(1).InfoS("Connection not recognized", "connectionID", resp.ConnectID)
+				klog.ErrorS(nil, "Connection not recognized", "connectionID", resp.ConnectID, "packetType", "DATA")
+				t.Send(&client.Packet{
+					Type: client.PacketType_CLOSE_REQ,
+					Payload: &client.Packet_CloseRequest{
+						CloseRequest: &client.CloseRequest{
+							ConnectID: resp.ConnectID,
+						},
+					},
+				})
 				continue
 			}
 			timer := time.NewTimer((time.Duration)(t.readTimeoutSeconds) * time.Second)
@@ -358,7 +369,7 @@ func (t *grpcTunnel) serve(tunnelCtx context.Context) {
 			conn, ok := t.conns.get(resp.ConnectID)
 
 			if !ok {
-				klog.V(1).InfoS("Connection not recognized", "connectionID", resp.ConnectID)
+				klog.V(1).InfoS("Connection not recognized", "connectionID", resp.ConnectID, "packetType", "CLOSE_RSP")
 				continue
 			}
 			close(conn.readCh)
@@ -418,18 +429,15 @@ func (t *grpcTunnel) dialContext(requestCtx context.Context, protocol, address s
 	}
 	klog.V(5).InfoS("[tracing] send packet", "type", req.Type)
 
-	const segment = commonmetrics.SegmentFromClient
-	metrics.Metrics.ObservePacket(segment, req.Type)
-	err := t.stream.Send(req)
+	err := t.Send(req)
 	if err != nil {
-		metrics.Metrics.ObserveStreamError(segment, err, req.Type)
 		return nil, err
 	}
 
 	klog.V(5).Infoln("DIAL_REQ sent to proxy server")
 
 	c := &conn{
-		stream:      t.stream,
+		tunnel:      t,
 		random:      random,
 		closeTunnel: t.closeTunnel,
 	}
@@ -473,10 +481,7 @@ func (t *grpcTunnel) closeDial(dialID int64) {
 			},
 		},
 	}
-	const segment = commonmetrics.SegmentFromClient
-	metrics.Metrics.ObservePacket(segment, req.Type)
-	if err := t.stream.Send(req); err != nil {
-		metrics.Metrics.ObserveStreamError(segment, err, req.Type)
+	if err := t.Send(req); err != nil {
 		klog.V(5).InfoS("Failed to send DIAL_CLS", "err", err, "dialID", dialID)
 	}
 	t.closeTunnel()
@@ -491,6 +496,35 @@ func (t *grpcTunnel) isClosing() bool {
 	return atomic.LoadUint32(&t.closing) != 0
 }
 
+func (t *grpcTunnel) Send(pkt *client.Packet) error {
+	t.sendLock.Lock()
+	defer t.sendLock.Unlock()
+
+	const segment = commonmetrics.SegmentFromClient
+	metrics.Metrics.ObservePacket(segment, pkt.Type)
+	err := t.stream.Send(pkt)
+	if err != nil && err != io.EOF {
+		metrics.Metrics.ObserveStreamError(segment, err, pkt.Type)
+	}
+	return err
+}
+
+func (t *grpcTunnel) Recv() (*client.Packet, error) {
+	t.recvLock.Lock()
+	defer t.recvLock.Unlock()
+
+	const segment = commonmetrics.SegmentToClient
+	pkt, err := t.stream.Recv()
+	if err != nil && err != io.EOF {
+		metrics.Metrics.ObserveStreamErrorNoPacket(segment, err)
+	}
+	if err != nil {
+		return pkt, err
+	}
+	metrics.Metrics.ObservePacket(segment, pkt.Type)
+	return pkt, nil
+}
+
 func GetDialFailureReason(err error) (isDialFailure bool, reason metrics.DialFailureReason) {
 	var df *dialFailure
 	if errors.As(err, &df) {
diff --git a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go
index 14384a62cb..f4d3f78865 100644
--- a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go
+++ b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go
@@ -24,8 +24,6 @@ import (
 
 	"k8s.io/klog/v2"
 
-	"sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics"
-	commonmetrics "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics"
 	"sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client"
 )
 
@@ -38,7 +36,7 @@ var errConnCloseTimeout = errors.New("close timeout")
 // conn is an implementation of net.Conn, where the data is transported
 // over an established tunnel defined by a gRPC service ProxyService.
 type conn struct {
-	stream  client.ProxyService_ProxyClient
+	tunnel  *grpcTunnel
 	connID  int64
 	random  int64
 	readCh  chan []byte
@@ -65,11 +63,8 @@ func (c *conn) Write(data []byte) (n int, err error) {
 
 	klog.V(5).InfoS("[tracing] send req", "type", req.Type)
 
-	const segment = commonmetrics.SegmentFromClient
-	metrics.Metrics.ObservePacket(segment, req.Type)
-	err = c.stream.Send(req)
+	err = c.tunnel.Send(req)
 	if err != nil {
-		metrics.Metrics.ObserveStreamError(segment, err, req.Type)
 		return 0, err
 	}
 	return len(data), err
@@ -153,10 +148,7 @@ func (c *conn) Close() error {
 
 	klog.V(5).InfoS("[tracing] send req", "type", req.Type)
 
-	const segment = commonmetrics.SegmentFromClient
-	metrics.Metrics.ObservePacket(segment, req.Type)
-	if err := c.stream.Send(req); err != nil {
-		metrics.Metrics.ObserveStreamError(segment, err, req.Type)
+	if err := c.tunnel.Send(req); err != nil {
 		return err
 	}
 

From d6ae34cfda170173895a62a855d9355f13f036fc Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Mon, 17 Apr 2023 05:12:30 +0000
Subject: [PATCH 5/9] update etcd/go.mod

---
 etcd/go.mod | 66 ++++++++++++++++++++++++++---------------------------
 etcd/go.sum | 40 ++++++++++++++++----------------
 2 files changed, 53 insertions(+), 53 deletions(-)

diff --git a/etcd/go.mod b/etcd/go.mod
index d6f82ab83f..28848e890b 100644
--- a/etcd/go.mod
+++ b/etcd/go.mod
@@ -111,11 +111,11 @@ require (
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.19.0 // indirect
 	golang.org/x/crypto v0.1.0 // indirect
-	golang.org/x/net v0.7.0 // indirect
+	golang.org/x/net v0.8.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	golang.org/x/term v0.5.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/term v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect
@@ -143,33 +143,33 @@ replace (
 	go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd
 	go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd
 	go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd
-	k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 // from kubernetes
-	k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
-	k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230412020409-0c79814882f4 // staging kubernetes
+	k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 // from kubernetes
+	k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230414060647-19816eefa682 // staging kubernetes
+	k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230414060647-19816eefa682 // staging kubernetes
 )
diff --git a/etcd/go.sum b/etcd/go.sum
index 725e704641..679bc75909 100644
--- a/etcd/go.sum
+++ b/etcd/go.sum
@@ -371,18 +371,18 @@ github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:Sjmgmr
 github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0=
 github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:oY9dmUpbeBrOE/0QAN0gL6Lz80E9J9KrXY1iz6a3ae8=
 github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:6/Gfe8XTGXQJgLYQ65oGKMfPivb2EASLUSMSWN9Sroo=
-github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 h1:dzCea/DHA2x6R9j+wTb7BY3LnqhorBSvVdmB/wF0b5o=
-github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM=
-github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 h1:t45aNQ0O98VzJ9nA8mhvcXDl30FcmZpR/yfLudfnwPQ=
-github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo=
-github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 h1:paEpt3um9AlkuelIGXcweXP4MNcbSZqUZXmKK/ys77M=
-github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c=
-github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 h1:EpfLJVTood6aq/ElFbWN+sWqx1aJYhvv0XRRZZHZVC0=
-github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc=
-github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 h1:oBP6cLuqYBCVpXsOIOhk++szFMFJ6Nwn+4Lgat1jkkQ=
-github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc=
-github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 h1:gwn29Sp0NX3xKTFS7RrOBNM/pKAQqKUOduPQSrFB85o=
-github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do=
+github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 h1:f+5Fcc/WQpus26/zjyl/XCYr4NSNpAtYuf6bV2UJf14=
+github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682/go.mod h1:uLYjAyw1JyCS9EUj6oUhl4eRy4XthcFpSodl6cOokQI=
+github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 h1:w4uwFjypPaaff3++nri9Z6P+OdBnUf9lF8czEeiOCYM=
+github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682/go.mod h1:ApuQzVQOyTrgHIGrmVljD8zZ+ZoHmXYbsFwLvSelf84=
+github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 h1:LfPzMcGu+ns6q2+JD8KX2o3lxeUq8smiNSXwjLn98Do=
+github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682/go.mod h1:LumLfFU84tK2qax1WpUviAosYlqlUaSJTIEtYjYpfxw=
+github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 h1:4m/eWo2ebGxBMmYB9y6YoI4EWIKGDG8SRSciVCX1ilA=
+github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682/go.mod h1:0QH/+sNaHFjTGTSyuwBXuHHhyBRa2r6ndYXUxchMPKI=
+github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 h1:qyJleza3TMgCwXZ+b88cdGZMUz7G29GPpFNs0mGyscc=
+github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682/go.mod h1:4bzeXuIaKw5yabxEcNwxVYHKi0wLgcjl5naBxe4N1cw=
+github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 h1:1tYc5o7kN6Vx2Jr/HQLt8AQImp8TT2hBZWRIT0ZRfL8=
+github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682/go.mod h1:plN+kBQozEYwSUD3aB9oFwrpkVeIN5xVpQ6sLRbSiNs=
 github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
@@ -612,8 +612,8 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -686,12 +686,12 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -700,8 +700,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

From 131882470989213b94703caa55d499b0eee69b17 Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Mon, 17 Apr 2023 05:12:33 +0000
Subject: [PATCH 6/9] update etcd/vendor

---
 etcd/vendor/golang.org/x/sys/unix/ioctl.go    |  17 +--
 .../vendor/golang.org/x/sys/unix/ioctl_zos.go |   8 +-
 .../golang.org/x/sys/unix/ptrace_darwin.go    |   6 +
 .../golang.org/x/sys/unix/ptrace_ios.go       |   6 +
 .../golang.org/x/sys/unix/syscall_aix.go      |   5 +-
 .../golang.org/x/sys/unix/syscall_bsd.go      |   3 +-
 .../golang.org/x/sys/unix/syscall_darwin.go   |  12 +-
 .../x/sys/unix/syscall_darwin_amd64.go        |   1 +
 .../x/sys/unix/syscall_darwin_arm64.go        |   1 +
 .../x/sys/unix/syscall_dragonfly.go           |   1 +
 .../golang.org/x/sys/unix/syscall_freebsd.go  |  43 +++++-
 .../x/sys/unix/syscall_freebsd_386.go         |  17 +--
 .../x/sys/unix/syscall_freebsd_amd64.go       |  17 +--
 .../x/sys/unix/syscall_freebsd_arm.go         |  15 +-
 .../x/sys/unix/syscall_freebsd_arm64.go       |  15 +-
 .../x/sys/unix/syscall_freebsd_riscv64.go     |  15 +-
 .../golang.org/x/sys/unix/syscall_hurd.go     |   8 +
 .../golang.org/x/sys/unix/syscall_linux.go    |  36 +++--
 .../golang.org/x/sys/unix/syscall_netbsd.go   |   5 +-
 .../golang.org/x/sys/unix/syscall_openbsd.go  |   1 +
 .../golang.org/x/sys/unix/syscall_solaris.go  |  21 +--
 .../x/sys/unix/syscall_zos_s390x.go           |   4 +-
 .../golang.org/x/sys/unix/zerrors_linux.go    |  10 +-
 .../x/sys/unix/zptrace_armnn_linux.go         |   8 +-
 .../x/sys/unix/zptrace_linux_arm64.go         |   4 +-
 .../x/sys/unix/zptrace_mipsnn_linux.go        |   8 +-
 .../x/sys/unix/zptrace_mipsnnle_linux.go      |   8 +-
 .../x/sys/unix/zptrace_x86_linux.go           |   8 +-
 .../golang.org/x/sys/unix/zsyscall_aix_ppc.go |  10 ++
 .../x/sys/unix/zsyscall_aix_ppc64.go          |  10 ++
 .../x/sys/unix/zsyscall_aix_ppc64_gc.go       |   7 +
 .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go    |   8 +
 .../x/sys/unix/zsyscall_darwin_amd64.go       |  16 ++
 .../x/sys/unix/zsyscall_darwin_arm64.go       |  16 ++
 .../x/sys/unix/zsyscall_dragonfly_amd64.go    |  10 ++
 .../x/sys/unix/zsyscall_freebsd_386.go        |  20 +++
 .../x/sys/unix/zsyscall_freebsd_amd64.go      |  20 +++
 .../x/sys/unix/zsyscall_freebsd_arm.go        |  20 +++
 .../x/sys/unix/zsyscall_freebsd_arm64.go      |  20 +++
 .../x/sys/unix/zsyscall_freebsd_riscv64.go    |  20 +++
 .../golang.org/x/sys/unix/zsyscall_linux.go   |  10 ++
 .../x/sys/unix/zsyscall_netbsd_386.go         |  10 ++
 .../x/sys/unix/zsyscall_netbsd_amd64.go       |  10 ++
 .../x/sys/unix/zsyscall_netbsd_arm.go         |  10 ++
 .../x/sys/unix/zsyscall_netbsd_arm64.go       |  10 ++
 .../x/sys/unix/zsyscall_openbsd_386.go        |   8 +
 .../x/sys/unix/zsyscall_openbsd_amd64.go      |   8 +
 .../x/sys/unix/zsyscall_openbsd_arm.go        |   8 +
 .../x/sys/unix/zsyscall_openbsd_arm64.go      |   8 +
 .../x/sys/unix/zsyscall_openbsd_mips64.go     |   8 +
 .../x/sys/unix/zsyscall_openbsd_ppc64.go      |   8 +
 .../x/sys/unix/zsyscall_openbsd_riscv64.go    |   8 +
 .../x/sys/unix/zsyscall_solaris_amd64.go      |  11 ++
 .../x/sys/unix/zsyscall_zos_s390x.go          |  10 ++
 .../x/sys/unix/ztypes_freebsd_386.go          |   2 +-
 .../x/sys/unix/ztypes_freebsd_amd64.go        |   2 +-
 .../x/sys/unix/ztypes_freebsd_arm.go          |   2 +-
 .../x/sys/unix/ztypes_freebsd_arm64.go        |   2 +-
 .../x/sys/unix/ztypes_freebsd_riscv64.go      |   2 +-
 .../golang.org/x/sys/unix/ztypes_linux.go     | 140 +++++++++++++-----
 .../golang.org/x/sys/unix/ztypes_linux_386.go |   2 +-
 .../x/sys/unix/ztypes_linux_amd64.go          |   2 +-
 .../golang.org/x/sys/unix/ztypes_linux_arm.go |   2 +-
 .../x/sys/unix/ztypes_linux_arm64.go          |   2 +-
 .../x/sys/unix/ztypes_linux_loong64.go        |   2 +-
 .../x/sys/unix/ztypes_linux_mips.go           |   2 +-
 .../x/sys/unix/ztypes_linux_mips64.go         |   2 +-
 .../x/sys/unix/ztypes_linux_mips64le.go       |   2 +-
 .../x/sys/unix/ztypes_linux_mipsle.go         |   2 +-
 .../golang.org/x/sys/unix/ztypes_linux_ppc.go |   2 +-
 .../x/sys/unix/ztypes_linux_ppc64.go          |   2 +-
 .../x/sys/unix/ztypes_linux_ppc64le.go        |   2 +-
 .../x/sys/unix/ztypes_linux_riscv64.go        |   2 +-
 .../x/sys/unix/ztypes_linux_s390x.go          |   2 +-
 .../x/sys/unix/ztypes_linux_sparc64.go        |   2 +-
 .../x/sys/windows/syscall_windows.go          |   6 +-
 .../golang.org/x/sys/windows/types_windows.go |  85 +++++++++++
 .../x/sys/windows/zsyscall_windows.go         |  27 ++++
 .../x/text/encoding/internal/internal.go      |   2 +-
 .../x/text/unicode/norm/forminfo.go           |   2 +-
 .../vendor/k8s.io/api/core/v1/generated.proto |   2 +-
 etcd/vendor/k8s.io/api/core/v1/types.go       |   2 +-
 .../core/v1/types_swagger_doc_generated.go    |   2 +-
 .../discovery/aggregated_discovery.go         |  44 ++++--
 .../discovery/cached/memory/memcache.go       |  53 +++++--
 .../client-go/discovery/discovery_client.go   | 118 +++++++++------
 etcd/vendor/modules.txt                       |  78 +++++-----
 87 files changed, 903 insertions(+), 305 deletions(-)

diff --git a/etcd/vendor/golang.org/x/sys/unix/ioctl.go b/etcd/vendor/golang.org/x/sys/unix/ioctl.go
index 1c51b0ec2b..7ce8dd406f 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ioctl.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ioctl.go
@@ -8,7 +8,6 @@
 package unix
 
 import (
-	"runtime"
 	"unsafe"
 )
 
@@ -27,7 +26,7 @@ func IoctlSetInt(fd int, req uint, value int) error {
 // passing the integer value directly.
 func IoctlSetPointerInt(fd int, req uint, value int) error {
 	v := int32(value)
-	return ioctl(fd, req, uintptr(unsafe.Pointer(&v)))
+	return ioctlPtr(fd, req, unsafe.Pointer(&v))
 }
 
 // IoctlSetWinsize performs an ioctl on fd with a *Winsize argument.
@@ -36,9 +35,7 @@ func IoctlSetPointerInt(fd int, req uint, value int) error {
 func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
 	// TODO: if we get the chance, remove the req parameter and
 	// hardcode TIOCSWINSZ.
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
-	return err
+	return ioctlPtr(fd, req, unsafe.Pointer(value))
 }
 
 // IoctlSetTermios performs an ioctl on fd with a *Termios.
@@ -46,9 +43,7 @@ func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
 // The req value will usually be TCSETA or TIOCSETA.
 func IoctlSetTermios(fd int, req uint, value *Termios) error {
 	// TODO: if we get the chance, remove the req parameter.
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
-	return err
+	return ioctlPtr(fd, req, unsafe.Pointer(value))
 }
 
 // IoctlGetInt performs an ioctl operation which gets an integer value
@@ -58,18 +53,18 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error {
 // for those, IoctlRetInt should be used instead of this function.
 func IoctlGetInt(fd int, req uint) (int, error) {
 	var value int
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return value, err
 }
 
 func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
 	var value Winsize
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return &value, err
 }
 
 func IoctlGetTermios(fd int, req uint) (*Termios, error) {
 	var value Termios
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return &value, err
 }
diff --git a/etcd/vendor/golang.org/x/sys/unix/ioctl_zos.go b/etcd/vendor/golang.org/x/sys/unix/ioctl_zos.go
index 5384e7d91d..6532f09af2 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ioctl_zos.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ioctl_zos.go
@@ -27,9 +27,7 @@ func IoctlSetInt(fd int, req uint, value int) error {
 func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
 	// TODO: if we get the chance, remove the req parameter and
 	// hardcode TIOCSWINSZ.
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
-	return err
+	return ioctlPtr(fd, req, unsafe.Pointer(value))
 }
 
 // IoctlSetTermios performs an ioctl on fd with a *Termios.
@@ -51,13 +49,13 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error {
 // for those, IoctlRetInt should be used instead of this function.
 func IoctlGetInt(fd int, req uint) (int, error) {
 	var value int
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return value, err
 }
 
 func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
 	var value Winsize
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return &value, err
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/etcd/vendor/golang.org/x/sys/unix/ptrace_darwin.go
index 463c3eff7f..39dba6ca6a 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ptrace_darwin.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ptrace_darwin.go
@@ -7,6 +7,12 @@
 
 package unix
 
+import "unsafe"
+
 func ptrace(request int, pid int, addr uintptr, data uintptr) error {
 	return ptrace1(request, pid, addr, data)
 }
+
+func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) error {
+	return ptrace1Ptr(request, pid, addr, data)
+}
diff --git a/etcd/vendor/golang.org/x/sys/unix/ptrace_ios.go b/etcd/vendor/golang.org/x/sys/unix/ptrace_ios.go
index ed0509a011..9ea66330a9 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ptrace_ios.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ptrace_ios.go
@@ -7,6 +7,12 @@
 
 package unix
 
+import "unsafe"
+
 func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
 	return ENOTSUP
 }
+
+func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+	return ENOTSUP
+}
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_aix.go b/etcd/vendor/golang.org/x/sys/unix/syscall_aix.go
index 2db1b51e99..d9f5544ccf 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_aix.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_aix.go
@@ -292,9 +292,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 				break
 			}
 		}
-
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
@@ -411,6 +409,7 @@ func (w WaitStatus) CoreDump() bool { return w&0x80 == 0x80 }
 func (w WaitStatus) TrapCause() int { return -1 }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = ioctl
 
 // fcntl must never be called with cmd=F_DUP2FD because it doesn't work on AIX
 // There is no way to create a custom fcntl and to keep //sys fcntl easily,
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_bsd.go b/etcd/vendor/golang.org/x/sys/unix/syscall_bsd.go
index eda42671f1..7705c3270b 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -245,8 +245,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 				break
 			}
 		}
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin.go b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin.go
index 192b071b3d..7064d6ebab 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin.go
@@ -14,7 +14,6 @@ package unix
 
 import (
 	"fmt"
-	"runtime"
 	"syscall"
 	"unsafe"
 )
@@ -376,11 +375,10 @@ func Flistxattr(fd int, dest []byte) (sz int, err error) {
 func Kill(pid int, signum syscall.Signal) (err error) { return kill(pid, int(signum), 1) }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 func IoctlCtlInfo(fd int, ctlInfo *CtlInfo) error {
-	err := ioctl(fd, CTLIOCGINFO, uintptr(unsafe.Pointer(ctlInfo)))
-	runtime.KeepAlive(ctlInfo)
-	return err
+	return ioctlPtr(fd, CTLIOCGINFO, unsafe.Pointer(ctlInfo))
 }
 
 // IfreqMTU is struct ifreq used to get or set a network device's MTU.
@@ -394,16 +392,14 @@ type IfreqMTU struct {
 func IoctlGetIfreqMTU(fd int, ifname string) (*IfreqMTU, error) {
 	var ifreq IfreqMTU
 	copy(ifreq.Name[:], ifname)
-	err := ioctl(fd, SIOCGIFMTU, uintptr(unsafe.Pointer(&ifreq)))
+	err := ioctlPtr(fd, SIOCGIFMTU, unsafe.Pointer(&ifreq))
 	return &ifreq, err
 }
 
 // IoctlSetIfreqMTU performs the SIOCSIFMTU ioctl operation on fd to set the MTU
 // of the network device specified by ifreq.Name.
 func IoctlSetIfreqMTU(fd int, ifreq *IfreqMTU) error {
-	err := ioctl(fd, SIOCSIFMTU, uintptr(unsafe.Pointer(ifreq)))
-	runtime.KeepAlive(ifreq)
-	return err
+	return ioctlPtr(fd, SIOCSIFMTU, unsafe.Pointer(ifreq))
 }
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS_SYSCTL
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
index b37310ce9b..9fa879806b 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
@@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr,
 //sys	getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT64
 //sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
 //sys	ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace
+//sys	ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace
 //sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
 //sys	Statfs(path string, stat *Statfs_t) (err error) = SYS_STATFS64
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
index d51ec99630..f17b8c526a 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
@@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr,
 //sys	getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT
 //sys	Lstat(path string, stat *Stat_t) (err error)
 //sys	ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace
+//sys	ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace
 //sys	Stat(path string, stat *Stat_t) (err error)
 //sys	Statfs(path string, stat *Statfs_t) (err error)
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/etcd/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
index a41111a794..221efc26bc 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
@@ -172,6 +172,7 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
 }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go
index d50b9dc250..5bdde03e4a 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go
@@ -161,7 +161,8 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
 	return
 }
 
-//sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
@@ -253,6 +254,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 //sys	ptrace(request int, pid int, addr uintptr, data int) (err error)
+//sys	ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) = SYS_PTRACE
 
 func PtraceAttach(pid int) (err error) {
 	return ptrace(PT_ATTACH, pid, 0, 0)
@@ -267,19 +269,36 @@ func PtraceDetach(pid int) (err error) {
 }
 
 func PtraceGetFpRegs(pid int, fpregsout *FpReg) (err error) {
-	return ptrace(PT_GETFPREGS, pid, uintptr(unsafe.Pointer(fpregsout)), 0)
+	return ptracePtr(PT_GETFPREGS, pid, unsafe.Pointer(fpregsout), 0)
 }
 
 func PtraceGetRegs(pid int, regsout *Reg) (err error) {
-	return ptrace(PT_GETREGS, pid, uintptr(unsafe.Pointer(regsout)), 0)
+	return ptracePtr(PT_GETREGS, pid, unsafe.Pointer(regsout), 0)
+}
+
+func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
+	ioDesc := PtraceIoDesc{
+		Op:   int32(req),
+		Offs: offs,
+	}
+	if countin > 0 {
+		_ = out[:countin] // check bounds
+		ioDesc.Addr = &out[0]
+	} else if out != nil {
+		ioDesc.Addr = (*byte)(unsafe.Pointer(&_zero))
+	}
+	ioDesc.SetLen(countin)
+
+	err = ptracePtr(PT_IO, pid, unsafe.Pointer(&ioDesc), 0)
+	return int(ioDesc.Len), err
 }
 
 func PtraceLwpEvents(pid int, enable int) (err error) {
 	return ptrace(PT_LWP_EVENTS, pid, 0, enable)
 }
 
-func PtraceLwpInfo(pid int, info uintptr) (err error) {
-	return ptrace(PT_LWPINFO, pid, info, int(unsafe.Sizeof(PtraceLwpInfoStruct{})))
+func PtraceLwpInfo(pid int, info *PtraceLwpInfoStruct) (err error) {
+	return ptracePtr(PT_LWPINFO, pid, unsafe.Pointer(info), int(unsafe.Sizeof(*info)))
 }
 
 func PtracePeekData(pid int, addr uintptr, out []byte) (count int, err error) {
@@ -299,13 +318,25 @@ func PtracePokeText(pid int, addr uintptr, data []byte) (count int, err error) {
 }
 
 func PtraceSetRegs(pid int, regs *Reg) (err error) {
-	return ptrace(PT_SETREGS, pid, uintptr(unsafe.Pointer(regs)), 0)
+	return ptracePtr(PT_SETREGS, pid, unsafe.Pointer(regs), 0)
 }
 
 func PtraceSingleStep(pid int) (err error) {
 	return ptrace(PT_STEP, pid, 1, 0)
 }
 
+func Dup3(oldfd, newfd, flags int) error {
+	if oldfd == newfd || flags&^O_CLOEXEC != 0 {
+		return EINVAL
+	}
+	how := F_DUP2FD
+	if flags&O_CLOEXEC != 0 {
+		how = F_DUP2FD_CLOEXEC
+	}
+	_, err := fcntl(oldfd, how, newfd)
+	return err
+}
+
 /*
  * Exposed directly
  */
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
index 6a91d471d0..b8da510043 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
+func (d *PtraceIoDesc) SetLen(length int) {
+	d.Len = uint32(length)
+}
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	var writtenOut uint64 = 0
 	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0)
@@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
 func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
-	return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
-}
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{
-		Op:   int32(req),
-		Offs: offs,
-		Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
-		Len:  uint32(countin),
-	}
-	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
-	return int(ioDesc.Len), err
+	return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0)
 }
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
index 48110a0abb..47155c4839 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
+func (d *PtraceIoDesc) SetLen(length int) {
+	d.Len = uint64(length)
+}
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	var writtenOut uint64 = 0
 	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
@@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
 func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
-	return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
-}
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{
-		Op:   int32(req),
-		Offs: offs,
-		Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
-		Len:  uint64(countin),
-	}
-	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
-	return int(ioDesc.Len), err
+	return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0)
 }
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
index 52f1d4b75a..08932093fa 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
+func (d *PtraceIoDesc) SetLen(length int) {
+	d.Len = uint32(length)
+}
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	var writtenOut uint64 = 0
 	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0)
@@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{
-		Op:   int32(req),
-		Offs: offs,
-		Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
-		Len:  uint32(countin),
-	}
-	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
-	return int(ioDesc.Len), err
-}
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
index 5537ee4f2e..d151a0d0e5 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
+func (d *PtraceIoDesc) SetLen(length int) {
+	d.Len = uint64(length)
+}
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	var writtenOut uint64 = 0
 	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
@@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{
-		Op:   int32(req),
-		Offs: offs,
-		Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
-		Len:  uint64(countin),
-	}
-	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
-	return int(ioDesc.Len), err
-}
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
index 164abd5d21..d5cd64b378 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
+func (d *PtraceIoDesc) SetLen(length int) {
+	d.Len = uint64(length)
+}
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	var writtenOut uint64 = 0
 	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
@@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{
-		Op:   int32(req),
-		Offs: offs,
-		Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
-		Len:  uint64(countin),
-	}
-	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
-	return int(ioDesc.Len), err
-}
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_hurd.go b/etcd/vendor/golang.org/x/sys/unix/syscall_hurd.go
index 4ffb64808d..381fd4673b 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_hurd.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_hurd.go
@@ -20,3 +20,11 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	}
 	return
 }
+
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	r0, er := C.ioctl(C.int(fd), C.ulong(req), C.uintptr_t(uintptr(arg)))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go b/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go
index 5443dddd48..9735331530 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -1015,8 +1015,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		for n < len(pp.Path) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
@@ -1365,6 +1364,10 @@ func SetsockoptTCPRepairOpt(fd, level, opt int, o []TCPRepairOpt) (err error) {
 	return setsockopt(fd, level, opt, unsafe.Pointer(&o[0]), uintptr(SizeofTCPRepairOpt*len(o)))
 }
 
+func SetsockoptTCPMD5Sig(fd, level, opt int, s *TCPMD5Sig) error {
+	return setsockopt(fd, level, opt, unsafe.Pointer(s), unsafe.Sizeof(*s))
+}
+
 // Keyctl Commands (http://man7.org/linux/man-pages/man2/keyctl.2.html)
 
 // KeyctlInt calls keyctl commands in which each argument is an int.
@@ -1579,6 +1582,7 @@ func BindToDevice(fd int, device string) (err error) {
 }
 
 //sys	ptrace(request int, pid int, addr uintptr, data uintptr) (err error)
+//sys	ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) = SYS_PTRACE
 
 func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err error) {
 	// The peek requests are machine-size oriented, so we wrap it
@@ -1596,7 +1600,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro
 	// boundary.
 	n := 0
 	if addr%SizeofPtr != 0 {
-		err = ptrace(req, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0])))
+		err = ptracePtr(req, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0]))
 		if err != nil {
 			return 0, err
 		}
@@ -1608,7 +1612,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro
 	for len(out) > 0 {
 		// We use an internal buffer to guarantee alignment.
 		// It's not documented if this is necessary, but we're paranoid.
-		err = ptrace(req, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0])))
+		err = ptracePtr(req, pid, addr+uintptr(n), unsafe.Pointer(&buf[0]))
 		if err != nil {
 			return n, err
 		}
@@ -1640,7 +1644,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c
 	n := 0
 	if addr%SizeofPtr != 0 {
 		var buf [SizeofPtr]byte
-		err = ptrace(peekReq, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0])))
+		err = ptracePtr(peekReq, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0]))
 		if err != nil {
 			return 0, err
 		}
@@ -1667,7 +1671,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c
 	// Trailing edge.
 	if len(data) > 0 {
 		var buf [SizeofPtr]byte
-		err = ptrace(peekReq, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0])))
+		err = ptracePtr(peekReq, pid, addr+uintptr(n), unsafe.Pointer(&buf[0]))
 		if err != nil {
 			return n, err
 		}
@@ -1696,11 +1700,11 @@ func PtracePokeUser(pid int, addr uintptr, data []byte) (count int, err error) {
 }
 
 func PtraceGetRegs(pid int, regsout *PtraceRegs) (err error) {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 func PtraceSetRegs(pid int, regs *PtraceRegs) (err error) {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
 
 func PtraceSetOptions(pid int, options int) (err error) {
@@ -1709,7 +1713,7 @@ func PtraceSetOptions(pid int, options int) (err error) {
 
 func PtraceGetEventMsg(pid int) (msg uint, err error) {
 	var data _C_long
-	err = ptrace(PTRACE_GETEVENTMSG, pid, 0, uintptr(unsafe.Pointer(&data)))
+	err = ptracePtr(PTRACE_GETEVENTMSG, pid, 0, unsafe.Pointer(&data))
 	msg = uint(data)
 	return
 }
@@ -2154,6 +2158,14 @@ func isGroupMember(gid int) bool {
 	return false
 }
 
+func isCapDacOverrideSet() bool {
+	hdr := CapUserHeader{Version: LINUX_CAPABILITY_VERSION_3}
+	data := [2]CapUserData{}
+	err := Capget(&hdr, &data[0])
+
+	return err == nil && data[0].Effective&(1<<CAP_DAC_OVERRIDE) != 0
+}
+
 //sys	faccessat(dirfd int, path string, mode uint32) (err error)
 //sys	Faccessat2(dirfd int, path string, mode uint32, flags int) (err error)
 
@@ -2189,6 +2201,12 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 	var uid int
 	if flags&AT_EACCESS != 0 {
 		uid = Geteuid()
+		if uid != 0 && isCapDacOverrideSet() {
+			// If CAP_DAC_OVERRIDE is set, file access check is
+			// done by the kernel in the same way as for root
+			// (see generic_permission() in the Linux sources).
+			uid = 0
+		}
 	} else {
 		uid = Getuid()
 	}
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/etcd/vendor/golang.org/x/sys/unix/syscall_netbsd.go
index 35a3ad758f..e66865dccb 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_netbsd.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_netbsd.go
@@ -13,7 +13,6 @@
 package unix
 
 import (
-	"runtime"
 	"syscall"
 	"unsafe"
 )
@@ -178,13 +177,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
 func IoctlGetPtmget(fd int, req uint) (*Ptmget, error) {
 	var value Ptmget
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	runtime.KeepAlive(value)
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return &value, err
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/etcd/vendor/golang.org/x/sys/unix/syscall_openbsd.go
index 9b67b908e5..5e9de23ae3 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_openbsd.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_openbsd.go
@@ -152,6 +152,7 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
 }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_solaris.go b/etcd/vendor/golang.org/x/sys/unix/syscall_solaris.go
index 07ac56109a..d3444b64d6 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -408,8 +408,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		for n < len(pp.Path) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
@@ -547,21 +546,25 @@ func Minor(dev uint64) uint32 {
  */
 
 //sys	ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) = libc.ioctl
+//sys	ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) = libc.ioctl
 
 func ioctl(fd int, req uint, arg uintptr) (err error) {
 	_, err = ioctlRet(fd, req, arg)
 	return err
 }
 
-func IoctlSetTermio(fd int, req uint, value *Termio) error {
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, err = ioctlPtrRet(fd, req, arg)
 	return err
 }
 
+func IoctlSetTermio(fd int, req uint, value *Termio) error {
+	return ioctlPtr(fd, req, unsafe.Pointer(value))
+}
+
 func IoctlGetTermio(fd int, req uint) (*Termio, error) {
 	var value Termio
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return &value, err
 }
 
@@ -1084,7 +1087,7 @@ func IoctlSetIntRetInt(fd int, req uint, arg int) (int, error) {
 func IoctlSetString(fd int, req uint, val string) error {
 	bs := make([]byte, len(val)+1)
 	copy(bs[:len(bs)-1], val)
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&bs[0])))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&bs[0]))
 	runtime.KeepAlive(&bs[0])
 	return err
 }
@@ -1118,7 +1121,7 @@ func (l *Lifreq) GetLifruUint() uint {
 }
 
 func IoctlLifreq(fd int, req uint, l *Lifreq) error {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(l)))
+	return ioctlPtr(fd, req, unsafe.Pointer(l))
 }
 
 // Strioctl Helpers
@@ -1129,5 +1132,5 @@ func (s *Strioctl) SetInt(i int) {
 }
 
 func IoctlSetStrioctlRetInt(fd int, req uint, s *Strioctl) (int, error) {
-	return ioctlRet(fd, req, uintptr(unsafe.Pointer(s)))
+	return ioctlPtrRet(fd, req, unsafe.Pointer(s))
 }
diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/etcd/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
index 68b2f3e1cd..b295497ae4 100644
--- a/etcd/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+++ b/etcd/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
@@ -139,8 +139,7 @@ func anyToSockaddr(_ int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		for n < int(pp.Len) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
@@ -214,6 +213,7 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 //sys   mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) = SYS_MMAP
 //sys   munmap(addr uintptr, length uintptr) (err error) = SYS_MUNMAP
 //sys   ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL
+//sys   ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 //sys   Access(path string, mode uint32) (err error) = SYS___ACCESS_A
 //sys   Chdir(path string) (err error) = SYS___CHDIR_A
diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux.go
index e174685adb..398c37e52d 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -70,6 +70,7 @@ const (
 	ALG_SET_DRBG_ENTROPY                        = 0x6
 	ALG_SET_IV                                  = 0x2
 	ALG_SET_KEY                                 = 0x1
+	ALG_SET_KEY_BY_KEY_SERIAL                   = 0x7
 	ALG_SET_OP                                  = 0x3
 	ANON_INODE_FS_MAGIC                         = 0x9041934
 	ARPHRD_6LOWPAN                              = 0x339
@@ -774,6 +775,8 @@ const (
 	DEVLINK_GENL_MCGRP_CONFIG_NAME              = "config"
 	DEVLINK_GENL_NAME                           = "devlink"
 	DEVLINK_GENL_VERSION                        = 0x1
+	DEVLINK_PORT_FN_CAP_MIGRATABLE              = 0x2
+	DEVLINK_PORT_FN_CAP_ROCE                    = 0x1
 	DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX           = 0x14
 	DEVLINK_SUPPORTED_FLASH_OVERWRITE_SECTIONS  = 0x3
 	DEVMEM_MAGIC                                = 0x454d444d
@@ -1262,6 +1265,8 @@ const (
 	FSCRYPT_MODE_AES_256_CTS                    = 0x4
 	FSCRYPT_MODE_AES_256_HCTR2                  = 0xa
 	FSCRYPT_MODE_AES_256_XTS                    = 0x1
+	FSCRYPT_MODE_SM4_CTS                        = 0x8
+	FSCRYPT_MODE_SM4_XTS                        = 0x7
 	FSCRYPT_POLICY_FLAGS_PAD_16                 = 0x2
 	FSCRYPT_POLICY_FLAGS_PAD_32                 = 0x3
 	FSCRYPT_POLICY_FLAGS_PAD_4                  = 0x0
@@ -1280,8 +1285,6 @@ const (
 	FS_ENCRYPTION_MODE_AES_256_GCM              = 0x2
 	FS_ENCRYPTION_MODE_AES_256_XTS              = 0x1
 	FS_ENCRYPTION_MODE_INVALID                  = 0x0
-	FS_ENCRYPTION_MODE_SPECK128_256_CTS         = 0x8
-	FS_ENCRYPTION_MODE_SPECK128_256_XTS         = 0x7
 	FS_IOC_ADD_ENCRYPTION_KEY                   = 0xc0506617
 	FS_IOC_GET_ENCRYPTION_KEY_STATUS            = 0xc080661a
 	FS_IOC_GET_ENCRYPTION_POLICY_EX             = 0xc0096616
@@ -1770,6 +1773,7 @@ const (
 	LANDLOCK_ACCESS_FS_REFER                    = 0x2000
 	LANDLOCK_ACCESS_FS_REMOVE_DIR               = 0x10
 	LANDLOCK_ACCESS_FS_REMOVE_FILE              = 0x20
+	LANDLOCK_ACCESS_FS_TRUNCATE                 = 0x4000
 	LANDLOCK_ACCESS_FS_WRITE_FILE               = 0x2
 	LANDLOCK_CREATE_RULESET_VERSION             = 0x1
 	LINUX_REBOOT_CMD_CAD_OFF                    = 0x0
@@ -1809,6 +1813,7 @@ const (
 	LWTUNNEL_IP_OPT_GENEVE_MAX                  = 0x3
 	LWTUNNEL_IP_OPT_VXLAN_MAX                   = 0x1
 	MADV_COLD                                   = 0x14
+	MADV_COLLAPSE                               = 0x19
 	MADV_DODUMP                                 = 0x11
 	MADV_DOFORK                                 = 0xb
 	MADV_DONTDUMP                               = 0x10
@@ -2163,6 +2168,7 @@ const (
 	PACKET_FANOUT_DATA                          = 0x16
 	PACKET_FANOUT_EBPF                          = 0x7
 	PACKET_FANOUT_FLAG_DEFRAG                   = 0x8000
+	PACKET_FANOUT_FLAG_IGNORE_OUTGOING          = 0x4000
 	PACKET_FANOUT_FLAG_ROLLOVER                 = 0x1000
 	PACKET_FANOUT_FLAG_UNIQUEID                 = 0x2000
 	PACKET_FANOUT_HASH                          = 0x0
diff --git a/etcd/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/etcd/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
index bd001a6e1c..97f20ca282 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
@@ -15,12 +15,12 @@ type PtraceRegsArm struct {
 
 // PtraceGetRegsArm fetches the registers used by arm binaries.
 func PtraceGetRegsArm(pid int, regsout *PtraceRegsArm) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsArm sets the registers used by arm binaries.
 func PtraceSetRegsArm(pid int, regs *PtraceRegsArm) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
 
 // PtraceRegsArm64 is the registers used by arm64 binaries.
@@ -33,10 +33,10 @@ type PtraceRegsArm64 struct {
 
 // PtraceGetRegsArm64 fetches the registers used by arm64 binaries.
 func PtraceGetRegsArm64(pid int, regsout *PtraceRegsArm64) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsArm64 sets the registers used by arm64 binaries.
 func PtraceSetRegsArm64(pid int, regs *PtraceRegsArm64) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
diff --git a/etcd/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go b/etcd/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go
index 6cb6d688aa..834d2856dd 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go
@@ -7,11 +7,11 @@ import "unsafe"
 // PtraceGetRegSetArm64 fetches the registers used by arm64 binaries.
 func PtraceGetRegSetArm64(pid, addr int, regsout *PtraceRegsArm64) error {
 	iovec := Iovec{(*byte)(unsafe.Pointer(regsout)), uint64(unsafe.Sizeof(*regsout))}
-	return ptrace(PTRACE_GETREGSET, pid, uintptr(addr), uintptr(unsafe.Pointer(&iovec)))
+	return ptracePtr(PTRACE_GETREGSET, pid, uintptr(addr), unsafe.Pointer(&iovec))
 }
 
 // PtraceSetRegSetArm64 sets the registers used by arm64 binaries.
 func PtraceSetRegSetArm64(pid, addr int, regs *PtraceRegsArm64) error {
 	iovec := Iovec{(*byte)(unsafe.Pointer(regs)), uint64(unsafe.Sizeof(*regs))}
-	return ptrace(PTRACE_SETREGSET, pid, uintptr(addr), uintptr(unsafe.Pointer(&iovec)))
+	return ptracePtr(PTRACE_SETREGSET, pid, uintptr(addr), unsafe.Pointer(&iovec))
 }
diff --git a/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
index c34d0639be..0b5f794305 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
@@ -21,12 +21,12 @@ type PtraceRegsMips struct {
 
 // PtraceGetRegsMips fetches the registers used by mips binaries.
 func PtraceGetRegsMips(pid int, regsout *PtraceRegsMips) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsMips sets the registers used by mips binaries.
 func PtraceSetRegsMips(pid int, regs *PtraceRegsMips) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
 
 // PtraceRegsMips64 is the registers used by mips64 binaries.
@@ -42,10 +42,10 @@ type PtraceRegsMips64 struct {
 
 // PtraceGetRegsMips64 fetches the registers used by mips64 binaries.
 func PtraceGetRegsMips64(pid int, regsout *PtraceRegsMips64) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsMips64 sets the registers used by mips64 binaries.
 func PtraceSetRegsMips64(pid int, regs *PtraceRegsMips64) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
diff --git a/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
index 3ccf0c0c4a..2807f7e646 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
@@ -21,12 +21,12 @@ type PtraceRegsMipsle struct {
 
 // PtraceGetRegsMipsle fetches the registers used by mipsle binaries.
 func PtraceGetRegsMipsle(pid int, regsout *PtraceRegsMipsle) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsMipsle sets the registers used by mipsle binaries.
 func PtraceSetRegsMipsle(pid int, regs *PtraceRegsMipsle) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
 
 // PtraceRegsMips64le is the registers used by mips64le binaries.
@@ -42,10 +42,10 @@ type PtraceRegsMips64le struct {
 
 // PtraceGetRegsMips64le fetches the registers used by mips64le binaries.
 func PtraceGetRegsMips64le(pid int, regsout *PtraceRegsMips64le) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsMips64le sets the registers used by mips64le binaries.
 func PtraceSetRegsMips64le(pid int, regs *PtraceRegsMips64le) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
diff --git a/etcd/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/etcd/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
index 7d65857004..281ea64e34 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
@@ -31,12 +31,12 @@ type PtraceRegs386 struct {
 
 // PtraceGetRegs386 fetches the registers used by 386 binaries.
 func PtraceGetRegs386(pid int, regsout *PtraceRegs386) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegs386 sets the registers used by 386 binaries.
 func PtraceSetRegs386(pid int, regs *PtraceRegs386) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
 
 // PtraceRegsAmd64 is the registers used by amd64 binaries.
@@ -72,10 +72,10 @@ type PtraceRegsAmd64 struct {
 
 // PtraceGetRegsAmd64 fetches the registers used by amd64 binaries.
 func PtraceGetRegsAmd64(pid int, regsout *PtraceRegsAmd64) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsAmd64 sets the registers used by amd64 binaries.
 func PtraceSetRegsAmd64(pid int, regs *PtraceRegsAmd64) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
index 870215d2c4..ef9dcd1bef 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
@@ -223,6 +223,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	r0, er := C.ioctl(C.int(fd), C.int(req), C.uintptr_t(uintptr(arg)))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func FcntlInt(fd uintptr, cmd int, arg int) (r int, err error) {
 	r0, er := C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg))
 	r = int(r0)
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
index a89b0bfa53..f86a945923 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
@@ -103,6 +103,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, e1 := callioctl_ptr(fd, int(req), arg)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func FcntlInt(fd uintptr, cmd int, arg int) (r int, err error) {
 	r0, e1 := callfcntl(fd, cmd, uintptr(arg))
 	r = int(r0)
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
index 2caa5adf95..d32a84cae2 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
@@ -423,6 +423,13 @@ func callioctl(fd int, req int, arg uintptr) (r1 uintptr, e1 Errno) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func callioctl_ptr(fd int, req int, arg unsafe.Pointer) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_ioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func callfcntl(fd uintptr, cmd int, arg uintptr) (r1 uintptr, e1 Errno) {
 	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fcntl)), 3, fd, uintptr(cmd), arg, 0, 0, 0)
 	return
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
index 944a714b1a..d7d8baf819 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
@@ -191,6 +191,14 @@ func callioctl(fd int, req int, arg uintptr) (r1 uintptr, e1 Errno) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func callioctl_ptr(fd int, req int, arg unsafe.Pointer) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.ioctl(C.int(fd), C.int(req), C.uintptr_t(uintptr(arg))))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func callfcntl(fd uintptr, cmd int, arg uintptr) (r1 uintptr, e1 Errno) {
 	r1 = uintptr(C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg)))
 	e1 = syscall.GetErrno()
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
index c2461c4967..a29ffdd566 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
@@ -725,6 +725,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib"
@@ -2502,6 +2510,14 @@ func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) {
 	return
 }
 
+func ptrace1Ptr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), addr, uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ptrace_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
index 26a0fdc505..2fd4590bb7 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
@@ -725,6 +725,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib"
@@ -2502,6 +2510,14 @@ func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) {
 	return
 }
 
+func ptrace1Ptr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), addr, uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ptrace_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
index 54749f9c5e..3b85134707 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
@@ -436,6 +436,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
index 77479d4581..1129065624 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
index 2e966d4d7a..55f5abfe59 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
index d65a7c0fa6..d39651c2b5 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
index 6f0b97c6db..ddb7408680 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
index e1c23b5272..09a53a616c 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index 36ea3a55b7..430cb24de7 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -379,6 +379,16 @@ func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(arg)
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
index 79f7389963..8e1d9c8f66 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
index fb161f3a26..21c6950400 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
index 4c8ac993a8..298168f90a 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
index 76dd8ec4fd..68b8bd492f 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
index caeb807bd4..0b0f910e1a 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
index a05e5f4fff..48ff5de75b 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
index b2da8e50cc..2452a641da 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
index 048b2655e6..5e35600a60 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
index 6f33e37e72..b04cef1a19 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
index 330cf7f7ac..47a07ee0c2 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
index 5f24de0d9d..573378fdb9 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
index 78d4a4240e..4873a1e5d3 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
@@ -657,6 +657,17 @@ func ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpoll)), 3, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout), 0, 0, 0)
 	n = int(r0)
diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
index f2079457c6..07bfe2ef9a 100644
--- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
@@ -267,6 +267,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
index d9c78cdcbc..29dc483378 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
@@ -362,7 +362,7 @@ type FpExtendedPrecision struct{}
 type PtraceIoDesc struct {
 	Op   int32
 	Offs uintptr
-	Addr uintptr
+	Addr *byte
 	Len  uint32
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
index 26991b1655..0a89b28906 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
@@ -367,7 +367,7 @@ type FpExtendedPrecision struct{}
 type PtraceIoDesc struct {
 	Op   int32
 	Offs uintptr
-	Addr uintptr
+	Addr *byte
 	Len  uint64
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
index f8324e7e7f..c8666bb152 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -350,7 +350,7 @@ type FpExtendedPrecision struct {
 type PtraceIoDesc struct {
 	Op   int32
 	Offs uintptr
-	Addr uintptr
+	Addr *byte
 	Len  uint32
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
index 4220411f34..88fb48a887 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
@@ -347,7 +347,7 @@ type FpExtendedPrecision struct{}
 type PtraceIoDesc struct {
 	Op   int32
 	Offs uintptr
-	Addr uintptr
+	Addr *byte
 	Len  uint64
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
index 0660fd45c7..698dc975e9 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
@@ -348,7 +348,7 @@ type FpExtendedPrecision struct{}
 type PtraceIoDesc struct {
 	Op   int32
 	Offs uintptr
-	Addr uintptr
+	Addr *byte
 	Len  uint64
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 7d9fc8f1c9..ca84727cfe 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -456,36 +456,60 @@ type Ucred struct {
 }
 
 type TCPInfo struct {
-	State          uint8
-	Ca_state       uint8
-	Retransmits    uint8
-	Probes         uint8
-	Backoff        uint8
-	Options        uint8
-	Rto            uint32
-	Ato            uint32
-	Snd_mss        uint32
-	Rcv_mss        uint32
-	Unacked        uint32
-	Sacked         uint32
-	Lost           uint32
-	Retrans        uint32
-	Fackets        uint32
-	Last_data_sent uint32
-	Last_ack_sent  uint32
-	Last_data_recv uint32
-	Last_ack_recv  uint32
-	Pmtu           uint32
-	Rcv_ssthresh   uint32
-	Rtt            uint32
-	Rttvar         uint32
-	Snd_ssthresh   uint32
-	Snd_cwnd       uint32
-	Advmss         uint32
-	Reordering     uint32
-	Rcv_rtt        uint32
-	Rcv_space      uint32
-	Total_retrans  uint32
+	State           uint8
+	Ca_state        uint8
+	Retransmits     uint8
+	Probes          uint8
+	Backoff         uint8
+	Options         uint8
+	Rto             uint32
+	Ato             uint32
+	Snd_mss         uint32
+	Rcv_mss         uint32
+	Unacked         uint32
+	Sacked          uint32
+	Lost            uint32
+	Retrans         uint32
+	Fackets         uint32
+	Last_data_sent  uint32
+	Last_ack_sent   uint32
+	Last_data_recv  uint32
+	Last_ack_recv   uint32
+	Pmtu            uint32
+	Rcv_ssthresh    uint32
+	Rtt             uint32
+	Rttvar          uint32
+	Snd_ssthresh    uint32
+	Snd_cwnd        uint32
+	Advmss          uint32
+	Reordering      uint32
+	Rcv_rtt         uint32
+	Rcv_space       uint32
+	Total_retrans   uint32
+	Pacing_rate     uint64
+	Max_pacing_rate uint64
+	Bytes_acked     uint64
+	Bytes_received  uint64
+	Segs_out        uint32
+	Segs_in         uint32
+	Notsent_bytes   uint32
+	Min_rtt         uint32
+	Data_segs_in    uint32
+	Data_segs_out   uint32
+	Delivery_rate   uint64
+	Busy_time       uint64
+	Rwnd_limited    uint64
+	Sndbuf_limited  uint64
+	Delivered       uint32
+	Delivered_ce    uint32
+	Bytes_sent      uint64
+	Bytes_retrans   uint64
+	Dsack_dups      uint32
+	Reord_seen      uint32
+	Rcv_ooopack     uint32
+	Snd_wnd         uint32
+	Rcv_wnd         uint32
+	Rehash          uint32
 }
 
 type CanFilter struct {
@@ -528,7 +552,7 @@ const (
 	SizeofIPv6MTUInfo       = 0x20
 	SizeofICMPv6Filter      = 0x20
 	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0x68
+	SizeofTCPInfo           = 0xf0
 	SizeofCanFilter         = 0x8
 	SizeofTCPRepairOpt      = 0x8
 )
@@ -1043,6 +1067,7 @@ const (
 	PerfBitCommExec                      = CBitFieldMaskBit24
 	PerfBitUseClockID                    = CBitFieldMaskBit25
 	PerfBitContextSwitch                 = CBitFieldMaskBit26
+	PerfBitWriteBackward                 = CBitFieldMaskBit27
 )
 
 const (
@@ -1239,7 +1264,7 @@ type TCPMD5Sig struct {
 	Flags     uint8
 	Prefixlen uint8
 	Keylen    uint16
-	_         uint32
+	Ifindex   int32
 	Key       [80]uint8
 }
 
@@ -1939,7 +1964,11 @@ const (
 	NFT_MSG_GETOBJ                    = 0x13
 	NFT_MSG_DELOBJ                    = 0x14
 	NFT_MSG_GETOBJ_RESET              = 0x15
-	NFT_MSG_MAX                       = 0x19
+	NFT_MSG_NEWFLOWTABLE              = 0x16
+	NFT_MSG_GETFLOWTABLE              = 0x17
+	NFT_MSG_DELFLOWTABLE              = 0x18
+	NFT_MSG_GETRULE_RESET             = 0x19
+	NFT_MSG_MAX                       = 0x1a
 	NFTA_LIST_UNSPEC                  = 0x0
 	NFTA_LIST_ELEM                    = 0x1
 	NFTA_HOOK_UNSPEC                  = 0x0
@@ -2443,9 +2472,11 @@ const (
 	SOF_TIMESTAMPING_OPT_STATS    = 0x1000
 	SOF_TIMESTAMPING_OPT_PKTINFO  = 0x2000
 	SOF_TIMESTAMPING_OPT_TX_SWHW  = 0x4000
+	SOF_TIMESTAMPING_BIND_PHC     = 0x8000
+	SOF_TIMESTAMPING_OPT_ID_TCP   = 0x10000
 
-	SOF_TIMESTAMPING_LAST = 0x8000
-	SOF_TIMESTAMPING_MASK = 0xffff
+	SOF_TIMESTAMPING_LAST = 0x10000
+	SOF_TIMESTAMPING_MASK = 0x1ffff
 
 	SCM_TSTAMP_SND   = 0x0
 	SCM_TSTAMP_SCHED = 0x1
@@ -3265,7 +3296,7 @@ const (
 	DEVLINK_ATTR_LINECARD_SUPPORTED_TYPES              = 0xae
 	DEVLINK_ATTR_NESTED_DEVLINK                        = 0xaf
 	DEVLINK_ATTR_SELFTESTS                             = 0xb0
-	DEVLINK_ATTR_MAX                                   = 0xb0
+	DEVLINK_ATTR_MAX                                   = 0xb3
 	DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE              = 0x0
 	DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX           = 0x1
 	DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT               = 0x0
@@ -3281,7 +3312,8 @@ const (
 	DEVLINK_PORT_FUNCTION_ATTR_HW_ADDR                 = 0x1
 	DEVLINK_PORT_FN_ATTR_STATE                         = 0x2
 	DEVLINK_PORT_FN_ATTR_OPSTATE                       = 0x3
-	DEVLINK_PORT_FUNCTION_ATTR_MAX                     = 0x3
+	DEVLINK_PORT_FN_ATTR_CAPS                          = 0x4
+	DEVLINK_PORT_FUNCTION_ATTR_MAX                     = 0x4
 )
 
 type FsverityDigest struct {
@@ -3572,7 +3604,8 @@ const (
 	ETHTOOL_MSG_MODULE_SET                    = 0x23
 	ETHTOOL_MSG_PSE_GET                       = 0x24
 	ETHTOOL_MSG_PSE_SET                       = 0x25
-	ETHTOOL_MSG_USER_MAX                      = 0x25
+	ETHTOOL_MSG_RSS_GET                       = 0x26
+	ETHTOOL_MSG_USER_MAX                      = 0x26
 	ETHTOOL_MSG_KERNEL_NONE                   = 0x0
 	ETHTOOL_MSG_STRSET_GET_REPLY              = 0x1
 	ETHTOOL_MSG_LINKINFO_GET_REPLY            = 0x2
@@ -3611,7 +3644,8 @@ const (
 	ETHTOOL_MSG_MODULE_GET_REPLY              = 0x23
 	ETHTOOL_MSG_MODULE_NTF                    = 0x24
 	ETHTOOL_MSG_PSE_GET_REPLY                 = 0x25
-	ETHTOOL_MSG_KERNEL_MAX                    = 0x25
+	ETHTOOL_MSG_RSS_GET_REPLY                 = 0x26
+	ETHTOOL_MSG_KERNEL_MAX                    = 0x26
 	ETHTOOL_A_HEADER_UNSPEC                   = 0x0
 	ETHTOOL_A_HEADER_DEV_INDEX                = 0x1
 	ETHTOOL_A_HEADER_DEV_NAME                 = 0x2
@@ -3679,7 +3713,8 @@ const (
 	ETHTOOL_A_LINKSTATE_SQI_MAX               = 0x4
 	ETHTOOL_A_LINKSTATE_EXT_STATE             = 0x5
 	ETHTOOL_A_LINKSTATE_EXT_SUBSTATE          = 0x6
-	ETHTOOL_A_LINKSTATE_MAX                   = 0x6
+	ETHTOOL_A_LINKSTATE_EXT_DOWN_CNT          = 0x7
+	ETHTOOL_A_LINKSTATE_MAX                   = 0x7
 	ETHTOOL_A_DEBUG_UNSPEC                    = 0x0
 	ETHTOOL_A_DEBUG_HEADER                    = 0x1
 	ETHTOOL_A_DEBUG_MSGMASK                   = 0x2
@@ -4409,7 +4444,7 @@ const (
 	NL80211_ATTR_MAC_HINT                                   = 0xc8
 	NL80211_ATTR_MAC_MASK                                   = 0xd7
 	NL80211_ATTR_MAX_AP_ASSOC_STA                           = 0xca
-	NL80211_ATTR_MAX                                        = 0x140
+	NL80211_ATTR_MAX                                        = 0x141
 	NL80211_ATTR_MAX_CRIT_PROT_DURATION                     = 0xb4
 	NL80211_ATTR_MAX_CSA_COUNTERS                           = 0xce
 	NL80211_ATTR_MAX_MATCH_SETS                             = 0x85
@@ -4552,6 +4587,7 @@ const (
 	NL80211_ATTR_SUPPORT_MESH_AUTH                          = 0x73
 	NL80211_ATTR_SURVEY_INFO                                = 0x54
 	NL80211_ATTR_SURVEY_RADIO_STATS                         = 0xda
+	NL80211_ATTR_TD_BITMAP                                  = 0x141
 	NL80211_ATTR_TDLS_ACTION                                = 0x88
 	NL80211_ATTR_TDLS_DIALOG_TOKEN                          = 0x89
 	NL80211_ATTR_TDLS_EXTERNAL_SETUP                        = 0x8c
@@ -5752,3 +5788,25 @@ const (
 	AUDIT_NLGRP_NONE    = 0x0
 	AUDIT_NLGRP_READLOG = 0x1
 )
+
+const (
+	TUN_F_CSUM    = 0x1
+	TUN_F_TSO4    = 0x2
+	TUN_F_TSO6    = 0x4
+	TUN_F_TSO_ECN = 0x8
+	TUN_F_UFO     = 0x10
+)
+
+const (
+	VIRTIO_NET_HDR_F_NEEDS_CSUM = 0x1
+	VIRTIO_NET_HDR_F_DATA_VALID = 0x2
+	VIRTIO_NET_HDR_F_RSC_INFO   = 0x4
+)
+
+const (
+	VIRTIO_NET_HDR_GSO_NONE  = 0x0
+	VIRTIO_NET_HDR_GSO_TCPV4 = 0x1
+	VIRTIO_NET_HDR_GSO_UDP   = 0x3
+	VIRTIO_NET_HDR_GSO_TCPV6 = 0x4
+	VIRTIO_NET_HDR_GSO_ECN   = 0x80
+)
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index 89c516a29a..4ecc1495cd 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -414,7 +414,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [122]int8
+	Data   [122]byte
 	_      uint32
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index 62b4fb2699..34fddff964 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -427,7 +427,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index e86b35893e..3b14a6031f 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -405,7 +405,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [122]uint8
+	Data   [122]byte
 	_      uint32
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index 6c6be4c911..0517651ab3 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -406,7 +406,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
index 4982ea355a..3b0c518134 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
@@ -407,7 +407,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 173141a670..fccdf4dd0f 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -410,7 +410,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [122]int8
+	Data   [122]byte
 	_      uint32
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index 93ae4c5167..500de8fc07 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -409,7 +409,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 4e4e510ca5..d0434cd2c6 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -409,7 +409,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index 3f5ba013d9..84206ba534 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -410,7 +410,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [122]int8
+	Data   [122]byte
 	_      uint32
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
index 71dfe7cdb4..ab078cf1f5 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
@@ -417,7 +417,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [122]uint8
+	Data   [122]byte
 	_      uint32
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index 3a2b7f0a66..42eb2c4cef 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -416,7 +416,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]uint8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index a52d627563..31304a4e8b 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -416,7 +416,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]uint8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
index dfc007d8a6..c311f9612d 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -434,7 +434,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]uint8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index b53cb9103d..bba3cefac1 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -429,7 +429,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index fe0aa35472..ad8a013804 100644
--- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -411,7 +411,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go b/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go
index 41cb3c01fd..3723b2c224 100644
--- a/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -824,6 +824,9 @@ const socket_error = uintptr(^uint32(0))
 //sys	WSAStartup(verreq uint32, data *WSAData) (sockerr error) = ws2_32.WSAStartup
 //sys	WSACleanup() (err error) [failretval==socket_error] = ws2_32.WSACleanup
 //sys	WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbob uint32, cbbr *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) [failretval==socket_error] = ws2_32.WSAIoctl
+//sys	WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceBeginW
+//sys	WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceNextW
+//sys	WSALookupServiceEnd(handle Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceEnd
 //sys	socket(af int32, typ int32, protocol int32) (handle Handle, err error) [failretval==InvalidHandle] = ws2_32.socket
 //sys	sendto(s Handle, buf []byte, flags int32, to unsafe.Pointer, tolen int32) (err error) [failretval==socket_error] = ws2_32.sendto
 //sys	recvfrom(s Handle, buf []byte, flags int32, from *RawSockaddrAny, fromlen *int32) (n int32, err error) [failretval==-1] = ws2_32.recvfrom
@@ -1019,8 +1022,7 @@ func (rsa *RawSockaddrAny) Sockaddr() (Sockaddr, error) {
 		for n < len(pp.Path) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
diff --git a/etcd/vendor/golang.org/x/sys/windows/types_windows.go b/etcd/vendor/golang.org/x/sys/windows/types_windows.go
index 0c4add9741..857acf1032 100644
--- a/etcd/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/etcd/vendor/golang.org/x/sys/windows/types_windows.go
@@ -1243,6 +1243,51 @@ const (
 	DnsSectionAdditional = 0x0003
 )
 
+const (
+	// flags of WSALookupService
+	LUP_DEEP                = 0x0001
+	LUP_CONTAINERS          = 0x0002
+	LUP_NOCONTAINERS        = 0x0004
+	LUP_NEAREST             = 0x0008
+	LUP_RETURN_NAME         = 0x0010
+	LUP_RETURN_TYPE         = 0x0020
+	LUP_RETURN_VERSION      = 0x0040
+	LUP_RETURN_COMMENT      = 0x0080
+	LUP_RETURN_ADDR         = 0x0100
+	LUP_RETURN_BLOB         = 0x0200
+	LUP_RETURN_ALIASES      = 0x0400
+	LUP_RETURN_QUERY_STRING = 0x0800
+	LUP_RETURN_ALL          = 0x0FF0
+	LUP_RES_SERVICE         = 0x8000
+
+	LUP_FLUSHCACHE    = 0x1000
+	LUP_FLUSHPREVIOUS = 0x2000
+
+	LUP_NON_AUTHORITATIVE      = 0x4000
+	LUP_SECURE                 = 0x8000
+	LUP_RETURN_PREFERRED_NAMES = 0x10000
+	LUP_DNS_ONLY               = 0x20000
+
+	LUP_ADDRCONFIG           = 0x100000
+	LUP_DUAL_ADDR            = 0x200000
+	LUP_FILESERVER           = 0x400000
+	LUP_DISABLE_IDN_ENCODING = 0x00800000
+	LUP_API_ANSI             = 0x01000000
+
+	LUP_RESOLUTION_HANDLE = 0x80000000
+)
+
+const (
+	// values of WSAQUERYSET's namespace
+	NS_ALL       = 0
+	NS_DNS       = 12
+	NS_NLA       = 15
+	NS_BTH       = 16
+	NS_EMAIL     = 37
+	NS_PNRPNAME  = 38
+	NS_PNRPCLOUD = 39
+)
+
 type DNSSRVData struct {
 	Target   *uint16
 	Priority uint16
@@ -3258,3 +3303,43 @@ const (
 	DWMWA_TEXT_COLOR                     = 36
 	DWMWA_VISIBLE_FRAME_BORDER_THICKNESS = 37
 )
+
+type WSAQUERYSET struct {
+	Size                uint32
+	ServiceInstanceName *uint16
+	ServiceClassId      *GUID
+	Version             *WSAVersion
+	Comment             *uint16
+	NameSpace           uint32
+	NSProviderId        *GUID
+	Context             *uint16
+	NumberOfProtocols   uint32
+	AfpProtocols        *AFProtocols
+	QueryString         *uint16
+	NumberOfCsAddrs     uint32
+	SaBuffer            *CSAddrInfo
+	OutputFlags         uint32
+	Blob                *BLOB
+}
+
+type WSAVersion struct {
+	Version                 uint32
+	EnumerationOfComparison int32
+}
+
+type AFProtocols struct {
+	AddressFamily int32
+	Protocol      int32
+}
+
+type CSAddrInfo struct {
+	LocalAddr  SocketAddress
+	RemoteAddr SocketAddress
+	SocketType int32
+	Protocol   int32
+}
+
+type BLOB struct {
+	Size     uint32
+	BlobData *byte
+}
diff --git a/etcd/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/etcd/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index ac60052e44..6d2a268534 100644
--- a/etcd/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/etcd/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -474,6 +474,9 @@ var (
 	procWSAEnumProtocolsW                                    = modws2_32.NewProc("WSAEnumProtocolsW")
 	procWSAGetOverlappedResult                               = modws2_32.NewProc("WSAGetOverlappedResult")
 	procWSAIoctl                                             = modws2_32.NewProc("WSAIoctl")
+	procWSALookupServiceBeginW                               = modws2_32.NewProc("WSALookupServiceBeginW")
+	procWSALookupServiceEnd                                  = modws2_32.NewProc("WSALookupServiceEnd")
+	procWSALookupServiceNextW                                = modws2_32.NewProc("WSALookupServiceNextW")
 	procWSARecv                                              = modws2_32.NewProc("WSARecv")
 	procWSARecvFrom                                          = modws2_32.NewProc("WSARecvFrom")
 	procWSASend                                              = modws2_32.NewProc("WSASend")
@@ -4067,6 +4070,30 @@ func WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbo
 	return
 }
 
+func WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procWSALookupServiceBeginW.Addr(), 3, uintptr(unsafe.Pointer(querySet)), uintptr(flags), uintptr(unsafe.Pointer(handle)))
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WSALookupServiceEnd(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procWSALookupServiceEnd.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) {
+	r1, _, e1 := syscall.Syscall6(procWSALookupServiceNextW.Addr(), 4, uintptr(handle), uintptr(flags), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(querySet)), 0, 0)
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func WSARecv(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, overlapped *Overlapped, croutine *byte) (err error) {
 	r1, _, e1 := syscall.Syscall9(procWSARecv.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0)
 	if r1 == socket_error {
diff --git a/etcd/vendor/golang.org/x/text/encoding/internal/internal.go b/etcd/vendor/golang.org/x/text/encoding/internal/internal.go
index 75a5fd1658..413e6fc6d7 100644
--- a/etcd/vendor/golang.org/x/text/encoding/internal/internal.go
+++ b/etcd/vendor/golang.org/x/text/encoding/internal/internal.go
@@ -64,7 +64,7 @@ func (e FuncEncoding) NewEncoder() *encoding.Encoder {
 // byte.
 type RepertoireError byte
 
-// Error implements the error interrface.
+// Error implements the error interface.
 func (r RepertoireError) Error() string {
 	return "encoding: rune not supported by encoding."
 }
diff --git a/etcd/vendor/golang.org/x/text/unicode/norm/forminfo.go b/etcd/vendor/golang.org/x/text/unicode/norm/forminfo.go
index d69ccb4f97..487335d14d 100644
--- a/etcd/vendor/golang.org/x/text/unicode/norm/forminfo.go
+++ b/etcd/vendor/golang.org/x/text/unicode/norm/forminfo.go
@@ -13,7 +13,7 @@ import "encoding/binary"
 // a rune to a uint16. The values take two forms.  For v >= 0x8000:
 //   bits
 //   15:    1 (inverse of NFD_QC bit of qcInfo)
-//   13..7: qcInfo (see below). isYesD is always true (no decompostion).
+//   13..7: qcInfo (see below). isYesD is always true (no decomposition).
 //    6..0: ccc (compressed CCC value).
 // For v < 0x8000, the respective rune has a decomposition and v is an index
 // into a byte array of UTF-8 decomposition sequences and additional info and
diff --git a/etcd/vendor/k8s.io/api/core/v1/generated.proto b/etcd/vendor/k8s.io/api/core/v1/generated.proto
index 9264bfd98b..416811e291 100644
--- a/etcd/vendor/k8s.io/api/core/v1/generated.proto
+++ b/etcd/vendor/k8s.io/api/core/v1/generated.proto
@@ -4512,7 +4512,7 @@ message ResourceRequirements {
   // This is an alpha field and requires enabling the
   // DynamicResourceAllocation feature gate.
   //
-  // This field is immutable.
+  // This field is immutable. It can only be set for containers.
   //
   // +listType=map
   // +listMapKey=name
diff --git a/etcd/vendor/k8s.io/api/core/v1/types.go b/etcd/vendor/k8s.io/api/core/v1/types.go
index 4be1df0c1d..0101e95d91 100644
--- a/etcd/vendor/k8s.io/api/core/v1/types.go
+++ b/etcd/vendor/k8s.io/api/core/v1/types.go
@@ -2320,7 +2320,7 @@ type ResourceRequirements struct {
 	// This is an alpha field and requires enabling the
 	// DynamicResourceAllocation feature gate.
 	//
-	// This field is immutable.
+	// This field is immutable. It can only be set for containers.
 	//
 	// +listType=map
 	// +listMapKey=name
diff --git a/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go b/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
index 6c6fe2e006..99391a423d 100644
--- a/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
+++ b/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
@@ -2041,7 +2041,7 @@ var map_ResourceRequirements = map[string]string{
 	"":         "ResourceRequirements describes the compute resource requirements.",
 	"limits":   "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/",
 	"requests": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/",
-	"claims":   "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable.",
+	"claims":   "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.",
 }
 
 func (ResourceRequirements) SwaggerDoc() map[string]string {
diff --git a/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go b/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go
index 033a4c8fc3..758b0a3ac8 100644
--- a/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go
+++ b/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go
@@ -24,19 +24,36 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
+// StaleGroupVersionError encasulates failed GroupVersion marked "stale"
+// in the returned AggregatedDiscovery format.
+type StaleGroupVersionError struct {
+	gv schema.GroupVersion
+}
+
+func (s StaleGroupVersionError) Error() string {
+	return fmt.Sprintf("stale GroupVersion discovery: %v", s.gv)
+}
+
 // SplitGroupsAndResources transforms "aggregated" discovery top-level structure into
 // the previous "unaggregated" discovery groups and resources.
-func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList) (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList) {
+func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList) (
+	*metav1.APIGroupList,
+	map[schema.GroupVersion]*metav1.APIResourceList,
+	map[schema.GroupVersion]error) {
 	// Aggregated group list will contain the entirety of discovery, including
-	// groups, versions, and resources.
+	// groups, versions, and resources. GroupVersions marked "stale" are failed.
 	groups := []*metav1.APIGroup{}
+	failedGVs := map[schema.GroupVersion]error{}
 	resourcesByGV := map[schema.GroupVersion]*metav1.APIResourceList{}
 	for _, aggGroup := range aggregatedGroups.Items {
-		group, resources := convertAPIGroup(aggGroup)
+		group, resources, failed := convertAPIGroup(aggGroup)
 		groups = append(groups, group)
 		for gv, resourceList := range resources {
 			resourcesByGV[gv] = resourceList
 		}
+		for gv, err := range failed {
+			failedGVs[gv] = err
+		}
 	}
 	// Transform slice of groups to group list before returning.
 	groupList := &metav1.APIGroupList{}
@@ -44,23 +61,32 @@ func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList
 	for _, group := range groups {
 		groupList.Groups = append(groupList.Groups, *group)
 	}
-	return groupList, resourcesByGV
+	return groupList, resourcesByGV, failedGVs
 }
 
 // convertAPIGroup tranforms an "aggregated" APIGroupDiscovery to an "legacy" APIGroup,
 // also returning the map of APIResourceList for resources within GroupVersions.
-func convertAPIGroup(g apidiscovery.APIGroupDiscovery) (*metav1.APIGroup, map[schema.GroupVersion]*metav1.APIResourceList) {
+func convertAPIGroup(g apidiscovery.APIGroupDiscovery) (
+	*metav1.APIGroup,
+	map[schema.GroupVersion]*metav1.APIResourceList,
+	map[schema.GroupVersion]error) {
 	// Iterate through versions to convert to group and resources.
 	group := &metav1.APIGroup{}
 	gvResources := map[schema.GroupVersion]*metav1.APIResourceList{}
+	failedGVs := map[schema.GroupVersion]error{}
 	group.Name = g.ObjectMeta.Name
-	for i, v := range g.Versions {
-		version := metav1.GroupVersionForDiscovery{}
+	for _, v := range g.Versions {
 		gv := schema.GroupVersion{Group: g.Name, Version: v.Version}
+		if v.Freshness == apidiscovery.DiscoveryFreshnessStale {
+			failedGVs[gv] = StaleGroupVersionError{gv: gv}
+			continue
+		}
+		version := metav1.GroupVersionForDiscovery{}
 		version.GroupVersion = gv.String()
 		version.Version = v.Version
 		group.Versions = append(group.Versions, version)
-		if i == 0 {
+		// PreferredVersion is first non-stale Version
+		if group.PreferredVersion == (metav1.GroupVersionForDiscovery{}) {
 			group.PreferredVersion = version
 		}
 		resourceList := &metav1.APIResourceList{}
@@ -76,7 +102,7 @@ func convertAPIGroup(g apidiscovery.APIGroupDiscovery) (*metav1.APIGroup, map[sc
 		}
 		gvResources[gv] = resourceList
 	}
-	return group, gvResources
+	return group, gvResources, failedGVs
 }
 
 // convertAPIResource tranforms a APIResourceDiscovery to an APIResource.
diff --git a/etcd/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go b/etcd/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go
index 0a41018474..9143ce00ab 100644
--- a/etcd/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go
+++ b/etcd/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go
@@ -33,6 +33,7 @@ import (
 	"k8s.io/client-go/openapi"
 	cachedopenapi "k8s.io/client-go/openapi/cached"
 	restclient "k8s.io/client-go/rest"
+	"k8s.io/klog/v2"
 )
 
 type cacheEntry struct {
@@ -61,6 +62,15 @@ var (
 	ErrCacheNotFound = errors.New("not found")
 )
 
+// Server returning empty ResourceList for Group/Version.
+type emptyResponseError struct {
+	gv string
+}
+
+func (e *emptyResponseError) Error() string {
+	return fmt.Sprintf("received empty response for: %s", e.gv)
+}
+
 var _ discovery.CachedDiscoveryInterface = &memCacheClient{}
 
 // isTransientConnectionError checks whether given error is "Connection refused" or
@@ -103,7 +113,13 @@ func (d *memCacheClient) ServerResourcesForGroupVersion(groupVersion string) (*m
 	if cachedVal.err != nil && isTransientError(cachedVal.err) {
 		r, err := d.serverResourcesForGroupVersion(groupVersion)
 		if err != nil {
-			utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", groupVersion, err))
+			// Don't log "empty response" as an error; it is a common response for metrics.
+			if _, emptyErr := err.(*emptyResponseError); emptyErr {
+				// Log at same verbosity as disk cache.
+				klog.V(3).Infof("%v", err)
+			} else {
+				utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", groupVersion, err))
+			}
 		}
 		cachedVal = &cacheEntry{r, err}
 		d.groupToServerResources[groupVersion] = cachedVal
@@ -120,32 +136,38 @@ func (d *memCacheClient) ServerGroupsAndResources() ([]*metav1.APIGroup, []*meta
 // GroupsAndMaybeResources returns the list of APIGroups, and possibly the map of group/version
 // to resources. The returned groups will never be nil, but the resources map can be nil
 // if there are no cached resources.
-func (d *memCacheClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) {
+func (d *memCacheClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, map[schema.GroupVersion]error, error) {
 	d.lock.Lock()
 	defer d.lock.Unlock()
 
 	if !d.cacheValid {
 		if err := d.refreshLocked(); err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
 	}
 	// Build the resourceList from the cache?
 	var resourcesMap map[schema.GroupVersion]*metav1.APIResourceList
+	var failedGVs map[schema.GroupVersion]error
 	if d.receivedAggregatedDiscovery && len(d.groupToServerResources) > 0 {
 		resourcesMap = map[schema.GroupVersion]*metav1.APIResourceList{}
+		failedGVs = map[schema.GroupVersion]error{}
 		for gv, cacheEntry := range d.groupToServerResources {
 			groupVersion, err := schema.ParseGroupVersion(gv)
 			if err != nil {
-				return nil, nil, fmt.Errorf("failed to parse group version (%v): %v", gv, err)
+				return nil, nil, nil, fmt.Errorf("failed to parse group version (%v): %v", gv, err)
+			}
+			if cacheEntry.err != nil {
+				failedGVs[groupVersion] = cacheEntry.err
+			} else {
+				resourcesMap[groupVersion] = cacheEntry.resourceList
 			}
-			resourcesMap[groupVersion] = cacheEntry.resourceList
 		}
 	}
-	return d.groupList, resourcesMap, nil
+	return d.groupList, resourcesMap, failedGVs, nil
 }
 
 func (d *memCacheClient) ServerGroups() (*metav1.APIGroupList, error) {
-	groups, _, err := d.GroupsAndMaybeResources()
+	groups, _, _, err := d.GroupsAndMaybeResources()
 	if err != nil {
 		return nil, err
 	}
@@ -219,7 +241,8 @@ func (d *memCacheClient) refreshLocked() error {
 
 	if ad, ok := d.delegate.(discovery.AggregatedDiscoveryInterface); ok {
 		var resources map[schema.GroupVersion]*metav1.APIResourceList
-		gl, resources, err = ad.GroupsAndMaybeResources()
+		var failedGVs map[schema.GroupVersion]error
+		gl, resources, failedGVs, err = ad.GroupsAndMaybeResources()
 		if resources != nil && err == nil {
 			// Cache the resources.
 			d.groupToServerResources = map[string]*cacheEntry{}
@@ -227,6 +250,10 @@ func (d *memCacheClient) refreshLocked() error {
 			for gv, resources := range resources {
 				d.groupToServerResources[gv.String()] = &cacheEntry{resources, nil}
 			}
+			// Cache GroupVersion discovery errors
+			for gv, err := range failedGVs {
+				d.groupToServerResources[gv.String()] = &cacheEntry{nil, err}
+			}
 			d.receivedAggregatedDiscovery = true
 			d.cacheValid = true
 			return nil
@@ -252,7 +279,13 @@ func (d *memCacheClient) refreshLocked() error {
 
 				r, err := d.serverResourcesForGroupVersion(gv)
 				if err != nil {
-					utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", gv, err))
+					// Don't log "empty response" as an error; it is a common response for metrics.
+					if _, emptyErr := err.(*emptyResponseError); emptyErr {
+						// Log at same verbosity as disk cache.
+						klog.V(3).Infof("%v", err)
+					} else {
+						utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", gv, err))
+					}
 				}
 
 				resultLock.Lock()
@@ -274,7 +307,7 @@ func (d *memCacheClient) serverResourcesForGroupVersion(groupVersion string) (*m
 		return r, err
 	}
 	if len(r.APIResources) == 0 {
-		return r, fmt.Errorf("Got empty response for: %v", groupVersion)
+		return r, &emptyResponseError{gv: groupVersion}
 	}
 	return r, nil
 }
diff --git a/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go b/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go
index 43906190fb..641568008b 100644
--- a/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go
+++ b/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go
@@ -86,7 +86,7 @@ type DiscoveryInterface interface {
 type AggregatedDiscoveryInterface interface {
 	DiscoveryInterface
 
-	GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error)
+	GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, map[schema.GroupVersion]error, error)
 }
 
 // CachedDiscoveryInterface is a DiscoveryInterface with cache invalidation and freshness.
@@ -186,18 +186,23 @@ func apiVersionsToAPIGroup(apiVersions *metav1.APIVersions) (apiGroup metav1.API
 // and resources from /api and /apis (either aggregated or not). Legacy groups
 // must be ordered first. The server will either return both endpoints (/api, /apis)
 // as aggregated discovery format or legacy format. For safety, resources will only
-// be returned if both endpoints returned resources.
-func (d *DiscoveryClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) {
+// be returned if both endpoints returned resources. Returned "failedGVs" can be
+// empty, but will only be nil in the case an error is returned.
+func (d *DiscoveryClient) GroupsAndMaybeResources() (
+	*metav1.APIGroupList,
+	map[schema.GroupVersion]*metav1.APIResourceList,
+	map[schema.GroupVersion]error,
+	error) {
 	// Legacy group ordered first (there is only one -- core/v1 group). Returned groups must
 	// be non-nil, but it could be empty. Returned resources, apiResources map could be nil.
-	groups, resources, err := d.downloadLegacy()
+	groups, resources, failedGVs, err := d.downloadLegacy()
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, nil, err
 	}
 	// Discovery groups and (possibly) resources downloaded from /apis.
-	apiGroups, apiResources, aerr := d.downloadAPIs()
+	apiGroups, apiResources, failedApisGVs, aerr := d.downloadAPIs()
 	if aerr != nil {
-		return nil, nil, aerr
+		return nil, nil, nil, aerr
 	}
 	// Merge apis groups into the legacy groups.
 	for _, group := range apiGroups.Groups {
@@ -211,14 +216,23 @@ func (d *DiscoveryClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[s
 	} else if resources != nil {
 		resources = nil
 	}
-	return groups, resources, err
+	// Merge failed GroupVersions from /api and /apis
+	for gv, err := range failedApisGVs {
+		failedGVs[gv] = err
+	}
+	return groups, resources, failedGVs, err
 }
 
 // downloadLegacy returns the discovery groups and possibly resources
 // for the legacy v1 GVR at /api, or an error if one occurred. It is
 // possible for the resource map to be nil if the server returned
-// the unaggregated discovery.
-func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) {
+// the unaggregated discovery. Returned "failedGVs" can be empty, but
+// will only be nil in the case of a returned error.
+func (d *DiscoveryClient) downloadLegacy() (
+	*metav1.APIGroupList,
+	map[schema.GroupVersion]*metav1.APIResourceList,
+	map[schema.GroupVersion]error,
+	error) {
 	accept := acceptDiscoveryFormats
 	if d.UseLegacyDiscovery {
 		accept = AcceptV1
@@ -230,16 +244,19 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro
 		Do(context.TODO()).
 		ContentType(&responseContentType).
 		Raw()
-	// Special error handling for 403 or 404 to be compatible with older v1.0 servers.
-	// Return empty group list to be merged with /apis.
-	if err != nil && !errors.IsNotFound(err) && !errors.IsForbidden(err) {
-		return nil, nil, err
-	}
-	if err != nil && (errors.IsNotFound(err) || errors.IsForbidden(err)) {
-		return &metav1.APIGroupList{}, nil, nil
+	apiGroupList := &metav1.APIGroupList{}
+	failedGVs := map[schema.GroupVersion]error{}
+	if err != nil {
+		// Tolerate 404, since aggregated api servers can return it.
+		if errors.IsNotFound(err) {
+			// Return empty structures and no error.
+			emptyGVMap := map[schema.GroupVersion]*metav1.APIResourceList{}
+			return apiGroupList, emptyGVMap, failedGVs, nil
+		} else {
+			return nil, nil, nil, err
+		}
 	}
 
-	apiGroupList := &metav1.APIGroupList{}
 	var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList
 	// Switch on content-type server responded with: aggregated or unaggregated.
 	switch responseContentType {
@@ -247,7 +264,7 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro
 		var v metav1.APIVersions
 		err = json.Unmarshal(body, &v)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
 		apiGroup := metav1.APIGroup{}
 		if len(v.Versions) != 0 {
@@ -258,20 +275,25 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro
 		var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList
 		err = json.Unmarshal(body, &aggregatedDiscovery)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
-		apiGroupList, resourcesByGV = SplitGroupsAndResources(aggregatedDiscovery)
+		apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery)
 	default:
-		return nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType)
+		return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType)
 	}
 
-	return apiGroupList, resourcesByGV, nil
+	return apiGroupList, resourcesByGV, failedGVs, nil
 }
 
 // downloadAPIs returns the discovery groups and (if aggregated format) the
 // discovery resources. The returned groups will always exist, but the
-// resources map may be nil.
-func (d *DiscoveryClient) downloadAPIs() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) {
+// resources map may be nil. Returned "failedGVs" can be empty, but will
+// only be nil in the case of a returned error.
+func (d *DiscoveryClient) downloadAPIs() (
+	*metav1.APIGroupList,
+	map[schema.GroupVersion]*metav1.APIResourceList,
+	map[schema.GroupVersion]error,
+	error) {
 	accept := acceptDiscoveryFormats
 	if d.UseLegacyDiscovery {
 		accept = AcceptV1
@@ -283,42 +305,38 @@ func (d *DiscoveryClient) downloadAPIs() (*metav1.APIGroupList, map[schema.Group
 		Do(context.TODO()).
 		ContentType(&responseContentType).
 		Raw()
-	// Special error handling for 403 or 404 to be compatible with older v1.0 servers.
-	// Return empty group list to be merged with /api.
-	if err != nil && !errors.IsNotFound(err) && !errors.IsForbidden(err) {
-		return nil, nil, err
-	}
-	if err != nil && (errors.IsNotFound(err) || errors.IsForbidden(err)) {
-		return &metav1.APIGroupList{}, nil, nil
+	if err != nil {
+		return nil, nil, nil, err
 	}
 
 	apiGroupList := &metav1.APIGroupList{}
+	failedGVs := map[schema.GroupVersion]error{}
 	var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList
 	// Switch on content-type server responded with: aggregated or unaggregated.
 	switch responseContentType {
 	case AcceptV1:
 		err = json.Unmarshal(body, apiGroupList)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
 	case AcceptV2Beta1:
 		var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList
 		err = json.Unmarshal(body, &aggregatedDiscovery)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
-		apiGroupList, resourcesByGV = SplitGroupsAndResources(aggregatedDiscovery)
+		apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery)
 	default:
-		return nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType)
+		return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType)
 	}
 
-	return apiGroupList, resourcesByGV, nil
+	return apiGroupList, resourcesByGV, failedGVs, nil
 }
 
 // ServerGroups returns the supported groups, with information like supported versions and the
 // preferred version.
 func (d *DiscoveryClient) ServerGroups() (*metav1.APIGroupList, error) {
-	groups, _, err := d.GroupsAndMaybeResources()
+	groups, _, _, err := d.GroupsAndMaybeResources()
 	if err != nil {
 		return nil, err
 	}
@@ -341,8 +359,10 @@ func (d *DiscoveryClient) ServerResourcesForGroupVersion(groupVersion string) (r
 	}
 	err = d.restClient.Get().AbsPath(url.String()).Do(context.TODO()).Into(resources)
 	if err != nil {
-		// ignore 403 or 404 error to be compatible with an v1.0 server.
-		if groupVersion == "v1" && (errors.IsNotFound(err) || errors.IsForbidden(err)) {
+		// Tolerate core/v1 not found response by returning empty resource list;
+		// this probably should not happen. But we should verify all callers are
+		// not depending on this toleration before removal.
+		if groupVersion == "v1" && errors.IsNotFound(err) {
 			return resources, nil
 		}
 		return nil, err
@@ -383,13 +403,14 @@ func IsGroupDiscoveryFailedError(err error) bool {
 func ServerGroupsAndResources(d DiscoveryInterface) ([]*metav1.APIGroup, []*metav1.APIResourceList, error) {
 	var sgs *metav1.APIGroupList
 	var resources []*metav1.APIResourceList
+	var failedGVs map[schema.GroupVersion]error
 	var err error
 
 	// If the passed discovery object implements the wider AggregatedDiscoveryInterface,
 	// then attempt to retrieve aggregated discovery with both groups and the resources.
 	if ad, ok := d.(AggregatedDiscoveryInterface); ok {
 		var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList
-		sgs, resourcesByGV, err = ad.GroupsAndMaybeResources()
+		sgs, resourcesByGV, failedGVs, err = ad.GroupsAndMaybeResources()
 		for _, resourceList := range resourcesByGV {
 			resources = append(resources, resourceList)
 		}
@@ -404,8 +425,15 @@ func ServerGroupsAndResources(d DiscoveryInterface) ([]*metav1.APIGroup, []*meta
 	for i := range sgs.Groups {
 		resultGroups = append(resultGroups, &sgs.Groups[i])
 	}
+	// resources is non-nil if aggregated discovery succeeded.
 	if resources != nil {
-		return resultGroups, resources, nil
+		// Any stale Group/Versions returned by aggregated discovery
+		// must be surfaced to the caller as failed Group/Versions.
+		var ferr error
+		if len(failedGVs) > 0 {
+			ferr = &ErrGroupDiscoveryFailed{Groups: failedGVs}
+		}
+		return resultGroups, resources, ferr
 	}
 
 	groupVersionResources, failedGroups := fetchGroupVersionResources(d, sgs)
@@ -436,16 +464,18 @@ func ServerPreferredResources(d DiscoveryInterface) ([]*metav1.APIResourceList,
 	var err error
 
 	// If the passed discovery object implements the wider AggregatedDiscoveryInterface,
-	// then it is attempt to retrieve both the groups and the resources.
+	// then it is attempt to retrieve both the groups and the resources. "failedGroups"
+	// are Group/Versions returned as stale in AggregatedDiscovery format.
 	ad, ok := d.(AggregatedDiscoveryInterface)
 	if ok {
-		serverGroupList, groupVersionResources, err = ad.GroupsAndMaybeResources()
+		serverGroupList, groupVersionResources, failedGroups, err = ad.GroupsAndMaybeResources()
 	} else {
 		serverGroupList, err = d.ServerGroups()
 	}
 	if err != nil {
 		return nil, err
 	}
+	// Non-aggregated discovery must fetch resources from Groups.
 	if groupVersionResources == nil {
 		groupVersionResources, failedGroups = fetchGroupVersionResources(d, serverGroupList)
 	}
diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt
index 62ccaa7daf..783d414ac3 100644
--- a/etcd/vendor/modules.txt
+++ b/etcd/vendor/modules.txt
@@ -425,7 +425,7 @@ go.uber.org/zap/zapgrpc
 ## explicit; go 1.17
 golang.org/x/crypto/bcrypt
 golang.org/x/crypto/blowfish
-# golang.org/x/net v0.7.0
+# golang.org/x/net v0.8.0
 ## explicit; go 1.17
 golang.org/x/net/context
 golang.org/x/net/context/ctxhttp
@@ -441,17 +441,17 @@ golang.org/x/net/trace
 ## explicit; go 1.11
 golang.org/x/oauth2
 golang.org/x/oauth2/internal
-# golang.org/x/sys v0.5.0
+# golang.org/x/sys v0.6.0
 ## explicit; go 1.17
 golang.org/x/sys/internal/unsafeheader
 golang.org/x/sys/plan9
 golang.org/x/sys/unix
 golang.org/x/sys/windows
 golang.org/x/sys/windows/registry
-# golang.org/x/term v0.5.0
+# golang.org/x/term v0.6.0
 ## explicit; go 1.17
 golang.org/x/term
-# golang.org/x/text v0.7.0
+# golang.org/x/text v0.8.0
 ## explicit; go 1.17
 golang.org/x/text/encoding
 golang.org/x/text/encoding/internal
@@ -584,7 +584,7 @@ gopkg.in/yaml.v2
 # gopkg.in/yaml.v3 v3.0.1
 ## explicit
 gopkg.in/yaml.v3
-# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4
+# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/api/admission/v1
 k8s.io/api/admission/v1beta1
@@ -640,7 +640,7 @@ k8s.io/api/scheduling/v1beta1
 k8s.io/api/storage/v1
 k8s.io/api/storage/v1alpha1
 k8s.io/api/storage/v1beta1
-# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4
+# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/apimachinery/pkg/api/errors
 k8s.io/apimachinery/pkg/api/meta
@@ -687,12 +687,12 @@ k8s.io/apimachinery/pkg/watch
 k8s.io/apimachinery/third_party/forked/golang/json
 k8s.io/apimachinery/third_party/forked/golang/netutil
 k8s.io/apimachinery/third_party/forked/golang/reflect
-# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4
+# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/cli-runtime/pkg/genericclioptions
 k8s.io/cli-runtime/pkg/printers
 k8s.io/cli-runtime/pkg/resource
-# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4
+# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/client-go/applyconfigurations/admissionregistration/v1
 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1
@@ -835,7 +835,7 @@ k8s.io/client-go/util/homedir
 k8s.io/client-go/util/jsonpath
 k8s.io/client-go/util/keyutil
 k8s.io/client-go/util/workqueue
-# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4
+# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/component-base/cli
 k8s.io/component-base/cli/flag
@@ -871,7 +871,7 @@ k8s.io/kube-openapi/pkg/spec3
 k8s.io/kube-openapi/pkg/util/proto
 k8s.io/kube-openapi/pkg/util/proto/validation
 k8s.io/kube-openapi/pkg/validation/spec
-# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4
+# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682
 ## explicit; go 1.19
 k8s.io/kubectl/pkg/cmd/util
 k8s.io/kubectl/pkg/scheme
@@ -998,32 +998,32 @@ sigs.k8s.io/yaml
 # go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221
 # go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221
 # go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221
-# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4
-# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4
-# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4
-# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4
-# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4
-# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4
-# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4
-# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4
-# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4
-# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4
-# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4
-# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4
-# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4
-# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4
-# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4
-# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4
-# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4
-# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4
-# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230412020409-0c79814882f4
-# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4
-# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4
-# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4
-# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4
-# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4
-# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4
-# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4
-# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230412020409-0c79814882f4
-# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230412020409-0c79814882f4
-# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230412020409-0c79814882f4
+# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682
+# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682
+# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682
+# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682
+# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682
+# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682
+# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682
+# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682
+# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682
+# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682
+# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682
+# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682
+# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682
+# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682
+# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682
+# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682
+# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682
+# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682
+# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230414060647-19816eefa682
+# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682
+# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682
+# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682
+# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682
+# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682
+# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682
+# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682
+# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230414060647-19816eefa682
+# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230414060647-19816eefa682
+# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230414060647-19816eefa682

From 610bee3e23109c97d8651c42b879e1c460a703d5 Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Mon, 17 Apr 2023 05:12:34 +0000
Subject: [PATCH 7/9] update component images

---
 packaging/crio.conf.d/microshift_amd64.conf | 2 +-
 packaging/crio.conf.d/microshift_arm64.conf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/packaging/crio.conf.d/microshift_amd64.conf b/packaging/crio.conf.d/microshift_amd64.conf
index 5f9f8932d4..5e7a3d1490 100644
--- a/packaging/crio.conf.d/microshift_amd64.conf
+++ b/packaging/crio.conf.d/microshift_amd64.conf
@@ -25,6 +25,6 @@ plugin_dirs = [
 # for community builds on top of OKD, this setting has no effect
 [crio.image]
 global_auth_file="/etc/crio/openshift-pull-secret"
-pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d7e84209164964e4f72d957fa7813529ea00656e2cd680457a23a0b4ef951cca"
+pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:75e1339deae12d08ae9343b5258abfecbec2f9ce6f00c7069308a2a5630c816c"
 pause_image_auth_file = "/etc/crio/openshift-pull-secret"
 pause_command = "/usr/bin/pod"
diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf
index 12ff0ccb3a..7358d410e1 100644
--- a/packaging/crio.conf.d/microshift_arm64.conf
+++ b/packaging/crio.conf.d/microshift_arm64.conf
@@ -25,6 +25,6 @@ plugin_dirs = [
 # for community builds on top of OKD, this setting has no effect
 [crio.image]
 global_auth_file="/etc/crio/openshift-pull-secret"
-pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d60020ba7b93e91fd6d120676db79bf19cd3eb7ba2bf304c533e38b525f194cf"
+pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:58e9a75e28c4cf26f879bbb66c2273c3fc2a68b7bfc4d2dd1699a37674b78f51"
 pause_image_auth_file = "/etc/crio/openshift-pull-secret"
 pause_command = "/usr/bin/pod"

From 399d79cea1b4aac1861ef5271fc349df2b79d705 Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Mon, 17 Apr 2023 05:12:36 +0000
Subject: [PATCH 8/9] update manifests

---
 assets/release/release-aarch64.json | 6 +++---
 assets/release/release-x86_64.json  | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json
index 3a2210835b..ae949a3574 100644
--- a/assets/release/release-aarch64.json
+++ b/assets/release/release-aarch64.json
@@ -1,6 +1,6 @@
 {
   "release": {
-    "base": "4.13.0-0.nightly-arm64-2023-04-14-004314"
+    "base": "4.13.0-0.nightly-arm64-2023-04-15-102028"
   },
   "images": {
     "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd2e1c6dccbf1bfda3653b83eb0d34c84662c74565f7e070bbfcddf9e21f10c3",
@@ -8,8 +8,8 @@
     "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ff50d1404acb73df1971fe174067e00a77a4073daa2be37428e7573306bba0a6",
     "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:45262e0f012c6164200943a0505748103c23ae1559cc79fb404a6804e4a416c9",
     "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671",
-    "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b24b0ec97126bbf992d4a751e5656a22d818b94627c4db1c7d277222b8747dc1",
-    "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d60020ba7b93e91fd6d120676db79bf19cd3eb7ba2bf304c533e38b525f194cf",
+    "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2d200033f00b93660ccd079602f350c987b42a97e3ab16bed775d4ab9c85fb93",
+    "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:58e9a75e28c4cf26f879bbb66c2273c3fc2a68b7bfc4d2dd1699a37674b78f51",
     "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e035535d64ed631d7faa889f16dc3b2162d088ba48defe9cd0d44fda71863a91",
     "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1",
     "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860",
diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json
index 7cdd5cfe46..331aef7525 100644
--- a/assets/release/release-x86_64.json
+++ b/assets/release/release-x86_64.json
@@ -1,6 +1,6 @@
 {
   "release": {
-    "base": "4.13.0-0.nightly-2023-04-13-171034"
+    "base": "4.13.0-0.nightly-2023-04-15-102029"
   },
   "images": {
     "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd9969cec172266143b779e4fb7b4130ed89435bd95fb7682747aeae13065ee6",
@@ -8,8 +8,8 @@
     "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5965979168568e6f4b6a79d195c4002941be7e7a250f9510e8e05c1d1deb68eb",
     "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7b63259b7d82bf64968d77c9222ee87911105aa7a971e7b0740b551ab5b3527b",
     "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671",
-    "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:24da6891ed61d7172edc821275691303d48bb6d3287ecb27a43fed1f912e53d0",
-    "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d7e84209164964e4f72d957fa7813529ea00656e2cd680457a23a0b4ef951cca",
+    "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7c8266e902ee5402689563a9bf6d623d39ede6dca9263407612618440d39fbe2",
+    "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:75e1339deae12d08ae9343b5258abfecbec2f9ce6f00c7069308a2a5630c816c",
     "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9783ff266388df6423e07a28f90b8a98761624663dc73c3544b92be647570800",
     "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1",
     "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860",

From 54d9e633b8f762ff17f077a53dbfc0c3cac12aae Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Mon, 17 Apr 2023 05:12:40 +0000
Subject: [PATCH 9/9] update buildfiles

---
 Makefile.kube_git.var        | 2 +-
 Makefile.version.aarch64.var | 2 +-
 Makefile.version.x86_64.var  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var
index 63cb458e59..bddd5c16f5 100644
--- a/Makefile.kube_git.var
+++ b/Makefile.kube_git.var
@@ -1,5 +1,5 @@
 KUBE_GIT_MAJOR=1
 KUBE_GIT_MINOR=26
 KUBE_GIT_VERSION=v1.26.0
-KUBE_GIT_COMMIT=0c79814882f4a4b842fbeab001c9f92f9de9a9b9
+KUBE_GIT_COMMIT=19816eefa6829861687df6dfe573708756c464cc
 KUBE_GIT_TREE_STATE=clean
diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var
index c2642c097e..fc3d3df035 100644
--- a/Makefile.version.aarch64.var
+++ b/Makefile.version.aarch64.var
@@ -1 +1 @@
-OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-14-004314
+OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-15-102028
diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var
index 4b7108c00f..bb064cd20a 100644
--- a/Makefile.version.x86_64.var
+++ b/Makefile.version.x86_64.var
@@ -1 +1 @@
-OCP_VERSION := 4.13.0-0.nightly-2023-04-13-171034
+OCP_VERSION := 4.13.0-0.nightly-2023-04-15-102029