From b83adf8c23977b70b44a0f5c590a6f58fb665e91 Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Tue, 30 May 2023 05:56:37 +0000
Subject: [PATCH 1/7] update last_rebase.sh

---
 scripts/auto-rebase/last_rebase.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh
index e9b0297e92..c8a3f0e1f0 100755
--- a/scripts/auto-rebase/last_rebase.sh
+++ b/scripts/auto-rebase/last_rebase.sh
@@ -1,2 +1,2 @@
 #!/bin/bash -x
-./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2023-05-23-221822" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.12.0-0.nightly-arm64-2023-05-24-014824"
+./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2023-05-29-223551" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.12.0-0.nightly-arm64-2023-05-29-183028"

From 12eed962ebabf46a979605a3745a25be2c388dd6 Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Tue, 30 May 2023 05:56:37 +0000
Subject: [PATCH 2/7] update changelog

---
 scripts/auto-rebase/changelog.txt | 194 +++++++++++++++++++++++++++++-
 scripts/auto-rebase/commits.txt   |  10 +-
 2 files changed, 195 insertions(+), 9 deletions(-)

diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt
index 864203e620..8c2bc1a17e 100644
--- a/scripts/auto-rebase/changelog.txt
+++ b/scripts/auto-rebase/changelog.txt
@@ -1,4 +1,190 @@
-# machine-config-operator embedded-component 87fedee690ae487f8ae044ac416000172c9576a5 to 4accd895aa8fe5ccbd166b9562fdcf5a2112c5ec
-0f44dc1dd24d5a902d38b9a0b33a42ff864a7719 2023-05-17T20:40:13+00:00 Removed pivot func and added depreciation warning
-# csi-livenessprobe image-amd64 720e1d6e3e828dec9908091da9f5d80a31d75585 to 9cb056421c5a2e37435dbedbd7d73de8db1e094a
-bf20fae2da2649756ea3a638a7d43c23d2e29be4 2023-05-18T16:51:39-07:00 OCPBUGS-13821: Bump gRPC from 1.38.0 to 1.49.0
+# cluster-network-operator embedded-component d17cd49b76269870402b67a6967abdd6ddbc9952 to 422174789356e3bd2af543ab6513e3491593837f
+a5c63c6c5552abe862da3a8ff97e2cd6f2ad577d 2023-01-19T17:05:00+01:00 Update github.com/Masterminds/sprig to v3
+# cluster-policy-controller embedded-component 139ac0499ac4d744023827ceb6d16aa6b467be27 to 9aaf6fea45f75b813ccb7441b9c350fe35d1dd9f
+6249a8819009fa7ce046f53ae4dbba9c3abb07ac 2023-05-22T11:58:02+00:00 external template and route Informer
+# kubernetes embedded-component 37a9a084bcb483a38e8f88349fa6a21c1b6be8a3 to 3fe29064317f72fce3606a38883d66a91a7c43dc
+70f21ece6d1a6cf873475ed16256b524cf23dc0a 2023-05-23T15:05:58+00:00 UPSTREAM: <drop>: hack/update-vendor.sh, make update and update image
+2f033cdec2d935f95c3ce66b43964afd8973270d 2023-05-23T16:15:57+02:00 UPSTREAM: <drop>: manually resolve conflicts
+e770bdbb87cccdc2daa790ecd69f40cf4df3cc9d 2023-05-17T14:05:24+00:00 Release commit for Kubernetes v1.25.10
+289faa2810c6f02d667cc60bdd37cff0231a9299 2023-05-05T15:03:17-07:00 benchmark test to evaluate the overhead of podMatchesScopeFunc
+8d8ea64adffdfdd4c5641cbde51d17ab0067effa 2023-05-05T15:02:52-07:00 Fix incorrect calculation for ResourceQuota with PriorityClass as its scope
+712575d9acda6fc947bb2ee658a0949318dcce7d 2023-05-04T10:52:40+02:00 releng/go: Update images, dependencies and version to Go 1.19.9
+7f1809dbc73001cbcbd5c394a89c470b4e04f78d 2023-05-03T13:46:19+01:00 node: device-plugin: e2e: Additional test cases
+4ba6f87a0fb1ceea9ed6ba405879398e862a4b00 2023-05-03T13:36:53+01:00 node: device-plugin: add node reboot test scenario
+b50d53f6c683204c591ac1d5f30ea94e2b4283ca 2023-05-03T13:36:53+01:00 node: device-plugin: e2e: Capture pod admission failure
+9fc2d5c12c2e3f5abc17a1c1c5312f1c2b9de6d4 2023-05-03T13:36:53+01:00 node: device-mgr: e2e: adapt to sample device plugin refactoring
+6c0c91e0d0f25acd6e81c25673de7d4bcc2ecaab 2023-05-03T13:36:49+01:00 node: device-mgr: e2e: Update the e2e test to reproduce issue:109595
+4eb2808deb8c073b4b9d31848c767e62abaa36f9 2023-05-03T13:22:41+01:00 node: device-mgr: e2e: Implement End to end test
+337e6e76fbf110078a172430d610070b860dae67 2023-05-03T13:21:43+01:00 node: device-mgr: Handle recovery by checking if healthy devices exist
+57b644b976c3623577064a4bd33028fe3026e660 2023-05-03T13:21:43+01:00 node: device-plugin: e2e: Add test case for kubelet restart
+e53a7181a75d8cb379cf31b277868a3f81f51e98 2023-05-03T13:21:40+01:00 node: device-plugin: e2e: Provide sleep intervals via constants
+60d81f0a304b799c8da9e00cfde285642fc5d347 2023-05-03T13:20:06+01:00 node: device-plugin: e2e: Update test description to make it explicit
+b9ecf9862dc0d7825ca49483a5ee78b7cb90baed 2023-05-03T13:20:01+01:00 node: device-plugin: e2e: Isolate test to pod restart scenario
+d1605c37bdabd0539328780231e76b7c3761f231 2023-05-02T21:34:37+00:00 Move glusterfs 1.25 deprecation notice to the deprecation section.
+20f6635eb2394995159c5b97164ac75edd4ee450 2023-05-02T20:48:06+01:00 node: device-plugin: e2e: Annotate device check with error message
+6bae194b1cfae983626c038ef5028ed41039812c 2023-05-02T20:46:02+01:00 node: device-plugins: e2e: s/devLen/expectedSampleDevsAmount
+d00f41a173d35814affc044397356d4bf74f5fb3 2023-05-02T20:44:25+01:00 node: device-plugins: e2e: Refactor parse log to return string and error
+7d1756abc694fd92d08e032a1e346a7184535878 2023-05-02T20:31:52+01:00 test: Fix path to e2e node sample device plugin
+02e1fff86aaa0580097741d6e9e32f9f52212a16 2023-05-02T20:31:26+01:00 node: device-mgr: sample device plugin: manifest to avoid registration
+3a9c226299ee9079cc27be76476ea7795411064f 2023-05-02T20:31:26+01:00 node: device-mgr: sample device plugin: control registration process
+dd9dbcc5fde0a9e46fcf8daa8ab0a7c904c165c3 2023-05-02T20:27:29+01:00 e2e: node: unify sample device plugin utilities
+cc3bdb6e1e5b2f69f0cac5d5529ab67abf0c3d18 2023-04-28T17:03:58-07:00 [1.25] vendor: bump runc to 1.1.6
+7c41bbbbdf41da1f366db4237cf25dbe0f05dd3a 2023-04-25T12:47:01-07:00 Fix directory mismatch for `volume.SetVolumeOwnership()`
+f1a4bfbd597f25c0f1c9039423aadcbfebe550d3 2023-04-17T16:38:51+08:00 use case-insensitive header keys for http probes
+0d433ae74ec5b46ce8f03cda216bf3edaf1ea01d 2023-04-15T23:56:29+08:00 add log includes pod preemption details
+56f50bd0aecaa5877cf7b37bae6d5884007210b3 2023-04-14T08:26:13+00:00 fix: the volume is not detached after the pod and PVC objects are deleted
+e68ff4549631829367c5418a09fbc8d13ec7f046 2023-04-13T13:13:43+02:00 Do not look at VPC-related resources outside the cluster's network
+ad10f081586cac5b03bef619c90acd1f24c4c72e 2023-04-12T23:26:08-07:00 Bump konnectivity-client to 0.0.37
+f1a2a6c1e553056fe4cafa3182666fdc7518b555 2023-04-12T16:56:53-04:00 kubelet: Do not mutate pods in the pod manager
+28e1b5d635d6217a5fb36e3b6eee256b13fc48a3 2023-04-12T12:38:32+00:00 Update CHANGELOG/CHANGELOG-1.25.md for v1.25.9
+a1a87a0a2bcd605820920c6b0e618a8ab7d117d4 2023-04-12T12:06:19+00:00 Release commit for Kubernetes v1.25.9
+bf21b6de4a97fa01ddef72a03f14ccd22a50db2f 2023-04-06T09:44:33+02:00 releng/go: Update images, dependencies and version to Go 1.19.8
+604ad21799c43d87456cc76d3e591487de0a5152 2023-04-05T15:38:17+00:00 Return error for localhost seccomp type with no localhost profile defined
+902a7591f917eb886306cca09e82a98ba815210a 2023-03-31T11:57:24-04:00 Clean up formatting
+38d2613d16f4c51647bb1c37c87ef5773bd757a0 2023-03-22T10:37:26-04:00 Drop development dependencies from test targets
+5355936e2022d550ce11e403922635e55d1ec82f 2023-03-21T11:42:25-04:00 Clear front proxy headers after authentication is complete
+fb0741c2e7276ffe25f8b3978a2354f7b1cd1328 2023-03-21T09:28:59-04:00 Make prerelease tag optional in CI versions
+7fc18651814feeae108cae82ebbcf977e95a0ea5 2023-03-21T09:09:12-04:00 Annotate CI version regexes
+fb5eefc66b1be9af8ff52835525440c659a6b63c 2023-03-21T09:09:11-04:00 Drop unused regex grouping
+7b88494c32dfb34f084035995dec7052faf21b88 2023-03-21T09:09:11-04:00 Update comments
+c55deb4868a8b209d83dcd6e1c065ea236793080 2023-03-21T09:09:10-04:00 Delete unused version regex function
+9cb693eadf04e0e71e6128d486ef846ea3ffb9db 2023-03-21T15:02:08+08:00 kubelet: Fix fs quota monitoring on volumes
+32d3b4ef594c8fee005eac9c2bdf9a6c0eefb006 2023-03-21T15:02:07+08:00 fsquota: only generate pod uuid is nil
+d72438efd47e4be01167dc44fd7623795da07783 2023-03-20T15:59:12-04:00 Preserve UID/ResourceVersion in the BindingREST endpoint
+2257dba12f06c6b137a4c9a93a4f7fded8524479 2023-03-20T15:59:11-04:00 Add integration test for DefaultBinder
+a247e48bcd3742da7ddb43aa0b4d2f947afc3d33 2023-03-17T14:51:09+00:00 Change where transformers are called.
+3a14fe1af239a07ff8cdd13c6bd8fdbdb97fabeb 2023-03-15T14:02:25+00:00 Update CHANGELOG/CHANGELOG-1.25.md for v1.25.8
+b67fe6e75a92ba082474b08ac49a6c1c04456832 2023-03-11T00:31:38+00:00 wait again on pending state
+d7c1ba51f87c61572595be6206012e9431744279 2023-03-11T00:31:38+00:00 cacher allow context cancellation if not ready
+9ac9c468ec9222949a397fbf692e5a9a05398efb 2023-03-08T07:16:40+00:00 Route controller should update routes with NodeIP changed When a node reboots or kubelet restarts, it is possible that its IP is changed. In this case, node route should be updated with the correct IP. In this PR, it checks if the IP in an existing route is the same as the actual one. If not, it marks it as "update" so the old route will be deleted and a new one will be created. There's a new field EnableNodeAddresses, which is a feature gate for specific cloud providers to enable after they update their cloud provider code for CreateRoute().
+cc675a5367d9d09992d7f12b8a43a10d672370b9 2023-02-20T09:58:12+00:00 client-go/cache: update Replace comment to be more clear
+4283020151ab233101e77996fd8084488057f9c2 2023-02-20T09:58:12+00:00 client-go/cache: rewrite Replace to check queue first
+db451e163d97f6a2c023efa30aa12b751c785798 2023-02-20T09:58:11+00:00 client-go/cache: merge ReplaceMakesDeletionsForObjectsInQueue tests
+a818874dce54226ecc8ef384ff8b4c82aa6aaa85 2023-02-20T09:58:11+00:00 client-go/cache: fix missing delete event on replace without knownObjects
+bdc4a22309fc51f824aca41f11ee4466758ea9b0 2023-02-20T09:58:11+00:00 client-go/cache: fix missing delete event on replace
+3a5e85dff6d7412c512782da2f18ec7dde073e7d 2023-02-19T14:03:16-08:00 Bump konnectivity-client to v0.0.36
+c6d4552d7b5af6efe9a6af01b602c014da913cdb 2022-10-11T16:45:32-05:00 test: demote service ClientIP affinity timeout tests from conformance
+# kubernetes image-amd64 37a9a084bcb483a38e8f88349fa6a21c1b6be8a3 to 3fe29064317f72fce3606a38883d66a91a7c43dc
+70f21ece6d1a6cf873475ed16256b524cf23dc0a 2023-05-23T15:05:58+00:00 UPSTREAM: <drop>: hack/update-vendor.sh, make update and update image
+2f033cdec2d935f95c3ce66b43964afd8973270d 2023-05-23T16:15:57+02:00 UPSTREAM: <drop>: manually resolve conflicts
+e770bdbb87cccdc2daa790ecd69f40cf4df3cc9d 2023-05-17T14:05:24+00:00 Release commit for Kubernetes v1.25.10
+289faa2810c6f02d667cc60bdd37cff0231a9299 2023-05-05T15:03:17-07:00 benchmark test to evaluate the overhead of podMatchesScopeFunc
+8d8ea64adffdfdd4c5641cbde51d17ab0067effa 2023-05-05T15:02:52-07:00 Fix incorrect calculation for ResourceQuota with PriorityClass as its scope
+712575d9acda6fc947bb2ee658a0949318dcce7d 2023-05-04T10:52:40+02:00 releng/go: Update images, dependencies and version to Go 1.19.9
+7f1809dbc73001cbcbd5c394a89c470b4e04f78d 2023-05-03T13:46:19+01:00 node: device-plugin: e2e: Additional test cases
+4ba6f87a0fb1ceea9ed6ba405879398e862a4b00 2023-05-03T13:36:53+01:00 node: device-plugin: add node reboot test scenario
+b50d53f6c683204c591ac1d5f30ea94e2b4283ca 2023-05-03T13:36:53+01:00 node: device-plugin: e2e: Capture pod admission failure
+9fc2d5c12c2e3f5abc17a1c1c5312f1c2b9de6d4 2023-05-03T13:36:53+01:00 node: device-mgr: e2e: adapt to sample device plugin refactoring
+6c0c91e0d0f25acd6e81c25673de7d4bcc2ecaab 2023-05-03T13:36:49+01:00 node: device-mgr: e2e: Update the e2e test to reproduce issue:109595
+4eb2808deb8c073b4b9d31848c767e62abaa36f9 2023-05-03T13:22:41+01:00 node: device-mgr: e2e: Implement End to end test
+337e6e76fbf110078a172430d610070b860dae67 2023-05-03T13:21:43+01:00 node: device-mgr: Handle recovery by checking if healthy devices exist
+57b644b976c3623577064a4bd33028fe3026e660 2023-05-03T13:21:43+01:00 node: device-plugin: e2e: Add test case for kubelet restart
+e53a7181a75d8cb379cf31b277868a3f81f51e98 2023-05-03T13:21:40+01:00 node: device-plugin: e2e: Provide sleep intervals via constants
+60d81f0a304b799c8da9e00cfde285642fc5d347 2023-05-03T13:20:06+01:00 node: device-plugin: e2e: Update test description to make it explicit
+b9ecf9862dc0d7825ca49483a5ee78b7cb90baed 2023-05-03T13:20:01+01:00 node: device-plugin: e2e: Isolate test to pod restart scenario
+d1605c37bdabd0539328780231e76b7c3761f231 2023-05-02T21:34:37+00:00 Move glusterfs 1.25 deprecation notice to the deprecation section.
+20f6635eb2394995159c5b97164ac75edd4ee450 2023-05-02T20:48:06+01:00 node: device-plugin: e2e: Annotate device check with error message
+6bae194b1cfae983626c038ef5028ed41039812c 2023-05-02T20:46:02+01:00 node: device-plugins: e2e: s/devLen/expectedSampleDevsAmount
+d00f41a173d35814affc044397356d4bf74f5fb3 2023-05-02T20:44:25+01:00 node: device-plugins: e2e: Refactor parse log to return string and error
+7d1756abc694fd92d08e032a1e346a7184535878 2023-05-02T20:31:52+01:00 test: Fix path to e2e node sample device plugin
+02e1fff86aaa0580097741d6e9e32f9f52212a16 2023-05-02T20:31:26+01:00 node: device-mgr: sample device plugin: manifest to avoid registration
+3a9c226299ee9079cc27be76476ea7795411064f 2023-05-02T20:31:26+01:00 node: device-mgr: sample device plugin: control registration process
+dd9dbcc5fde0a9e46fcf8daa8ab0a7c904c165c3 2023-05-02T20:27:29+01:00 e2e: node: unify sample device plugin utilities
+cc3bdb6e1e5b2f69f0cac5d5529ab67abf0c3d18 2023-04-28T17:03:58-07:00 [1.25] vendor: bump runc to 1.1.6
+7c41bbbbdf41da1f366db4237cf25dbe0f05dd3a 2023-04-25T12:47:01-07:00 Fix directory mismatch for `volume.SetVolumeOwnership()`
+f1a4bfbd597f25c0f1c9039423aadcbfebe550d3 2023-04-17T16:38:51+08:00 use case-insensitive header keys for http probes
+0d433ae74ec5b46ce8f03cda216bf3edaf1ea01d 2023-04-15T23:56:29+08:00 add log includes pod preemption details
+56f50bd0aecaa5877cf7b37bae6d5884007210b3 2023-04-14T08:26:13+00:00 fix: the volume is not detached after the pod and PVC objects are deleted
+e68ff4549631829367c5418a09fbc8d13ec7f046 2023-04-13T13:13:43+02:00 Do not look at VPC-related resources outside the cluster's network
+ad10f081586cac5b03bef619c90acd1f24c4c72e 2023-04-12T23:26:08-07:00 Bump konnectivity-client to 0.0.37
+f1a2a6c1e553056fe4cafa3182666fdc7518b555 2023-04-12T16:56:53-04:00 kubelet: Do not mutate pods in the pod manager
+28e1b5d635d6217a5fb36e3b6eee256b13fc48a3 2023-04-12T12:38:32+00:00 Update CHANGELOG/CHANGELOG-1.25.md for v1.25.9
+a1a87a0a2bcd605820920c6b0e618a8ab7d117d4 2023-04-12T12:06:19+00:00 Release commit for Kubernetes v1.25.9
+bf21b6de4a97fa01ddef72a03f14ccd22a50db2f 2023-04-06T09:44:33+02:00 releng/go: Update images, dependencies and version to Go 1.19.8
+604ad21799c43d87456cc76d3e591487de0a5152 2023-04-05T15:38:17+00:00 Return error for localhost seccomp type with no localhost profile defined
+902a7591f917eb886306cca09e82a98ba815210a 2023-03-31T11:57:24-04:00 Clean up formatting
+38d2613d16f4c51647bb1c37c87ef5773bd757a0 2023-03-22T10:37:26-04:00 Drop development dependencies from test targets
+5355936e2022d550ce11e403922635e55d1ec82f 2023-03-21T11:42:25-04:00 Clear front proxy headers after authentication is complete
+fb0741c2e7276ffe25f8b3978a2354f7b1cd1328 2023-03-21T09:28:59-04:00 Make prerelease tag optional in CI versions
+7fc18651814feeae108cae82ebbcf977e95a0ea5 2023-03-21T09:09:12-04:00 Annotate CI version regexes
+fb5eefc66b1be9af8ff52835525440c659a6b63c 2023-03-21T09:09:11-04:00 Drop unused regex grouping
+7b88494c32dfb34f084035995dec7052faf21b88 2023-03-21T09:09:11-04:00 Update comments
+c55deb4868a8b209d83dcd6e1c065ea236793080 2023-03-21T09:09:10-04:00 Delete unused version regex function
+9cb693eadf04e0e71e6128d486ef846ea3ffb9db 2023-03-21T15:02:08+08:00 kubelet: Fix fs quota monitoring on volumes
+32d3b4ef594c8fee005eac9c2bdf9a6c0eefb006 2023-03-21T15:02:07+08:00 fsquota: only generate pod uuid is nil
+d72438efd47e4be01167dc44fd7623795da07783 2023-03-20T15:59:12-04:00 Preserve UID/ResourceVersion in the BindingREST endpoint
+2257dba12f06c6b137a4c9a93a4f7fded8524479 2023-03-20T15:59:11-04:00 Add integration test for DefaultBinder
+a247e48bcd3742da7ddb43aa0b4d2f947afc3d33 2023-03-17T14:51:09+00:00 Change where transformers are called.
+3a14fe1af239a07ff8cdd13c6bd8fdbdb97fabeb 2023-03-15T14:02:25+00:00 Update CHANGELOG/CHANGELOG-1.25.md for v1.25.8
+b67fe6e75a92ba082474b08ac49a6c1c04456832 2023-03-11T00:31:38+00:00 wait again on pending state
+d7c1ba51f87c61572595be6206012e9431744279 2023-03-11T00:31:38+00:00 cacher allow context cancellation if not ready
+9ac9c468ec9222949a397fbf692e5a9a05398efb 2023-03-08T07:16:40+00:00 Route controller should update routes with NodeIP changed When a node reboots or kubelet restarts, it is possible that its IP is changed. In this case, node route should be updated with the correct IP. In this PR, it checks if the IP in an existing route is the same as the actual one. If not, it marks it as "update" so the old route will be deleted and a new one will be created. There's a new field EnableNodeAddresses, which is a feature gate for specific cloud providers to enable after they update their cloud provider code for CreateRoute().
+cc675a5367d9d09992d7f12b8a43a10d672370b9 2023-02-20T09:58:12+00:00 client-go/cache: update Replace comment to be more clear
+4283020151ab233101e77996fd8084488057f9c2 2023-02-20T09:58:12+00:00 client-go/cache: rewrite Replace to check queue first
+db451e163d97f6a2c023efa30aa12b751c785798 2023-02-20T09:58:11+00:00 client-go/cache: merge ReplaceMakesDeletionsForObjectsInQueue tests
+a818874dce54226ecc8ef384ff8b4c82aa6aaa85 2023-02-20T09:58:11+00:00 client-go/cache: fix missing delete event on replace without knownObjects
+bdc4a22309fc51f824aca41f11ee4466758ea9b0 2023-02-20T09:58:11+00:00 client-go/cache: fix missing delete event on replace
+3a5e85dff6d7412c512782da2f18ec7dde073e7d 2023-02-19T14:03:16-08:00 Bump konnectivity-client to v0.0.36
+c6d4552d7b5af6efe9a6af01b602c014da913cdb 2022-10-11T16:45:32-05:00 test: demote service ClientIP affinity timeout tests from conformance
+# kubernetes image-arm64 37a9a084bcb483a38e8f88349fa6a21c1b6be8a3 to 3fe29064317f72fce3606a38883d66a91a7c43dc
+70f21ece6d1a6cf873475ed16256b524cf23dc0a 2023-05-23T15:05:58+00:00 UPSTREAM: <drop>: hack/update-vendor.sh, make update and update image
+2f033cdec2d935f95c3ce66b43964afd8973270d 2023-05-23T16:15:57+02:00 UPSTREAM: <drop>: manually resolve conflicts
+e770bdbb87cccdc2daa790ecd69f40cf4df3cc9d 2023-05-17T14:05:24+00:00 Release commit for Kubernetes v1.25.10
+289faa2810c6f02d667cc60bdd37cff0231a9299 2023-05-05T15:03:17-07:00 benchmark test to evaluate the overhead of podMatchesScopeFunc
+8d8ea64adffdfdd4c5641cbde51d17ab0067effa 2023-05-05T15:02:52-07:00 Fix incorrect calculation for ResourceQuota with PriorityClass as its scope
+712575d9acda6fc947bb2ee658a0949318dcce7d 2023-05-04T10:52:40+02:00 releng/go: Update images, dependencies and version to Go 1.19.9
+7f1809dbc73001cbcbd5c394a89c470b4e04f78d 2023-05-03T13:46:19+01:00 node: device-plugin: e2e: Additional test cases
+4ba6f87a0fb1ceea9ed6ba405879398e862a4b00 2023-05-03T13:36:53+01:00 node: device-plugin: add node reboot test scenario
+b50d53f6c683204c591ac1d5f30ea94e2b4283ca 2023-05-03T13:36:53+01:00 node: device-plugin: e2e: Capture pod admission failure
+9fc2d5c12c2e3f5abc17a1c1c5312f1c2b9de6d4 2023-05-03T13:36:53+01:00 node: device-mgr: e2e: adapt to sample device plugin refactoring
+6c0c91e0d0f25acd6e81c25673de7d4bcc2ecaab 2023-05-03T13:36:49+01:00 node: device-mgr: e2e: Update the e2e test to reproduce issue:109595
+4eb2808deb8c073b4b9d31848c767e62abaa36f9 2023-05-03T13:22:41+01:00 node: device-mgr: e2e: Implement End to end test
+337e6e76fbf110078a172430d610070b860dae67 2023-05-03T13:21:43+01:00 node: device-mgr: Handle recovery by checking if healthy devices exist
+57b644b976c3623577064a4bd33028fe3026e660 2023-05-03T13:21:43+01:00 node: device-plugin: e2e: Add test case for kubelet restart
+e53a7181a75d8cb379cf31b277868a3f81f51e98 2023-05-03T13:21:40+01:00 node: device-plugin: e2e: Provide sleep intervals via constants
+60d81f0a304b799c8da9e00cfde285642fc5d347 2023-05-03T13:20:06+01:00 node: device-plugin: e2e: Update test description to make it explicit
+b9ecf9862dc0d7825ca49483a5ee78b7cb90baed 2023-05-03T13:20:01+01:00 node: device-plugin: e2e: Isolate test to pod restart scenario
+d1605c37bdabd0539328780231e76b7c3761f231 2023-05-02T21:34:37+00:00 Move glusterfs 1.25 deprecation notice to the deprecation section.
+20f6635eb2394995159c5b97164ac75edd4ee450 2023-05-02T20:48:06+01:00 node: device-plugin: e2e: Annotate device check with error message
+6bae194b1cfae983626c038ef5028ed41039812c 2023-05-02T20:46:02+01:00 node: device-plugins: e2e: s/devLen/expectedSampleDevsAmount
+d00f41a173d35814affc044397356d4bf74f5fb3 2023-05-02T20:44:25+01:00 node: device-plugins: e2e: Refactor parse log to return string and error
+7d1756abc694fd92d08e032a1e346a7184535878 2023-05-02T20:31:52+01:00 test: Fix path to e2e node sample device plugin
+02e1fff86aaa0580097741d6e9e32f9f52212a16 2023-05-02T20:31:26+01:00 node: device-mgr: sample device plugin: manifest to avoid registration
+3a9c226299ee9079cc27be76476ea7795411064f 2023-05-02T20:31:26+01:00 node: device-mgr: sample device plugin: control registration process
+dd9dbcc5fde0a9e46fcf8daa8ab0a7c904c165c3 2023-05-02T20:27:29+01:00 e2e: node: unify sample device plugin utilities
+cc3bdb6e1e5b2f69f0cac5d5529ab67abf0c3d18 2023-04-28T17:03:58-07:00 [1.25] vendor: bump runc to 1.1.6
+7c41bbbbdf41da1f366db4237cf25dbe0f05dd3a 2023-04-25T12:47:01-07:00 Fix directory mismatch for `volume.SetVolumeOwnership()`
+f1a4bfbd597f25c0f1c9039423aadcbfebe550d3 2023-04-17T16:38:51+08:00 use case-insensitive header keys for http probes
+0d433ae74ec5b46ce8f03cda216bf3edaf1ea01d 2023-04-15T23:56:29+08:00 add log includes pod preemption details
+56f50bd0aecaa5877cf7b37bae6d5884007210b3 2023-04-14T08:26:13+00:00 fix: the volume is not detached after the pod and PVC objects are deleted
+e68ff4549631829367c5418a09fbc8d13ec7f046 2023-04-13T13:13:43+02:00 Do not look at VPC-related resources outside the cluster's network
+ad10f081586cac5b03bef619c90acd1f24c4c72e 2023-04-12T23:26:08-07:00 Bump konnectivity-client to 0.0.37
+f1a2a6c1e553056fe4cafa3182666fdc7518b555 2023-04-12T16:56:53-04:00 kubelet: Do not mutate pods in the pod manager
+28e1b5d635d6217a5fb36e3b6eee256b13fc48a3 2023-04-12T12:38:32+00:00 Update CHANGELOG/CHANGELOG-1.25.md for v1.25.9
+a1a87a0a2bcd605820920c6b0e618a8ab7d117d4 2023-04-12T12:06:19+00:00 Release commit for Kubernetes v1.25.9
+bf21b6de4a97fa01ddef72a03f14ccd22a50db2f 2023-04-06T09:44:33+02:00 releng/go: Update images, dependencies and version to Go 1.19.8
+604ad21799c43d87456cc76d3e591487de0a5152 2023-04-05T15:38:17+00:00 Return error for localhost seccomp type with no localhost profile defined
+902a7591f917eb886306cca09e82a98ba815210a 2023-03-31T11:57:24-04:00 Clean up formatting
+38d2613d16f4c51647bb1c37c87ef5773bd757a0 2023-03-22T10:37:26-04:00 Drop development dependencies from test targets
+5355936e2022d550ce11e403922635e55d1ec82f 2023-03-21T11:42:25-04:00 Clear front proxy headers after authentication is complete
+fb0741c2e7276ffe25f8b3978a2354f7b1cd1328 2023-03-21T09:28:59-04:00 Make prerelease tag optional in CI versions
+7fc18651814feeae108cae82ebbcf977e95a0ea5 2023-03-21T09:09:12-04:00 Annotate CI version regexes
+fb5eefc66b1be9af8ff52835525440c659a6b63c 2023-03-21T09:09:11-04:00 Drop unused regex grouping
+7b88494c32dfb34f084035995dec7052faf21b88 2023-03-21T09:09:11-04:00 Update comments
+c55deb4868a8b209d83dcd6e1c065ea236793080 2023-03-21T09:09:10-04:00 Delete unused version regex function
+9cb693eadf04e0e71e6128d486ef846ea3ffb9db 2023-03-21T15:02:08+08:00 kubelet: Fix fs quota monitoring on volumes
+32d3b4ef594c8fee005eac9c2bdf9a6c0eefb006 2023-03-21T15:02:07+08:00 fsquota: only generate pod uuid is nil
+d72438efd47e4be01167dc44fd7623795da07783 2023-03-20T15:59:12-04:00 Preserve UID/ResourceVersion in the BindingREST endpoint
+2257dba12f06c6b137a4c9a93a4f7fded8524479 2023-03-20T15:59:11-04:00 Add integration test for DefaultBinder
+a247e48bcd3742da7ddb43aa0b4d2f947afc3d33 2023-03-17T14:51:09+00:00 Change where transformers are called.
+3a14fe1af239a07ff8cdd13c6bd8fdbdb97fabeb 2023-03-15T14:02:25+00:00 Update CHANGELOG/CHANGELOG-1.25.md for v1.25.8
+b67fe6e75a92ba082474b08ac49a6c1c04456832 2023-03-11T00:31:38+00:00 wait again on pending state
+d7c1ba51f87c61572595be6206012e9431744279 2023-03-11T00:31:38+00:00 cacher allow context cancellation if not ready
+9ac9c468ec9222949a397fbf692e5a9a05398efb 2023-03-08T07:16:40+00:00 Route controller should update routes with NodeIP changed When a node reboots or kubelet restarts, it is possible that its IP is changed. In this case, node route should be updated with the correct IP. In this PR, it checks if the IP in an existing route is the same as the actual one. If not, it marks it as "update" so the old route will be deleted and a new one will be created. There's a new field EnableNodeAddresses, which is a feature gate for specific cloud providers to enable after they update their cloud provider code for CreateRoute().
+cc675a5367d9d09992d7f12b8a43a10d672370b9 2023-02-20T09:58:12+00:00 client-go/cache: update Replace comment to be more clear
+4283020151ab233101e77996fd8084488057f9c2 2023-02-20T09:58:12+00:00 client-go/cache: rewrite Replace to check queue first
+db451e163d97f6a2c023efa30aa12b751c785798 2023-02-20T09:58:11+00:00 client-go/cache: merge ReplaceMakesDeletionsForObjectsInQueue tests
+a818874dce54226ecc8ef384ff8b4c82aa6aaa85 2023-02-20T09:58:11+00:00 client-go/cache: fix missing delete event on replace without knownObjects
+bdc4a22309fc51f824aca41f11ee4466758ea9b0 2023-02-20T09:58:11+00:00 client-go/cache: fix missing delete event on replace
+3a5e85dff6d7412c512782da2f18ec7dde073e7d 2023-02-19T14:03:16-08:00 Bump konnectivity-client to v0.0.36
+c6d4552d7b5af6efe9a6af01b602c014da913cdb 2022-10-11T16:45:32-05:00 test: demote service ClientIP affinity timeout tests from conformance
diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt
index 3f0a51dc1c..9d5d1c5d27 100644
--- a/scripts/auto-rebase/commits.txt
+++ b/scripts/auto-rebase/commits.txt
@@ -3,11 +3,11 @@ https://github.com/openshift/cluster-ingress-operator embedded-component 21c38d5
 https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 2076f3d0e4fea6fca54028ec7831407173ea81f5
 https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component 1c2157df6e9031bf6abb9250d2bec901608fe5b4
 https://github.com/openshift/cluster-kube-scheduler-operator embedded-component 845ae423e831b1cacf0bcae5e6528f1d21b5ddf2
-https://github.com/openshift/cluster-network-operator embedded-component d17cd49b76269870402b67a6967abdd6ddbc9952
+https://github.com/openshift/cluster-network-operator embedded-component 422174789356e3bd2af543ab6513e3491593837f
 https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component d1915d130481541b8bacb5b98eddbc1541809d0a
-https://github.com/openshift/cluster-policy-controller embedded-component 139ac0499ac4d744023827ceb6d16aa6b467be27
+https://github.com/openshift/cluster-policy-controller embedded-component 9aaf6fea45f75b813ccb7441b9c350fe35d1dd9f
 https://github.com/openshift/etcd embedded-component c1d76ffd4b4cf0a0d2a6056a505fbef0b187c027
-https://github.com/openshift/kubernetes embedded-component 37a9a084bcb483a38e8f88349fa6a21c1b6be8a3
+https://github.com/openshift/kubernetes embedded-component 3fe29064317f72fce3606a38883d66a91a7c43dc
 https://github.com/openshift/machine-config-operator embedded-component 4accd895aa8fe5ccbd166b9562fdcf5a2112c5ec
 https://github.com/openshift/openshift-controller-manager embedded-component b6528f9ea28164af9f1ceea0e50f18116fe3c90e
 https://github.com/openshift/route-controller-manager embedded-component 9e74d175e81ef6a2beb3718398e3fc99dded037c
@@ -21,7 +21,7 @@ https://github.com/openshift/csi-node-driver-registrar image-amd64 805d5ac247137
 https://github.com/openshift/router image-amd64 3065f6583f3925328fbdbfe95e3bc7bb7a084d33
 https://github.com/openshift/kube-rbac-proxy image-amd64 94f3fde785a22afdc77768f5c346c7d3195274d2
 https://github.com/openshift/ovn-kubernetes image-amd64 ce142ecac5f04888793667e87304591a0dcffb5b
-https://github.com/openshift/kubernetes image-amd64 37a9a084bcb483a38e8f88349fa6a21c1b6be8a3
+https://github.com/openshift/kubernetes image-amd64 3fe29064317f72fce3606a38883d66a91a7c43dc
 https://github.com/openshift/service-ca-operator image-amd64 299b7097a49385fdd4f86eccedc07f3a192e2504
 https://github.com/openshift/oc image-arm64 31aa3e89a926f81aa0af30320ffcb71acadf3015
 https://github.com/openshift/coredns image-arm64 9aaa7e0a86b69bafb9f544a0e5cb1873535a8f6b
@@ -32,5 +32,5 @@ https://github.com/openshift/csi-node-driver-registrar image-arm64 805d5ac247137
 https://github.com/openshift/router image-arm64 3065f6583f3925328fbdbfe95e3bc7bb7a084d33
 https://github.com/openshift/kube-rbac-proxy image-arm64 94f3fde785a22afdc77768f5c346c7d3195274d2
 https://github.com/openshift/ovn-kubernetes image-arm64 ce142ecac5f04888793667e87304591a0dcffb5b
-https://github.com/openshift/kubernetes image-arm64 37a9a084bcb483a38e8f88349fa6a21c1b6be8a3
+https://github.com/openshift/kubernetes image-arm64 3fe29064317f72fce3606a38883d66a91a7c43dc
 https://github.com/openshift/service-ca-operator image-arm64 299b7097a49385fdd4f86eccedc07f3a192e2504

From 3f37b0e48e72dd74caac4e3707f0e444f4591364 Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Tue, 30 May 2023 05:57:39 +0000
Subject: [PATCH 3/7] update go.mod

---
 go.mod |  76 +++++++++++++++++------------------
 go.sum | 124 ++++++++++++++++++++++++++++++---------------------------
 2 files changed, 103 insertions(+), 97 deletions(-)

diff --git a/go.mod b/go.mod
index 701bf8678a..8effbcd8e2 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/openshift/api v0.0.0-20221116152553-4b67c2b2bb1e
 	github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d
 	github.com/openshift/client-go v0.0.0-20221019143426-16aed247da5c
-	github.com/openshift/cluster-policy-controller v0.0.0-20230227104154-139ac0499ac4
+	github.com/openshift/cluster-policy-controller v0.0.0-20230525171858-9aaf6fea45f7
 	github.com/openshift/library-go v0.0.0-20221205131816-1700fb06ea43
 	github.com/openshift/route-controller-manager v0.0.0-20221130011049-9e74d175e81e
 	github.com/pkg/errors v0.9.1
@@ -19,7 +19,7 @@ require (
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.8.0
 	go.etcd.io/etcd/server/v3 v3.5.4
-	golang.org/x/sys v0.5.0
+	golang.org/x/sys v0.6.0
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.25.2
 	k8s.io/apiextensions-apiserver v0.25.0
@@ -143,7 +143,7 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/runc v1.1.3 // indirect
+	github.com/opencontainers/runc v1.1.6 // indirect
 	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect
 	github.com/opencontainers/selinux v1.10.0 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
@@ -193,14 +193,14 @@ require (
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.19.0 // indirect
 	golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/net v0.7.0 // indirect
+	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/net v0.8.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect
-	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
-	golang.org/x/term v0.5.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/sync v0.1.0 // indirect
+	golang.org/x/term v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
-	golang.org/x/tools v0.1.12 // indirect
+	golang.org/x/tools v0.6.0 // indirect
 	gonum.org/v1/gonum v0.6.2 // indirect
 	google.golang.org/api v0.60.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
@@ -227,7 +227,7 @@ require (
 	k8s.io/mount-utils v0.0.0 // indirect
 	k8s.io/pod-security-admission v0.25.0 // indirect
 	k8s.io/utils v0.0.0-20220922133306-665eaaec4324 // indirect
-	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35 // indirect
+	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.37 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/kube-storage-version-migrator v0.0.4 // indirect
 	sigs.k8s.io/kustomize/api v0.12.1 // indirect
@@ -290,40 +290,40 @@ replace (
 	go.etcd.io/etcd/v3 => github.com/openshift/etcd/v3 v3.5.1-0.20220707134052-31b6b2d9b4d7 // override pinning etcd due to conflicting opentelemetry version
 	golang.org/x/crypto => golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd // from kubernetes
 	golang.org/x/exp => golang.org/x/exp v0.0.0-20210220032938-85be41e4509f // from kubernetes
-	golang.org/x/net => golang.org/x/net v0.7.0 // from kubernetes
+	golang.org/x/net => golang.org/x/net v0.8.0 // from kubernetes
 	gonum.org/v1/netlib => gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e // from kubernetes
 	gopkg.in/square/go-jose.v2 => gopkg.in/square/go-jose.v2 v2.2.2 // from kubernetes
 	gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.4.0 // from kubernetes
-	k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230419005830-37a9a084bcb4 // staging kubernetes
-	k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230419005830-37a9a084bcb4 // staging kubernetes
-	k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230419005830-37a9a084bcb4 // staging kubernetes
-	k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230419005830-37a9a084bcb4 // staging kubernetes
-	k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
-	k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230419005830-37a9a084bcb4 // staging kubernetes
-	k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
-	k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
-	k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230419005830-37a9a084bcb4 // staging kubernetes
-	k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230419005830-37a9a084bcb4 // staging kubernetes
+	k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230526022022-3fe29064317f // staging kubernetes
+	k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230526022022-3fe29064317f // staging kubernetes
+	k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230526022022-3fe29064317f // staging kubernetes
+	k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230526022022-3fe29064317f // staging kubernetes
+	k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230526022022-3fe29064317f // from kubernetes
+	k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230526022022-3fe29064317f // staging kubernetes
+	k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230526022022-3fe29064317f // from kubernetes
+	k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230526022022-3fe29064317f // from kubernetes
+	k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230526022022-3fe29064317f // staging kubernetes
+	k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230526022022-3fe29064317f // staging kubernetes
 	k8s.io/component-helpers => k8s.io/component-helpers v0.25.0 // from kubernetes
-	k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
-	k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
-	k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
+	k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230526022022-3fe29064317f // from kubernetes
+	k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230526022022-3fe29064317f // from kubernetes
+	k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230526022022-3fe29064317f // from kubernetes
 	k8s.io/klog/v2 => k8s.io/klog/v2 v2.70.1 // from kubernetes
-	k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230419005830-37a9a084bcb4 // staging kubernetes
-	k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
+	k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230526022022-3fe29064317f // staging kubernetes
+	k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230526022022-3fe29064317f // from kubernetes
 	k8s.io/kube-openapi => k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // from kubernetes
-	k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
-	k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
-	k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
-	k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
-	k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230419005830-37a9a084bcb4 // release kubernetes
-	k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
-	k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
-	k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
-	k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
-	k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
-	k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
-	k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230419005830-37a9a084bcb4 // from kubernetes
+	k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230526022022-3fe29064317f // from kubernetes
+	k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230526022022-3fe29064317f // from kubernetes
+	k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230526022022-3fe29064317f // from kubernetes
+	k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230526022022-3fe29064317f // from kubernetes
+	k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230526022022-3fe29064317f // release kubernetes
+	k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230526022022-3fe29064317f // from kubernetes
+	k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230526022022-3fe29064317f // from kubernetes
+	k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230526022022-3fe29064317f // from kubernetes
+	k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230526022022-3fe29064317f // from kubernetes
+	k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230526022022-3fe29064317f // from kubernetes
+	k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230526022022-3fe29064317f // from kubernetes
+	k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230526022022-3fe29064317f // from kubernetes
 	sigs.k8s.io/json => sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // from kubernetes
 	sigs.k8s.io/yaml => sigs.k8s.io/yaml v1.2.0 // from kubernetes
 )
diff --git a/go.sum b/go.sum
index 8dc88e07c4..5b8ee1f46a 100644
--- a/go.sum
+++ b/go.sum
@@ -516,8 +516,9 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM=
 github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/runc v1.1.3 h1:vIXrkId+0/J2Ymu2m7VjGvbSlAId9XNRPhn2p4b+d8w=
 github.com/opencontainers/runc v1.1.3/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg=
+github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA=
+github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
 github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc=
@@ -532,8 +533,8 @@ github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d h1:RR
 github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
 github.com/openshift/client-go v0.0.0-20221019143426-16aed247da5c h1:CV76yFOTXmq9VciBR3Bve5ZWzSxdft7gaMVB3kS0rwg=
 github.com/openshift/client-go v0.0.0-20221019143426-16aed247da5c/go.mod h1:lFMO8mLHXWFzSdYvGNo8ivF9SfF6zInA8ZGw4phRnUE=
-github.com/openshift/cluster-policy-controller v0.0.0-20230227104154-139ac0499ac4 h1:Y7Q1YTwgElV1FPd4G8pCN0GkWSSzAkF1SIpupC3ilyE=
-github.com/openshift/cluster-policy-controller v0.0.0-20230227104154-139ac0499ac4/go.mod h1:vlkRuwyRueLOQ/ZRRle+rCrh+YNoh+pzJm9WaN9e6mU=
+github.com/openshift/cluster-policy-controller v0.0.0-20230525171858-9aaf6fea45f7 h1:qJ8amhkcjmjTeNATQImTUXIY+00jW7e83taErZqvs+4=
+github.com/openshift/cluster-policy-controller v0.0.0-20230525171858-9aaf6fea45f7/go.mod h1:vlkRuwyRueLOQ/ZRRle+rCrh+YNoh+pzJm9WaN9e6mU=
 github.com/openshift/etcd/api/v3 v3.5.1-0.20220707134052-31b6b2d9b4d7 h1:0zi9RAHd0uq9gwtbMvRbLJJkgVBpFU7EIj3LQkY7hXk=
 github.com/openshift/etcd/api/v3 v3.5.1-0.20220707134052-31b6b2d9b4d7/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A=
 github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20220707134052-31b6b2d9b4d7 h1:AYz2JmZ7SCtJnpN4HiAgoVYW9AV54CJSiz8c9vig0NM=
@@ -546,51 +547,51 @@ github.com/openshift/etcd/raft/v3 v3.5.1-0.20220707134052-31b6b2d9b4d7 h1:50GOFZ
 github.com/openshift/etcd/raft/v3 v3.5.1-0.20220707134052-31b6b2d9b4d7/go.mod h1:kCV6hIjK2Oe4UBxDM5dWYs5wZGsiSYH7JvGaEXDlpD4=
 github.com/openshift/etcd/server/v3 v3.5.1-0.20220707134052-31b6b2d9b4d7 h1:iMup9OQMjZkONA/lAGIfjr6UxboUOBqrbrBMNh2ZtPs=
 github.com/openshift/etcd/server/v3 v3.5.1-0.20220707134052-31b6b2d9b4d7/go.mod h1:xwZlQLuAWsWw5rpb/Gwzi3nFie9STKcrKQbM6evLi5g=
-github.com/openshift/kubernetes v0.0.0-20230419005830-37a9a084bcb4 h1:wQ+xWqddCYcYGcej5Ww2F98nSZ2YhxERcGE/ahACoXw=
-github.com/openshift/kubernetes v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:U7onx+dLL248udqLPp6SzctRAMzhBDh07QEJQHM3XyU=
-github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230419005830-37a9a084bcb4 h1:3dOXO2o1YDk/C4JKS3krujDnNdWmoFzXdAVXf2eyXEg=
-github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:0e+IH7CyGwrfYDYKUsNW0HpasrfRUy40RzB40z/JbZ4=
-github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230419005830-37a9a084bcb4 h1:0yKQgGJ12rR0gd/nTrV1zuJ2lKd3+vlGsiyEnJPeugQ=
-github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:hBdDIJQkeKDFqRAp9Ech139uPvJOcZEpWo4tbYmqA6M=
-github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230419005830-37a9a084bcb4 h1:QXyOq/1QV/BqYax1NI5C1C+UGsglyZAa33/81gpSHI0=
-github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:/dAmLhFRrTAOxBqEzOSfq6uwHMc01RcEOLQSgn0dcEI=
-github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230419005830-37a9a084bcb4 h1:vPSFHhFN6kgBEhBXCSCYBWA0Pm26vUI+AomiQVoplaE=
-github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:WxJC79h0dcYKXW91x4lOYZ/pgqSY3hijo70Pvl1KpsQ=
-github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230419005830-37a9a084bcb4 h1:4E6D3cDLaAeBaOT8rBtvoqYhk3aAB0JdD88gONvM++k=
-github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:TDc7mrGQx8Nf4cZNEFiC1V3WMxB3778rOR5x6gXOIoE=
-github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230419005830-37a9a084bcb4 h1:eaA9xJxP+khjN9Tnk3WGFqk3Rg0IWOFAVRSVfD41oN4=
-github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:9i/tdbVTiKs2vDQXHHAZq+oqWZtGhCD7aQyG/8bIo8A=
-github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230419005830-37a9a084bcb4 h1:WdNhkz5+5nXML8OFd87vEtLodLcO59aYujWCNa8HoM4=
-github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:C3S9pGVUJ1ZJctifufBiW6irF58tKVNb45AzOz4Rf3s=
-github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230419005830-37a9a084bcb4 h1:RIN/0Gy/oweDPURKrfBe5Izj4Jg6u0uYVVdgYk9CuPo=
-github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:b6xZvVxbH8qUSoWcf846qX5FW2AYHTAG05DbWsLkpPo=
-github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:nlTUosKhyPHcHLK4E/4po4K1L0UAv3xOrjsmqh3Ajg8=
-github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230419005830-37a9a084bcb4 h1:OLomxCBO0CSe6line/g293MhNkozPhE1AL1cFvuGagg=
-github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:L7BiyM59UntZGlq44Q/vU58vEpzE/5VzT01MqhSTQ4E=
-github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230419005830-37a9a084bcb4 h1:Lnbu2ytwwRQUG4Q21XmQU1FHQZI+TozZJjRRKj1nJYY=
-github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:dfD8ftEhCiM45p69/5z062RjYSkAGawKJmsC2KcTTaU=
-github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230419005830-37a9a084bcb4 h1:EH3z54/fPgVHpz1M5OdhL+knbSx3LZzrga9Ykgr7baY=
-github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:DryNsLe7F3ksuOaUI+fegc4FjAA1JPEjC/JdS26jmEs=
-github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230419005830-37a9a084bcb4 h1:e5SsNbYayHdTwqVpdXdhuXxxcWAEwFgIsJ46eo33niM=
-github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:/LWVVHxMwaRLi1FM52S+cILPiCfyvGVp19+Jk6RI+2Y=
-github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230419005830-37a9a084bcb4 h1:9rmYRov06dSS89mehi3omzdq47ZFewzOcQJkTdljOp8=
-github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:SmLWO2lhU1+6BWREplK+xlQb//1A1vxVaslGyn92hJg=
-github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230419005830-37a9a084bcb4 h1:MvQ5gOimnwv1O6k87enyMxJ8QLoRGM0vvm7gpTNEHRE=
-github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:DzYd8HeRsfeaWvGd7wKLJ39lpOJLqhSDMqck8PX4pAY=
-github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230419005830-37a9a084bcb4 h1:8T6gpenSMd+1RgUESkm5ElfpwEvLyXfOhokFpcSqdQM=
-github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:z0eu9TAAbVW9kToIi3N1nU+KHixqZgWMNOCahYI0iGc=
-github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230419005830-37a9a084bcb4 h1:XHTOlli/J8VYUSEfIlNlaATeRPd8sr+7mLCesyq1hDU=
-github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:s3M05wMMLIiuoAoecZluKPLUZkOrUriugdllXGHkkV8=
-github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230419005830-37a9a084bcb4 h1:0sgIASPiFZOIfDko38nzCkHz4AcIqQKIEDZcqaV1R3E=
-github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:ESILSRwpo8poU3ATlwWZo6brt9OHnEvTKtmQHJ+6HQE=
-github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230419005830-37a9a084bcb4 h1:TbfQdcczEztmkYNZXxIrs3NfpqkUOCAwrmf0DEOVaPU=
-github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:2l8i9L4kEAYkA6PZhZXJFy0GaS9ddrxRQcRk9rEG+gM=
-github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230419005830-37a9a084bcb4 h1:+0uWodK5g73lzrA3ywIxoH9+0qYIQWHcUCsP9ai7xSc=
-github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:L6C2zrYe/5jHVxZMsBFoyjm0d9TcRZsDYkZYD4l0vZg=
-github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230419005830-37a9a084bcb4 h1:VzJnN+ztSPZcpGBPHHGZ+PSohhst8D1FpVgOKufHFVU=
-github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:fOVqNHsdAuwlu7rxsSQXqrCQiU0arPSyhS5bf8aNkwA=
-github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230419005830-37a9a084bcb4 h1:wXSHCYcnTPlVOquZvQ3lFbIWJ5owWKZLAxT+8eRaBMg=
-github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230419005830-37a9a084bcb4/go.mod h1:D98prnW5V9uL2O02gtTYNjA6rAVy7eS8D3hEJzw+Luo=
+github.com/openshift/kubernetes v0.0.0-20230526022022-3fe29064317f h1:LXBmAQe6b5VRiAZcLQvUKNfEJfzQyg2f6tF/D3OacU8=
+github.com/openshift/kubernetes v0.0.0-20230526022022-3fe29064317f/go.mod h1:6wByTwF1vPPHCT2dWuYIlU1FDd/7XQBKWUyFbk23Ezg=
+github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230526022022-3fe29064317f h1:eEO6bSn+/6GSjzWRAAq/ppKpIO9SoLtq/4AC7mQb8j8=
+github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230526022022-3fe29064317f/go.mod h1:1FMCNsjepI+BujkxE/ajSeyj8sdSRMi8IXHeHJn8GRM=
+github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230526022022-3fe29064317f h1:yOr+ZTvJW1KY6UsZ3pv0WcOEPb60t6+ZaYbVCZycYPQ=
+github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230526022022-3fe29064317f/go.mod h1:T888gkx2Ooy/ljFq3Gob5fPqkzNQh2KWVMTJlnfms3Q=
+github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230526022022-3fe29064317f h1:h2upbyTVi35G45vg2zakyfrrPlPFpdJ37X9TueQ61go=
+github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230526022022-3fe29064317f/go.mod h1:ZeLXhGH4gaAmoVGn2DUo84RaeXJAGo6kh5lfJqKVRy0=
+github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230526022022-3fe29064317f h1:gr7z0oQxch2Wy8oR4Oj5AHhdjwXmAnUgLF3yqO+4J0M=
+github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230526022022-3fe29064317f/go.mod h1:a1xZzzZHI7YXiNWceIlNHiheScF1QZ84tHZ7yIAONf4=
+github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230526022022-3fe29064317f h1:zdCFVNPzUeh6RJT9wq88MEZuKpcSCC8UaqebEOiZXGY=
+github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230526022022-3fe29064317f/go.mod h1:9Z8cGr3NO/ncnWysqH6/JCvV/Xc7w8PWIhlbtBiULIc=
+github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230526022022-3fe29064317f h1:Dg3y3xVTRF4BWEC/eLLeaZPcy3/X0pembXDzQ/T0ToY=
+github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230526022022-3fe29064317f/go.mod h1:CoDMwR6l7gUqkT86C7zsCXSOqQyXrpECATI+wNuW/5s=
+github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230526022022-3fe29064317f h1:P0oaNF6/WTcIQC4jD/SHWWhRJVJuOX2c2Q0gWEXOd28=
+github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230526022022-3fe29064317f/go.mod h1:1ejWjExSdX2/BA4xTy6rwbzU7XQz9RIcRkT4WxGSPb0=
+github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230526022022-3fe29064317f h1:1mvSo1SCu2FVdurRjNHCFA7WkTsVya15EyzwF7wddcc=
+github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230526022022-3fe29064317f/go.mod h1:PDbiDmb4nMbNSUUhO6ZcZsbaOiu1cNw44i90iABKeGs=
+github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230526022022-3fe29064317f/go.mod h1:8/0D9HW5mKWamREx9k7KQZ1PK0svfaCQMJ3qgb0wVZE=
+github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230526022022-3fe29064317f h1:upPLBPBmq3Ko+bCoiozLeDOpwATBMpp+7BDxs30sZ6w=
+github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230526022022-3fe29064317f/go.mod h1:hXlSwqb47hB5JttABqLMVmou//gA1gO13g4+OI35m98=
+github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230526022022-3fe29064317f h1:N+K7daffW8AkQobTqbZH4F5Feo3wSr+DfTXHN/Sjr9g=
+github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230526022022-3fe29064317f/go.mod h1:B1I6BmruoX2Jzyz1Qcmm2MK11C87EppYk4hKsOKaPhY=
+github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230526022022-3fe29064317f h1:LerJOB2pdz4rAQY8axSPLh1T15SJDXK8NmmejekTES4=
+github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230526022022-3fe29064317f/go.mod h1:82tYbgaqC3NZ1KLjzgmwp3TWH4Cu+EpNCvIRa6QtqD0=
+github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230526022022-3fe29064317f h1:0lFo8J9hUekdWAzYvhbEqWeBmoKhCwdnHjqeJ6FMIp4=
+github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230526022022-3fe29064317f/go.mod h1:MUeTsjUEMAqQHcjvnNVTb4GGMOgifzfOAoYjOi2m+AY=
+github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230526022022-3fe29064317f h1:8hy1AxE2OyzOnw/U5Eiivum7+uALvWfbcOHojT41WaE=
+github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230526022022-3fe29064317f/go.mod h1:yo019e987eRb3c4UQBSlqUgkh0e517EfkmyzTUrSr+c=
+github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230526022022-3fe29064317f h1:mWplsej6lTmnQvzn4C866MLirwxu49ioPCskGrrbgZk=
+github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230526022022-3fe29064317f/go.mod h1:T2C7X4FJIBFyexd2w57uL2TbDAQ5XdROg4rVEnLlnlU=
+github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230526022022-3fe29064317f h1:7CsoWBIQcTE1lW4Nv1yCYdyFHlpLo5XRRJAMOwTMd8w=
+github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230526022022-3fe29064317f/go.mod h1:zm+HcPCMUjk2GLYnF9DAhxPnKEGo4EFRRsox5Uvt1uw=
+github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230526022022-3fe29064317f h1:ugbZrgMPlucaLeW256+hHc6ifhyhQMqEotZJpI61ayg=
+github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230526022022-3fe29064317f/go.mod h1:Ft44bb+e3nhUYFjtFS8gGmWeCCJOqch/wOTtI8eUYsg=
+github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230526022022-3fe29064317f h1:7gB6ckUcVI9R9ev5BS7cNZhyYThQ8/7Da01HYY+OtZY=
+github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230526022022-3fe29064317f/go.mod h1:HqK7wwFMWpxQ54/0ki+uoGZGop/ulz05YOsrEJiZYm8=
+github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230526022022-3fe29064317f h1:V1JBIQ+aSfbJJOYzaUpEO9Uj3OZ9uWGCKTw1D/fyg84=
+github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230526022022-3fe29064317f/go.mod h1:1YzklSZZpGb5rhUoO1LGNz2cZmdQxfgfYkJRA1MfLMw=
+github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230526022022-3fe29064317f h1:mjfWh6TT1iGZzLxusKSMN12MWBYdM23MNmkj/8VyM0w=
+github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230526022022-3fe29064317f/go.mod h1:kMOQHWEshnCilrLxIRi9mp/n5FR+WNsuNcrCiUqPtmI=
+github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230526022022-3fe29064317f h1:LsNMzf9HMaw83WS3RZ68w3T0vTtIr6+JsBH+omlcHtA=
+github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230526022022-3fe29064317f/go.mod h1:A3BNnXvcjKFJrWzafkJxyMfIkRZUjYXV7PlZKuGKlF0=
+github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230526022022-3fe29064317f h1:HVDCigEriaZEh0zd5oX/ouXT9EPQ41hMf6jHJva4q+U=
+github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230526022022-3fe29064317f/go.mod h1:fe5ORy5zX3xFlng+AyOoCTbJqFZ3yvxsudzMuyMxl7I=
 github.com/openshift/library-go v0.0.0-20221205131816-1700fb06ea43 h1:siIMiY/kTrQvUzpwseN9Esw6fH+PD21VfqAzTa1b53M=
 github.com/openshift/library-go v0.0.0-20221205131816-1700fb06ea43/go.mod h1:KPBAXGaq7pPmA+1wUVtKr5Axg3R68IomWDkzaOxIhxM=
 github.com/openshift/onsi-ginkgo/v2 v2.0.0-20221005160638-5fa9cd70cd8c h1:bRjMBrKdts7PdEHiF7Z9Q+LZR8NFVfF0HsDQJJzWLco=
@@ -776,10 +777,11 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -809,8 +811,9 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180903190138-2b024373dcd9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -882,12 +885,13 @@ golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -897,8 +901,9 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -966,8 +971,9 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
-golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1187,8 +1193,8 @@ rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.32/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35 h1:+xBL5uTc+BkPBwmMi3vYfUJjq+N3K+H6PXeETwf5cPI=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35/go.mod h1:WxjusMwXlKzfAs4p9km6XJRndVt2FROgMVCE4cdohFo=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.37 h1:fAPTNEpzQMOLMGwOHNbUkR2xXTQwMJOZYNx+/mLlOh0=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.37/go.mod h1:vfnxT4FXNT8eGvO+xi/DsyC/qHmdujqwrUa1WSspCsk=
 sigs.k8s.io/controller-tools v0.2.8/go.mod h1:9VKHPszmf2DHz/QmHkcfZoewO6BL7pPs9uAiBVsaJSE=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=

From 1d94caf364ad4c6c09af2f36ffad89f81174a46f Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Tue, 30 May 2023 05:58:06 +0000
Subject: [PATCH 4/7] update vendoring

---
 .../libcontainer/cgroups/ebpf/ebpf_linux.go   |   2 +-
 .../runc/libcontainer/cgroups/fs/fs.go        |   1 +
 .../libcontainer/cgroups/systemd/common.go    |  78 ++-
 .../libcontainer/cgroups/systemd/cpuset.go    |   5 +
 .../runc/libcontainer/cgroups/systemd/v1.go   |  12 +-
 .../runc/libcontainer/cgroups/systemd/v2.go   |   2 +-
 .../runc/libcontainer/cgroups/utils.go        |   6 +-
 .../configs/validate/validator.go             |   5 +-
 .../runc/libcontainer/container_linux.go      |   2 +-
 .../runc/libcontainer/eaccess_go119.go        |  17 +
 .../runc/libcontainer/eaccess_stub.go         |  10 +
 .../runc/libcontainer/factory_linux.go        |  11 +-
 .../runc/libcontainer/init_linux.go           |   5 +-
 .../runc/libcontainer/rootfs_linux.go         |  84 ++-
 .../runc/libcontainer/standard_init_linux.go  |   8 +
 .../opencontainers/runc/libcontainer/sync.go  |  14 +-
 .../runc/libcontainer/user/user.go            |  14 +-
 .../pkg/client/genericinformers/interface.go  |  14 -
 .../pkg/cmd/controller/interfaces.go          |   4 +-
 vendor/golang.org/x/mod/module/module.go      |   4 +-
 vendor/golang.org/x/net/html/doc.go           |  15 +
 vendor/golang.org/x/net/html/escape.go        |  81 +++
 vendor/golang.org/x/net/html/render.go        |   2 +-
 vendor/golang.org/x/net/html/token.go         |  10 +-
 .../x/sync/singleflight/singleflight.go       |  11 +-
 vendor/golang.org/x/sys/cpu/hwcap_linux.go    |  15 +
 vendor/golang.org/x/sys/cpu/runtime_auxv.go   |  16 +
 .../x/sys/cpu/runtime_auxv_go121.go           |  19 +
 vendor/golang.org/x/sys/execabs/execabs.go    |   2 +-
 .../golang.org/x/sys/execabs/execabs_go118.go |   6 +
 .../golang.org/x/sys/execabs/execabs_go119.go |   4 +
 vendor/golang.org/x/sys/unix/ioctl.go         |  17 +-
 vendor/golang.org/x/sys/unix/ioctl_zos.go     |   8 +-
 vendor/golang.org/x/sys/unix/ptrace_darwin.go |   6 +
 vendor/golang.org/x/sys/unix/ptrace_ios.go    |   6 +
 vendor/golang.org/x/sys/unix/syscall_aix.go   |   5 +-
 vendor/golang.org/x/sys/unix/syscall_bsd.go   |   3 +-
 .../golang.org/x/sys/unix/syscall_darwin.go   |  12 +-
 .../x/sys/unix/syscall_darwin_amd64.go        |   1 +
 .../x/sys/unix/syscall_darwin_arm64.go        |   1 +
 .../x/sys/unix/syscall_dragonfly.go           |   1 +
 .../golang.org/x/sys/unix/syscall_freebsd.go  |  43 +-
 .../x/sys/unix/syscall_freebsd_386.go         |  17 +-
 .../x/sys/unix/syscall_freebsd_amd64.go       |  17 +-
 .../x/sys/unix/syscall_freebsd_arm.go         |  15 +-
 .../x/sys/unix/syscall_freebsd_arm64.go       |  15 +-
 .../x/sys/unix/syscall_freebsd_riscv64.go     |  15 +-
 vendor/golang.org/x/sys/unix/syscall_hurd.go  |   8 +
 vendor/golang.org/x/sys/unix/syscall_linux.go |  36 +-
 .../golang.org/x/sys/unix/syscall_netbsd.go   |   5 +-
 .../golang.org/x/sys/unix/syscall_openbsd.go  |   1 +
 .../golang.org/x/sys/unix/syscall_solaris.go  |  21 +-
 .../x/sys/unix/syscall_zos_s390x.go           |   4 +-
 vendor/golang.org/x/sys/unix/zerrors_linux.go |  10 +-
 .../x/sys/unix/zptrace_armnn_linux.go         |   8 +-
 .../x/sys/unix/zptrace_linux_arm64.go         |   4 +-
 .../x/sys/unix/zptrace_mipsnn_linux.go        |   8 +-
 .../x/sys/unix/zptrace_mipsnnle_linux.go      |   8 +-
 .../x/sys/unix/zptrace_x86_linux.go           |   8 +-
 .../golang.org/x/sys/unix/zsyscall_aix_ppc.go |  10 +
 .../x/sys/unix/zsyscall_aix_ppc64.go          |  10 +
 .../x/sys/unix/zsyscall_aix_ppc64_gc.go       |   7 +
 .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go    |   8 +
 .../x/sys/unix/zsyscall_darwin_amd64.go       |  16 +
 .../x/sys/unix/zsyscall_darwin_arm64.go       |  16 +
 .../x/sys/unix/zsyscall_dragonfly_amd64.go    |  10 +
 .../x/sys/unix/zsyscall_freebsd_386.go        |  20 +
 .../x/sys/unix/zsyscall_freebsd_amd64.go      |  20 +
 .../x/sys/unix/zsyscall_freebsd_arm.go        |  20 +
 .../x/sys/unix/zsyscall_freebsd_arm64.go      |  20 +
 .../x/sys/unix/zsyscall_freebsd_riscv64.go    |  20 +
 .../golang.org/x/sys/unix/zsyscall_linux.go   |  10 +
 .../x/sys/unix/zsyscall_netbsd_386.go         |  10 +
 .../x/sys/unix/zsyscall_netbsd_amd64.go       |  10 +
 .../x/sys/unix/zsyscall_netbsd_arm.go         |  10 +
 .../x/sys/unix/zsyscall_netbsd_arm64.go       |  10 +
 .../x/sys/unix/zsyscall_openbsd_386.go        |   8 +
 .../x/sys/unix/zsyscall_openbsd_amd64.go      |   8 +
 .../x/sys/unix/zsyscall_openbsd_arm.go        |   8 +
 .../x/sys/unix/zsyscall_openbsd_arm64.go      |   8 +
 .../x/sys/unix/zsyscall_openbsd_mips64.go     |   8 +
 .../x/sys/unix/zsyscall_openbsd_ppc64.go      |   8 +
 .../x/sys/unix/zsyscall_openbsd_riscv64.go    |   8 +
 .../x/sys/unix/zsyscall_solaris_amd64.go      |  11 +
 .../x/sys/unix/zsyscall_zos_s390x.go          |  10 +
 .../x/sys/unix/ztypes_freebsd_386.go          |   2 +-
 .../x/sys/unix/ztypes_freebsd_amd64.go        |   2 +-
 .../x/sys/unix/ztypes_freebsd_arm.go          |   2 +-
 .../x/sys/unix/ztypes_freebsd_arm64.go        |   2 +-
 .../x/sys/unix/ztypes_freebsd_riscv64.go      |   2 +-
 vendor/golang.org/x/sys/unix/ztypes_linux.go  | 140 ++--
 .../golang.org/x/sys/unix/ztypes_linux_386.go |   2 +-
 .../x/sys/unix/ztypes_linux_amd64.go          |   2 +-
 .../golang.org/x/sys/unix/ztypes_linux_arm.go |   2 +-
 .../x/sys/unix/ztypes_linux_arm64.go          |   2 +-
 .../x/sys/unix/ztypes_linux_loong64.go        |   2 +-
 .../x/sys/unix/ztypes_linux_mips.go           |   2 +-
 .../x/sys/unix/ztypes_linux_mips64.go         |   2 +-
 .../x/sys/unix/ztypes_linux_mips64le.go       |   2 +-
 .../x/sys/unix/ztypes_linux_mipsle.go         |   2 +-
 .../golang.org/x/sys/unix/ztypes_linux_ppc.go |   2 +-
 .../x/sys/unix/ztypes_linux_ppc64.go          |   2 +-
 .../x/sys/unix/ztypes_linux_ppc64le.go        |   2 +-
 .../x/sys/unix/ztypes_linux_riscv64.go        |   2 +-
 .../x/sys/unix/ztypes_linux_s390x.go          |   2 +-
 .../x/sys/unix/ztypes_linux_sparc64.go        |   2 +-
 .../x/sys/windows/syscall_windows.go          |   6 +-
 .../golang.org/x/sys/windows/types_windows.go |  85 +++
 .../x/sys/windows/zsyscall_windows.go         |  27 +
 .../x/text/encoding/internal/internal.go      |   2 +-
 .../x/text/unicode/norm/forminfo.go           |   2 +-
 .../x/tools/container/intsets/sparse.go       |   2 +-
 .../internal/fastwalk/fastwalk_darwin.go      | 119 ++++
 .../internal/fastwalk/fastwalk_dirent_ino.go  |   6 +-
 .../fastwalk/fastwalk_dirent_namlen_bsd.go    |   4 +-
 .../tools/internal/fastwalk/fastwalk_unix.go  |   4 +-
 .../x/tools/internal/gocommand/invoke.go      |  83 ++-
 .../x/tools/internal/gocommand/version.go     |  36 +-
 .../x/tools/internal/imports/fix.go           |  18 +-
 .../x/tools/internal/imports/mod.go           |  22 +-
 .../x/tools/internal/imports/sortimports.go   |   1 +
 .../x/tools/internal/imports/zstdlib.go       | 606 +++++++++++++-----
 vendor/k8s.io/api/core/v1/generated.proto     |   3 +-
 vendor/k8s.io/api/core/v1/types.go            |   3 +-
 .../core/v1/types_swagger_doc_generated.go    |   2 +-
 .../request/headerrequest/requestheader.go    |  34 +-
 .../pkg/endpoints/filters/authentication.go   |  31 +-
 .../pkg/endpoints/handlers/create.go          |   9 +-
 .../pkg/quota/v1/generic/evaluator.go         |   2 +-
 .../apiserver/pkg/registry/rest/rest.go       |   7 +
 vendor/k8s.io/apiserver/pkg/server/config.go  |   4 +-
 .../pkg/server/options/authentication.go      |  20 +
 .../apiserver/pkg/storage/cacher/cacher.go    |   8 +-
 .../apiserver/pkg/storage/cacher/ready.go     | 107 +++-
 .../client-go/tools/cache/controller.go       |  22 +-
 .../client-go/tools/cache/delta_fifo.go       | 135 ++--
 .../client-go/tools/cache/shared_informer.go  |   8 +-
 vendor/k8s.io/cloud-provider/cloud.go         |   5 +
 .../controllers/route/route_controller.go     | 244 ++++---
 vendor/k8s.io/controller-manager/app/serve.go |   2 +-
 .../cmd/kube-scheduler/app/server.go          |   2 +-
 .../k8s.io/kubernetes/pkg/apis/core/types.go  |   3 +-
 .../generated/openapi/zz_generated.openapi.go |   2 +-
 .../kubeapiserver/options/authentication.go   |   5 +
 .../pkg/kubelet/cm/devicemanager/manager.go   |  24 +-
 .../kubernetes/pkg/kubelet/kubelet_getters.go |   5 +-
 .../pkg/kubelet/kuberuntime/helpers.go        |  60 +-
 .../kubelet/kuberuntime/security_context.go   |  11 +-
 .../kubernetes/pkg/kubelet/prober/prober.go   |   2 +-
 .../pkg/quota/v1/evaluator/core/pods.go       |   5 +
 .../pkg/registry/core/pod/storage/storage.go  |   8 +
 .../framework/preemption/preemption.go        |   3 +
 .../kubernetes/pkg/volume/awsebs/aws_ebs.go   |   2 +-
 .../pkg/volume/azuredd/azure_mounter.go       |   2 +-
 .../kubernetes/pkg/volume/cinder/cinder.go    |   2 +-
 .../pkg/volume/configmap/configmap.go         |   2 +-
 .../kubernetes/pkg/volume/csi/csi_attacher.go |  43 +-
 .../kubernetes/pkg/volume/csi/csi_mounter.go  |   2 +-
 .../kubernetes/pkg/volume/csi/csi_util.go     |   2 +-
 .../pkg/volume/downwardapi/downwardapi.go     |   2 +-
 .../pkg/volume/emptydir/empty_dir.go          |   8 +-
 .../kubernetes/pkg/volume/fc/disk_manager.go  |   2 +-
 .../pkg/volume/flexvolume/mounter.go          |   2 +-
 .../kubernetes/pkg/volume/gcepd/gce_pd.go     |   2 +-
 .../pkg/volume/git_repo/git_repo.go           |   2 +-
 .../pkg/volume/iscsi/disk_manager.go          |   2 +-
 .../kubernetes/pkg/volume/local/local.go      |   2 +-
 .../pkg/volume/portworx/portworx.go           |   2 +-
 .../pkg/volume/projected/projected.go         |   2 +-
 .../kubernetes/pkg/volume/rbd/disk_manager.go |   2 +-
 .../kubernetes/pkg/volume/secret/secret.go    |   2 +-
 .../util/fsquota/common/quota_common.go       |  28 +
 ..._linux_common.go => quota_common_linux.go} |  11 -
 ...mon_impl.go => quota_common_linux_impl.go} |   0
 .../pkg/volume/util/fsquota/project.go        |   8 +-
 .../pkg/volume/util/fsquota/quota.go          |   5 +
 .../pkg/volume/util/fsquota/quota_linux.go    |  45 +-
 .../volume/util/fsquota/quota_unsupported.go  |   5 +
 .../kubernetes/pkg/volume/volume_linux.go     |  16 +-
 .../pkg/volume/volume_unsupported.go          |   2 +-
 .../volume/vsphere_volume/vsphere_volume.go   |   2 +-
 .../token/bootstrap/bootstrap.go              |   4 +-
 vendor/modules.txt                            | 122 ++--
 .../konnectivity-client/pkg/client/client.go  |  64 +-
 .../konnectivity-client/pkg/client/conn.go    |  14 +-
 185 files changed, 2550 insertions(+), 926 deletions(-)
 create mode 100644 vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go
 create mode 100644 vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go
 create mode 100644 vendor/golang.org/x/sys/cpu/runtime_auxv.go
 create mode 100644 vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
 create mode 100644 vendor/golang.org/x/tools/internal/fastwalk/fastwalk_darwin.go
 create mode 100644 vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common.go
 rename vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/{quota_linux_common.go => quota_common_linux.go} (92%)
 rename vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/{quota_linux_common_impl.go => quota_common_linux_impl.go} (100%)

diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go
index 104c74a890..35b00aaf05 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go
@@ -93,7 +93,7 @@ var (
 )
 
 // Loosely based on the BPF_F_REPLACE support check in
-//   <https://github.com/cilium/ebpf/blob/v0.6.0/link/syscalls.go>.
+// https://github.com/cilium/ebpf/blob/v0.6.0/link/syscalls.go.
 //
 // TODO: move this logic to cilium/ebpf
 func haveBpfProgReplace() bool {
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go
index fb4fcc7f75..9e2f0ec04c 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go
@@ -28,6 +28,7 @@ var subsystems = []subsystem{
 	&FreezerGroup{},
 	&RdmaGroup{},
 	&NameGroup{GroupName: "name=systemd", Join: true},
+	&NameGroup{GroupName: "misc", Join: true},
 }
 
 var errSubsystemDoesNotExist = errors.New("cgroup: subsystem does not exist")
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go
index 5a68a3cf39..50746ae0c5 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go
@@ -288,14 +288,26 @@ func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, err
 			case devices.CharDevice:
 				entry.Path = fmt.Sprintf("/dev/char/%d:%d", rule.Major, rule.Minor)
 			}
+			// systemd will issue a warning if the path we give here doesn't exist.
+			// Since all of this logic is best-effort anyway (we manually set these
+			// rules separately to systemd) we can safely skip entries that don't
+			// have a corresponding path.
+			if _, err := os.Stat(entry.Path); err != nil {
+				// Also check /sys/dev so that we don't depend on /dev/{block,char}
+				// being populated. (/dev/{block,char} is populated by udev, which
+				// isn't strictly required for systemd). Ironically, this happens most
+				// easily when starting containerd within a runc created container
+				// itself.
+
+				// We don't bother with securejoin here because we create entry.Path
+				// right above here, so we know it's safe.
+				if _, err := os.Stat("/sys" + entry.Path); err != nil {
+					logrus.Warnf("skipping device %s for systemd: %s", entry.Path, err)
+					continue
+				}
+			}
 		}
-		// systemd will issue a warning if the path we give here doesn't exist.
-		// Since all of this logic is best-effort anyway (we manually set these
-		// rules separately to systemd) we can safely skip entries that don't
-		// have a corresponding path.
-		if _, err := os.Stat(entry.Path); err == nil {
-			deviceAllowList = append(deviceAllowList, entry)
-		}
+		deviceAllowList = append(deviceAllowList, entry)
 	}
 
 	properties = append(properties, newProp("DeviceAllow", deviceAllowList))
@@ -341,32 +353,52 @@ func isUnitExists(err error) bool {
 	return isDbusError(err, "org.freedesktop.systemd1.UnitExists")
 }
 
-func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Property) error {
+func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Property, ignoreExist bool) error {
 	statusChan := make(chan string, 1)
+	retry := true
+
+retry:
 	err := cm.retryOnDisconnect(func(c *systemdDbus.Conn) error {
 		_, err := c.StartTransientUnitContext(context.TODO(), unitName, "replace", properties, statusChan)
 		return err
 	})
-	if err == nil {
-		timeout := time.NewTimer(30 * time.Second)
-		defer timeout.Stop()
-
-		select {
-		case s := <-statusChan:
-			close(statusChan)
-			// Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit
-			if s != "done" {
-				resetFailedUnit(cm, unitName)
-				return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s)
-			}
-		case <-timeout.C:
+	if err != nil {
+		if !isUnitExists(err) {
+			return err
+		}
+		if ignoreExist {
+			// TODO: remove this hack.
+			// This is kubelet making sure a slice exists (see
+			// https://github.com/opencontainers/runc/pull/1124).
+			return nil
+		}
+		if retry {
+			// In case a unit with the same name exists, this may
+			// be a leftover failed unit. Reset it, so systemd can
+			// remove it, and retry once.
 			resetFailedUnit(cm, unitName)
-			return errors.New("Timeout waiting for systemd to create " + unitName)
+			retry = false
+			goto retry
 		}
-	} else if !isUnitExists(err) {
 		return err
 	}
 
+	timeout := time.NewTimer(30 * time.Second)
+	defer timeout.Stop()
+
+	select {
+	case s := <-statusChan:
+		close(statusChan)
+		// Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit
+		if s != "done" {
+			resetFailedUnit(cm, unitName)
+			return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s)
+		}
+	case <-timeout.C:
+		resetFailedUnit(cm, unitName)
+		return errors.New("Timeout waiting for systemd to create " + unitName)
+	}
+
 	return nil
 }
 
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go
index 83d10dd705..dd474cf1b1 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go
@@ -51,5 +51,10 @@ func RangeToBits(str string) ([]byte, error) {
 		// do not allow empty values
 		return nil, errors.New("empty value")
 	}
+
+	// fit cpuset parsing order in systemd
+	for l, r := 0, len(ret)-1; l < r; l, r = l+1, r-1 {
+		ret[l], ret[r] = ret[r], ret[l]
+	}
 	return ret, nil
 }
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go
index a74a05a5cd..046c3056fb 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go
@@ -71,6 +71,7 @@ var legacySubsystems = []subsystem{
 	&fs.NetClsGroup{},
 	&fs.NameGroup{GroupName: "name=systemd"},
 	&fs.RdmaGroup{},
+	&fs.NameGroup{GroupName: "misc"},
 }
 
 func genV1ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) {
@@ -206,7 +207,7 @@ func (m *legacyManager) Apply(pid int) error {
 
 	properties = append(properties, c.SystemdProps...)
 
-	if err := startUnit(m.dbus, unitName, properties); err != nil {
+	if err := startUnit(m.dbus, unitName, properties, pid == -1); err != nil {
 		return err
 	}
 
@@ -273,14 +274,7 @@ func getSubsystemPath(slice, unit, subsystem string) (string, error) {
 		return "", err
 	}
 
-	initPath, err := cgroups.GetInitCgroup(subsystem)
-	if err != nil {
-		return "", err
-	}
-	// if pid 1 is systemd 226 or later, it will be in init.scope, not the root
-	initPath = strings.TrimSuffix(filepath.Clean(initPath), "init.scope")
-
-	return filepath.Join(mountpoint, initPath, slice, unit), nil
+	return filepath.Join(mountpoint, slice, unit), nil
 }
 
 func (m *legacyManager) Freeze(state configs.FreezerState) error {
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go
index de0cb974d4..94d24ee450 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go
@@ -284,7 +284,7 @@ func (m *unifiedManager) Apply(pid int) error {
 
 	properties = append(properties, c.SystemdProps...)
 
-	if err := startUnit(m.dbus, unitName, properties); err != nil {
+	if err := startUnit(m.dbus, unitName, properties, pid == -1); err != nil {
 		return fmt.Errorf("unable to start unit %q (properties %+v): %w", unitName, properties, err)
 	}
 
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
index b32af4ee53..fc4ae44a48 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go
@@ -162,8 +162,10 @@ func readProcsFile(dir string) ([]int, error) {
 
 // ParseCgroupFile parses the given cgroup file, typically /proc/self/cgroup
 // or /proc/<pid>/cgroup, into a map of subsystems to cgroup paths, e.g.
-//   "cpu": "/user.slice/user-1000.slice"
-//   "pids": "/user.slice/user-1000.slice"
+//
+//	"cpu": "/user.slice/user-1000.slice"
+//	"pids": "/user.slice/user-1000.slice"
+//
 // etc.
 //
 // Note that for cgroup v2 unified hierarchy, there are no per-controller
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go
index 627621a58d..4fbd308dad 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go
@@ -131,9 +131,8 @@ func (v *ConfigValidator) cgroupnamespace(config *configs.Config) error {
 // convertSysctlVariableToDotsSeparator can return sysctl variables in dots separator format.
 // The '/' separator is also accepted in place of a '.'.
 // Convert the sysctl variables to dots separator format for validation.
-// More info:
-//   https://man7.org/linux/man-pages/man8/sysctl.8.html
-//   https://man7.org/linux/man-pages/man5/sysctl.d.5.html
+// More info: sysctl(8), sysctl.d(5).
+//
 // For example:
 // Input sysctl variable "net/ipv4/conf/eno2.100.rp_filter"
 // will return the converted value "net.ipv4.conf.eno2/100.rp_filter"
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go
index 9df830d8cd..dd61dfd3c9 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go
@@ -926,7 +926,7 @@ func (c *linuxContainer) criuSupportsExtNS(t configs.NamespaceType) bool {
 }
 
 func criuNsToKey(t configs.NamespaceType) string {
-	return "extRoot" + strings.Title(configs.NsName(t)) + "NS"
+	return "extRoot" + strings.Title(configs.NsName(t)) + "NS" //nolint:staticcheck // SA1019: strings.Title is deprecated
 }
 
 func (c *linuxContainer) handleCheckpointingExternalNamespaces(rpcOpts *criurpc.CriuOpts, t configs.NamespaceType) error {
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go
new file mode 100644
index 0000000000..cc1e2079a7
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go
@@ -0,0 +1,17 @@
+//go:build !go1.20
+// +build !go1.20
+
+package libcontainer
+
+import "golang.org/x/sys/unix"
+
+func eaccess(path string) error {
+	// This check is similar to access(2) with X_OK except for
+	// setuid/setgid binaries where it checks against the effective
+	// (rather than real) uid and gid. It is not needed in go 1.20
+	// and beyond and will be removed later.
+
+	// Relies on code added in https://go-review.googlesource.com/c/sys/+/468877
+	// and older CLs linked from there.
+	return unix.Faccessat(unix.AT_FDCWD, path, unix.X_OK, unix.AT_EACCESS)
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go
new file mode 100644
index 0000000000..7c049fd7aa
--- /dev/null
+++ b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go
@@ -0,0 +1,10 @@
+//go:build go1.20
+
+package libcontainer
+
+func eaccess(path string) error {
+	// Not needed in Go 1.20+ as the functionality is already in there
+	// (added by https://go.dev/cl/416115, https://go.dev/cl/414824,
+	// and fixed in Go 1.20.2 by https://go.dev/cl/469956).
+	return nil
+}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go
index e6c71ac34e..a1fa7de2d2 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go
@@ -179,6 +179,12 @@ func (l *LinuxFactory) Create(id string, config *configs.Config) (Container, err
 			return nil, fmt.Errorf("unable to get cgroup PIDs: %w", err)
 		}
 		if len(pids) != 0 {
+			if config.Cgroups.Systemd {
+				// systemd cgroup driver can't add a pid to an
+				// existing systemd unit and will return an
+				// error anyway, so let's error out early.
+				return nil, fmt.Errorf("container's cgroup is not empty: %d process(es) found", len(pids))
+			}
 			// TODO: return an error.
 			logrus.Warnf("container's cgroup is not empty: %d process(es) found", len(pids))
 			logrus.Warn("DEPRECATED: running container in a non-empty cgroup won't be supported in runc 1.2; https://github.com/opencontainers/runc/issues/3132")
@@ -338,10 +344,9 @@ func (l *LinuxFactory) StartInitialization() (err error) {
 
 	defer func() {
 		if e := recover(); e != nil {
-			if e, ok := e.(error); ok {
-				err = fmt.Errorf("panic from initialization: %w, %s", e, debug.Stack())
+			if ee, ok := e.(error); ok {
+				err = fmt.Errorf("panic from initialization: %w, %s", ee, debug.Stack())
 			} else {
-				//nolint:errorlint // here e is not of error type
 				err = fmt.Errorf("panic from initialization: %v, %s", e, debug.Stack())
 			}
 		}
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go
index 1e5c394c3e..2e4c59353c 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go
@@ -411,8 +411,9 @@ func fixStdioPermissions(u *user.ExecUser) error {
 			return &os.PathError{Op: "fstat", Path: file.Name(), Err: err}
 		}
 
-		// Skip chown if uid is already the one we want.
-		if int(s.Uid) == u.Uid {
+		// Skip chown if uid is already the one we want or any of the STDIO descriptors
+		// were redirected to /dev/null.
+		if int(s.Uid) == u.Uid || s.Rdev == null.Rdev {
 			continue
 		}
 
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go
index 3cfd2bf1e4..c3f88fc703 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go
@@ -80,6 +80,8 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds []int) (err
 		// Therefore, we can access mountFds[i] without any concerns.
 		if mountFds != nil && mountFds[i] != -1 {
 			mountConfig.fd = &mountFds[i]
+		} else {
+			mountConfig.fd = nil
 		}
 
 		if err := mountToRootfs(m, mountConfig); err != nil {
@@ -327,26 +329,41 @@ func mountCgroupV2(m *configs.Mount, c *mountConfig) error {
 	if err := os.MkdirAll(dest, 0o755); err != nil {
 		return err
 	}
-	return utils.WithProcfd(c.root, m.Destination, func(procfd string) error {
-		if err := mount(m.Source, m.Destination, procfd, "cgroup2", uintptr(m.Flags), m.Data); err != nil {
-			// when we are in UserNS but CgroupNS is not unshared, we cannot mount cgroup2 (#2158)
-			if errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY) {
-				src := fs2.UnifiedMountpoint
-				if c.cgroupns && c.cgroup2Path != "" {
-					// Emulate cgroupns by bind-mounting
-					// the container cgroup path rather than
-					// the whole /sys/fs/cgroup.
-					src = c.cgroup2Path
-				}
-				err = mount(src, m.Destination, procfd, "", uintptr(m.Flags)|unix.MS_BIND, "")
-				if c.rootlessCgroups && errors.Is(err, unix.ENOENT) {
-					err = nil
-				}
-			}
-			return err
-		}
-		return nil
+	err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error {
+		return mount(m.Source, m.Destination, procfd, "cgroup2", uintptr(m.Flags), m.Data)
 	})
+	if err == nil || !(errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY)) {
+		return err
+	}
+
+	// When we are in UserNS but CgroupNS is not unshared, we cannot mount
+	// cgroup2 (#2158), so fall back to bind mount.
+	bindM := &configs.Mount{
+		Device:           "bind",
+		Source:           fs2.UnifiedMountpoint,
+		Destination:      m.Destination,
+		Flags:            unix.MS_BIND | m.Flags,
+		PropagationFlags: m.PropagationFlags,
+	}
+	if c.cgroupns && c.cgroup2Path != "" {
+		// Emulate cgroupns by bind-mounting the container cgroup path
+		// rather than the whole /sys/fs/cgroup.
+		bindM.Source = c.cgroup2Path
+	}
+	// mountToRootfs() handles remounting for MS_RDONLY.
+	// No need to set c.fd here, because mountToRootfs() calls utils.WithProcfd() by itself in mountPropagate().
+	err = mountToRootfs(bindM, c)
+	if c.rootlessCgroups && errors.Is(err, unix.ENOENT) {
+		// ENOENT (for `src = c.cgroup2Path`) happens when rootless runc is being executed
+		// outside the userns+mountns.
+		//
+		// Mask `/sys/fs/cgroup` to ensure it is read-only, even when `/sys` is mounted
+		// with `rbind,ro` (`runc spec --rootless` produces `rbind,ro` for `/sys`).
+		err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error {
+			return maskPath(procfd, c.label)
+		})
+	}
+	return err
 }
 
 func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) {
@@ -396,32 +413,43 @@ func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) {
 
 func mountToRootfs(m *configs.Mount, c *mountConfig) error {
 	rootfs := c.root
-	mountLabel := c.label
-	mountFd := c.fd
-	dest, err := securejoin.SecureJoin(rootfs, m.Destination)
-	if err != nil {
-		return err
-	}
 
+	// procfs and sysfs are special because we need to ensure they are actually
+	// mounted on a specific path in a container without any funny business.
 	switch m.Device {
 	case "proc", "sysfs":
 		// If the destination already exists and is not a directory, we bail
-		// out This is to avoid mounting through a symlink or similar -- which
+		// out. This is to avoid mounting through a symlink or similar -- which
 		// has been a "fun" attack scenario in the past.
 		// TODO: This won't be necessary once we switch to libpathrs and we can
 		//       stop all of these symlink-exchange attacks.
+		dest := filepath.Clean(m.Destination)
+		if !strings.HasPrefix(dest, rootfs) {
+			// Do not use securejoin as it resolves symlinks.
+			dest = filepath.Join(rootfs, dest)
+		}
 		if fi, err := os.Lstat(dest); err != nil {
 			if !os.IsNotExist(err) {
 				return err
 			}
-		} else if fi.Mode()&os.ModeDir == 0 {
+		} else if !fi.IsDir() {
 			return fmt.Errorf("filesystem %q must be mounted on ordinary directory", m.Device)
 		}
 		if err := os.MkdirAll(dest, 0o755); err != nil {
 			return err
 		}
-		// Selinux kernels do not support labeling of /proc or /sys
+		// Selinux kernels do not support labeling of /proc or /sys.
 		return mountPropagate(m, rootfs, "", nil)
+	}
+
+	mountLabel := c.label
+	mountFd := c.fd
+	dest, err := securejoin.SecureJoin(rootfs, m.Destination)
+	if err != nil {
+		return err
+	}
+
+	switch m.Device {
 	case "mqueue":
 		if err := os.MkdirAll(dest, 0o755); err != nil {
 			return err
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go
index 585a04fa08..c09a7bed30 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go
@@ -198,6 +198,14 @@ func (l *linuxStandardInit) Init() error {
 	if err != nil {
 		return err
 	}
+	// exec.LookPath in Go < 1.20 might return no error for an executable
+	// residing on a file system mounted with noexec flag, so perform this
+	// extra check now while we can still return a proper error.
+	// TODO: remove this once go < 1.20 is not supported.
+	if err := eaccess(name); err != nil {
+		return &os.PathError{Op: "eaccess", Path: name, Err: err}
+	}
+
 	// Set seccomp as close to execve as possible, so as few syscalls take
 	// place afterward (reducing the amount of syscalls that users need to
 	// enable in their seccomp profiles). However, this needs to be done
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/sync.go b/vendor/github.com/opencontainers/runc/libcontainer/sync.go
index c9a23ef3a7..25dc286307 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/sync.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/sync.go
@@ -15,16 +15,16 @@ type syncType string
 // during container setup. They come in pairs (with procError being a generic
 // response which is followed by an &initError).
 //
-// [  child  ] <-> [   parent   ]
+//	[  child  ] <-> [   parent   ]
 //
-// procHooks   --> [run hooks]
-//             <-- procResume
+//	procHooks   --> [run hooks]
+//	            <-- procResume
 //
-// procReady   --> [final setup]
-//             <-- procRun
+//	procReady   --> [final setup]
+//	            <-- procRun
 //
-// procSeccomp --> [pick up seccomp fd with pidfd_getfd()]
-//             <-- procSeccompDone
+//	procSeccomp --> [pick up seccomp fd with pidfd_getfd()]
+//	            <-- procSeccompDone
 const (
 	procError       syncType = "procError"
 	procReady       syncType = "procReady"
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go
index 2473c5eadd..a1e216683d 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go
@@ -280,13 +280,13 @@ func GetExecUserPath(userSpec string, defaults *ExecUser, passwdPath, groupPath
 // found in any entry in passwd and group respectively.
 //
 // Examples of valid user specifications are:
-//     * ""
-//     * "user"
-//     * "uid"
-//     * "user:group"
-//     * "uid:gid
-//     * "user:gid"
-//     * "uid:group"
+//   - ""
+//   - "user"
+//   - "uid"
+//   - "user:group"
+//   - "uid:gid
+//   - "user:gid"
+//   - "uid:group"
 //
 // It should be noted that if you specify a numeric user or group id, they will
 // not be evaluated as usernames (only the metadata will be filled). So attempting
diff --git a/vendor/github.com/openshift/cluster-policy-controller/pkg/client/genericinformers/interface.go b/vendor/github.com/openshift/cluster-policy-controller/pkg/client/genericinformers/interface.go
index 5a7867d697..855757b498 100644
--- a/vendor/github.com/openshift/cluster-policy-controller/pkg/client/genericinformers/interface.go
+++ b/vendor/github.com/openshift/cluster-policy-controller/pkg/client/genericinformers/interface.go
@@ -3,7 +3,6 @@ package genericinformers
 import (
 	"k8s.io/klog/v2"
 
-	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/informers"
 )
@@ -13,19 +12,6 @@ type GenericResourceInformer interface {
 	Start(stopCh <-chan struct{})
 }
 
-// GenericInternalResourceInformerFunc will return an internal informer for any resource matching
-// its group resource, instead of the external version. Only valid for use where the type is accessed
-// via generic interfaces, such as the garbage collector with ObjectMeta.
-type GenericInternalResourceInformerFunc func(resource schema.GroupVersionResource) (informers.GenericInformer, error)
-
-func (fn GenericInternalResourceInformerFunc) ForResource(resource schema.GroupVersionResource) (informers.GenericInformer, error) {
-	resource.Version = runtime.APIVersionInternal
-	return fn(resource)
-}
-
-// this is a temporary condition until we rewrite enough of generation to auto-conform to the required interface and no longer need the internal version shim
-func (fn GenericInternalResourceInformerFunc) Start(stopCh <-chan struct{}) {}
-
 // genericResourceInformerFunc will handle a cast to a matching type
 type GenericResourceInformerFunc func(resource schema.GroupVersionResource) (informers.GenericInformer, error)
 
diff --git a/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/interfaces.go b/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/interfaces.go
index 3d7244ebe8..6f6fbaaec0 100644
--- a/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/interfaces.go
+++ b/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/interfaces.go
@@ -141,13 +141,13 @@ func (c *EnhancedControllerContext) ToGenericInformer() genericinformers.Generic
 		genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) {
 			return c.ImageInformers.ForResource(resource)
 		}),
-		genericinformers.GenericInternalResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) {
+		genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) {
 			return c.QuotaInformers.ForResource(resource)
 		}),
 		genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) {
 			return c.RouteInformers.ForResource(resource)
 		}),
-		genericinformers.GenericInternalResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) {
+		genericinformers.GenericResourceInformerFunc(func(resource schema.GroupVersionResource) (informers.GenericInformer, error) {
 			return c.TemplateInformers.ForResource(resource)
 		}),
 	)
diff --git a/vendor/golang.org/x/mod/module/module.go b/vendor/golang.org/x/mod/module/module.go
index c26d1d29ec..e9dec6e614 100644
--- a/vendor/golang.org/x/mod/module/module.go
+++ b/vendor/golang.org/x/mod/module/module.go
@@ -96,13 +96,13 @@ package module
 // Changes to the semantics in this file require approval from rsc.
 
 import (
+	"errors"
 	"fmt"
 	"path"
 	"sort"
 	"strings"
 	"unicode"
 	"unicode/utf8"
-	"errors"
 
 	"golang.org/x/mod/semver"
 )
@@ -258,7 +258,7 @@ func modPathOK(r rune) bool {
 	return false
 }
 
-// modPathOK reports whether r can appear in a package import path element.
+// importPathOK reports whether r can appear in a package import path element.
 //
 // Import paths are intermediate between module paths and file paths: we allow
 // disallow characters that would be confusing or ambiguous as arguments to
diff --git a/vendor/golang.org/x/net/html/doc.go b/vendor/golang.org/x/net/html/doc.go
index 822ed42a04..7a96eae331 100644
--- a/vendor/golang.org/x/net/html/doc.go
+++ b/vendor/golang.org/x/net/html/doc.go
@@ -92,6 +92,21 @@ example, to process each anchor node in depth-first order:
 The relevant specifications include:
 https://html.spec.whatwg.org/multipage/syntax.html and
 https://html.spec.whatwg.org/multipage/syntax.html#tokenization
+
+# Security Considerations
+
+Care should be taken when parsing and interpreting HTML, whether full documents
+or fragments, within the framework of the HTML specification, especially with
+regard to untrusted inputs.
+
+This package provides both a tokenizer and a parser. Only the parser constructs
+a DOM according to the HTML specification, resolving malformed and misplaced
+tags where appropriate. The tokenizer simply tokenizes the HTML presented to it,
+and as such does not resolve issues that may exist in the processed HTML,
+producing a literal interpretation of the input.
+
+If your use case requires semantically well-formed HTML, as defined by the
+WHATWG specifiction, the parser should be used rather than the tokenizer.
 */
 package html // import "golang.org/x/net/html"
 
diff --git a/vendor/golang.org/x/net/html/escape.go b/vendor/golang.org/x/net/html/escape.go
index d856139620..04c6bec210 100644
--- a/vendor/golang.org/x/net/html/escape.go
+++ b/vendor/golang.org/x/net/html/escape.go
@@ -193,6 +193,87 @@ func lower(b []byte) []byte {
 	return b
 }
 
+// escapeComment is like func escape but escapes its input bytes less often.
+// Per https://github.com/golang/go/issues/58246 some HTML comments are (1)
+// meaningful and (2) contain angle brackets that we'd like to avoid escaping
+// unless we have to.
+//
+// "We have to" includes the '&' byte, since that introduces other escapes.
+//
+// It also includes those bytes (not including EOF) that would otherwise end
+// the comment. Per the summary table at the bottom of comment_test.go, this is
+// the '>' byte that, per above, we'd like to avoid escaping unless we have to.
+//
+// Studying the summary table (and T actions in its '>' column) closely, we
+// only need to escape in states 43, 44, 49, 51 and 52. State 43 is at the
+// start of the comment data. State 52 is after a '!'. The other three states
+// are after a '-'.
+//
+// Our algorithm is thus to escape every '&' and to escape '>' if and only if:
+//   - The '>' is after a '!' or '-' (in the unescaped data) or
+//   - The '>' is at the start of the comment data (after the opening "<!--").
+func escapeComment(w writer, s string) error {
+	// When modifying this function, consider manually increasing the
+	// maxSuffixLen constant in func TestComments, from 6 to e.g. 9 or more.
+	// That increase should only be temporary, not committed, as it
+	// exponentially affects the test running time.
+
+	if len(s) == 0 {
+		return nil
+	}
+
+	// Loop:
+	//   - Grow j such that s[i:j] does not need escaping.
+	//   - If s[j] does need escaping, output s[i:j] and an escaped s[j],
+	//     resetting i and j to point past that s[j] byte.
+	i := 0
+	for j := 0; j < len(s); j++ {
+		escaped := ""
+		switch s[j] {
+		case '&':
+			escaped = "&amp;"
+
+		case '>':
+			if j > 0 {
+				if prev := s[j-1]; (prev != '!') && (prev != '-') {
+					continue
+				}
+			}
+			escaped = "&gt;"
+
+		default:
+			continue
+		}
+
+		if i < j {
+			if _, err := w.WriteString(s[i:j]); err != nil {
+				return err
+			}
+		}
+		if _, err := w.WriteString(escaped); err != nil {
+			return err
+		}
+		i = j + 1
+	}
+
+	if i < len(s) {
+		if _, err := w.WriteString(s[i:]); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// escapeCommentString is to EscapeString as escapeComment is to escape.
+func escapeCommentString(s string) string {
+	if strings.IndexAny(s, "&>") == -1 {
+		return s
+	}
+	var buf bytes.Buffer
+	escapeComment(&buf, s)
+	return buf.String()
+}
+
 const escapedChars = "&'<>\"\r"
 
 func escape(w writer, s string) error {
diff --git a/vendor/golang.org/x/net/html/render.go b/vendor/golang.org/x/net/html/render.go
index 497e132042..8b28031905 100644
--- a/vendor/golang.org/x/net/html/render.go
+++ b/vendor/golang.org/x/net/html/render.go
@@ -85,7 +85,7 @@ func render1(w writer, n *Node) error {
 		if _, err := w.WriteString("<!--"); err != nil {
 			return err
 		}
-		if err := escape(w, n.Data); err != nil {
+		if err := escapeComment(w, n.Data); err != nil {
 			return err
 		}
 		if _, err := w.WriteString("-->"); err != nil {
diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go
index 50f7c6aac8..5c2a1f4efa 100644
--- a/vendor/golang.org/x/net/html/token.go
+++ b/vendor/golang.org/x/net/html/token.go
@@ -110,7 +110,7 @@ func (t Token) String() string {
 	case SelfClosingTagToken:
 		return "<" + t.tagString() + "/>"
 	case CommentToken:
-		return "<!--" + EscapeString(t.Data) + "-->"
+		return "<!--" + escapeCommentString(t.Data) + "-->"
 	case DoctypeToken:
 		return "<!DOCTYPE " + EscapeString(t.Data) + ">"
 	}
@@ -598,10 +598,10 @@ scriptDataDoubleEscapeEnd:
 // readComment reads the next comment token starting with "<!--". The opening
 // "<!--" has already been consumed.
 func (z *Tokenizer) readComment() {
-	// When modifying this function, consider manually increasing the suffixLen
-	// constant in func TestComments, from 6 to e.g. 9 or more. That increase
-	// should only be temporary, not committed, as it exponentially affects the
-	// test running time.
+	// When modifying this function, consider manually increasing the
+	// maxSuffixLen constant in func TestComments, from 6 to e.g. 9 or more.
+	// That increase should only be temporary, not committed, as it
+	// exponentially affects the test running time.
 
 	z.data.start = z.raw.end
 	defer func() {
diff --git a/vendor/golang.org/x/sync/singleflight/singleflight.go b/vendor/golang.org/x/sync/singleflight/singleflight.go
index 690eb85013..8473fb7922 100644
--- a/vendor/golang.org/x/sync/singleflight/singleflight.go
+++ b/vendor/golang.org/x/sync/singleflight/singleflight.go
@@ -52,10 +52,6 @@ type call struct {
 	val interface{}
 	err error
 
-	// forgotten indicates whether Forget was called with this call's key
-	// while the call was still in flight.
-	forgotten bool
-
 	// These fields are read and written with the singleflight
 	// mutex held before the WaitGroup is done, and are read but
 	// not written after the WaitGroup is done.
@@ -148,10 +144,10 @@ func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) {
 			c.err = errGoexit
 		}
 
-		c.wg.Done()
 		g.mu.Lock()
 		defer g.mu.Unlock()
-		if !c.forgotten {
+		c.wg.Done()
+		if g.m[key] == c {
 			delete(g.m, key)
 		}
 
@@ -204,9 +200,6 @@ func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) {
 // an earlier call to complete.
 func (g *Group) Forget(key string) {
 	g.mu.Lock()
-	if c, ok := g.m[key]; ok {
-		c.forgotten = true
-	}
 	delete(g.m, key)
 	g.mu.Unlock()
 }
diff --git a/vendor/golang.org/x/sys/cpu/hwcap_linux.go b/vendor/golang.org/x/sys/cpu/hwcap_linux.go
index f3baa37932..1d9d91f3ed 100644
--- a/vendor/golang.org/x/sys/cpu/hwcap_linux.go
+++ b/vendor/golang.org/x/sys/cpu/hwcap_linux.go
@@ -24,6 +24,21 @@ var hwCap uint
 var hwCap2 uint
 
 func readHWCAP() error {
+	// For Go 1.21+, get auxv from the Go runtime.
+	if a := getAuxv(); len(a) > 0 {
+		for len(a) >= 2 {
+			tag, val := a[0], uint(a[1])
+			a = a[2:]
+			switch tag {
+			case _AT_HWCAP:
+				hwCap = val
+			case _AT_HWCAP2:
+				hwCap2 = val
+			}
+		}
+		return nil
+	}
+
 	buf, err := ioutil.ReadFile(procAuxv)
 	if err != nil {
 		// e.g. on android /proc/self/auxv is not accessible, so silently
diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv.go b/vendor/golang.org/x/sys/cpu/runtime_auxv.go
new file mode 100644
index 0000000000..5f92ac9a2e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/runtime_auxv.go
@@ -0,0 +1,16 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+// getAuxvFn is non-nil on Go 1.21+ (via runtime_auxv_go121.go init)
+// on platforms that use auxv.
+var getAuxvFn func() []uintptr
+
+func getAuxv() []uintptr {
+	if getAuxvFn == nil {
+		return nil
+	}
+	return getAuxvFn()
+}
diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
new file mode 100644
index 0000000000..b975ea2a04
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
@@ -0,0 +1,19 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+// +build go1.21
+
+package cpu
+
+import (
+	_ "unsafe" // for linkname
+)
+
+//go:linkname runtime_getAuxv runtime.getAuxv
+func runtime_getAuxv() []uintptr
+
+func init() {
+	getAuxvFn = runtime_getAuxv
+}
diff --git a/vendor/golang.org/x/sys/execabs/execabs.go b/vendor/golang.org/x/sys/execabs/execabs.go
index b981cfbb4a..3bf40fdfec 100644
--- a/vendor/golang.org/x/sys/execabs/execabs.go
+++ b/vendor/golang.org/x/sys/execabs/execabs.go
@@ -63,7 +63,7 @@ func LookPath(file string) (string, error) {
 }
 
 func fixCmd(name string, cmd *exec.Cmd) {
-	if filepath.Base(name) == name && !filepath.IsAbs(cmd.Path) {
+	if filepath.Base(name) == name && !filepath.IsAbs(cmd.Path) && !isGo119ErrFieldSet(cmd) {
 		// exec.Command was called with a bare binary name and
 		// exec.LookPath returned a path which is not absolute.
 		// Set cmd.lookPathErr and clear cmd.Path so that it
diff --git a/vendor/golang.org/x/sys/execabs/execabs_go118.go b/vendor/golang.org/x/sys/execabs/execabs_go118.go
index 6ab5f50894..2000064a81 100644
--- a/vendor/golang.org/x/sys/execabs/execabs_go118.go
+++ b/vendor/golang.org/x/sys/execabs/execabs_go118.go
@@ -7,6 +7,12 @@
 
 package execabs
 
+import "os/exec"
+
 func isGo119ErrDot(err error) bool {
 	return false
 }
+
+func isGo119ErrFieldSet(cmd *exec.Cmd) bool {
+	return false
+}
diff --git a/vendor/golang.org/x/sys/execabs/execabs_go119.go b/vendor/golang.org/x/sys/execabs/execabs_go119.go
index 46c5b525e7..f364b34189 100644
--- a/vendor/golang.org/x/sys/execabs/execabs_go119.go
+++ b/vendor/golang.org/x/sys/execabs/execabs_go119.go
@@ -15,3 +15,7 @@ import (
 func isGo119ErrDot(err error) bool {
 	return errors.Is(err, exec.ErrDot)
 }
+
+func isGo119ErrFieldSet(cmd *exec.Cmd) bool {
+	return cmd.Err != nil
+}
diff --git a/vendor/golang.org/x/sys/unix/ioctl.go b/vendor/golang.org/x/sys/unix/ioctl.go
index 1c51b0ec2b..7ce8dd406f 100644
--- a/vendor/golang.org/x/sys/unix/ioctl.go
+++ b/vendor/golang.org/x/sys/unix/ioctl.go
@@ -8,7 +8,6 @@
 package unix
 
 import (
-	"runtime"
 	"unsafe"
 )
 
@@ -27,7 +26,7 @@ func IoctlSetInt(fd int, req uint, value int) error {
 // passing the integer value directly.
 func IoctlSetPointerInt(fd int, req uint, value int) error {
 	v := int32(value)
-	return ioctl(fd, req, uintptr(unsafe.Pointer(&v)))
+	return ioctlPtr(fd, req, unsafe.Pointer(&v))
 }
 
 // IoctlSetWinsize performs an ioctl on fd with a *Winsize argument.
@@ -36,9 +35,7 @@ func IoctlSetPointerInt(fd int, req uint, value int) error {
 func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
 	// TODO: if we get the chance, remove the req parameter and
 	// hardcode TIOCSWINSZ.
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
-	return err
+	return ioctlPtr(fd, req, unsafe.Pointer(value))
 }
 
 // IoctlSetTermios performs an ioctl on fd with a *Termios.
@@ -46,9 +43,7 @@ func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
 // The req value will usually be TCSETA or TIOCSETA.
 func IoctlSetTermios(fd int, req uint, value *Termios) error {
 	// TODO: if we get the chance, remove the req parameter.
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
-	return err
+	return ioctlPtr(fd, req, unsafe.Pointer(value))
 }
 
 // IoctlGetInt performs an ioctl operation which gets an integer value
@@ -58,18 +53,18 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error {
 // for those, IoctlRetInt should be used instead of this function.
 func IoctlGetInt(fd int, req uint) (int, error) {
 	var value int
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return value, err
 }
 
 func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
 	var value Winsize
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return &value, err
 }
 
 func IoctlGetTermios(fd int, req uint) (*Termios, error) {
 	var value Termios
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return &value, err
 }
diff --git a/vendor/golang.org/x/sys/unix/ioctl_zos.go b/vendor/golang.org/x/sys/unix/ioctl_zos.go
index 5384e7d91d..6532f09af2 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_zos.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_zos.go
@@ -27,9 +27,7 @@ func IoctlSetInt(fd int, req uint, value int) error {
 func IoctlSetWinsize(fd int, req uint, value *Winsize) error {
 	// TODO: if we get the chance, remove the req parameter and
 	// hardcode TIOCSWINSZ.
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
-	return err
+	return ioctlPtr(fd, req, unsafe.Pointer(value))
 }
 
 // IoctlSetTermios performs an ioctl on fd with a *Termios.
@@ -51,13 +49,13 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error {
 // for those, IoctlRetInt should be used instead of this function.
 func IoctlGetInt(fd int, req uint) (int, error) {
 	var value int
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return value, err
 }
 
 func IoctlGetWinsize(fd int, req uint) (*Winsize, error) {
 	var value Winsize
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return &value, err
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/vendor/golang.org/x/sys/unix/ptrace_darwin.go
index 463c3eff7f..39dba6ca6a 100644
--- a/vendor/golang.org/x/sys/unix/ptrace_darwin.go
+++ b/vendor/golang.org/x/sys/unix/ptrace_darwin.go
@@ -7,6 +7,12 @@
 
 package unix
 
+import "unsafe"
+
 func ptrace(request int, pid int, addr uintptr, data uintptr) error {
 	return ptrace1(request, pid, addr, data)
 }
+
+func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) error {
+	return ptrace1Ptr(request, pid, addr, data)
+}
diff --git a/vendor/golang.org/x/sys/unix/ptrace_ios.go b/vendor/golang.org/x/sys/unix/ptrace_ios.go
index ed0509a011..9ea66330a9 100644
--- a/vendor/golang.org/x/sys/unix/ptrace_ios.go
+++ b/vendor/golang.org/x/sys/unix/ptrace_ios.go
@@ -7,6 +7,12 @@
 
 package unix
 
+import "unsafe"
+
 func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
 	return ENOTSUP
 }
+
+func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+	return ENOTSUP
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go
index 2db1b51e99..d9f5544ccf 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix.go
@@ -292,9 +292,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 				break
 			}
 		}
-
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
@@ -411,6 +409,7 @@ func (w WaitStatus) CoreDump() bool { return w&0x80 == 0x80 }
 func (w WaitStatus) TrapCause() int { return -1 }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = ioctl
 
 // fcntl must never be called with cmd=F_DUP2FD because it doesn't work on AIX
 // There is no way to create a custom fcntl and to keep //sys fcntl easily,
diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go
index eda42671f1..7705c3270b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -245,8 +245,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 				break
 			}
 		}
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go
index 192b071b3d..7064d6ebab 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go
@@ -14,7 +14,6 @@ package unix
 
 import (
 	"fmt"
-	"runtime"
 	"syscall"
 	"unsafe"
 )
@@ -376,11 +375,10 @@ func Flistxattr(fd int, dest []byte) (sz int, err error) {
 func Kill(pid int, signum syscall.Signal) (err error) { return kill(pid, int(signum), 1) }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 func IoctlCtlInfo(fd int, ctlInfo *CtlInfo) error {
-	err := ioctl(fd, CTLIOCGINFO, uintptr(unsafe.Pointer(ctlInfo)))
-	runtime.KeepAlive(ctlInfo)
-	return err
+	return ioctlPtr(fd, CTLIOCGINFO, unsafe.Pointer(ctlInfo))
 }
 
 // IfreqMTU is struct ifreq used to get or set a network device's MTU.
@@ -394,16 +392,14 @@ type IfreqMTU struct {
 func IoctlGetIfreqMTU(fd int, ifname string) (*IfreqMTU, error) {
 	var ifreq IfreqMTU
 	copy(ifreq.Name[:], ifname)
-	err := ioctl(fd, SIOCGIFMTU, uintptr(unsafe.Pointer(&ifreq)))
+	err := ioctlPtr(fd, SIOCGIFMTU, unsafe.Pointer(&ifreq))
 	return &ifreq, err
 }
 
 // IoctlSetIfreqMTU performs the SIOCSIFMTU ioctl operation on fd to set the MTU
 // of the network device specified by ifreq.Name.
 func IoctlSetIfreqMTU(fd int, ifreq *IfreqMTU) error {
-	err := ioctl(fd, SIOCSIFMTU, uintptr(unsafe.Pointer(ifreq)))
-	runtime.KeepAlive(ifreq)
-	return err
+	return ioctlPtr(fd, SIOCSIFMTU, unsafe.Pointer(ifreq))
 }
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS_SYSCTL
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
index b37310ce9b..9fa879806b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
@@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr,
 //sys	getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT64
 //sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
 //sys	ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace
+//sys	ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace
 //sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
 //sys	Statfs(path string, stat *Statfs_t) (err error) = SYS_STATFS64
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
index d51ec99630..f17b8c526a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
@@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr,
 //sys	getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT
 //sys	Lstat(path string, stat *Stat_t) (err error)
 //sys	ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace
+//sys	ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace
 //sys	Stat(path string, stat *Stat_t) (err error)
 //sys	Statfs(path string, stat *Statfs_t) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
index a41111a794..221efc26bc 100644
--- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
+++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
@@ -172,6 +172,7 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
 }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
index d50b9dc250..5bdde03e4a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
@@ -161,7 +161,8 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
 	return
 }
 
-//sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
@@ -253,6 +254,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 //sys	ptrace(request int, pid int, addr uintptr, data int) (err error)
+//sys	ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) = SYS_PTRACE
 
 func PtraceAttach(pid int) (err error) {
 	return ptrace(PT_ATTACH, pid, 0, 0)
@@ -267,19 +269,36 @@ func PtraceDetach(pid int) (err error) {
 }
 
 func PtraceGetFpRegs(pid int, fpregsout *FpReg) (err error) {
-	return ptrace(PT_GETFPREGS, pid, uintptr(unsafe.Pointer(fpregsout)), 0)
+	return ptracePtr(PT_GETFPREGS, pid, unsafe.Pointer(fpregsout), 0)
 }
 
 func PtraceGetRegs(pid int, regsout *Reg) (err error) {
-	return ptrace(PT_GETREGS, pid, uintptr(unsafe.Pointer(regsout)), 0)
+	return ptracePtr(PT_GETREGS, pid, unsafe.Pointer(regsout), 0)
+}
+
+func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
+	ioDesc := PtraceIoDesc{
+		Op:   int32(req),
+		Offs: offs,
+	}
+	if countin > 0 {
+		_ = out[:countin] // check bounds
+		ioDesc.Addr = &out[0]
+	} else if out != nil {
+		ioDesc.Addr = (*byte)(unsafe.Pointer(&_zero))
+	}
+	ioDesc.SetLen(countin)
+
+	err = ptracePtr(PT_IO, pid, unsafe.Pointer(&ioDesc), 0)
+	return int(ioDesc.Len), err
 }
 
 func PtraceLwpEvents(pid int, enable int) (err error) {
 	return ptrace(PT_LWP_EVENTS, pid, 0, enable)
 }
 
-func PtraceLwpInfo(pid int, info uintptr) (err error) {
-	return ptrace(PT_LWPINFO, pid, info, int(unsafe.Sizeof(PtraceLwpInfoStruct{})))
+func PtraceLwpInfo(pid int, info *PtraceLwpInfoStruct) (err error) {
+	return ptracePtr(PT_LWPINFO, pid, unsafe.Pointer(info), int(unsafe.Sizeof(*info)))
 }
 
 func PtracePeekData(pid int, addr uintptr, out []byte) (count int, err error) {
@@ -299,13 +318,25 @@ func PtracePokeText(pid int, addr uintptr, data []byte) (count int, err error) {
 }
 
 func PtraceSetRegs(pid int, regs *Reg) (err error) {
-	return ptrace(PT_SETREGS, pid, uintptr(unsafe.Pointer(regs)), 0)
+	return ptracePtr(PT_SETREGS, pid, unsafe.Pointer(regs), 0)
 }
 
 func PtraceSingleStep(pid int) (err error) {
 	return ptrace(PT_STEP, pid, 1, 0)
 }
 
+func Dup3(oldfd, newfd, flags int) error {
+	if oldfd == newfd || flags&^O_CLOEXEC != 0 {
+		return EINVAL
+	}
+	how := F_DUP2FD
+	if flags&O_CLOEXEC != 0 {
+		how = F_DUP2FD_CLOEXEC
+	}
+	_, err := fcntl(oldfd, how, newfd)
+	return err
+}
+
 /*
  * Exposed directly
  */
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
index 6a91d471d0..b8da510043 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
+func (d *PtraceIoDesc) SetLen(length int) {
+	d.Len = uint32(length)
+}
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	var writtenOut uint64 = 0
 	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0)
@@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
 func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
-	return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
-}
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{
-		Op:   int32(req),
-		Offs: offs,
-		Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
-		Len:  uint32(countin),
-	}
-	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
-	return int(ioDesc.Len), err
+	return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
index 48110a0abb..47155c4839 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
+func (d *PtraceIoDesc) SetLen(length int) {
+	d.Len = uint64(length)
+}
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	var writtenOut uint64 = 0
 	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
@@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
 func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
-	return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
-}
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{
-		Op:   int32(req),
-		Offs: offs,
-		Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
-		Len:  uint64(countin),
-	}
-	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
-	return int(ioDesc.Len), err
+	return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0)
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
index 52f1d4b75a..08932093fa 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
+func (d *PtraceIoDesc) SetLen(length int) {
+	d.Len = uint32(length)
+}
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	var writtenOut uint64 = 0
 	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0)
@@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{
-		Op:   int32(req),
-		Offs: offs,
-		Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
-		Len:  uint32(countin),
-	}
-	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
-	return int(ioDesc.Len), err
-}
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
index 5537ee4f2e..d151a0d0e5 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
+func (d *PtraceIoDesc) SetLen(length int) {
+	d.Len = uint64(length)
+}
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	var writtenOut uint64 = 0
 	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
@@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{
-		Op:   int32(req),
-		Offs: offs,
-		Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
-		Len:  uint64(countin),
-	}
-	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
-	return int(ioDesc.Len), err
-}
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
index 164abd5d21..d5cd64b378 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
@@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 
+func (d *PtraceIoDesc) SetLen(length int) {
+	d.Len = uint64(length)
+}
+
 func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
 	var writtenOut uint64 = 0
 	_, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0)
@@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
-
-func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{
-		Op:   int32(req),
-		Offs: offs,
-		Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe.
-		Len:  uint64(countin),
-	}
-	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
-	return int(ioDesc.Len), err
-}
diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd.go b/vendor/golang.org/x/sys/unix/syscall_hurd.go
index 4ffb64808d..381fd4673b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_hurd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_hurd.go
@@ -20,3 +20,11 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	}
 	return
 }
+
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	r0, er := C.ioctl(C.int(fd), C.ulong(req), C.uintptr_t(uintptr(arg)))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index 5443dddd48..9735331530 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -1015,8 +1015,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		for n < len(pp.Path) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
@@ -1365,6 +1364,10 @@ func SetsockoptTCPRepairOpt(fd, level, opt int, o []TCPRepairOpt) (err error) {
 	return setsockopt(fd, level, opt, unsafe.Pointer(&o[0]), uintptr(SizeofTCPRepairOpt*len(o)))
 }
 
+func SetsockoptTCPMD5Sig(fd, level, opt int, s *TCPMD5Sig) error {
+	return setsockopt(fd, level, opt, unsafe.Pointer(s), unsafe.Sizeof(*s))
+}
+
 // Keyctl Commands (http://man7.org/linux/man-pages/man2/keyctl.2.html)
 
 // KeyctlInt calls keyctl commands in which each argument is an int.
@@ -1579,6 +1582,7 @@ func BindToDevice(fd int, device string) (err error) {
 }
 
 //sys	ptrace(request int, pid int, addr uintptr, data uintptr) (err error)
+//sys	ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) = SYS_PTRACE
 
 func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err error) {
 	// The peek requests are machine-size oriented, so we wrap it
@@ -1596,7 +1600,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro
 	// boundary.
 	n := 0
 	if addr%SizeofPtr != 0 {
-		err = ptrace(req, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0])))
+		err = ptracePtr(req, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0]))
 		if err != nil {
 			return 0, err
 		}
@@ -1608,7 +1612,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro
 	for len(out) > 0 {
 		// We use an internal buffer to guarantee alignment.
 		// It's not documented if this is necessary, but we're paranoid.
-		err = ptrace(req, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0])))
+		err = ptracePtr(req, pid, addr+uintptr(n), unsafe.Pointer(&buf[0]))
 		if err != nil {
 			return n, err
 		}
@@ -1640,7 +1644,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c
 	n := 0
 	if addr%SizeofPtr != 0 {
 		var buf [SizeofPtr]byte
-		err = ptrace(peekReq, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0])))
+		err = ptracePtr(peekReq, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0]))
 		if err != nil {
 			return 0, err
 		}
@@ -1667,7 +1671,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c
 	// Trailing edge.
 	if len(data) > 0 {
 		var buf [SizeofPtr]byte
-		err = ptrace(peekReq, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0])))
+		err = ptracePtr(peekReq, pid, addr+uintptr(n), unsafe.Pointer(&buf[0]))
 		if err != nil {
 			return n, err
 		}
@@ -1696,11 +1700,11 @@ func PtracePokeUser(pid int, addr uintptr, data []byte) (count int, err error) {
 }
 
 func PtraceGetRegs(pid int, regsout *PtraceRegs) (err error) {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 func PtraceSetRegs(pid int, regs *PtraceRegs) (err error) {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
 
 func PtraceSetOptions(pid int, options int) (err error) {
@@ -1709,7 +1713,7 @@ func PtraceSetOptions(pid int, options int) (err error) {
 
 func PtraceGetEventMsg(pid int) (msg uint, err error) {
 	var data _C_long
-	err = ptrace(PTRACE_GETEVENTMSG, pid, 0, uintptr(unsafe.Pointer(&data)))
+	err = ptracePtr(PTRACE_GETEVENTMSG, pid, 0, unsafe.Pointer(&data))
 	msg = uint(data)
 	return
 }
@@ -2154,6 +2158,14 @@ func isGroupMember(gid int) bool {
 	return false
 }
 
+func isCapDacOverrideSet() bool {
+	hdr := CapUserHeader{Version: LINUX_CAPABILITY_VERSION_3}
+	data := [2]CapUserData{}
+	err := Capget(&hdr, &data[0])
+
+	return err == nil && data[0].Effective&(1<<CAP_DAC_OVERRIDE) != 0
+}
+
 //sys	faccessat(dirfd int, path string, mode uint32) (err error)
 //sys	Faccessat2(dirfd int, path string, mode uint32, flags int) (err error)
 
@@ -2189,6 +2201,12 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 	var uid int
 	if flags&AT_EACCESS != 0 {
 		uid = Geteuid()
+		if uid != 0 && isCapDacOverrideSet() {
+			// If CAP_DAC_OVERRIDE is set, file access check is
+			// done by the kernel in the same way as for root
+			// (see generic_permission() in the Linux sources).
+			uid = 0
+		}
 	} else {
 		uid = Getuid()
 	}
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/vendor/golang.org/x/sys/unix/syscall_netbsd.go
index 35a3ad758f..e66865dccb 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd.go
@@ -13,7 +13,6 @@
 package unix
 
 import (
-	"runtime"
 	"syscall"
 	"unsafe"
 )
@@ -178,13 +177,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
 func IoctlGetPtmget(fd int, req uint) (*Ptmget, error) {
 	var value Ptmget
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	runtime.KeepAlive(value)
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return &value, err
 }
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
index 9b67b908e5..5e9de23ae3 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
@@ -152,6 +152,7 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
 }
 
 //sys	ioctl(fd int, req uint, arg uintptr) (err error)
+//sys	ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go
index 07ac56109a..d3444b64d6 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -408,8 +408,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		for n < len(pp.Path) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
@@ -547,21 +546,25 @@ func Minor(dev uint64) uint32 {
  */
 
 //sys	ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) = libc.ioctl
+//sys	ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) = libc.ioctl
 
 func ioctl(fd int, req uint, arg uintptr) (err error) {
 	_, err = ioctlRet(fd, req, arg)
 	return err
 }
 
-func IoctlSetTermio(fd int, req uint, value *Termio) error {
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, err = ioctlPtrRet(fd, req, arg)
 	return err
 }
 
+func IoctlSetTermio(fd int, req uint, value *Termio) error {
+	return ioctlPtr(fd, req, unsafe.Pointer(value))
+}
+
 func IoctlGetTermio(fd int, req uint) (*Termio, error) {
 	var value Termio
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&value))
 	return &value, err
 }
 
@@ -1084,7 +1087,7 @@ func IoctlSetIntRetInt(fd int, req uint, arg int) (int, error) {
 func IoctlSetString(fd int, req uint, val string) error {
 	bs := make([]byte, len(val)+1)
 	copy(bs[:len(bs)-1], val)
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&bs[0])))
+	err := ioctlPtr(fd, req, unsafe.Pointer(&bs[0]))
 	runtime.KeepAlive(&bs[0])
 	return err
 }
@@ -1118,7 +1121,7 @@ func (l *Lifreq) GetLifruUint() uint {
 }
 
 func IoctlLifreq(fd int, req uint, l *Lifreq) error {
-	return ioctl(fd, req, uintptr(unsafe.Pointer(l)))
+	return ioctlPtr(fd, req, unsafe.Pointer(l))
 }
 
 // Strioctl Helpers
@@ -1129,5 +1132,5 @@ func (s *Strioctl) SetInt(i int) {
 }
 
 func IoctlSetStrioctlRetInt(fd int, req uint, s *Strioctl) (int, error) {
-	return ioctlRet(fd, req, uintptr(unsafe.Pointer(s)))
+	return ioctlPtrRet(fd, req, unsafe.Pointer(s))
 }
diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
index 68b2f3e1cd..b295497ae4 100644
--- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
@@ -139,8 +139,7 @@ func anyToSockaddr(_ int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		for n < int(pp.Len) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
@@ -214,6 +213,7 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 //sys   mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) = SYS_MMAP
 //sys   munmap(addr uintptr, length uintptr) (err error) = SYS_MUNMAP
 //sys   ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL
+//sys   ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL
 
 //sys   Access(path string, mode uint32) (err error) = SYS___ACCESS_A
 //sys   Chdir(path string) (err error) = SYS___CHDIR_A
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index e174685adb..398c37e52d 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -70,6 +70,7 @@ const (
 	ALG_SET_DRBG_ENTROPY                        = 0x6
 	ALG_SET_IV                                  = 0x2
 	ALG_SET_KEY                                 = 0x1
+	ALG_SET_KEY_BY_KEY_SERIAL                   = 0x7
 	ALG_SET_OP                                  = 0x3
 	ANON_INODE_FS_MAGIC                         = 0x9041934
 	ARPHRD_6LOWPAN                              = 0x339
@@ -774,6 +775,8 @@ const (
 	DEVLINK_GENL_MCGRP_CONFIG_NAME              = "config"
 	DEVLINK_GENL_NAME                           = "devlink"
 	DEVLINK_GENL_VERSION                        = 0x1
+	DEVLINK_PORT_FN_CAP_MIGRATABLE              = 0x2
+	DEVLINK_PORT_FN_CAP_ROCE                    = 0x1
 	DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX           = 0x14
 	DEVLINK_SUPPORTED_FLASH_OVERWRITE_SECTIONS  = 0x3
 	DEVMEM_MAGIC                                = 0x454d444d
@@ -1262,6 +1265,8 @@ const (
 	FSCRYPT_MODE_AES_256_CTS                    = 0x4
 	FSCRYPT_MODE_AES_256_HCTR2                  = 0xa
 	FSCRYPT_MODE_AES_256_XTS                    = 0x1
+	FSCRYPT_MODE_SM4_CTS                        = 0x8
+	FSCRYPT_MODE_SM4_XTS                        = 0x7
 	FSCRYPT_POLICY_FLAGS_PAD_16                 = 0x2
 	FSCRYPT_POLICY_FLAGS_PAD_32                 = 0x3
 	FSCRYPT_POLICY_FLAGS_PAD_4                  = 0x0
@@ -1280,8 +1285,6 @@ const (
 	FS_ENCRYPTION_MODE_AES_256_GCM              = 0x2
 	FS_ENCRYPTION_MODE_AES_256_XTS              = 0x1
 	FS_ENCRYPTION_MODE_INVALID                  = 0x0
-	FS_ENCRYPTION_MODE_SPECK128_256_CTS         = 0x8
-	FS_ENCRYPTION_MODE_SPECK128_256_XTS         = 0x7
 	FS_IOC_ADD_ENCRYPTION_KEY                   = 0xc0506617
 	FS_IOC_GET_ENCRYPTION_KEY_STATUS            = 0xc080661a
 	FS_IOC_GET_ENCRYPTION_POLICY_EX             = 0xc0096616
@@ -1770,6 +1773,7 @@ const (
 	LANDLOCK_ACCESS_FS_REFER                    = 0x2000
 	LANDLOCK_ACCESS_FS_REMOVE_DIR               = 0x10
 	LANDLOCK_ACCESS_FS_REMOVE_FILE              = 0x20
+	LANDLOCK_ACCESS_FS_TRUNCATE                 = 0x4000
 	LANDLOCK_ACCESS_FS_WRITE_FILE               = 0x2
 	LANDLOCK_CREATE_RULESET_VERSION             = 0x1
 	LINUX_REBOOT_CMD_CAD_OFF                    = 0x0
@@ -1809,6 +1813,7 @@ const (
 	LWTUNNEL_IP_OPT_GENEVE_MAX                  = 0x3
 	LWTUNNEL_IP_OPT_VXLAN_MAX                   = 0x1
 	MADV_COLD                                   = 0x14
+	MADV_COLLAPSE                               = 0x19
 	MADV_DODUMP                                 = 0x11
 	MADV_DOFORK                                 = 0xb
 	MADV_DONTDUMP                               = 0x10
@@ -2163,6 +2168,7 @@ const (
 	PACKET_FANOUT_DATA                          = 0x16
 	PACKET_FANOUT_EBPF                          = 0x7
 	PACKET_FANOUT_FLAG_DEFRAG                   = 0x8000
+	PACKET_FANOUT_FLAG_IGNORE_OUTGOING          = 0x4000
 	PACKET_FANOUT_FLAG_ROLLOVER                 = 0x1000
 	PACKET_FANOUT_FLAG_UNIQUEID                 = 0x2000
 	PACKET_FANOUT_HASH                          = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
index bd001a6e1c..97f20ca282 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
@@ -15,12 +15,12 @@ type PtraceRegsArm struct {
 
 // PtraceGetRegsArm fetches the registers used by arm binaries.
 func PtraceGetRegsArm(pid int, regsout *PtraceRegsArm) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsArm sets the registers used by arm binaries.
 func PtraceSetRegsArm(pid int, regs *PtraceRegsArm) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
 
 // PtraceRegsArm64 is the registers used by arm64 binaries.
@@ -33,10 +33,10 @@ type PtraceRegsArm64 struct {
 
 // PtraceGetRegsArm64 fetches the registers used by arm64 binaries.
 func PtraceGetRegsArm64(pid int, regsout *PtraceRegsArm64) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsArm64 sets the registers used by arm64 binaries.
 func PtraceSetRegsArm64(pid int, regs *PtraceRegsArm64) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
diff --git a/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go b/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go
index 6cb6d688aa..834d2856dd 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go
@@ -7,11 +7,11 @@ import "unsafe"
 // PtraceGetRegSetArm64 fetches the registers used by arm64 binaries.
 func PtraceGetRegSetArm64(pid, addr int, regsout *PtraceRegsArm64) error {
 	iovec := Iovec{(*byte)(unsafe.Pointer(regsout)), uint64(unsafe.Sizeof(*regsout))}
-	return ptrace(PTRACE_GETREGSET, pid, uintptr(addr), uintptr(unsafe.Pointer(&iovec)))
+	return ptracePtr(PTRACE_GETREGSET, pid, uintptr(addr), unsafe.Pointer(&iovec))
 }
 
 // PtraceSetRegSetArm64 sets the registers used by arm64 binaries.
 func PtraceSetRegSetArm64(pid, addr int, regs *PtraceRegsArm64) error {
 	iovec := Iovec{(*byte)(unsafe.Pointer(regs)), uint64(unsafe.Sizeof(*regs))}
-	return ptrace(PTRACE_SETREGSET, pid, uintptr(addr), uintptr(unsafe.Pointer(&iovec)))
+	return ptracePtr(PTRACE_SETREGSET, pid, uintptr(addr), unsafe.Pointer(&iovec))
 }
diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
index c34d0639be..0b5f794305 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
@@ -21,12 +21,12 @@ type PtraceRegsMips struct {
 
 // PtraceGetRegsMips fetches the registers used by mips binaries.
 func PtraceGetRegsMips(pid int, regsout *PtraceRegsMips) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsMips sets the registers used by mips binaries.
 func PtraceSetRegsMips(pid int, regs *PtraceRegsMips) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
 
 // PtraceRegsMips64 is the registers used by mips64 binaries.
@@ -42,10 +42,10 @@ type PtraceRegsMips64 struct {
 
 // PtraceGetRegsMips64 fetches the registers used by mips64 binaries.
 func PtraceGetRegsMips64(pid int, regsout *PtraceRegsMips64) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsMips64 sets the registers used by mips64 binaries.
 func PtraceSetRegsMips64(pid int, regs *PtraceRegsMips64) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
index 3ccf0c0c4a..2807f7e646 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
@@ -21,12 +21,12 @@ type PtraceRegsMipsle struct {
 
 // PtraceGetRegsMipsle fetches the registers used by mipsle binaries.
 func PtraceGetRegsMipsle(pid int, regsout *PtraceRegsMipsle) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsMipsle sets the registers used by mipsle binaries.
 func PtraceSetRegsMipsle(pid int, regs *PtraceRegsMipsle) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
 
 // PtraceRegsMips64le is the registers used by mips64le binaries.
@@ -42,10 +42,10 @@ type PtraceRegsMips64le struct {
 
 // PtraceGetRegsMips64le fetches the registers used by mips64le binaries.
 func PtraceGetRegsMips64le(pid int, regsout *PtraceRegsMips64le) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsMips64le sets the registers used by mips64le binaries.
 func PtraceSetRegsMips64le(pid int, regs *PtraceRegsMips64le) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
diff --git a/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
index 7d65857004..281ea64e34 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
@@ -31,12 +31,12 @@ type PtraceRegs386 struct {
 
 // PtraceGetRegs386 fetches the registers used by 386 binaries.
 func PtraceGetRegs386(pid int, regsout *PtraceRegs386) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegs386 sets the registers used by 386 binaries.
 func PtraceSetRegs386(pid int, regs *PtraceRegs386) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
 
 // PtraceRegsAmd64 is the registers used by amd64 binaries.
@@ -72,10 +72,10 @@ type PtraceRegsAmd64 struct {
 
 // PtraceGetRegsAmd64 fetches the registers used by amd64 binaries.
 func PtraceGetRegsAmd64(pid int, regsout *PtraceRegsAmd64) error {
-	return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout)))
+	return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout))
 }
 
 // PtraceSetRegsAmd64 sets the registers used by amd64 binaries.
 func PtraceSetRegsAmd64(pid int, regs *PtraceRegsAmd64) error {
-	return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs)))
+	return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs))
 }
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
index 870215d2c4..ef9dcd1bef 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
@@ -223,6 +223,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	r0, er := C.ioctl(C.int(fd), C.int(req), C.uintptr_t(uintptr(arg)))
+	if r0 == -1 && er != nil {
+		err = er
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func FcntlInt(fd uintptr, cmd int, arg int) (r int, err error) {
 	r0, er := C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg))
 	r = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
index a89b0bfa53..f86a945923 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
@@ -103,6 +103,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, e1 := callioctl_ptr(fd, int(req), arg)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func FcntlInt(fd uintptr, cmd int, arg int) (r int, err error) {
 	r0, e1 := callfcntl(fd, cmd, uintptr(arg))
 	r = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
index 2caa5adf95..d32a84cae2 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
@@ -423,6 +423,13 @@ func callioctl(fd int, req int, arg uintptr) (r1 uintptr, e1 Errno) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func callioctl_ptr(fd int, req int, arg unsafe.Pointer) (r1 uintptr, e1 Errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_ioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func callfcntl(fd uintptr, cmd int, arg uintptr) (r1 uintptr, e1 Errno) {
 	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fcntl)), 3, fd, uintptr(cmd), arg, 0, 0, 0)
 	return
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
index 944a714b1a..d7d8baf819 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
@@ -191,6 +191,14 @@ func callioctl(fd int, req int, arg uintptr) (r1 uintptr, e1 Errno) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func callioctl_ptr(fd int, req int, arg unsafe.Pointer) (r1 uintptr, e1 Errno) {
+	r1 = uintptr(C.ioctl(C.int(fd), C.int(req), C.uintptr_t(uintptr(arg))))
+	e1 = syscall.GetErrno()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func callfcntl(fd uintptr, cmd int, arg uintptr) (r1 uintptr, e1 Errno) {
 	r1 = uintptr(C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg)))
 	e1 = syscall.GetErrno()
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
index c2461c4967..a29ffdd566 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
@@ -725,6 +725,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib"
@@ -2502,6 +2510,14 @@ func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) {
 	return
 }
 
+func ptrace1Ptr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), addr, uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ptrace_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
index 26a0fdc505..2fd4590bb7 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
@@ -725,6 +725,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib"
@@ -2502,6 +2510,14 @@ func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) {
 	return
 }
 
+func ptrace1Ptr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), addr, uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ptrace_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
index 54749f9c5e..3b85134707 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
@@ -436,6 +436,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
index 77479d4581..1129065624 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
index 2e966d4d7a..55f5abfe59 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
index d65a7c0fa6..d39651c2b5 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
index 6f0b97c6db..ddb7408680 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
index e1c23b5272..09a53a616c 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
@@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index 36ea3a55b7..430cb24de7 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -379,6 +379,16 @@ func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(arg)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
index 79f7389963..8e1d9c8f66 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
index fb161f3a26..21c6950400 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
index 4c8ac993a8..298168f90a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
index 76dd8ec4fd..68b8bd492f 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
@@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
index caeb807bd4..0b0f910e1a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
index a05e5f4fff..48ff5de75b 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
index b2da8e50cc..2452a641da 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
index 048b2655e6..5e35600a60 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
index 6f33e37e72..b04cef1a19 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
index 330cf7f7ac..47a07ee0c2 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
index 5f24de0d9d..573378fdb9 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
@@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 	return
 }
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 var libc_ioctl_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_ioctl ioctl "libc.so"
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
index 78d4a4240e..4873a1e5d3 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
@@ -657,6 +657,17 @@ func ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0)
+	ret = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpoll)), 3, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout), 0, 0, 0)
 	n = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
index f2079457c6..07bfe2ef9a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
@@ -267,6 +267,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
+	_, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
index d9c78cdcbc..29dc483378 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
@@ -362,7 +362,7 @@ type FpExtendedPrecision struct{}
 type PtraceIoDesc struct {
 	Op   int32
 	Offs uintptr
-	Addr uintptr
+	Addr *byte
 	Len  uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
index 26991b1655..0a89b28906 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
@@ -367,7 +367,7 @@ type FpExtendedPrecision struct{}
 type PtraceIoDesc struct {
 	Op   int32
 	Offs uintptr
-	Addr uintptr
+	Addr *byte
 	Len  uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
index f8324e7e7f..c8666bb152 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -350,7 +350,7 @@ type FpExtendedPrecision struct {
 type PtraceIoDesc struct {
 	Op   int32
 	Offs uintptr
-	Addr uintptr
+	Addr *byte
 	Len  uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
index 4220411f34..88fb48a887 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
@@ -347,7 +347,7 @@ type FpExtendedPrecision struct{}
 type PtraceIoDesc struct {
 	Op   int32
 	Offs uintptr
-	Addr uintptr
+	Addr *byte
 	Len  uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
index 0660fd45c7..698dc975e9 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
@@ -348,7 +348,7 @@ type FpExtendedPrecision struct{}
 type PtraceIoDesc struct {
 	Op   int32
 	Offs uintptr
-	Addr uintptr
+	Addr *byte
 	Len  uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 7d9fc8f1c9..ca84727cfe 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -456,36 +456,60 @@ type Ucred struct {
 }
 
 type TCPInfo struct {
-	State          uint8
-	Ca_state       uint8
-	Retransmits    uint8
-	Probes         uint8
-	Backoff        uint8
-	Options        uint8
-	Rto            uint32
-	Ato            uint32
-	Snd_mss        uint32
-	Rcv_mss        uint32
-	Unacked        uint32
-	Sacked         uint32
-	Lost           uint32
-	Retrans        uint32
-	Fackets        uint32
-	Last_data_sent uint32
-	Last_ack_sent  uint32
-	Last_data_recv uint32
-	Last_ack_recv  uint32
-	Pmtu           uint32
-	Rcv_ssthresh   uint32
-	Rtt            uint32
-	Rttvar         uint32
-	Snd_ssthresh   uint32
-	Snd_cwnd       uint32
-	Advmss         uint32
-	Reordering     uint32
-	Rcv_rtt        uint32
-	Rcv_space      uint32
-	Total_retrans  uint32
+	State           uint8
+	Ca_state        uint8
+	Retransmits     uint8
+	Probes          uint8
+	Backoff         uint8
+	Options         uint8
+	Rto             uint32
+	Ato             uint32
+	Snd_mss         uint32
+	Rcv_mss         uint32
+	Unacked         uint32
+	Sacked          uint32
+	Lost            uint32
+	Retrans         uint32
+	Fackets         uint32
+	Last_data_sent  uint32
+	Last_ack_sent   uint32
+	Last_data_recv  uint32
+	Last_ack_recv   uint32
+	Pmtu            uint32
+	Rcv_ssthresh    uint32
+	Rtt             uint32
+	Rttvar          uint32
+	Snd_ssthresh    uint32
+	Snd_cwnd        uint32
+	Advmss          uint32
+	Reordering      uint32
+	Rcv_rtt         uint32
+	Rcv_space       uint32
+	Total_retrans   uint32
+	Pacing_rate     uint64
+	Max_pacing_rate uint64
+	Bytes_acked     uint64
+	Bytes_received  uint64
+	Segs_out        uint32
+	Segs_in         uint32
+	Notsent_bytes   uint32
+	Min_rtt         uint32
+	Data_segs_in    uint32
+	Data_segs_out   uint32
+	Delivery_rate   uint64
+	Busy_time       uint64
+	Rwnd_limited    uint64
+	Sndbuf_limited  uint64
+	Delivered       uint32
+	Delivered_ce    uint32
+	Bytes_sent      uint64
+	Bytes_retrans   uint64
+	Dsack_dups      uint32
+	Reord_seen      uint32
+	Rcv_ooopack     uint32
+	Snd_wnd         uint32
+	Rcv_wnd         uint32
+	Rehash          uint32
 }
 
 type CanFilter struct {
@@ -528,7 +552,7 @@ const (
 	SizeofIPv6MTUInfo       = 0x20
 	SizeofICMPv6Filter      = 0x20
 	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0x68
+	SizeofTCPInfo           = 0xf0
 	SizeofCanFilter         = 0x8
 	SizeofTCPRepairOpt      = 0x8
 )
@@ -1043,6 +1067,7 @@ const (
 	PerfBitCommExec                      = CBitFieldMaskBit24
 	PerfBitUseClockID                    = CBitFieldMaskBit25
 	PerfBitContextSwitch                 = CBitFieldMaskBit26
+	PerfBitWriteBackward                 = CBitFieldMaskBit27
 )
 
 const (
@@ -1239,7 +1264,7 @@ type TCPMD5Sig struct {
 	Flags     uint8
 	Prefixlen uint8
 	Keylen    uint16
-	_         uint32
+	Ifindex   int32
 	Key       [80]uint8
 }
 
@@ -1939,7 +1964,11 @@ const (
 	NFT_MSG_GETOBJ                    = 0x13
 	NFT_MSG_DELOBJ                    = 0x14
 	NFT_MSG_GETOBJ_RESET              = 0x15
-	NFT_MSG_MAX                       = 0x19
+	NFT_MSG_NEWFLOWTABLE              = 0x16
+	NFT_MSG_GETFLOWTABLE              = 0x17
+	NFT_MSG_DELFLOWTABLE              = 0x18
+	NFT_MSG_GETRULE_RESET             = 0x19
+	NFT_MSG_MAX                       = 0x1a
 	NFTA_LIST_UNSPEC                  = 0x0
 	NFTA_LIST_ELEM                    = 0x1
 	NFTA_HOOK_UNSPEC                  = 0x0
@@ -2443,9 +2472,11 @@ const (
 	SOF_TIMESTAMPING_OPT_STATS    = 0x1000
 	SOF_TIMESTAMPING_OPT_PKTINFO  = 0x2000
 	SOF_TIMESTAMPING_OPT_TX_SWHW  = 0x4000
+	SOF_TIMESTAMPING_BIND_PHC     = 0x8000
+	SOF_TIMESTAMPING_OPT_ID_TCP   = 0x10000
 
-	SOF_TIMESTAMPING_LAST = 0x8000
-	SOF_TIMESTAMPING_MASK = 0xffff
+	SOF_TIMESTAMPING_LAST = 0x10000
+	SOF_TIMESTAMPING_MASK = 0x1ffff
 
 	SCM_TSTAMP_SND   = 0x0
 	SCM_TSTAMP_SCHED = 0x1
@@ -3265,7 +3296,7 @@ const (
 	DEVLINK_ATTR_LINECARD_SUPPORTED_TYPES              = 0xae
 	DEVLINK_ATTR_NESTED_DEVLINK                        = 0xaf
 	DEVLINK_ATTR_SELFTESTS                             = 0xb0
-	DEVLINK_ATTR_MAX                                   = 0xb0
+	DEVLINK_ATTR_MAX                                   = 0xb3
 	DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE              = 0x0
 	DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX           = 0x1
 	DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT               = 0x0
@@ -3281,7 +3312,8 @@ const (
 	DEVLINK_PORT_FUNCTION_ATTR_HW_ADDR                 = 0x1
 	DEVLINK_PORT_FN_ATTR_STATE                         = 0x2
 	DEVLINK_PORT_FN_ATTR_OPSTATE                       = 0x3
-	DEVLINK_PORT_FUNCTION_ATTR_MAX                     = 0x3
+	DEVLINK_PORT_FN_ATTR_CAPS                          = 0x4
+	DEVLINK_PORT_FUNCTION_ATTR_MAX                     = 0x4
 )
 
 type FsverityDigest struct {
@@ -3572,7 +3604,8 @@ const (
 	ETHTOOL_MSG_MODULE_SET                    = 0x23
 	ETHTOOL_MSG_PSE_GET                       = 0x24
 	ETHTOOL_MSG_PSE_SET                       = 0x25
-	ETHTOOL_MSG_USER_MAX                      = 0x25
+	ETHTOOL_MSG_RSS_GET                       = 0x26
+	ETHTOOL_MSG_USER_MAX                      = 0x26
 	ETHTOOL_MSG_KERNEL_NONE                   = 0x0
 	ETHTOOL_MSG_STRSET_GET_REPLY              = 0x1
 	ETHTOOL_MSG_LINKINFO_GET_REPLY            = 0x2
@@ -3611,7 +3644,8 @@ const (
 	ETHTOOL_MSG_MODULE_GET_REPLY              = 0x23
 	ETHTOOL_MSG_MODULE_NTF                    = 0x24
 	ETHTOOL_MSG_PSE_GET_REPLY                 = 0x25
-	ETHTOOL_MSG_KERNEL_MAX                    = 0x25
+	ETHTOOL_MSG_RSS_GET_REPLY                 = 0x26
+	ETHTOOL_MSG_KERNEL_MAX                    = 0x26
 	ETHTOOL_A_HEADER_UNSPEC                   = 0x0
 	ETHTOOL_A_HEADER_DEV_INDEX                = 0x1
 	ETHTOOL_A_HEADER_DEV_NAME                 = 0x2
@@ -3679,7 +3713,8 @@ const (
 	ETHTOOL_A_LINKSTATE_SQI_MAX               = 0x4
 	ETHTOOL_A_LINKSTATE_EXT_STATE             = 0x5
 	ETHTOOL_A_LINKSTATE_EXT_SUBSTATE          = 0x6
-	ETHTOOL_A_LINKSTATE_MAX                   = 0x6
+	ETHTOOL_A_LINKSTATE_EXT_DOWN_CNT          = 0x7
+	ETHTOOL_A_LINKSTATE_MAX                   = 0x7
 	ETHTOOL_A_DEBUG_UNSPEC                    = 0x0
 	ETHTOOL_A_DEBUG_HEADER                    = 0x1
 	ETHTOOL_A_DEBUG_MSGMASK                   = 0x2
@@ -4409,7 +4444,7 @@ const (
 	NL80211_ATTR_MAC_HINT                                   = 0xc8
 	NL80211_ATTR_MAC_MASK                                   = 0xd7
 	NL80211_ATTR_MAX_AP_ASSOC_STA                           = 0xca
-	NL80211_ATTR_MAX                                        = 0x140
+	NL80211_ATTR_MAX                                        = 0x141
 	NL80211_ATTR_MAX_CRIT_PROT_DURATION                     = 0xb4
 	NL80211_ATTR_MAX_CSA_COUNTERS                           = 0xce
 	NL80211_ATTR_MAX_MATCH_SETS                             = 0x85
@@ -4552,6 +4587,7 @@ const (
 	NL80211_ATTR_SUPPORT_MESH_AUTH                          = 0x73
 	NL80211_ATTR_SURVEY_INFO                                = 0x54
 	NL80211_ATTR_SURVEY_RADIO_STATS                         = 0xda
+	NL80211_ATTR_TD_BITMAP                                  = 0x141
 	NL80211_ATTR_TDLS_ACTION                                = 0x88
 	NL80211_ATTR_TDLS_DIALOG_TOKEN                          = 0x89
 	NL80211_ATTR_TDLS_EXTERNAL_SETUP                        = 0x8c
@@ -5752,3 +5788,25 @@ const (
 	AUDIT_NLGRP_NONE    = 0x0
 	AUDIT_NLGRP_READLOG = 0x1
 )
+
+const (
+	TUN_F_CSUM    = 0x1
+	TUN_F_TSO4    = 0x2
+	TUN_F_TSO6    = 0x4
+	TUN_F_TSO_ECN = 0x8
+	TUN_F_UFO     = 0x10
+)
+
+const (
+	VIRTIO_NET_HDR_F_NEEDS_CSUM = 0x1
+	VIRTIO_NET_HDR_F_DATA_VALID = 0x2
+	VIRTIO_NET_HDR_F_RSC_INFO   = 0x4
+)
+
+const (
+	VIRTIO_NET_HDR_GSO_NONE  = 0x0
+	VIRTIO_NET_HDR_GSO_TCPV4 = 0x1
+	VIRTIO_NET_HDR_GSO_UDP   = 0x3
+	VIRTIO_NET_HDR_GSO_TCPV6 = 0x4
+	VIRTIO_NET_HDR_GSO_ECN   = 0x80
+)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index 89c516a29a..4ecc1495cd 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -414,7 +414,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [122]int8
+	Data   [122]byte
 	_      uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index 62b4fb2699..34fddff964 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -427,7 +427,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index e86b35893e..3b14a6031f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -405,7 +405,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [122]uint8
+	Data   [122]byte
 	_      uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index 6c6be4c911..0517651ab3 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -406,7 +406,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
index 4982ea355a..3b0c518134 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
@@ -407,7 +407,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 173141a670..fccdf4dd0f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -410,7 +410,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [122]int8
+	Data   [122]byte
 	_      uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index 93ae4c5167..500de8fc07 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -409,7 +409,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 4e4e510ca5..d0434cd2c6 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -409,7 +409,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index 3f5ba013d9..84206ba534 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -410,7 +410,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [122]int8
+	Data   [122]byte
 	_      uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
index 71dfe7cdb4..ab078cf1f5 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
@@ -417,7 +417,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [122]uint8
+	Data   [122]byte
 	_      uint32
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index 3a2b7f0a66..42eb2c4cef 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -416,7 +416,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]uint8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index a52d627563..31304a4e8b 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -416,7 +416,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]uint8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
index dfc007d8a6..c311f9612d 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -434,7 +434,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]uint8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index b53cb9103d..bba3cefac1 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -429,7 +429,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index fe0aa35472..ad8a013804 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -411,7 +411,7 @@ const (
 
 type SockaddrStorage struct {
 	Family uint16
-	_      [118]int8
+	Data   [118]byte
 	_      uint64
 }
 
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 41cb3c01fd..3723b2c224 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -824,6 +824,9 @@ const socket_error = uintptr(^uint32(0))
 //sys	WSAStartup(verreq uint32, data *WSAData) (sockerr error) = ws2_32.WSAStartup
 //sys	WSACleanup() (err error) [failretval==socket_error] = ws2_32.WSACleanup
 //sys	WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbob uint32, cbbr *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) [failretval==socket_error] = ws2_32.WSAIoctl
+//sys	WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceBeginW
+//sys	WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceNextW
+//sys	WSALookupServiceEnd(handle Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceEnd
 //sys	socket(af int32, typ int32, protocol int32) (handle Handle, err error) [failretval==InvalidHandle] = ws2_32.socket
 //sys	sendto(s Handle, buf []byte, flags int32, to unsafe.Pointer, tolen int32) (err error) [failretval==socket_error] = ws2_32.sendto
 //sys	recvfrom(s Handle, buf []byte, flags int32, from *RawSockaddrAny, fromlen *int32) (n int32, err error) [failretval==-1] = ws2_32.recvfrom
@@ -1019,8 +1022,7 @@ func (rsa *RawSockaddrAny) Sockaddr() (Sockaddr, error) {
 		for n < len(pp.Path) && pp.Path[n] != 0 {
 			n++
 		}
-		bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n]
-		sa.Name = string(bytes)
+		sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n))
 		return sa, nil
 
 	case AF_INET:
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index 0c4add9741..857acf1032 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -1243,6 +1243,51 @@ const (
 	DnsSectionAdditional = 0x0003
 )
 
+const (
+	// flags of WSALookupService
+	LUP_DEEP                = 0x0001
+	LUP_CONTAINERS          = 0x0002
+	LUP_NOCONTAINERS        = 0x0004
+	LUP_NEAREST             = 0x0008
+	LUP_RETURN_NAME         = 0x0010
+	LUP_RETURN_TYPE         = 0x0020
+	LUP_RETURN_VERSION      = 0x0040
+	LUP_RETURN_COMMENT      = 0x0080
+	LUP_RETURN_ADDR         = 0x0100
+	LUP_RETURN_BLOB         = 0x0200
+	LUP_RETURN_ALIASES      = 0x0400
+	LUP_RETURN_QUERY_STRING = 0x0800
+	LUP_RETURN_ALL          = 0x0FF0
+	LUP_RES_SERVICE         = 0x8000
+
+	LUP_FLUSHCACHE    = 0x1000
+	LUP_FLUSHPREVIOUS = 0x2000
+
+	LUP_NON_AUTHORITATIVE      = 0x4000
+	LUP_SECURE                 = 0x8000
+	LUP_RETURN_PREFERRED_NAMES = 0x10000
+	LUP_DNS_ONLY               = 0x20000
+
+	LUP_ADDRCONFIG           = 0x100000
+	LUP_DUAL_ADDR            = 0x200000
+	LUP_FILESERVER           = 0x400000
+	LUP_DISABLE_IDN_ENCODING = 0x00800000
+	LUP_API_ANSI             = 0x01000000
+
+	LUP_RESOLUTION_HANDLE = 0x80000000
+)
+
+const (
+	// values of WSAQUERYSET's namespace
+	NS_ALL       = 0
+	NS_DNS       = 12
+	NS_NLA       = 15
+	NS_BTH       = 16
+	NS_EMAIL     = 37
+	NS_PNRPNAME  = 38
+	NS_PNRPCLOUD = 39
+)
+
 type DNSSRVData struct {
 	Target   *uint16
 	Priority uint16
@@ -3258,3 +3303,43 @@ const (
 	DWMWA_TEXT_COLOR                     = 36
 	DWMWA_VISIBLE_FRAME_BORDER_THICKNESS = 37
 )
+
+type WSAQUERYSET struct {
+	Size                uint32
+	ServiceInstanceName *uint16
+	ServiceClassId      *GUID
+	Version             *WSAVersion
+	Comment             *uint16
+	NameSpace           uint32
+	NSProviderId        *GUID
+	Context             *uint16
+	NumberOfProtocols   uint32
+	AfpProtocols        *AFProtocols
+	QueryString         *uint16
+	NumberOfCsAddrs     uint32
+	SaBuffer            *CSAddrInfo
+	OutputFlags         uint32
+	Blob                *BLOB
+}
+
+type WSAVersion struct {
+	Version                 uint32
+	EnumerationOfComparison int32
+}
+
+type AFProtocols struct {
+	AddressFamily int32
+	Protocol      int32
+}
+
+type CSAddrInfo struct {
+	LocalAddr  SocketAddress
+	RemoteAddr SocketAddress
+	SocketType int32
+	Protocol   int32
+}
+
+type BLOB struct {
+	Size     uint32
+	BlobData *byte
+}
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index ac60052e44..6d2a268534 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -474,6 +474,9 @@ var (
 	procWSAEnumProtocolsW                                    = modws2_32.NewProc("WSAEnumProtocolsW")
 	procWSAGetOverlappedResult                               = modws2_32.NewProc("WSAGetOverlappedResult")
 	procWSAIoctl                                             = modws2_32.NewProc("WSAIoctl")
+	procWSALookupServiceBeginW                               = modws2_32.NewProc("WSALookupServiceBeginW")
+	procWSALookupServiceEnd                                  = modws2_32.NewProc("WSALookupServiceEnd")
+	procWSALookupServiceNextW                                = modws2_32.NewProc("WSALookupServiceNextW")
 	procWSARecv                                              = modws2_32.NewProc("WSARecv")
 	procWSARecvFrom                                          = modws2_32.NewProc("WSARecvFrom")
 	procWSASend                                              = modws2_32.NewProc("WSASend")
@@ -4067,6 +4070,30 @@ func WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbo
 	return
 }
 
+func WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procWSALookupServiceBeginW.Addr(), 3, uintptr(unsafe.Pointer(querySet)), uintptr(flags), uintptr(unsafe.Pointer(handle)))
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WSALookupServiceEnd(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procWSALookupServiceEnd.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) {
+	r1, _, e1 := syscall.Syscall6(procWSALookupServiceNextW.Addr(), 4, uintptr(handle), uintptr(flags), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(querySet)), 0, 0)
+	if r1 == socket_error {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func WSARecv(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, overlapped *Overlapped, croutine *byte) (err error) {
 	r1, _, e1 := syscall.Syscall9(procWSARecv.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0)
 	if r1 == socket_error {
diff --git a/vendor/golang.org/x/text/encoding/internal/internal.go b/vendor/golang.org/x/text/encoding/internal/internal.go
index 75a5fd1658..413e6fc6d7 100644
--- a/vendor/golang.org/x/text/encoding/internal/internal.go
+++ b/vendor/golang.org/x/text/encoding/internal/internal.go
@@ -64,7 +64,7 @@ func (e FuncEncoding) NewEncoder() *encoding.Encoder {
 // byte.
 type RepertoireError byte
 
-// Error implements the error interrface.
+// Error implements the error interface.
 func (r RepertoireError) Error() string {
 	return "encoding: rune not supported by encoding."
 }
diff --git a/vendor/golang.org/x/text/unicode/norm/forminfo.go b/vendor/golang.org/x/text/unicode/norm/forminfo.go
index d69ccb4f97..487335d14d 100644
--- a/vendor/golang.org/x/text/unicode/norm/forminfo.go
+++ b/vendor/golang.org/x/text/unicode/norm/forminfo.go
@@ -13,7 +13,7 @@ import "encoding/binary"
 // a rune to a uint16. The values take two forms.  For v >= 0x8000:
 //   bits
 //   15:    1 (inverse of NFD_QC bit of qcInfo)
-//   13..7: qcInfo (see below). isYesD is always true (no decompostion).
+//   13..7: qcInfo (see below). isYesD is always true (no decomposition).
 //    6..0: ccc (compressed CCC value).
 // For v < 0x8000, the respective rune has a decomposition and v is an index
 // into a byte array of UTF-8 decomposition sequences and additional info and
diff --git a/vendor/golang.org/x/tools/container/intsets/sparse.go b/vendor/golang.org/x/tools/container/intsets/sparse.go
index c06aec80b0..d5fe156ed3 100644
--- a/vendor/golang.org/x/tools/container/intsets/sparse.go
+++ b/vendor/golang.org/x/tools/container/intsets/sparse.go
@@ -190,7 +190,7 @@ func (b *block) min(take bool) int {
 			if take {
 				b.bits[i] = w &^ (1 << uint(tz))
 			}
-			return b.offset + int(i*bitsPerWord) + tz
+			return b.offset + i*bitsPerWord + tz
 		}
 	}
 	panic("BUG: empty block")
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_darwin.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_darwin.go
new file mode 100644
index 0000000000..0ca55e0d56
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_darwin.go
@@ -0,0 +1,119 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin && cgo
+// +build darwin,cgo
+
+package fastwalk
+
+/*
+#include <dirent.h>
+
+// fastwalk_readdir_r wraps readdir_r so that we don't have to pass a dirent**
+// result pointer which triggers CGO's "Go pointer to Go pointer" check unless
+// we allocat the result dirent* with malloc.
+//
+// fastwalk_readdir_r returns 0 on success, -1 upon reaching the end of the
+// directory, or a positive error number to indicate failure.
+static int fastwalk_readdir_r(DIR *fd, struct dirent *entry) {
+	struct dirent *result;
+	int ret = readdir_r(fd, entry, &result);
+	if (ret == 0 && result == NULL) {
+		ret = -1; // EOF
+	}
+	return ret;
+}
+*/
+import "C"
+
+import (
+	"os"
+	"syscall"
+	"unsafe"
+)
+
+func readDir(dirName string, fn func(dirName, entName string, typ os.FileMode) error) error {
+	fd, err := openDir(dirName)
+	if err != nil {
+		return &os.PathError{Op: "opendir", Path: dirName, Err: err}
+	}
+	defer C.closedir(fd)
+
+	skipFiles := false
+	var dirent syscall.Dirent
+	for {
+		ret := int(C.fastwalk_readdir_r(fd, (*C.struct_dirent)(unsafe.Pointer(&dirent))))
+		if ret != 0 {
+			if ret == -1 {
+				break // EOF
+			}
+			if ret == int(syscall.EINTR) {
+				continue
+			}
+			return &os.PathError{Op: "readdir", Path: dirName, Err: syscall.Errno(ret)}
+		}
+		if dirent.Ino == 0 {
+			continue
+		}
+		typ := dtToType(dirent.Type)
+		if skipFiles && typ.IsRegular() {
+			continue
+		}
+		name := (*[len(syscall.Dirent{}.Name)]byte)(unsafe.Pointer(&dirent.Name))[:]
+		name = name[:dirent.Namlen]
+		for i, c := range name {
+			if c == 0 {
+				name = name[:i]
+				break
+			}
+		}
+		// Check for useless names before allocating a string.
+		if string(name) == "." || string(name) == ".." {
+			continue
+		}
+		if err := fn(dirName, string(name), typ); err != nil {
+			if err != ErrSkipFiles {
+				return err
+			}
+			skipFiles = true
+		}
+	}
+
+	return nil
+}
+
+func dtToType(typ uint8) os.FileMode {
+	switch typ {
+	case syscall.DT_BLK:
+		return os.ModeDevice
+	case syscall.DT_CHR:
+		return os.ModeDevice | os.ModeCharDevice
+	case syscall.DT_DIR:
+		return os.ModeDir
+	case syscall.DT_FIFO:
+		return os.ModeNamedPipe
+	case syscall.DT_LNK:
+		return os.ModeSymlink
+	case syscall.DT_REG:
+		return 0
+	case syscall.DT_SOCK:
+		return os.ModeSocket
+	}
+	return ^os.FileMode(0)
+}
+
+// openDir wraps opendir(3) and handles any EINTR errors. The returned *DIR
+// needs to be closed with closedir(3).
+func openDir(path string) (*C.DIR, error) {
+	name, err := syscall.BytePtrFromString(path)
+	if err != nil {
+		return nil, err
+	}
+	for {
+		fd, err := C.opendir((*C.char)(unsafe.Pointer(name)))
+		if err != syscall.EINTR {
+			return fd, err
+		}
+	}
+}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_ino.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_ino.go
index ea02b9ebfe..d3922890b0 100644
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_ino.go
+++ b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_ino.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build (linux || darwin) && !appengine
-// +build linux darwin
+//go:build (linux || (darwin && !cgo)) && !appengine
+// +build linux darwin,!cgo
 // +build !appengine
 
 package fastwalk
@@ -11,5 +11,5 @@ package fastwalk
 import "syscall"
 
 func direntInode(dirent *syscall.Dirent) uint64 {
-	return uint64(dirent.Ino)
+	return dirent.Ino
 }
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_bsd.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_bsd.go
index d5c9c321ed..38a4db6af3 100644
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_bsd.go
+++ b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_bsd.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build darwin || freebsd || openbsd || netbsd
-// +build darwin freebsd openbsd netbsd
+//go:build (darwin && !cgo) || freebsd || openbsd || netbsd
+// +build darwin,!cgo freebsd openbsd netbsd
 
 package fastwalk
 
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_unix.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_unix.go
index 58bd87841e..f12f1a734c 100644
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_unix.go
+++ b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_unix.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build (linux || darwin || freebsd || openbsd || netbsd) && !appengine
-// +build linux darwin freebsd openbsd netbsd
+//go:build (linux || freebsd || openbsd || netbsd || (darwin && !cgo)) && !appengine
+// +build linux freebsd openbsd netbsd darwin,!cgo
 // +build !appengine
 
 package fastwalk
diff --git a/vendor/golang.org/x/tools/internal/gocommand/invoke.go b/vendor/golang.org/x/tools/internal/gocommand/invoke.go
index 67256dc397..d50551693f 100644
--- a/vendor/golang.org/x/tools/internal/gocommand/invoke.go
+++ b/vendor/golang.org/x/tools/internal/gocommand/invoke.go
@@ -10,8 +10,10 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"log"
 	"os"
 	"regexp"
+	"runtime"
 	"strconv"
 	"strings"
 	"sync"
@@ -232,6 +234,12 @@ func (i *Invocation) run(ctx context.Context, stdout, stderr io.Writer) error {
 	return runCmdContext(ctx, cmd)
 }
 
+// DebugHangingGoCommands may be set by tests to enable additional
+// instrumentation (including panics) for debugging hanging Go commands.
+//
+// See golang/go#54461 for details.
+var DebugHangingGoCommands = false
+
 // runCmdContext is like exec.CommandContext except it sends os.Interrupt
 // before os.Kill.
 func runCmdContext(ctx context.Context, cmd *exec.Cmd) error {
@@ -243,11 +251,24 @@ func runCmdContext(ctx context.Context, cmd *exec.Cmd) error {
 		resChan <- cmd.Wait()
 	}()
 
-	select {
-	case err := <-resChan:
-		return err
-	case <-ctx.Done():
+	// If we're interested in debugging hanging Go commands, stop waiting after a
+	// minute and panic with interesting information.
+	if DebugHangingGoCommands {
+		select {
+		case err := <-resChan:
+			return err
+		case <-time.After(1 * time.Minute):
+			HandleHangingGoCommand(cmd.Process)
+		case <-ctx.Done():
+		}
+	} else {
+		select {
+		case err := <-resChan:
+			return err
+		case <-ctx.Done():
+		}
 	}
+
 	// Cancelled. Interrupt and see if it ends voluntarily.
 	cmd.Process.Signal(os.Interrupt)
 	select {
@@ -255,11 +276,63 @@ func runCmdContext(ctx context.Context, cmd *exec.Cmd) error {
 		return err
 	case <-time.After(time.Second):
 	}
+
 	// Didn't shut down in response to interrupt. Kill it hard.
-	cmd.Process.Kill()
+	// TODO(rfindley): per advice from bcmills@, it may be better to send SIGQUIT
+	// on certain platforms, such as unix.
+	if err := cmd.Process.Kill(); err != nil && DebugHangingGoCommands {
+		// Don't panic here as this reliably fails on windows with EINVAL.
+		log.Printf("error killing the Go command: %v", err)
+	}
+
+	// See above: don't wait indefinitely if we're debugging hanging Go commands.
+	if DebugHangingGoCommands {
+		select {
+		case err := <-resChan:
+			return err
+		case <-time.After(10 * time.Second): // a shorter wait as resChan should return quickly following Kill
+			HandleHangingGoCommand(cmd.Process)
+		}
+	}
 	return <-resChan
 }
 
+func HandleHangingGoCommand(proc *os.Process) {
+	switch runtime.GOOS {
+	case "linux", "darwin", "freebsd", "netbsd":
+		fmt.Fprintln(os.Stderr, `DETECTED A HANGING GO COMMAND
+
+The gopls test runner has detected a hanging go command. In order to debug
+this, the output of ps and lsof/fstat is printed below.
+
+See golang/go#54461 for more details.`)
+
+		fmt.Fprintln(os.Stderr, "\nps axo ppid,pid,command:")
+		fmt.Fprintln(os.Stderr, "-------------------------")
+		psCmd := exec.Command("ps", "axo", "ppid,pid,command")
+		psCmd.Stdout = os.Stderr
+		psCmd.Stderr = os.Stderr
+		if err := psCmd.Run(); err != nil {
+			panic(fmt.Sprintf("running ps: %v", err))
+		}
+
+		listFiles := "lsof"
+		if runtime.GOOS == "freebsd" || runtime.GOOS == "netbsd" {
+			listFiles = "fstat"
+		}
+
+		fmt.Fprintln(os.Stderr, "\n"+listFiles+":")
+		fmt.Fprintln(os.Stderr, "-----")
+		listFilesCmd := exec.Command(listFiles)
+		listFilesCmd.Stdout = os.Stderr
+		listFilesCmd.Stderr = os.Stderr
+		if err := listFilesCmd.Run(); err != nil {
+			panic(fmt.Sprintf("running %s: %v", listFiles, err))
+		}
+	}
+	panic(fmt.Sprintf("detected hanging go command (pid %d): see golang/go#54461 for more details", proc.Pid))
+}
+
 func cmdDebugStr(cmd *exec.Cmd) string {
 	env := make(map[string]string)
 	for _, kv := range cmd.Env {
diff --git a/vendor/golang.org/x/tools/internal/gocommand/version.go b/vendor/golang.org/x/tools/internal/gocommand/version.go
index 7130436802..307a76d474 100644
--- a/vendor/golang.org/x/tools/internal/gocommand/version.go
+++ b/vendor/golang.org/x/tools/internal/gocommand/version.go
@@ -7,11 +7,19 @@ package gocommand
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"strings"
 )
 
-// GoVersion checks the go version by running "go list" with modules off.
-// It returns the X in Go 1.X.
+// GoVersion reports the minor version number of the highest release
+// tag built into the go command on the PATH.
+//
+// Note that this may be higher than the version of the go tool used
+// to build this application, and thus the versions of the standard
+// go/{scanner,parser,ast,types} packages that are linked into it.
+// In that case, callers should either downgrade to the version of
+// go used to build the application, or report an error that the
+// application is too old to use the go command on the PATH.
 func GoVersion(ctx context.Context, inv Invocation, r *Runner) (int, error) {
 	inv.Verb = "list"
 	inv.Args = []string{"-e", "-f", `{{context.ReleaseTags}}`, `--`, `unsafe`}
@@ -38,7 +46,7 @@ func GoVersion(ctx context.Context, inv Invocation, r *Runner) (int, error) {
 	if len(stdout) < 3 {
 		return 0, fmt.Errorf("bad ReleaseTags output: %q", stdout)
 	}
-	// Split up "[go1.1 go1.15]"
+	// Split up "[go1.1 go1.15]" and return highest go1.X value.
 	tags := strings.Fields(stdout[1 : len(stdout)-2])
 	for i := len(tags) - 1; i >= 0; i-- {
 		var version int
@@ -49,3 +57,25 @@ func GoVersion(ctx context.Context, inv Invocation, r *Runner) (int, error) {
 	}
 	return 0, fmt.Errorf("no parseable ReleaseTags in %v", tags)
 }
+
+// GoVersionOutput returns the complete output of the go version command.
+func GoVersionOutput(ctx context.Context, inv Invocation, r *Runner) (string, error) {
+	inv.Verb = "version"
+	goVersion, err := r.Run(ctx, inv)
+	if err != nil {
+		return "", err
+	}
+	return goVersion.String(), nil
+}
+
+// ParseGoVersionOutput extracts the Go version string
+// from the output of the "go version" command.
+// Given an unrecognized form, it returns an empty string.
+func ParseGoVersionOutput(data string) string {
+	re := regexp.MustCompile(`^go version (go\S+|devel \S+)`)
+	m := re.FindStringSubmatch(data)
+	if len(m) != 2 {
+		return "" // unrecognized version
+	}
+	return m[1]
+}
diff --git a/vendor/golang.org/x/tools/internal/imports/fix.go b/vendor/golang.org/x/tools/internal/imports/fix.go
index 9e373d64eb..642a5ac2d7 100644
--- a/vendor/golang.org/x/tools/internal/imports/fix.go
+++ b/vendor/golang.org/x/tools/internal/imports/fix.go
@@ -697,6 +697,9 @@ func candidateImportName(pkg *pkg) string {
 
 // GetAllCandidates calls wrapped for each package whose name starts with
 // searchPrefix, and can be imported from filename with the package name filePkg.
+//
+// Beware that the wrapped function may be called multiple times concurrently.
+// TODO(adonovan): encapsulate the concurrency.
 func GetAllCandidates(ctx context.Context, wrapped func(ImportFix), searchPrefix, filename, filePkg string, env *ProcessEnv) error {
 	callback := &scanCallback{
 		rootFound: func(gopathwalk.Root) bool {
@@ -796,7 +799,7 @@ func GetPackageExports(ctx context.Context, wrapped func(PackageExport), searchP
 	return getCandidatePkgs(ctx, callback, filename, filePkg, env)
 }
 
-var RequiredGoEnvVars = []string{"GO111MODULE", "GOFLAGS", "GOINSECURE", "GOMOD", "GOMODCACHE", "GONOPROXY", "GONOSUMDB", "GOPATH", "GOPROXY", "GOROOT", "GOSUMDB", "GOWORK"}
+var requiredGoEnvVars = []string{"GO111MODULE", "GOFLAGS", "GOINSECURE", "GOMOD", "GOMODCACHE", "GONOPROXY", "GONOSUMDB", "GOPATH", "GOPROXY", "GOROOT", "GOSUMDB", "GOWORK"}
 
 // ProcessEnv contains environment variables and settings that affect the use of
 // the go command, the go/build package, etc.
@@ -807,6 +810,11 @@ type ProcessEnv struct {
 	ModFlag    string
 	ModFile    string
 
+	// SkipPathInScan returns true if the path should be skipped from scans of
+	// the RootCurrentModule root type. The function argument is a clean,
+	// absolute path.
+	SkipPathInScan func(string) bool
+
 	// Env overrides the OS environment, and can be used to specify
 	// GOPROXY, GO111MODULE, etc. PATH cannot be set here, because
 	// exec.Command will not honor it.
@@ -861,7 +869,7 @@ func (e *ProcessEnv) init() error {
 	}
 
 	foundAllRequired := true
-	for _, k := range RequiredGoEnvVars {
+	for _, k := range requiredGoEnvVars {
 		if _, ok := e.Env[k]; !ok {
 			foundAllRequired = false
 			break
@@ -877,7 +885,7 @@ func (e *ProcessEnv) init() error {
 	}
 
 	goEnv := map[string]string{}
-	stdout, err := e.invokeGo(context.TODO(), "env", append([]string{"-json"}, RequiredGoEnvVars...)...)
+	stdout, err := e.invokeGo(context.TODO(), "env", append([]string{"-json"}, requiredGoEnvVars...)...)
 	if err != nil {
 		return err
 	}
@@ -1367,9 +1375,9 @@ func (r *gopathResolver) scan(ctx context.Context, callback *scanCallback) error
 		return err
 	}
 	var roots []gopathwalk.Root
-	roots = append(roots, gopathwalk.Root{filepath.Join(goenv["GOROOT"], "src"), gopathwalk.RootGOROOT})
+	roots = append(roots, gopathwalk.Root{Path: filepath.Join(goenv["GOROOT"], "src"), Type: gopathwalk.RootGOROOT})
 	for _, p := range filepath.SplitList(goenv["GOPATH"]) {
-		roots = append(roots, gopathwalk.Root{filepath.Join(p, "src"), gopathwalk.RootGOPATH})
+		roots = append(roots, gopathwalk.Root{Path: filepath.Join(p, "src"), Type: gopathwalk.RootGOPATH})
 	}
 	// The callback is not necessarily safe to use in the goroutine below. Process roots eagerly.
 	roots = filterRoots(roots, callback.rootFound)
diff --git a/vendor/golang.org/x/tools/internal/imports/mod.go b/vendor/golang.org/x/tools/internal/imports/mod.go
index 46693f2433..7d99d04ca8 100644
--- a/vendor/golang.org/x/tools/internal/imports/mod.go
+++ b/vendor/golang.org/x/tools/internal/imports/mod.go
@@ -129,22 +129,22 @@ func (r *ModuleResolver) init() error {
 	})
 
 	r.roots = []gopathwalk.Root{
-		{filepath.Join(goenv["GOROOT"], "/src"), gopathwalk.RootGOROOT},
+		{Path: filepath.Join(goenv["GOROOT"], "/src"), Type: gopathwalk.RootGOROOT},
 	}
 	r.mainByDir = make(map[string]*gocommand.ModuleJSON)
 	for _, main := range r.mains {
-		r.roots = append(r.roots, gopathwalk.Root{main.Dir, gopathwalk.RootCurrentModule})
+		r.roots = append(r.roots, gopathwalk.Root{Path: main.Dir, Type: gopathwalk.RootCurrentModule})
 		r.mainByDir[main.Dir] = main
 	}
 	if vendorEnabled {
-		r.roots = append(r.roots, gopathwalk.Root{r.dummyVendorMod.Dir, gopathwalk.RootOther})
+		r.roots = append(r.roots, gopathwalk.Root{Path: r.dummyVendorMod.Dir, Type: gopathwalk.RootOther})
 	} else {
 		addDep := func(mod *gocommand.ModuleJSON) {
 			if mod.Replace == nil {
 				// This is redundant with the cache, but we'll skip it cheaply enough.
-				r.roots = append(r.roots, gopathwalk.Root{mod.Dir, gopathwalk.RootModuleCache})
+				r.roots = append(r.roots, gopathwalk.Root{Path: mod.Dir, Type: gopathwalk.RootModuleCache})
 			} else {
-				r.roots = append(r.roots, gopathwalk.Root{mod.Dir, gopathwalk.RootOther})
+				r.roots = append(r.roots, gopathwalk.Root{Path: mod.Dir, Type: gopathwalk.RootOther})
 			}
 		}
 		// Walk dependent modules before scanning the full mod cache, direct deps first.
@@ -158,7 +158,7 @@ func (r *ModuleResolver) init() error {
 				addDep(mod)
 			}
 		}
-		r.roots = append(r.roots, gopathwalk.Root{r.moduleCacheDir, gopathwalk.RootModuleCache})
+		r.roots = append(r.roots, gopathwalk.Root{Path: r.moduleCacheDir, Type: gopathwalk.RootModuleCache})
 	}
 
 	r.scannedRoots = map[gopathwalk.Root]bool{}
@@ -466,6 +466,16 @@ func (r *ModuleResolver) scan(ctx context.Context, callback *scanCallback) error
 	// We assume cached directories are fully cached, including all their
 	// children, and have not changed. We can skip them.
 	skip := func(root gopathwalk.Root, dir string) bool {
+		if r.env.SkipPathInScan != nil && root.Type == gopathwalk.RootCurrentModule {
+			if root.Path == dir {
+				return false
+			}
+
+			if r.env.SkipPathInScan(filepath.Clean(dir)) {
+				return true
+			}
+		}
+
 		info, ok := r.cacheLoad(dir)
 		if !ok {
 			return false
diff --git a/vendor/golang.org/x/tools/internal/imports/sortimports.go b/vendor/golang.org/x/tools/internal/imports/sortimports.go
index 85144db1df..1a0a7ebd9e 100644
--- a/vendor/golang.org/x/tools/internal/imports/sortimports.go
+++ b/vendor/golang.org/x/tools/internal/imports/sortimports.go
@@ -52,6 +52,7 @@ func sortImports(localPrefix string, tokFile *token.File, f *ast.File) {
 		d.Specs = specs
 
 		// Deduping can leave a blank line before the rparen; clean that up.
+		// Ignore line directives.
 		if len(d.Specs) > 0 {
 			lastSpec := d.Specs[len(d.Specs)-1]
 			lastLine := tokFile.PositionFor(lastSpec.Pos(), false).Line
diff --git a/vendor/golang.org/x/tools/internal/imports/zstdlib.go b/vendor/golang.org/x/tools/internal/imports/zstdlib.go
index 437fbb78db..31a75949cd 100644
--- a/vendor/golang.org/x/tools/internal/imports/zstdlib.go
+++ b/vendor/golang.org/x/tools/internal/imports/zstdlib.go
@@ -1,11 +1,16 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 // Code generated by mkstdlib.go. DO NOT EDIT.
 
 package imports
 
 var stdlib = map[string][]string{
-	"archive/tar": []string{
+	"archive/tar": {
 		"ErrFieldTooLong",
 		"ErrHeader",
+		"ErrInsecurePath",
 		"ErrWriteAfterClose",
 		"ErrWriteTooLong",
 		"FileInfoHeader",
@@ -34,13 +39,14 @@ var stdlib = map[string][]string{
 		"TypeXHeader",
 		"Writer",
 	},
-	"archive/zip": []string{
+	"archive/zip": {
 		"Compressor",
 		"Decompressor",
 		"Deflate",
 		"ErrAlgorithm",
 		"ErrChecksum",
 		"ErrFormat",
+		"ErrInsecurePath",
 		"File",
 		"FileHeader",
 		"FileInfoHeader",
@@ -54,7 +60,7 @@ var stdlib = map[string][]string{
 		"Store",
 		"Writer",
 	},
-	"bufio": []string{
+	"bufio": {
 		"ErrAdvanceTooFar",
 		"ErrBadReadCount",
 		"ErrBufferFull",
@@ -81,14 +87,17 @@ var stdlib = map[string][]string{
 		"SplitFunc",
 		"Writer",
 	},
-	"bytes": []string{
+	"bytes": {
 		"Buffer",
+		"Clone",
 		"Compare",
 		"Contains",
 		"ContainsAny",
 		"ContainsRune",
 		"Count",
 		"Cut",
+		"CutPrefix",
+		"CutSuffix",
 		"Equal",
 		"EqualFold",
 		"ErrTooLarge",
@@ -138,11 +147,11 @@ var stdlib = map[string][]string{
 		"TrimSpace",
 		"TrimSuffix",
 	},
-	"compress/bzip2": []string{
+	"compress/bzip2": {
 		"NewReader",
 		"StructuralError",
 	},
-	"compress/flate": []string{
+	"compress/flate": {
 		"BestCompression",
 		"BestSpeed",
 		"CorruptInputError",
@@ -160,7 +169,7 @@ var stdlib = map[string][]string{
 		"WriteError",
 		"Writer",
 	},
-	"compress/gzip": []string{
+	"compress/gzip": {
 		"BestCompression",
 		"BestSpeed",
 		"DefaultCompression",
@@ -175,7 +184,7 @@ var stdlib = map[string][]string{
 		"Reader",
 		"Writer",
 	},
-	"compress/lzw": []string{
+	"compress/lzw": {
 		"LSB",
 		"MSB",
 		"NewReader",
@@ -184,7 +193,7 @@ var stdlib = map[string][]string{
 		"Reader",
 		"Writer",
 	},
-	"compress/zlib": []string{
+	"compress/zlib": {
 		"BestCompression",
 		"BestSpeed",
 		"DefaultCompression",
@@ -201,7 +210,7 @@ var stdlib = map[string][]string{
 		"Resetter",
 		"Writer",
 	},
-	"container/heap": []string{
+	"container/heap": {
 		"Fix",
 		"Init",
 		"Interface",
@@ -209,28 +218,31 @@ var stdlib = map[string][]string{
 		"Push",
 		"Remove",
 	},
-	"container/list": []string{
+	"container/list": {
 		"Element",
 		"List",
 		"New",
 	},
-	"container/ring": []string{
+	"container/ring": {
 		"New",
 		"Ring",
 	},
-	"context": []string{
+	"context": {
 		"Background",
+		"CancelCauseFunc",
 		"CancelFunc",
 		"Canceled",
+		"Cause",
 		"Context",
 		"DeadlineExceeded",
 		"TODO",
 		"WithCancel",
+		"WithCancelCause",
 		"WithDeadline",
 		"WithTimeout",
 		"WithValue",
 	},
-	"crypto": []string{
+	"crypto": {
 		"BLAKE2b_256",
 		"BLAKE2b_384",
 		"BLAKE2b_512",
@@ -259,12 +271,12 @@ var stdlib = map[string][]string{
 		"Signer",
 		"SignerOpts",
 	},
-	"crypto/aes": []string{
+	"crypto/aes": {
 		"BlockSize",
 		"KeySizeError",
 		"NewCipher",
 	},
-	"crypto/cipher": []string{
+	"crypto/cipher": {
 		"AEAD",
 		"Block",
 		"BlockMode",
@@ -281,13 +293,13 @@ var stdlib = map[string][]string{
 		"StreamReader",
 		"StreamWriter",
 	},
-	"crypto/des": []string{
+	"crypto/des": {
 		"BlockSize",
 		"KeySizeError",
 		"NewCipher",
 		"NewTripleDESCipher",
 	},
-	"crypto/dsa": []string{
+	"crypto/dsa": {
 		"ErrInvalidPublicKey",
 		"GenerateKey",
 		"GenerateParameters",
@@ -302,7 +314,16 @@ var stdlib = map[string][]string{
 		"Sign",
 		"Verify",
 	},
-	"crypto/ecdsa": []string{
+	"crypto/ecdh": {
+		"Curve",
+		"P256",
+		"P384",
+		"P521",
+		"PrivateKey",
+		"PublicKey",
+		"X25519",
+	},
+	"crypto/ecdsa": {
 		"GenerateKey",
 		"PrivateKey",
 		"PublicKey",
@@ -311,9 +332,10 @@ var stdlib = map[string][]string{
 		"Verify",
 		"VerifyASN1",
 	},
-	"crypto/ed25519": []string{
+	"crypto/ed25519": {
 		"GenerateKey",
 		"NewKeyFromSeed",
+		"Options",
 		"PrivateKey",
 		"PrivateKeySize",
 		"PublicKey",
@@ -322,8 +344,9 @@ var stdlib = map[string][]string{
 		"Sign",
 		"SignatureSize",
 		"Verify",
+		"VerifyWithOptions",
 	},
-	"crypto/elliptic": []string{
+	"crypto/elliptic": {
 		"Curve",
 		"CurveParams",
 		"GenerateKey",
@@ -336,28 +359,28 @@ var stdlib = map[string][]string{
 		"Unmarshal",
 		"UnmarshalCompressed",
 	},
-	"crypto/hmac": []string{
+	"crypto/hmac": {
 		"Equal",
 		"New",
 	},
-	"crypto/md5": []string{
+	"crypto/md5": {
 		"BlockSize",
 		"New",
 		"Size",
 		"Sum",
 	},
-	"crypto/rand": []string{
+	"crypto/rand": {
 		"Int",
 		"Prime",
 		"Read",
 		"Reader",
 	},
-	"crypto/rc4": []string{
+	"crypto/rc4": {
 		"Cipher",
 		"KeySizeError",
 		"NewCipher",
 	},
-	"crypto/rsa": []string{
+	"crypto/rsa": {
 		"CRTValue",
 		"DecryptOAEP",
 		"DecryptPKCS1v15",
@@ -382,13 +405,13 @@ var stdlib = map[string][]string{
 		"VerifyPKCS1v15",
 		"VerifyPSS",
 	},
-	"crypto/sha1": []string{
+	"crypto/sha1": {
 		"BlockSize",
 		"New",
 		"Size",
 		"Sum",
 	},
-	"crypto/sha256": []string{
+	"crypto/sha256": {
 		"BlockSize",
 		"New",
 		"New224",
@@ -397,7 +420,7 @@ var stdlib = map[string][]string{
 		"Sum224",
 		"Sum256",
 	},
-	"crypto/sha512": []string{
+	"crypto/sha512": {
 		"BlockSize",
 		"New",
 		"New384",
@@ -412,17 +435,19 @@ var stdlib = map[string][]string{
 		"Sum512_224",
 		"Sum512_256",
 	},
-	"crypto/subtle": []string{
+	"crypto/subtle": {
 		"ConstantTimeByteEq",
 		"ConstantTimeCompare",
 		"ConstantTimeCopy",
 		"ConstantTimeEq",
 		"ConstantTimeLessOrEq",
 		"ConstantTimeSelect",
+		"XORBytes",
 	},
-	"crypto/tls": []string{
+	"crypto/tls": {
 		"Certificate",
 		"CertificateRequestInfo",
+		"CertificateVerificationError",
 		"CipherSuite",
 		"CipherSuiteName",
 		"CipherSuites",
@@ -506,7 +531,7 @@ var stdlib = map[string][]string{
 		"X25519",
 		"X509KeyPair",
 	},
-	"crypto/x509": []string{
+	"crypto/x509": {
 		"CANotAuthorizedForExtKeyUsage",
 		"CANotAuthorizedForThisName",
 		"CertPool",
@@ -588,6 +613,7 @@ var stdlib = map[string][]string{
 		"ParsePKCS1PublicKey",
 		"ParsePKCS8PrivateKey",
 		"ParsePKIXPublicKey",
+		"ParseRevocationList",
 		"PublicKeyAlgorithm",
 		"PureEd25519",
 		"RSA",
@@ -599,6 +625,7 @@ var stdlib = map[string][]string{
 		"SHA384WithRSAPSS",
 		"SHA512WithRSA",
 		"SHA512WithRSAPSS",
+		"SetFallbackRoots",
 		"SignatureAlgorithm",
 		"SystemCertPool",
 		"SystemRootsError",
@@ -611,7 +638,7 @@ var stdlib = map[string][]string{
 		"UnknownSignatureAlgorithm",
 		"VerifyOptions",
 	},
-	"crypto/x509/pkix": []string{
+	"crypto/x509/pkix": {
 		"AlgorithmIdentifier",
 		"AttributeTypeAndValue",
 		"AttributeTypeAndValueSET",
@@ -623,7 +650,7 @@ var stdlib = map[string][]string{
 		"RevokedCertificate",
 		"TBSCertificateList",
 	},
-	"database/sql": []string{
+	"database/sql": {
 		"ColumnType",
 		"Conn",
 		"DB",
@@ -664,7 +691,7 @@ var stdlib = map[string][]string{
 		"Tx",
 		"TxOptions",
 	},
-	"database/sql/driver": []string{
+	"database/sql/driver": {
 		"Bool",
 		"ColumnConverter",
 		"Conn",
@@ -712,12 +739,12 @@ var stdlib = map[string][]string{
 		"ValueConverter",
 		"Valuer",
 	},
-	"debug/buildinfo": []string{
+	"debug/buildinfo": {
 		"BuildInfo",
 		"Read",
 		"ReadFile",
 	},
-	"debug/dwarf": []string{
+	"debug/dwarf": {
 		"AddrType",
 		"ArrayType",
 		"Attr",
@@ -968,7 +995,7 @@ var stdlib = map[string][]string{
 		"UnsupportedType",
 		"VoidType",
 	},
-	"debug/elf": []string{
+	"debug/elf": {
 		"ARM_MAGIC_TRAMP_NUMBER",
 		"COMPRESS_HIOS",
 		"COMPRESS_HIPROC",
@@ -1238,6 +1265,7 @@ var stdlib = map[string][]string{
 		"EM_L10M",
 		"EM_LANAI",
 		"EM_LATTICEMICO32",
+		"EM_LOONGARCH",
 		"EM_M16C",
 		"EM_M32",
 		"EM_M32C",
@@ -1820,6 +1848,96 @@ var stdlib = map[string][]string{
 		"R_ARM_XPC25",
 		"R_INFO",
 		"R_INFO32",
+		"R_LARCH",
+		"R_LARCH_32",
+		"R_LARCH_32_PCREL",
+		"R_LARCH_64",
+		"R_LARCH_ABS64_HI12",
+		"R_LARCH_ABS64_LO20",
+		"R_LARCH_ABS_HI20",
+		"R_LARCH_ABS_LO12",
+		"R_LARCH_ADD16",
+		"R_LARCH_ADD24",
+		"R_LARCH_ADD32",
+		"R_LARCH_ADD64",
+		"R_LARCH_ADD8",
+		"R_LARCH_B16",
+		"R_LARCH_B21",
+		"R_LARCH_B26",
+		"R_LARCH_COPY",
+		"R_LARCH_GNU_VTENTRY",
+		"R_LARCH_GNU_VTINHERIT",
+		"R_LARCH_GOT64_HI12",
+		"R_LARCH_GOT64_LO20",
+		"R_LARCH_GOT64_PC_HI12",
+		"R_LARCH_GOT64_PC_LO20",
+		"R_LARCH_GOT_HI20",
+		"R_LARCH_GOT_LO12",
+		"R_LARCH_GOT_PC_HI20",
+		"R_LARCH_GOT_PC_LO12",
+		"R_LARCH_IRELATIVE",
+		"R_LARCH_JUMP_SLOT",
+		"R_LARCH_MARK_LA",
+		"R_LARCH_MARK_PCREL",
+		"R_LARCH_NONE",
+		"R_LARCH_PCALA64_HI12",
+		"R_LARCH_PCALA64_LO20",
+		"R_LARCH_PCALA_HI20",
+		"R_LARCH_PCALA_LO12",
+		"R_LARCH_RELATIVE",
+		"R_LARCH_RELAX",
+		"R_LARCH_SOP_ADD",
+		"R_LARCH_SOP_AND",
+		"R_LARCH_SOP_ASSERT",
+		"R_LARCH_SOP_IF_ELSE",
+		"R_LARCH_SOP_NOT",
+		"R_LARCH_SOP_POP_32_S_0_10_10_16_S2",
+		"R_LARCH_SOP_POP_32_S_0_5_10_16_S2",
+		"R_LARCH_SOP_POP_32_S_10_12",
+		"R_LARCH_SOP_POP_32_S_10_16",
+		"R_LARCH_SOP_POP_32_S_10_16_S2",
+		"R_LARCH_SOP_POP_32_S_10_5",
+		"R_LARCH_SOP_POP_32_S_5_20",
+		"R_LARCH_SOP_POP_32_U",
+		"R_LARCH_SOP_POP_32_U_10_12",
+		"R_LARCH_SOP_PUSH_ABSOLUTE",
+		"R_LARCH_SOP_PUSH_DUP",
+		"R_LARCH_SOP_PUSH_GPREL",
+		"R_LARCH_SOP_PUSH_PCREL",
+		"R_LARCH_SOP_PUSH_PLT_PCREL",
+		"R_LARCH_SOP_PUSH_TLS_GD",
+		"R_LARCH_SOP_PUSH_TLS_GOT",
+		"R_LARCH_SOP_PUSH_TLS_TPREL",
+		"R_LARCH_SOP_SL",
+		"R_LARCH_SOP_SR",
+		"R_LARCH_SOP_SUB",
+		"R_LARCH_SUB16",
+		"R_LARCH_SUB24",
+		"R_LARCH_SUB32",
+		"R_LARCH_SUB64",
+		"R_LARCH_SUB8",
+		"R_LARCH_TLS_DTPMOD32",
+		"R_LARCH_TLS_DTPMOD64",
+		"R_LARCH_TLS_DTPREL32",
+		"R_LARCH_TLS_DTPREL64",
+		"R_LARCH_TLS_GD_HI20",
+		"R_LARCH_TLS_GD_PC_HI20",
+		"R_LARCH_TLS_IE64_HI12",
+		"R_LARCH_TLS_IE64_LO20",
+		"R_LARCH_TLS_IE64_PC_HI12",
+		"R_LARCH_TLS_IE64_PC_LO20",
+		"R_LARCH_TLS_IE_HI20",
+		"R_LARCH_TLS_IE_LO12",
+		"R_LARCH_TLS_IE_PC_HI20",
+		"R_LARCH_TLS_IE_PC_LO12",
+		"R_LARCH_TLS_LD_HI20",
+		"R_LARCH_TLS_LD_PC_HI20",
+		"R_LARCH_TLS_LE64_HI12",
+		"R_LARCH_TLS_LE64_LO20",
+		"R_LARCH_TLS_LE_HI20",
+		"R_LARCH_TLS_LE_LO12",
+		"R_LARCH_TLS_TPREL32",
+		"R_LARCH_TLS_TPREL64",
 		"R_MIPS",
 		"R_MIPS_16",
 		"R_MIPS_26",
@@ -1881,15 +1999,25 @@ var stdlib = map[string][]string{
 		"R_PPC64_ADDR16_HIGH",
 		"R_PPC64_ADDR16_HIGHA",
 		"R_PPC64_ADDR16_HIGHER",
+		"R_PPC64_ADDR16_HIGHER34",
 		"R_PPC64_ADDR16_HIGHERA",
+		"R_PPC64_ADDR16_HIGHERA34",
 		"R_PPC64_ADDR16_HIGHEST",
+		"R_PPC64_ADDR16_HIGHEST34",
 		"R_PPC64_ADDR16_HIGHESTA",
+		"R_PPC64_ADDR16_HIGHESTA34",
 		"R_PPC64_ADDR16_LO",
 		"R_PPC64_ADDR16_LO_DS",
 		"R_PPC64_ADDR24",
 		"R_PPC64_ADDR32",
 		"R_PPC64_ADDR64",
 		"R_PPC64_ADDR64_LOCAL",
+		"R_PPC64_COPY",
+		"R_PPC64_D28",
+		"R_PPC64_D34",
+		"R_PPC64_D34_HA30",
+		"R_PPC64_D34_HI30",
+		"R_PPC64_D34_LO",
 		"R_PPC64_DTPMOD64",
 		"R_PPC64_DTPREL16",
 		"R_PPC64_DTPREL16_DS",
@@ -1903,8 +2031,12 @@ var stdlib = map[string][]string{
 		"R_PPC64_DTPREL16_HIGHESTA",
 		"R_PPC64_DTPREL16_LO",
 		"R_PPC64_DTPREL16_LO_DS",
+		"R_PPC64_DTPREL34",
 		"R_PPC64_DTPREL64",
 		"R_PPC64_ENTRY",
+		"R_PPC64_GLOB_DAT",
+		"R_PPC64_GNU_VTENTRY",
+		"R_PPC64_GNU_VTINHERIT",
 		"R_PPC64_GOT16",
 		"R_PPC64_GOT16_DS",
 		"R_PPC64_GOT16_HA",
@@ -1915,29 +2047,50 @@ var stdlib = map[string][]string{
 		"R_PPC64_GOT_DTPREL16_HA",
 		"R_PPC64_GOT_DTPREL16_HI",
 		"R_PPC64_GOT_DTPREL16_LO_DS",
+		"R_PPC64_GOT_DTPREL_PCREL34",
+		"R_PPC64_GOT_PCREL34",
 		"R_PPC64_GOT_TLSGD16",
 		"R_PPC64_GOT_TLSGD16_HA",
 		"R_PPC64_GOT_TLSGD16_HI",
 		"R_PPC64_GOT_TLSGD16_LO",
+		"R_PPC64_GOT_TLSGD_PCREL34",
 		"R_PPC64_GOT_TLSLD16",
 		"R_PPC64_GOT_TLSLD16_HA",
 		"R_PPC64_GOT_TLSLD16_HI",
 		"R_PPC64_GOT_TLSLD16_LO",
+		"R_PPC64_GOT_TLSLD_PCREL34",
 		"R_PPC64_GOT_TPREL16_DS",
 		"R_PPC64_GOT_TPREL16_HA",
 		"R_PPC64_GOT_TPREL16_HI",
 		"R_PPC64_GOT_TPREL16_LO_DS",
+		"R_PPC64_GOT_TPREL_PCREL34",
 		"R_PPC64_IRELATIVE",
 		"R_PPC64_JMP_IREL",
 		"R_PPC64_JMP_SLOT",
 		"R_PPC64_NONE",
+		"R_PPC64_PCREL28",
+		"R_PPC64_PCREL34",
+		"R_PPC64_PCREL_OPT",
+		"R_PPC64_PLT16_HA",
+		"R_PPC64_PLT16_HI",
+		"R_PPC64_PLT16_LO",
 		"R_PPC64_PLT16_LO_DS",
+		"R_PPC64_PLT32",
+		"R_PPC64_PLT64",
+		"R_PPC64_PLTCALL",
+		"R_PPC64_PLTCALL_NOTOC",
 		"R_PPC64_PLTGOT16",
 		"R_PPC64_PLTGOT16_DS",
 		"R_PPC64_PLTGOT16_HA",
 		"R_PPC64_PLTGOT16_HI",
 		"R_PPC64_PLTGOT16_LO",
 		"R_PPC64_PLTGOT_LO_DS",
+		"R_PPC64_PLTREL32",
+		"R_PPC64_PLTREL64",
+		"R_PPC64_PLTSEQ",
+		"R_PPC64_PLTSEQ_NOTOC",
+		"R_PPC64_PLT_PCREL34",
+		"R_PPC64_PLT_PCREL34_NOTOC",
 		"R_PPC64_REL14",
 		"R_PPC64_REL14_BRNTAKEN",
 		"R_PPC64_REL14_BRTAKEN",
@@ -1945,13 +2098,28 @@ var stdlib = map[string][]string{
 		"R_PPC64_REL16DX_HA",
 		"R_PPC64_REL16_HA",
 		"R_PPC64_REL16_HI",
+		"R_PPC64_REL16_HIGH",
+		"R_PPC64_REL16_HIGHA",
+		"R_PPC64_REL16_HIGHER",
+		"R_PPC64_REL16_HIGHER34",
+		"R_PPC64_REL16_HIGHERA",
+		"R_PPC64_REL16_HIGHERA34",
+		"R_PPC64_REL16_HIGHEST",
+		"R_PPC64_REL16_HIGHEST34",
+		"R_PPC64_REL16_HIGHESTA",
+		"R_PPC64_REL16_HIGHESTA34",
 		"R_PPC64_REL16_LO",
 		"R_PPC64_REL24",
 		"R_PPC64_REL24_NOTOC",
+		"R_PPC64_REL30",
 		"R_PPC64_REL32",
 		"R_PPC64_REL64",
 		"R_PPC64_RELATIVE",
+		"R_PPC64_SECTOFF",
 		"R_PPC64_SECTOFF_DS",
+		"R_PPC64_SECTOFF_HA",
+		"R_PPC64_SECTOFF_HI",
+		"R_PPC64_SECTOFF_LO",
 		"R_PPC64_SECTOFF_LO_DS",
 		"R_PPC64_TLS",
 		"R_PPC64_TLSGD",
@@ -1976,7 +2144,11 @@ var stdlib = map[string][]string{
 		"R_PPC64_TPREL16_HIGHESTA",
 		"R_PPC64_TPREL16_LO",
 		"R_PPC64_TPREL16_LO_DS",
+		"R_PPC64_TPREL34",
 		"R_PPC64_TPREL64",
+		"R_PPC64_UADDR16",
+		"R_PPC64_UADDR32",
+		"R_PPC64_UADDR64",
 		"R_PPC_ADDR14",
 		"R_PPC_ADDR14_BRNTAKEN",
 		"R_PPC_ADDR14_BRTAKEN",
@@ -2315,7 +2487,7 @@ var stdlib = map[string][]string{
 		"Type",
 		"Version",
 	},
-	"debug/gosym": []string{
+	"debug/gosym": {
 		"DecodingError",
 		"Func",
 		"LineTable",
@@ -2327,7 +2499,7 @@ var stdlib = map[string][]string{
 		"UnknownFileError",
 		"UnknownLineError",
 	},
-	"debug/macho": []string{
+	"debug/macho": {
 		"ARM64_RELOC_ADDEND",
 		"ARM64_RELOC_BRANCH26",
 		"ARM64_RELOC_GOT_LOAD_PAGE21",
@@ -2457,13 +2629,20 @@ var stdlib = map[string][]string{
 		"X86_64_RELOC_TLV",
 		"X86_64_RELOC_UNSIGNED",
 	},
-	"debug/pe": []string{
+	"debug/pe": {
 		"COFFSymbol",
+		"COFFSymbolAuxFormat5",
 		"COFFSymbolSize",
 		"DataDirectory",
 		"File",
 		"FileHeader",
 		"FormatError",
+		"IMAGE_COMDAT_SELECT_ANY",
+		"IMAGE_COMDAT_SELECT_ASSOCIATIVE",
+		"IMAGE_COMDAT_SELECT_EXACT_MATCH",
+		"IMAGE_COMDAT_SELECT_LARGEST",
+		"IMAGE_COMDAT_SELECT_NODUPLICATES",
+		"IMAGE_COMDAT_SELECT_SAME_SIZE",
 		"IMAGE_DIRECTORY_ENTRY_ARCHITECTURE",
 		"IMAGE_DIRECTORY_ENTRY_BASERELOC",
 		"IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
@@ -2508,6 +2687,8 @@ var stdlib = map[string][]string{
 		"IMAGE_FILE_MACHINE_EBC",
 		"IMAGE_FILE_MACHINE_I386",
 		"IMAGE_FILE_MACHINE_IA64",
+		"IMAGE_FILE_MACHINE_LOONGARCH32",
+		"IMAGE_FILE_MACHINE_LOONGARCH64",
 		"IMAGE_FILE_MACHINE_M32R",
 		"IMAGE_FILE_MACHINE_MIPS16",
 		"IMAGE_FILE_MACHINE_MIPSFPU",
@@ -2515,6 +2696,9 @@ var stdlib = map[string][]string{
 		"IMAGE_FILE_MACHINE_POWERPC",
 		"IMAGE_FILE_MACHINE_POWERPCFP",
 		"IMAGE_FILE_MACHINE_R4000",
+		"IMAGE_FILE_MACHINE_RISCV128",
+		"IMAGE_FILE_MACHINE_RISCV32",
+		"IMAGE_FILE_MACHINE_RISCV64",
 		"IMAGE_FILE_MACHINE_SH3",
 		"IMAGE_FILE_MACHINE_SH3DSP",
 		"IMAGE_FILE_MACHINE_SH4",
@@ -2527,6 +2711,14 @@ var stdlib = map[string][]string{
 		"IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP",
 		"IMAGE_FILE_SYSTEM",
 		"IMAGE_FILE_UP_SYSTEM_ONLY",
+		"IMAGE_SCN_CNT_CODE",
+		"IMAGE_SCN_CNT_INITIALIZED_DATA",
+		"IMAGE_SCN_CNT_UNINITIALIZED_DATA",
+		"IMAGE_SCN_LNK_COMDAT",
+		"IMAGE_SCN_MEM_DISCARDABLE",
+		"IMAGE_SCN_MEM_EXECUTE",
+		"IMAGE_SCN_MEM_READ",
+		"IMAGE_SCN_MEM_WRITE",
 		"IMAGE_SUBSYSTEM_EFI_APPLICATION",
 		"IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER",
 		"IMAGE_SUBSYSTEM_EFI_ROM",
@@ -2553,7 +2745,7 @@ var stdlib = map[string][]string{
 		"StringTable",
 		"Symbol",
 	},
-	"debug/plan9obj": []string{
+	"debug/plan9obj": {
 		"ErrNoSymbols",
 		"File",
 		"FileHeader",
@@ -2567,16 +2759,16 @@ var stdlib = map[string][]string{
 		"SectionHeader",
 		"Sym",
 	},
-	"embed": []string{
+	"embed": {
 		"FS",
 	},
-	"encoding": []string{
+	"encoding": {
 		"BinaryMarshaler",
 		"BinaryUnmarshaler",
 		"TextMarshaler",
 		"TextUnmarshaler",
 	},
-	"encoding/ascii85": []string{
+	"encoding/ascii85": {
 		"CorruptInputError",
 		"Decode",
 		"Encode",
@@ -2584,7 +2776,7 @@ var stdlib = map[string][]string{
 		"NewDecoder",
 		"NewEncoder",
 	},
-	"encoding/asn1": []string{
+	"encoding/asn1": {
 		"BitString",
 		"ClassApplication",
 		"ClassContextSpecific",
@@ -2622,7 +2814,7 @@ var stdlib = map[string][]string{
 		"Unmarshal",
 		"UnmarshalWithParams",
 	},
-	"encoding/base32": []string{
+	"encoding/base32": {
 		"CorruptInputError",
 		"Encoding",
 		"HexEncoding",
@@ -2633,7 +2825,7 @@ var stdlib = map[string][]string{
 		"StdEncoding",
 		"StdPadding",
 	},
-	"encoding/base64": []string{
+	"encoding/base64": {
 		"CorruptInputError",
 		"Encoding",
 		"NewDecoder",
@@ -2646,7 +2838,10 @@ var stdlib = map[string][]string{
 		"StdPadding",
 		"URLEncoding",
 	},
-	"encoding/binary": []string{
+	"encoding/binary": {
+		"AppendByteOrder",
+		"AppendUvarint",
+		"AppendVarint",
 		"BigEndian",
 		"ByteOrder",
 		"LittleEndian",
@@ -2663,7 +2858,7 @@ var stdlib = map[string][]string{
 		"Varint",
 		"Write",
 	},
-	"encoding/csv": []string{
+	"encoding/csv": {
 		"ErrBareQuote",
 		"ErrFieldCount",
 		"ErrQuote",
@@ -2674,7 +2869,7 @@ var stdlib = map[string][]string{
 		"Reader",
 		"Writer",
 	},
-	"encoding/gob": []string{
+	"encoding/gob": {
 		"CommonType",
 		"Decoder",
 		"Encoder",
@@ -2685,7 +2880,7 @@ var stdlib = map[string][]string{
 		"Register",
 		"RegisterName",
 	},
-	"encoding/hex": []string{
+	"encoding/hex": {
 		"Decode",
 		"DecodeString",
 		"DecodedLen",
@@ -2699,7 +2894,7 @@ var stdlib = map[string][]string{
 		"NewDecoder",
 		"NewEncoder",
 	},
-	"encoding/json": []string{
+	"encoding/json": {
 		"Compact",
 		"Decoder",
 		"Delim",
@@ -2726,13 +2921,13 @@ var stdlib = map[string][]string{
 		"UnsupportedValueError",
 		"Valid",
 	},
-	"encoding/pem": []string{
+	"encoding/pem": {
 		"Block",
 		"Decode",
 		"Encode",
 		"EncodeToMemory",
 	},
-	"encoding/xml": []string{
+	"encoding/xml": {
 		"Attr",
 		"CharData",
 		"Comment",
@@ -2766,13 +2961,14 @@ var stdlib = map[string][]string{
 		"UnmarshalerAttr",
 		"UnsupportedTypeError",
 	},
-	"errors": []string{
+	"errors": {
 		"As",
 		"Is",
+		"Join",
 		"New",
 		"Unwrap",
 	},
-	"expvar": []string{
+	"expvar": {
 		"Do",
 		"Float",
 		"Func",
@@ -2789,7 +2985,7 @@ var stdlib = map[string][]string{
 		"String",
 		"Var",
 	},
-	"flag": []string{
+	"flag": {
 		"Arg",
 		"Args",
 		"Bool",
@@ -2822,6 +3018,7 @@ var stdlib = map[string][]string{
 		"Set",
 		"String",
 		"StringVar",
+		"TextVar",
 		"Uint",
 		"Uint64",
 		"Uint64Var",
@@ -2833,8 +3030,12 @@ var stdlib = map[string][]string{
 		"Visit",
 		"VisitAll",
 	},
-	"fmt": []string{
+	"fmt": {
+		"Append",
+		"Appendf",
+		"Appendln",
 		"Errorf",
+		"FormatString",
 		"Formatter",
 		"Fprint",
 		"Fprintf",
@@ -2860,7 +3061,7 @@ var stdlib = map[string][]string{
 		"State",
 		"Stringer",
 	},
-	"go/ast": []string{
+	"go/ast": {
 		"ArrayType",
 		"AssignStmt",
 		"Bad",
@@ -2963,7 +3164,7 @@ var stdlib = map[string][]string{
 		"Visitor",
 		"Walk",
 	},
-	"go/build": []string{
+	"go/build": {
 		"AllowBinary",
 		"ArchChar",
 		"Context",
@@ -2980,7 +3181,7 @@ var stdlib = map[string][]string{
 		"Package",
 		"ToolDir",
 	},
-	"go/build/constraint": []string{
+	"go/build/constraint": {
 		"AndExpr",
 		"Expr",
 		"IsGoBuild",
@@ -2992,7 +3193,7 @@ var stdlib = map[string][]string{
 		"SyntaxError",
 		"TagExpr",
 	},
-	"go/constant": []string{
+	"go/constant": {
 		"BinaryOp",
 		"BitLen",
 		"Bool",
@@ -3033,7 +3234,7 @@ var stdlib = map[string][]string{
 		"Val",
 		"Value",
 	},
-	"go/doc": []string{
+	"go/doc": {
 		"AllDecls",
 		"AllMethods",
 		"Example",
@@ -3054,17 +3255,35 @@ var stdlib = map[string][]string{
 		"Type",
 		"Value",
 	},
-	"go/format": []string{
+	"go/doc/comment": {
+		"Block",
+		"Code",
+		"DefaultLookupPackage",
+		"Doc",
+		"DocLink",
+		"Heading",
+		"Italic",
+		"Link",
+		"LinkDef",
+		"List",
+		"ListItem",
+		"Paragraph",
+		"Parser",
+		"Plain",
+		"Printer",
+		"Text",
+	},
+	"go/format": {
 		"Node",
 		"Source",
 	},
-	"go/importer": []string{
+	"go/importer": {
 		"Default",
 		"For",
 		"ForCompiler",
 		"Lookup",
 	},
-	"go/parser": []string{
+	"go/parser": {
 		"AllErrors",
 		"DeclarationErrors",
 		"ImportsOnly",
@@ -3079,7 +3298,7 @@ var stdlib = map[string][]string{
 		"SpuriousErrors",
 		"Trace",
 	},
-	"go/printer": []string{
+	"go/printer": {
 		"CommentedNode",
 		"Config",
 		"Fprint",
@@ -3089,7 +3308,7 @@ var stdlib = map[string][]string{
 		"TabIndent",
 		"UseSpaces",
 	},
-	"go/scanner": []string{
+	"go/scanner": {
 		"Error",
 		"ErrorHandler",
 		"ErrorList",
@@ -3098,7 +3317,7 @@ var stdlib = map[string][]string{
 		"ScanComments",
 		"Scanner",
 	},
-	"go/token": []string{
+	"go/token": {
 		"ADD",
 		"ADD_ASSIGN",
 		"AND",
@@ -3196,7 +3415,7 @@ var stdlib = map[string][]string{
 		"XOR",
 		"XOR_ASSIGN",
 	},
-	"go/types": []string{
+	"go/types": {
 		"ArgumentError",
 		"Array",
 		"AssertableTo",
@@ -3302,6 +3521,7 @@ var stdlib = map[string][]string{
 		"RecvOnly",
 		"RelativeTo",
 		"Rune",
+		"Satisfies",
 		"Scope",
 		"Selection",
 		"SelectionKind",
@@ -3347,17 +3567,17 @@ var stdlib = map[string][]string{
 		"WriteSignature",
 		"WriteType",
 	},
-	"hash": []string{
+	"hash": {
 		"Hash",
 		"Hash32",
 		"Hash64",
 	},
-	"hash/adler32": []string{
+	"hash/adler32": {
 		"Checksum",
 		"New",
 		"Size",
 	},
-	"hash/crc32": []string{
+	"hash/crc32": {
 		"Castagnoli",
 		"Checksum",
 		"ChecksumIEEE",
@@ -3371,7 +3591,7 @@ var stdlib = map[string][]string{
 		"Table",
 		"Update",
 	},
-	"hash/crc64": []string{
+	"hash/crc64": {
 		"Checksum",
 		"ECMA",
 		"ISO",
@@ -3381,7 +3601,7 @@ var stdlib = map[string][]string{
 		"Table",
 		"Update",
 	},
-	"hash/fnv": []string{
+	"hash/fnv": {
 		"New128",
 		"New128a",
 		"New32",
@@ -3389,16 +3609,18 @@ var stdlib = map[string][]string{
 		"New64",
 		"New64a",
 	},
-	"hash/maphash": []string{
+	"hash/maphash": {
+		"Bytes",
 		"Hash",
 		"MakeSeed",
 		"Seed",
+		"String",
 	},
-	"html": []string{
+	"html": {
 		"EscapeString",
 		"UnescapeString",
 	},
-	"html/template": []string{
+	"html/template": {
 		"CSS",
 		"ErrAmbigContext",
 		"ErrBadHTML",
@@ -3436,7 +3658,7 @@ var stdlib = map[string][]string{
 		"URL",
 		"URLQueryEscaper",
 	},
-	"image": []string{
+	"image": {
 		"Alpha",
 		"Alpha16",
 		"Black",
@@ -3489,7 +3711,7 @@ var stdlib = map[string][]string{
 		"ZP",
 		"ZR",
 	},
-	"image/color": []string{
+	"image/color": {
 		"Alpha",
 		"Alpha16",
 		"Alpha16Model",
@@ -3525,11 +3747,11 @@ var stdlib = map[string][]string{
 		"YCbCrModel",
 		"YCbCrToRGB",
 	},
-	"image/color/palette": []string{
+	"image/color/palette": {
 		"Plan9",
 		"WebSafe",
 	},
-	"image/draw": []string{
+	"image/draw": {
 		"Draw",
 		"DrawMask",
 		"Drawer",
@@ -3541,7 +3763,7 @@ var stdlib = map[string][]string{
 		"RGBA64Image",
 		"Src",
 	},
-	"image/gif": []string{
+	"image/gif": {
 		"Decode",
 		"DecodeAll",
 		"DecodeConfig",
@@ -3553,7 +3775,7 @@ var stdlib = map[string][]string{
 		"GIF",
 		"Options",
 	},
-	"image/jpeg": []string{
+	"image/jpeg": {
 		"Decode",
 		"DecodeConfig",
 		"DefaultQuality",
@@ -3563,7 +3785,7 @@ var stdlib = map[string][]string{
 		"Reader",
 		"UnsupportedError",
 	},
-	"image/png": []string{
+	"image/png": {
 		"BestCompression",
 		"BestSpeed",
 		"CompressionLevel",
@@ -3578,11 +3800,11 @@ var stdlib = map[string][]string{
 		"NoCompression",
 		"UnsupportedError",
 	},
-	"index/suffixarray": []string{
+	"index/suffixarray": {
 		"Index",
 		"New",
 	},
-	"io": []string{
+	"io": {
 		"ByteReader",
 		"ByteScanner",
 		"ByteWriter",
@@ -3601,8 +3823,10 @@ var stdlib = map[string][]string{
 		"LimitedReader",
 		"MultiReader",
 		"MultiWriter",
+		"NewOffsetWriter",
 		"NewSectionReader",
 		"NopCloser",
+		"OffsetWriter",
 		"Pipe",
 		"PipeReader",
 		"PipeWriter",
@@ -3634,7 +3858,7 @@ var stdlib = map[string][]string{
 		"WriterAt",
 		"WriterTo",
 	},
-	"io/fs": []string{
+	"io/fs": {
 		"DirEntry",
 		"ErrClosed",
 		"ErrExist",
@@ -3669,6 +3893,7 @@ var stdlib = map[string][]string{
 		"ReadDirFile",
 		"ReadFile",
 		"ReadFileFS",
+		"SkipAll",
 		"SkipDir",
 		"Stat",
 		"StatFS",
@@ -3678,7 +3903,7 @@ var stdlib = map[string][]string{
 		"WalkDir",
 		"WalkDirFunc",
 	},
-	"io/ioutil": []string{
+	"io/ioutil": {
 		"Discard",
 		"NopCloser",
 		"ReadAll",
@@ -3688,7 +3913,7 @@ var stdlib = map[string][]string{
 		"TempFile",
 		"WriteFile",
 	},
-	"log": []string{
+	"log": {
 		"Default",
 		"Fatal",
 		"Fatalf",
@@ -3717,7 +3942,7 @@ var stdlib = map[string][]string{
 		"SetPrefix",
 		"Writer",
 	},
-	"log/syslog": []string{
+	"log/syslog": {
 		"Dial",
 		"LOG_ALERT",
 		"LOG_AUTH",
@@ -3752,7 +3977,7 @@ var stdlib = map[string][]string{
 		"Priority",
 		"Writer",
 	},
-	"math": []string{
+	"math": {
 		"Abs",
 		"Acos",
 		"Acosh",
@@ -3851,7 +4076,7 @@ var stdlib = map[string][]string{
 		"Y1",
 		"Yn",
 	},
-	"math/big": []string{
+	"math/big": {
 		"Above",
 		"Accuracy",
 		"AwayFromZero",
@@ -3878,7 +4103,7 @@ var stdlib = map[string][]string{
 		"ToZero",
 		"Word",
 	},
-	"math/bits": []string{
+	"math/bits": {
 		"Add",
 		"Add32",
 		"Add64",
@@ -3930,7 +4155,7 @@ var stdlib = map[string][]string{
 		"TrailingZeros8",
 		"UintSize",
 	},
-	"math/cmplx": []string{
+	"math/cmplx": {
 		"Abs",
 		"Acos",
 		"Acosh",
@@ -3959,7 +4184,7 @@ var stdlib = map[string][]string{
 		"Tan",
 		"Tanh",
 	},
-	"math/rand": []string{
+	"math/rand": {
 		"ExpFloat64",
 		"Float32",
 		"Float64",
@@ -3984,7 +4209,7 @@ var stdlib = map[string][]string{
 		"Uint64",
 		"Zipf",
 	},
-	"mime": []string{
+	"mime": {
 		"AddExtensionType",
 		"BEncoding",
 		"ErrInvalidMediaParameter",
@@ -3996,7 +4221,7 @@ var stdlib = map[string][]string{
 		"WordDecoder",
 		"WordEncoder",
 	},
-	"mime/multipart": []string{
+	"mime/multipart": {
 		"ErrMessageTooLarge",
 		"File",
 		"FileHeader",
@@ -4007,13 +4232,13 @@ var stdlib = map[string][]string{
 		"Reader",
 		"Writer",
 	},
-	"mime/quotedprintable": []string{
+	"mime/quotedprintable": {
 		"NewReader",
 		"NewWriter",
 		"Reader",
 		"Writer",
 	},
-	"net": []string{
+	"net": {
 		"Addr",
 		"AddrError",
 		"Buffers",
@@ -4039,6 +4264,7 @@ var stdlib = map[string][]string{
 		"FlagLoopback",
 		"FlagMulticast",
 		"FlagPointToPoint",
+		"FlagRunning",
 		"FlagUp",
 		"Flags",
 		"HardwareAddr",
@@ -4115,7 +4341,7 @@ var stdlib = map[string][]string{
 		"UnixListener",
 		"UnknownNetworkError",
 	},
-	"net/http": []string{
+	"net/http": {
 		"AllowQuerySemicolons",
 		"CanonicalHeaderKey",
 		"Client",
@@ -4168,6 +4394,7 @@ var stdlib = map[string][]string{
 		"ListenAndServe",
 		"ListenAndServeTLS",
 		"LocalAddrContextKey",
+		"MaxBytesError",
 		"MaxBytesHandler",
 		"MaxBytesReader",
 		"MethodConnect",
@@ -4182,6 +4409,7 @@ var stdlib = map[string][]string{
 		"NewFileTransport",
 		"NewRequest",
 		"NewRequestWithContext",
+		"NewResponseController",
 		"NewServeMux",
 		"NoBody",
 		"NotFound",
@@ -4201,6 +4429,7 @@ var stdlib = map[string][]string{
 		"RedirectHandler",
 		"Request",
 		"Response",
+		"ResponseController",
 		"ResponseWriter",
 		"RoundTripper",
 		"SameSite",
@@ -4290,25 +4519,25 @@ var stdlib = map[string][]string{
 		"TrailerPrefix",
 		"Transport",
 	},
-	"net/http/cgi": []string{
+	"net/http/cgi": {
 		"Handler",
 		"Request",
 		"RequestFromMap",
 		"Serve",
 	},
-	"net/http/cookiejar": []string{
+	"net/http/cookiejar": {
 		"Jar",
 		"New",
 		"Options",
 		"PublicSuffixList",
 	},
-	"net/http/fcgi": []string{
+	"net/http/fcgi": {
 		"ErrConnClosed",
 		"ErrRequestAborted",
 		"ProcessEnv",
 		"Serve",
 	},
-	"net/http/httptest": []string{
+	"net/http/httptest": {
 		"DefaultRemoteAddr",
 		"NewRecorder",
 		"NewRequest",
@@ -4318,7 +4547,7 @@ var stdlib = map[string][]string{
 		"ResponseRecorder",
 		"Server",
 	},
-	"net/http/httptrace": []string{
+	"net/http/httptrace": {
 		"ClientTrace",
 		"ContextClientTrace",
 		"DNSDoneInfo",
@@ -4327,7 +4556,7 @@ var stdlib = map[string][]string{
 		"WithClientTrace",
 		"WroteRequestInfo",
 	},
-	"net/http/httputil": []string{
+	"net/http/httputil": {
 		"BufferPool",
 		"ClientConn",
 		"DumpRequest",
@@ -4343,10 +4572,11 @@ var stdlib = map[string][]string{
 		"NewProxyClientConn",
 		"NewServerConn",
 		"NewSingleHostReverseProxy",
+		"ProxyRequest",
 		"ReverseProxy",
 		"ServerConn",
 	},
-	"net/http/pprof": []string{
+	"net/http/pprof": {
 		"Cmdline",
 		"Handler",
 		"Index",
@@ -4354,7 +4584,7 @@ var stdlib = map[string][]string{
 		"Symbol",
 		"Trace",
 	},
-	"net/mail": []string{
+	"net/mail": {
 		"Address",
 		"AddressParser",
 		"ErrHeaderNotPresent",
@@ -4365,7 +4595,7 @@ var stdlib = map[string][]string{
 		"ParseDate",
 		"ReadMessage",
 	},
-	"net/netip": []string{
+	"net/netip": {
 		"Addr",
 		"AddrFrom16",
 		"AddrFrom4",
@@ -4374,6 +4604,8 @@ var stdlib = map[string][]string{
 		"AddrPortFrom",
 		"IPv4Unspecified",
 		"IPv6LinkLocalAllNodes",
+		"IPv6LinkLocalAllRouters",
+		"IPv6Loopback",
 		"IPv6Unspecified",
 		"MustParseAddr",
 		"MustParseAddrPort",
@@ -4384,7 +4616,7 @@ var stdlib = map[string][]string{
 		"Prefix",
 		"PrefixFrom",
 	},
-	"net/rpc": []string{
+	"net/rpc": {
 		"Accept",
 		"Call",
 		"Client",
@@ -4411,14 +4643,14 @@ var stdlib = map[string][]string{
 		"ServerCodec",
 		"ServerError",
 	},
-	"net/rpc/jsonrpc": []string{
+	"net/rpc/jsonrpc": {
 		"Dial",
 		"NewClient",
 		"NewClientCodec",
 		"NewServerCodec",
 		"ServeConn",
 	},
-	"net/smtp": []string{
+	"net/smtp": {
 		"Auth",
 		"CRAMMD5Auth",
 		"Client",
@@ -4428,7 +4660,7 @@ var stdlib = map[string][]string{
 		"SendMail",
 		"ServerInfo",
 	},
-	"net/textproto": []string{
+	"net/textproto": {
 		"CanonicalMIMEHeaderKey",
 		"Conn",
 		"Dial",
@@ -4444,10 +4676,11 @@ var stdlib = map[string][]string{
 		"TrimString",
 		"Writer",
 	},
-	"net/url": []string{
+	"net/url": {
 		"Error",
 		"EscapeError",
 		"InvalidHostError",
+		"JoinPath",
 		"Parse",
 		"ParseQuery",
 		"ParseRequestURI",
@@ -4461,7 +4694,7 @@ var stdlib = map[string][]string{
 		"Userinfo",
 		"Values",
 	},
-	"os": []string{
+	"os": {
 		"Args",
 		"Chdir",
 		"Chmod",
@@ -4577,16 +4810,18 @@ var stdlib = map[string][]string{
 		"UserHomeDir",
 		"WriteFile",
 	},
-	"os/exec": []string{
+	"os/exec": {
 		"Cmd",
 		"Command",
 		"CommandContext",
+		"ErrDot",
 		"ErrNotFound",
+		"ErrWaitDelay",
 		"Error",
 		"ExitError",
 		"LookPath",
 	},
-	"os/signal": []string{
+	"os/signal": {
 		"Ignore",
 		"Ignored",
 		"Notify",
@@ -4594,7 +4829,7 @@ var stdlib = map[string][]string{
 		"Reset",
 		"Stop",
 	},
-	"os/user": []string{
+	"os/user": {
 		"Current",
 		"Group",
 		"Lookup",
@@ -4607,7 +4842,7 @@ var stdlib = map[string][]string{
 		"UnknownUserIdError",
 		"User",
 	},
-	"path": []string{
+	"path": {
 		"Base",
 		"Clean",
 		"Dir",
@@ -4618,7 +4853,7 @@ var stdlib = map[string][]string{
 		"Match",
 		"Split",
 	},
-	"path/filepath": []string{
+	"path/filepath": {
 		"Abs",
 		"Base",
 		"Clean",
@@ -4630,11 +4865,13 @@ var stdlib = map[string][]string{
 		"Glob",
 		"HasPrefix",
 		"IsAbs",
+		"IsLocal",
 		"Join",
 		"ListSeparator",
 		"Match",
 		"Rel",
 		"Separator",
+		"SkipAll",
 		"SkipDir",
 		"Split",
 		"SplitList",
@@ -4644,12 +4881,12 @@ var stdlib = map[string][]string{
 		"WalkDir",
 		"WalkFunc",
 	},
-	"plugin": []string{
+	"plugin": {
 		"Open",
 		"Plugin",
 		"Symbol",
 	},
-	"reflect": []string{
+	"reflect": {
 		"Append",
 		"AppendSlice",
 		"Array",
@@ -4724,7 +4961,7 @@ var stdlib = map[string][]string{
 		"VisibleFields",
 		"Zero",
 	},
-	"regexp": []string{
+	"regexp": {
 		"Compile",
 		"CompilePOSIX",
 		"Match",
@@ -4735,7 +4972,7 @@ var stdlib = map[string][]string{
 		"QuoteMeta",
 		"Regexp",
 	},
-	"regexp/syntax": []string{
+	"regexp/syntax": {
 		"ClassNL",
 		"Compile",
 		"DotNL",
@@ -4756,9 +4993,11 @@ var stdlib = map[string][]string{
 		"ErrInvalidRepeatOp",
 		"ErrInvalidRepeatSize",
 		"ErrInvalidUTF8",
+		"ErrLarge",
 		"ErrMissingBracket",
 		"ErrMissingParen",
 		"ErrMissingRepeatArgument",
+		"ErrNestingDepth",
 		"ErrTrailingBackslash",
 		"ErrUnexpectedParen",
 		"Error",
@@ -4813,7 +5052,7 @@ var stdlib = map[string][]string{
 		"UnicodeGroups",
 		"WasDollar",
 	},
-	"runtime": []string{
+	"runtime": {
 		"BlockProfile",
 		"BlockProfileRecord",
 		"Breakpoint",
@@ -4861,11 +5100,19 @@ var stdlib = map[string][]string{
 		"UnlockOSThread",
 		"Version",
 	},
-	"runtime/cgo": []string{
+	"runtime/cgo": {
 		"Handle",
+		"Incomplete",
 		"NewHandle",
 	},
-	"runtime/debug": []string{
+	"runtime/coverage": {
+		"ClearCounters",
+		"WriteCounters",
+		"WriteCountersDir",
+		"WriteMeta",
+		"WriteMetaDir",
+	},
+	"runtime/debug": {
 		"BuildInfo",
 		"BuildSetting",
 		"FreeOSMemory",
@@ -4878,12 +5125,13 @@ var stdlib = map[string][]string{
 		"SetGCPercent",
 		"SetMaxStack",
 		"SetMaxThreads",
+		"SetMemoryLimit",
 		"SetPanicOnFault",
 		"SetTraceback",
 		"Stack",
 		"WriteHeapDump",
 	},
-	"runtime/metrics": []string{
+	"runtime/metrics": {
 		"All",
 		"Description",
 		"Float64Histogram",
@@ -4896,7 +5144,7 @@ var stdlib = map[string][]string{
 		"Value",
 		"ValueKind",
 	},
-	"runtime/pprof": []string{
+	"runtime/pprof": {
 		"Do",
 		"ForLabels",
 		"Label",
@@ -4912,7 +5160,7 @@ var stdlib = map[string][]string{
 		"WithLabels",
 		"WriteHeapProfile",
 	},
-	"runtime/trace": []string{
+	"runtime/trace": {
 		"IsEnabled",
 		"Log",
 		"Logf",
@@ -4924,7 +5172,8 @@ var stdlib = map[string][]string{
 		"Task",
 		"WithRegion",
 	},
-	"sort": []string{
+	"sort": {
+		"Find",
 		"Float64Slice",
 		"Float64s",
 		"Float64sAreSorted",
@@ -4947,7 +5196,7 @@ var stdlib = map[string][]string{
 		"Strings",
 		"StringsAreSorted",
 	},
-	"strconv": []string{
+	"strconv": {
 		"AppendBool",
 		"AppendFloat",
 		"AppendInt",
@@ -4987,7 +5236,7 @@ var stdlib = map[string][]string{
 		"Unquote",
 		"UnquoteChar",
 	},
-	"strings": []string{
+	"strings": {
 		"Builder",
 		"Clone",
 		"Compare",
@@ -4996,6 +5245,8 @@ var stdlib = map[string][]string{
 		"ContainsRune",
 		"Count",
 		"Cut",
+		"CutPrefix",
+		"CutSuffix",
 		"EqualFold",
 		"Fields",
 		"FieldsFunc",
@@ -5041,7 +5292,7 @@ var stdlib = map[string][]string{
 		"TrimSpace",
 		"TrimSuffix",
 	},
-	"sync": []string{
+	"sync": {
 		"Cond",
 		"Locker",
 		"Map",
@@ -5052,24 +5303,28 @@ var stdlib = map[string][]string{
 		"RWMutex",
 		"WaitGroup",
 	},
-	"sync/atomic": []string{
+	"sync/atomic": {
 		"AddInt32",
 		"AddInt64",
 		"AddUint32",
 		"AddUint64",
 		"AddUintptr",
+		"Bool",
 		"CompareAndSwapInt32",
 		"CompareAndSwapInt64",
 		"CompareAndSwapPointer",
 		"CompareAndSwapUint32",
 		"CompareAndSwapUint64",
 		"CompareAndSwapUintptr",
+		"Int32",
+		"Int64",
 		"LoadInt32",
 		"LoadInt64",
 		"LoadPointer",
 		"LoadUint32",
 		"LoadUint64",
 		"LoadUintptr",
+		"Pointer",
 		"StoreInt32",
 		"StoreInt64",
 		"StorePointer",
@@ -5082,9 +5337,12 @@ var stdlib = map[string][]string{
 		"SwapUint32",
 		"SwapUint64",
 		"SwapUintptr",
+		"Uint32",
+		"Uint64",
+		"Uintptr",
 		"Value",
 	},
-	"syscall": []string{
+	"syscall": {
 		"AF_ALG",
 		"AF_APPLETALK",
 		"AF_ARP",
@@ -5158,6 +5416,7 @@ var stdlib = map[string][]string{
 		"AF_TIPC",
 		"AF_UNIX",
 		"AF_UNSPEC",
+		"AF_UTUN",
 		"AF_VENDOR00",
 		"AF_VENDOR01",
 		"AF_VENDOR02",
@@ -5496,20 +5755,25 @@ var stdlib = map[string][]string{
 		"CLOCAL",
 		"CLONE_CHILD_CLEARTID",
 		"CLONE_CHILD_SETTID",
+		"CLONE_CLEAR_SIGHAND",
 		"CLONE_CSIGNAL",
 		"CLONE_DETACHED",
 		"CLONE_FILES",
 		"CLONE_FS",
+		"CLONE_INTO_CGROUP",
 		"CLONE_IO",
+		"CLONE_NEWCGROUP",
 		"CLONE_NEWIPC",
 		"CLONE_NEWNET",
 		"CLONE_NEWNS",
 		"CLONE_NEWPID",
+		"CLONE_NEWTIME",
 		"CLONE_NEWUSER",
 		"CLONE_NEWUTS",
 		"CLONE_PARENT",
 		"CLONE_PARENT_SETTID",
 		"CLONE_PID",
+		"CLONE_PIDFD",
 		"CLONE_PTRACE",
 		"CLONE_SETTLS",
 		"CLONE_SIGHAND",
@@ -6052,6 +6316,7 @@ var stdlib = map[string][]string{
 		"EPROTONOSUPPORT",
 		"EPROTOTYPE",
 		"EPWROFF",
+		"EQFULL",
 		"ERANGE",
 		"EREMCHG",
 		"EREMOTE",
@@ -6478,6 +6743,7 @@ var stdlib = map[string][]string{
 		"F_DUPFD",
 		"F_DUPFD_CLOEXEC",
 		"F_EXLCK",
+		"F_FINDSIGS",
 		"F_FLUSH_DATA",
 		"F_FREEZE_FS",
 		"F_FSCTL",
@@ -6488,6 +6754,7 @@ var stdlib = map[string][]string{
 		"F_FSPRIV",
 		"F_FSVOID",
 		"F_FULLFSYNC",
+		"F_GETCODEDIR",
 		"F_GETFD",
 		"F_GETFL",
 		"F_GETLEASE",
@@ -6501,6 +6768,7 @@ var stdlib = map[string][]string{
 		"F_GETPATH_MTMINFO",
 		"F_GETPIPE_SZ",
 		"F_GETPROTECTIONCLASS",
+		"F_GETPROTECTIONLEVEL",
 		"F_GETSIG",
 		"F_GLOBAL_NOCACHE",
 		"F_LOCK",
@@ -6533,6 +6801,7 @@ var stdlib = map[string][]string{
 		"F_SETLK64",
 		"F_SETLKW",
 		"F_SETLKW64",
+		"F_SETLKWTIMEOUT",
 		"F_SETLK_REMOTE",
 		"F_SETNOSIGPIPE",
 		"F_SETOWN",
@@ -6542,9 +6811,11 @@ var stdlib = map[string][]string{
 		"F_SETSIG",
 		"F_SETSIZE",
 		"F_SHLCK",
+		"F_SINGLE_WRITER",
 		"F_TEST",
 		"F_THAW_FS",
 		"F_TLOCK",
+		"F_TRANSCODEKEY",
 		"F_ULOCK",
 		"F_UNLCK",
 		"F_UNLCKSYS",
@@ -7740,12 +8011,20 @@ var stdlib = map[string][]string{
 		"NOFLSH",
 		"NOTE_ABSOLUTE",
 		"NOTE_ATTRIB",
+		"NOTE_BACKGROUND",
 		"NOTE_CHILD",
+		"NOTE_CRITICAL",
 		"NOTE_DELETE",
 		"NOTE_EOF",
 		"NOTE_EXEC",
 		"NOTE_EXIT",
 		"NOTE_EXITSTATUS",
+		"NOTE_EXIT_CSERROR",
+		"NOTE_EXIT_DECRYPTFAIL",
+		"NOTE_EXIT_DETAIL",
+		"NOTE_EXIT_DETAIL_MASK",
+		"NOTE_EXIT_MEMORY",
+		"NOTE_EXIT_REPARENTED",
 		"NOTE_EXTEND",
 		"NOTE_FFAND",
 		"NOTE_FFCOPY",
@@ -7754,6 +8033,7 @@ var stdlib = map[string][]string{
 		"NOTE_FFNOP",
 		"NOTE_FFOR",
 		"NOTE_FORK",
+		"NOTE_LEEWAY",
 		"NOTE_LINK",
 		"NOTE_LOWAT",
 		"NOTE_NONE",
@@ -7832,6 +8112,7 @@ var stdlib = map[string][]string{
 		"O_CREAT",
 		"O_DIRECT",
 		"O_DIRECTORY",
+		"O_DP_GETRAWENCRYPTED",
 		"O_DSYNC",
 		"O_EVTONLY",
 		"O_EXCL",
@@ -8121,6 +8402,7 @@ var stdlib = map[string][]string{
 		"RLIMIT_AS",
 		"RLIMIT_CORE",
 		"RLIMIT_CPU",
+		"RLIMIT_CPU_USAGE_MONITOR",
 		"RLIMIT_DATA",
 		"RLIMIT_FSIZE",
 		"RLIMIT_NOFILE",
@@ -8233,9 +8515,11 @@ var stdlib = map[string][]string{
 		"RTF_PROTO1",
 		"RTF_PROTO2",
 		"RTF_PROTO3",
+		"RTF_PROXY",
 		"RTF_REINSTATE",
 		"RTF_REJECT",
 		"RTF_RNH_LOCKED",
+		"RTF_ROUTER",
 		"RTF_SOURCE",
 		"RTF_SRC",
 		"RTF_STATIC",
@@ -8754,6 +9038,7 @@ var stdlib = map[string][]string{
 		"SO_NO_OFFLOAD",
 		"SO_NP_EXTENSIONS",
 		"SO_NREAD",
+		"SO_NUMRCVPKT",
 		"SO_NWRITE",
 		"SO_OOBINLINE",
 		"SO_OVERFLOWED",
@@ -8923,6 +9208,7 @@ var stdlib = map[string][]string{
 		"SYS_CREAT",
 		"SYS_CREATE_MODULE",
 		"SYS_CSOPS",
+		"SYS_CSOPS_AUDITTOKEN",
 		"SYS_DELETE",
 		"SYS_DELETE_MODULE",
 		"SYS_DUP",
@@ -9109,6 +9395,7 @@ var stdlib = map[string][]string{
 		"SYS_JAIL_GET",
 		"SYS_JAIL_REMOVE",
 		"SYS_JAIL_SET",
+		"SYS_KAS_INFO",
 		"SYS_KDEBUG_TRACE",
 		"SYS_KENV",
 		"SYS_KEVENT",
@@ -9136,6 +9423,7 @@ var stdlib = map[string][]string{
 		"SYS_LCHMOD",
 		"SYS_LCHOWN",
 		"SYS_LCHOWN32",
+		"SYS_LEDGER",
 		"SYS_LGETFH",
 		"SYS_LGETXATTR",
 		"SYS_LINK",
@@ -9232,6 +9520,7 @@ var stdlib = map[string][]string{
 		"SYS_OPENAT",
 		"SYS_OPENBSD_POLL",
 		"SYS_OPEN_BY_HANDLE_AT",
+		"SYS_OPEN_DPROTECTED_NP",
 		"SYS_OPEN_EXTENDED",
 		"SYS_OPEN_NOCANCEL",
 		"SYS_OVADVISE",
@@ -9864,6 +10153,7 @@ var stdlib = map[string][]string{
 		"TCP_CONNECTIONTIMEOUT",
 		"TCP_CORK",
 		"TCP_DEFER_ACCEPT",
+		"TCP_ENABLE_ECN",
 		"TCP_INFO",
 		"TCP_KEEPALIVE",
 		"TCP_KEEPCNT",
@@ -9886,11 +10176,13 @@ var stdlib = map[string][]string{
 		"TCP_NODELAY",
 		"TCP_NOOPT",
 		"TCP_NOPUSH",
+		"TCP_NOTSENT_LOWAT",
 		"TCP_NSTATES",
 		"TCP_QUICKACK",
 		"TCP_RXT_CONNDROPTIME",
 		"TCP_RXT_FINDROP",
 		"TCP_SACK_ENABLE",
+		"TCP_SENDMOREACKS",
 		"TCP_SYNCNT",
 		"TCP_VENDOR",
 		"TCP_WINDOW_CLAMP",
@@ -10234,7 +10526,7 @@ var stdlib = map[string][]string{
 		"XP1_UNI_RECV",
 		"XP1_UNI_SEND",
 	},
-	"syscall/js": []string{
+	"syscall/js": {
 		"CopyBytesToGo",
 		"CopyBytesToJS",
 		"Error",
@@ -10256,7 +10548,7 @@ var stdlib = map[string][]string{
 		"ValueError",
 		"ValueOf",
 	},
-	"testing": []string{
+	"testing": {
 		"AllocsPerRun",
 		"B",
 		"Benchmark",
@@ -10284,12 +10576,12 @@ var stdlib = map[string][]string{
 		"TB",
 		"Verbose",
 	},
-	"testing/fstest": []string{
+	"testing/fstest": {
 		"MapFS",
 		"MapFile",
 		"TestFS",
 	},
-	"testing/iotest": []string{
+	"testing/iotest": {
 		"DataErrReader",
 		"ErrReader",
 		"ErrTimeout",
@@ -10301,7 +10593,7 @@ var stdlib = map[string][]string{
 		"TimeoutReader",
 		"TruncateWriter",
 	},
-	"testing/quick": []string{
+	"testing/quick": {
 		"Check",
 		"CheckEqual",
 		"CheckEqualError",
@@ -10311,7 +10603,7 @@ var stdlib = map[string][]string{
 		"SetupError",
 		"Value",
 	},
-	"text/scanner": []string{
+	"text/scanner": {
 		"Char",
 		"Comment",
 		"EOF",
@@ -10334,7 +10626,7 @@ var stdlib = map[string][]string{
 		"String",
 		"TokenString",
 	},
-	"text/tabwriter": []string{
+	"text/tabwriter": {
 		"AlignRight",
 		"Debug",
 		"DiscardEmptyColumns",
@@ -10345,7 +10637,7 @@ var stdlib = map[string][]string{
 		"TabIndent",
 		"Writer",
 	},
-	"text/template": []string{
+	"text/template": {
 		"ExecError",
 		"FuncMap",
 		"HTMLEscape",
@@ -10363,7 +10655,7 @@ var stdlib = map[string][]string{
 		"Template",
 		"URLQueryEscaper",
 	},
-	"text/template/parse": []string{
+	"text/template/parse": {
 		"ActionNode",
 		"BoolNode",
 		"BranchNode",
@@ -10419,13 +10711,15 @@ var stdlib = map[string][]string{
 		"VariableNode",
 		"WithNode",
 	},
-	"time": []string{
+	"time": {
 		"ANSIC",
 		"After",
 		"AfterFunc",
 		"April",
 		"August",
 		"Date",
+		"DateOnly",
+		"DateTime",
 		"December",
 		"Duration",
 		"February",
@@ -10480,6 +10774,7 @@ var stdlib = map[string][]string{
 		"Tick",
 		"Ticker",
 		"Time",
+		"TimeOnly",
 		"Timer",
 		"Tuesday",
 		"UTC",
@@ -10491,7 +10786,7 @@ var stdlib = map[string][]string{
 		"Wednesday",
 		"Weekday",
 	},
-	"unicode": []string{
+	"unicode": {
 		"ASCII_Hex_Digit",
 		"Adlam",
 		"Ahom",
@@ -10777,14 +11072,15 @@ var stdlib = map[string][]string{
 		"Zp",
 		"Zs",
 	},
-	"unicode/utf16": []string{
+	"unicode/utf16": {
+		"AppendRune",
 		"Decode",
 		"DecodeRune",
 		"Encode",
 		"EncodeRune",
 		"IsSurrogate",
 	},
-	"unicode/utf8": []string{
+	"unicode/utf8": {
 		"AppendRune",
 		"DecodeLastRune",
 		"DecodeLastRuneInString",
@@ -10805,11 +11101,15 @@ var stdlib = map[string][]string{
 		"ValidRune",
 		"ValidString",
 	},
-	"unsafe": []string{
+	"unsafe": {
+		"Add",
 		"Alignof",
-		"ArbitraryType",
 		"Offsetof",
 		"Pointer",
 		"Sizeof",
+		"Slice",
+		"SliceData",
+		"String",
+		"StringData",
 	},
 }
diff --git a/vendor/k8s.io/api/core/v1/generated.proto b/vendor/k8s.io/api/core/v1/generated.proto
index 256f5da32f..e4e562e329 100644
--- a/vendor/k8s.io/api/core/v1/generated.proto
+++ b/vendor/k8s.io/api/core/v1/generated.proto
@@ -1761,7 +1761,8 @@ message HTTPGetAction {
 
 // HTTPHeader describes a custom header to be used in HTTP probes
 message HTTPHeader {
-  // The header field name
+  // The header field name.
+  // This will be canonicalized upon output, so case-variant names will be understood as the same header.
   optional string name = 1;
 
   // The header field value
diff --git a/vendor/k8s.io/api/core/v1/types.go b/vendor/k8s.io/api/core/v1/types.go
index 754a23613d..bdd7992c8b 100644
--- a/vendor/k8s.io/api/core/v1/types.go
+++ b/vendor/k8s.io/api/core/v1/types.go
@@ -2112,7 +2112,8 @@ type SecretEnvSource struct {
 
 // HTTPHeader describes a custom header to be used in HTTP probes
 type HTTPHeader struct {
-	// The header field name
+	// The header field name.
+	// This will be canonicalized upon output, so case-variant names will be understood as the same header.
 	Name string `json:"name" protobuf:"bytes,1,opt,name=name"`
 	// The header field value
 	Value string `json:"value" protobuf:"bytes,2,opt,name=value"`
diff --git a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
index 6bae4bb76f..77707706a8 100644
--- a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
@@ -808,7 +808,7 @@ func (HTTPGetAction) SwaggerDoc() map[string]string {
 
 var map_HTTPHeader = map[string]string{
 	"":      "HTTPHeader describes a custom header to be used in HTTP probes",
-	"name":  "The header field name",
+	"name":  "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.",
 	"value": "The header field value",
 }
 
diff --git a/vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader.go b/vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader.go
index abf509a97d..d027327398 100644
--- a/vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader.go
+++ b/vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader.go
@@ -163,17 +163,7 @@ func (a *requestHeaderAuthRequestHandler) AuthenticateRequest(req *http.Request)
 	extra := newExtra(req.Header, a.extraHeaderPrefixes.Value())
 
 	// clear headers used for authentication
-	for _, headerName := range a.nameHeaders.Value() {
-		req.Header.Del(headerName)
-	}
-	for _, headerName := range a.groupHeaders.Value() {
-		req.Header.Del(headerName)
-	}
-	for k := range extra {
-		for _, prefix := range a.extraHeaderPrefixes.Value() {
-			req.Header.Del(prefix + k)
-		}
-	}
+	ClearAuthenticationHeaders(req.Header, a.nameHeaders, a.groupHeaders, a.extraHeaderPrefixes)
 
 	return &authenticator.Response{
 		User: &user.DefaultInfo{
@@ -184,6 +174,26 @@ func (a *requestHeaderAuthRequestHandler) AuthenticateRequest(req *http.Request)
 	}, true, nil
 }
 
+func ClearAuthenticationHeaders(h http.Header, nameHeaders, groupHeaders, extraHeaderPrefixes StringSliceProvider) {
+	for _, headerName := range nameHeaders.Value() {
+		h.Del(headerName)
+	}
+	for _, headerName := range groupHeaders.Value() {
+		h.Del(headerName)
+	}
+	for _, prefix := range extraHeaderPrefixes.Value() {
+		for k := range h {
+			if hasPrefixIgnoreCase(k, prefix) {
+				delete(h, k) // we have the raw key so avoid relying on canonicalization
+			}
+		}
+	}
+}
+
+func hasPrefixIgnoreCase(s, prefix string) bool {
+	return len(s) >= len(prefix) && strings.EqualFold(s[:len(prefix)], prefix)
+}
+
 func headerValue(h http.Header, headerNames []string) string {
 	for _, headerName := range headerNames {
 		headerValue := h.Get(headerName)
@@ -226,7 +236,7 @@ func newExtra(h http.Header, headerPrefixes []string) map[string][]string {
 	// we have to iterate over prefixes first in order to have proper ordering inside the value slices
 	for _, prefix := range headerPrefixes {
 		for headerName, vv := range h {
-			if !strings.HasPrefix(strings.ToLower(headerName), strings.ToLower(prefix)) {
+			if !hasPrefixIgnoreCase(headerName, prefix) {
 				continue
 			}
 
diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/filters/authentication.go b/vendor/k8s.io/apiserver/pkg/endpoints/filters/authentication.go
index d69cfef32d..d6741bf3a3 100644
--- a/vendor/k8s.io/apiserver/pkg/endpoints/filters/authentication.go
+++ b/vendor/k8s.io/apiserver/pkg/endpoints/filters/authentication.go
@@ -27,6 +27,8 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apiserver/pkg/authentication/authenticator"
+	"k8s.io/apiserver/pkg/authentication/authenticatorfactory"
+	"k8s.io/apiserver/pkg/authentication/request/headerrequest"
 	"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
 	genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
 	"k8s.io/klog/v2"
@@ -38,15 +40,20 @@ type recordMetrics func(context.Context, *authenticator.Response, bool, error, a
 // stores any such user found onto the provided context for the request. If authentication fails or returns an error
 // the failed handler is used. On success, "Authorization" header is removed from the request and handler
 // is invoked to serve the request.
-func WithAuthentication(handler http.Handler, auth authenticator.Request, failed http.Handler, apiAuds authenticator.Audiences) http.Handler {
-	return withAuthentication(handler, auth, failed, apiAuds, recordAuthMetrics)
+func WithAuthentication(handler http.Handler, auth authenticator.Request, failed http.Handler, apiAuds authenticator.Audiences, requestHeaderConfig *authenticatorfactory.RequestHeaderConfig) http.Handler {
+	return withAuthentication(handler, auth, failed, apiAuds, requestHeaderConfig, recordAuthMetrics)
 }
 
-func withAuthentication(handler http.Handler, auth authenticator.Request, failed http.Handler, apiAuds authenticator.Audiences, metrics recordMetrics) http.Handler {
+func withAuthentication(handler http.Handler, auth authenticator.Request, failed http.Handler, apiAuds authenticator.Audiences, requestHeaderConfig *authenticatorfactory.RequestHeaderConfig, metrics recordMetrics) http.Handler {
 	if auth == nil {
 		klog.Warning("Authentication is disabled")
 		return handler
 	}
+	standardRequestHeaderConfig := &authenticatorfactory.RequestHeaderConfig{
+		UsernameHeaders:     headerrequest.StaticStringSlice{"X-Remote-User"},
+		GroupHeaders:        headerrequest.StaticStringSlice{"X-Remote-Group"},
+		ExtraHeaderPrefixes: headerrequest.StaticStringSlice{"X-Remote-Extra-"},
+	}
 	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
 		authenticationStart := time.Now()
 
@@ -76,6 +83,24 @@ func withAuthentication(handler http.Handler, auth authenticator.Request, failed
 		// authorization header is not required anymore in case of a successful authentication.
 		req.Header.Del("Authorization")
 
+		// delete standard front proxy headers
+		headerrequest.ClearAuthenticationHeaders(
+			req.Header,
+			standardRequestHeaderConfig.UsernameHeaders,
+			standardRequestHeaderConfig.GroupHeaders,
+			standardRequestHeaderConfig.ExtraHeaderPrefixes,
+		)
+
+		// also delete any custom front proxy headers
+		if requestHeaderConfig != nil {
+			headerrequest.ClearAuthenticationHeaders(
+				req.Header,
+				requestHeaderConfig.UsernameHeaders,
+				requestHeaderConfig.GroupHeaders,
+				requestHeaderConfig.ExtraHeaderPrefixes,
+			)
+		}
+
 		req = req.WithContext(genericapirequest.WithUser(req.Context(), resp.User))
 		handler.ServeHTTP(w, req)
 	})
diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/create.go b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/create.go
index 1f3ce80944..0e88cdbb70 100644
--- a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/create.go
+++ b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/create.go
@@ -164,8 +164,13 @@ func createHandler(r rest.NamedCreater, scope *RequestScope, admit admission.Int
 		userInfo, _ := request.UserFrom(ctx)
 
 		if objectMeta, err := meta.Accessor(obj); err == nil {
-			// Wipe fields which cannot take user-provided values
-			rest.WipeObjectMetaSystemFields(objectMeta)
+			preserveObjectMetaSystemFields := false
+			if c, ok := r.(rest.SubresourceObjectMetaPreserver); ok && len(scope.Subresource) > 0 {
+				preserveObjectMetaSystemFields = c.PreserveRequestObjectMetaSystemFieldsOnSubresourceCreate()
+			}
+			if !preserveObjectMetaSystemFields {
+				rest.WipeObjectMetaSystemFields(objectMeta)
+			}
 
 			// ensure namespace on the object is correct, or error if a conflicting namespace was set in the object
 			if err := rest.EnsureObjectNamespaceMatchesRequestNamespace(rest.ExpectedNamespaceForResource(namespace, scope.Resource), objectMeta); err != nil {
diff --git a/vendor/k8s.io/apiserver/pkg/quota/v1/generic/evaluator.go b/vendor/k8s.io/apiserver/pkg/quota/v1/generic/evaluator.go
index 805f8159d6..2370b248f8 100644
--- a/vendor/k8s.io/apiserver/pkg/quota/v1/generic/evaluator.go
+++ b/vendor/k8s.io/apiserver/pkg/quota/v1/generic/evaluator.go
@@ -199,7 +199,7 @@ func CalculateUsageStats(options quota.UsageStatsOptions,
 		// need to verify that the item matches the set of scopes
 		matchesScopes := true
 		for _, scope := range options.Scopes {
-			innerMatch, err := scopeFunc(corev1.ScopedResourceSelectorRequirement{ScopeName: scope}, item)
+			innerMatch, err := scopeFunc(corev1.ScopedResourceSelectorRequirement{ScopeName: scope, Operator: corev1.ScopeSelectorOpExists}, item)
 			if err != nil {
 				return result, nil
 			}
diff --git a/vendor/k8s.io/apiserver/pkg/registry/rest/rest.go b/vendor/k8s.io/apiserver/pkg/registry/rest/rest.go
index 6330ea8f53..7b8d90e60e 100644
--- a/vendor/k8s.io/apiserver/pkg/registry/rest/rest.go
+++ b/vendor/k8s.io/apiserver/pkg/registry/rest/rest.go
@@ -203,6 +203,13 @@ type NamedCreater interface {
 	Create(ctx context.Context, name string, obj runtime.Object, createValidation ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error)
 }
 
+// SubresourceObjectMetaPreserver adds configuration options to a Creater for subresources.
+type SubresourceObjectMetaPreserver interface {
+	// PreserveRequestObjectMetaSystemFieldsOnSubresourceCreate indicates that a
+	// handler should preserve fields of ObjectMeta that are managed by the system.
+	PreserveRequestObjectMetaSystemFieldsOnSubresourceCreate() bool
+}
+
 // UpdatedObjectInfo provides information about an updated object to an Updater.
 // It requires access to the old object in order to return the newly updated object.
 type UpdatedObjectInfo interface {
diff --git a/vendor/k8s.io/apiserver/pkg/server/config.go b/vendor/k8s.io/apiserver/pkg/server/config.go
index e89bde9cf2..7692543e00 100644
--- a/vendor/k8s.io/apiserver/pkg/server/config.go
+++ b/vendor/k8s.io/apiserver/pkg/server/config.go
@@ -334,6 +334,8 @@ type AuthenticationInfo struct {
 	APIAudiences authenticator.Audiences
 	// Authenticator determines which subject is making the request
 	Authenticator authenticator.Request
+
+	RequestHeaderConfig *authenticatorfactory.RequestHeaderConfig
 }
 
 type AuthorizationInfo struct {
@@ -930,7 +932,7 @@ func DefaultBuildHandlerChain(apiHandler http.Handler, c *Config) http.Handler {
 
 	failedHandler = filterlatency.TrackCompleted(failedHandler)
 	handler = filterlatency.TrackCompleted(handler)
-	handler = genericapifilters.WithAuthentication(handler, c.Authentication.Authenticator, failedHandler, c.Authentication.APIAudiences)
+	handler = genericapifilters.WithAuthentication(handler, c.Authentication.Authenticator, failedHandler, c.Authentication.APIAudiences, c.Authentication.RequestHeaderConfig)
 	handler = filterlatency.TrackStarted(handler, "authentication")
 
 	handler = genericfilters.WithCORS(handler, c.CorsAllowedOriginList, nil, nil, nil, "true")
diff --git a/vendor/k8s.io/apiserver/pkg/server/options/authentication.go b/vendor/k8s.io/apiserver/pkg/server/options/authentication.go
index 8ff771af08..283ecc450b 100644
--- a/vendor/k8s.io/apiserver/pkg/server/options/authentication.go
+++ b/vendor/k8s.io/apiserver/pkg/server/options/authentication.go
@@ -76,6 +76,16 @@ func (s *RequestHeaderAuthenticationOptions) Validate() []error {
 		allErrors = append(allErrors, err)
 	}
 
+	if len(s.UsernameHeaders) > 0 && !caseInsensitiveHas(s.UsernameHeaders, "X-Remote-User") {
+		klog.Warningf("--requestheader-username-headers is set without specifying the standard X-Remote-User header - API aggregation will not work")
+	}
+	if len(s.GroupHeaders) > 0 && !caseInsensitiveHas(s.GroupHeaders, "X-Remote-Group") {
+		klog.Warningf("--requestheader-group-headers is set without specifying the standard X-Remote-Group header - API aggregation will not work")
+	}
+	if len(s.ExtraHeaderPrefixes) > 0 && !caseInsensitiveHas(s.ExtraHeaderPrefixes, "X-Remote-Extra-") {
+		klog.Warningf("--requestheader-extra-headers-prefix is set without specifying the standard X-Remote-Extra- header prefix - API aggregation will not work")
+	}
+
 	return allErrors
 }
 
@@ -89,6 +99,15 @@ func checkForWhiteSpaceOnly(flag string, headerNames ...string) error {
 	return nil
 }
 
+func caseInsensitiveHas(headers []string, header string) bool {
+	for _, h := range headers {
+		if strings.EqualFold(h, header) {
+			return true
+		}
+	}
+	return false
+}
+
 func (s *RequestHeaderAuthenticationOptions) AddFlags(fs *pflag.FlagSet) {
 	if s == nil {
 		return
@@ -354,6 +373,7 @@ func (s *DelegatingAuthenticationOptions) ApplyTo(authenticationInfo *server.Aut
 	}
 	if requestHeaderConfig != nil {
 		cfg.RequestHeaderConfig = requestHeaderConfig
+		authenticationInfo.RequestHeaderConfig = requestHeaderConfig
 		if err = authenticationInfo.ApplyClientCert(cfg.RequestHeaderConfig.CAContentProvider, servingInfo); err != nil {
 			return fmt.Errorf("unable to load request-header-client-ca-file: %v", err)
 		}
diff --git a/vendor/k8s.io/apiserver/pkg/storage/cacher/cacher.go b/vendor/k8s.io/apiserver/pkg/storage/cacher/cacher.go
index 24dd64d9e6..0d70f2d651 100644
--- a/vendor/k8s.io/apiserver/pkg/storage/cacher/cacher.go
+++ b/vendor/k8s.io/apiserver/pkg/storage/cacher/cacher.go
@@ -477,7 +477,7 @@ func (c *Cacher) Watch(ctx context.Context, key string, opts storage.ListOptions
 		return nil, err
 	}
 
-	if err := c.ready.wait(); err != nil {
+	if err := c.ready.wait(ctx); err != nil {
 		return nil, errors.NewServiceUnavailable(err.Error())
 	}
 
@@ -567,7 +567,7 @@ func (c *Cacher) Get(ctx context.Context, key string, opts storage.GetOptions, o
 
 	// Do not create a trace - it's not for free and there are tons
 	// of Get requests. We can add it if it will be really needed.
-	if err := c.ready.wait(); err != nil {
+	if err := c.ready.wait(ctx); err != nil {
 		return errors.NewServiceUnavailable(err.Error())
 	}
 
@@ -657,7 +657,7 @@ func (c *Cacher) GetList(ctx context.Context, key string, opts storage.ListOptio
 		utiltrace.Field{Key: "type", Value: c.objectType.String()})
 	defer trace.LogIfLong(500 * time.Millisecond)
 
-	if err := c.ready.wait(); err != nil {
+	if err := c.ready.wait(ctx); err != nil {
 		return errors.NewServiceUnavailable(err.Error())
 	}
 	trace.Step("Ready")
@@ -1066,7 +1066,7 @@ func filterWithAttrsFunction(key string, p storage.SelectionPredicate) filterWit
 
 // LastSyncResourceVersion returns resource version to which the underlying cache is synced.
 func (c *Cacher) LastSyncResourceVersion() (uint64, error) {
-	if err := c.ready.wait(); err != nil {
+	if err := c.ready.wait(context.Background()); err != nil {
 		return 0, errors.NewServiceUnavailable(err.Error())
 	}
 
diff --git a/vendor/k8s.io/apiserver/pkg/storage/cacher/ready.go b/vendor/k8s.io/apiserver/pkg/storage/cacher/ready.go
index 8278dd2b2f..47e03fe9e2 100644
--- a/vendor/k8s.io/apiserver/pkg/storage/cacher/ready.go
+++ b/vendor/k8s.io/apiserver/pkg/storage/cacher/ready.go
@@ -17,6 +17,7 @@ limitations under the License.
 package cacher
 
 import (
+	"context"
 	"fmt"
 	"sync"
 )
@@ -30,67 +31,111 @@ const (
 )
 
 // ready is a three state condition variable that blocks until is Ready if is not Stopped.
-// Its initial state is Pending.
+// Its initial state is Pending and its state machine diagram is as follow.
+//
+// Pending <------> Ready -----> Stopped
+//
+//	|                           ^
+//	└---------------------------┘
 type ready struct {
-	state status
-	c     *sync.Cond
+	state       status        // represent the state of the variable
+	lock        sync.RWMutex  // protect the state variable
+	restartLock sync.Mutex    // protect the transition from ready to pending where the channel is recreated
+	waitCh      chan struct{} // blocks until is ready or stopped
 }
 
 func newReady() *ready {
 	return &ready{
-		c:     sync.NewCond(&sync.RWMutex{}),
-		state: Pending,
+		waitCh: make(chan struct{}),
+		state:  Pending,
 	}
 }
 
+// done close the channel once the state is Ready or Stopped
+func (r *ready) done() chan struct{} {
+	r.restartLock.Lock()
+	defer r.restartLock.Unlock()
+	return r.waitCh
+}
+
 // wait blocks until it is Ready or Stopped, it returns an error if is Stopped.
-func (r *ready) wait() error {
-	r.c.L.Lock()
-	defer r.c.L.Unlock()
-	for r.state == Pending {
-		r.c.Wait()
-	}
-	switch r.state {
-	case Ready:
-		return nil
-	case Stopped:
-		return fmt.Errorf("apiserver cacher is stopped")
-	default:
-		return fmt.Errorf("unexpected apiserver cache state: %v", r.state)
+func (r *ready) wait(ctx context.Context) error {
+	for {
+		// r.done() only blocks if state is Pending
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		case <-r.done():
+		}
+
+		r.lock.RLock()
+		switch r.state {
+		case Pending:
+			// since we allow to switch between the states Pending and Ready
+			// if there is a quick transition from Pending -> Ready -> Pending
+			// a process that was waiting can get unblocked and see a Pending
+			// state again. If the state is Pending we have to wait again to
+			// avoid an inconsistent state on the system, with some processes not
+			// waiting despite the state moved back to Pending.
+			r.lock.RUnlock()
+		case Ready:
+			r.lock.RUnlock()
+			return nil
+		case Stopped:
+			r.lock.RUnlock()
+			return fmt.Errorf("apiserver cacher is stopped")
+		default:
+			r.lock.RUnlock()
+			return fmt.Errorf("unexpected apiserver cache state: %v", r.state)
+		}
 	}
 }
 
 // check returns true only if it is Ready.
 func (r *ready) check() bool {
-	// TODO: Make check() function more sophisticated, in particular
-	// allow it to behave as "waitWithTimeout".
-	rwMutex := r.c.L.(*sync.RWMutex)
-	rwMutex.RLock()
-	defer rwMutex.RUnlock()
+	r.lock.RLock()
+	defer r.lock.RUnlock()
 	return r.state == Ready
 }
 
 // set the state to Pending (false) or Ready (true), it does not have effect if the state is Stopped.
 func (r *ready) set(ok bool) {
-	r.c.L.Lock()
-	defer r.c.L.Unlock()
+	r.lock.Lock()
+	defer r.lock.Unlock()
 	if r.state == Stopped {
 		return
 	}
-	if ok {
+	if ok && r.state == Pending {
 		r.state = Ready
-	} else {
+		select {
+		case <-r.waitCh:
+		default:
+			close(r.waitCh)
+		}
+	} else if !ok && r.state == Ready {
+		// creating the waitCh can be racy if
+		// something enter the wait() method
+		select {
+		case <-r.waitCh:
+			r.restartLock.Lock()
+			r.waitCh = make(chan struct{})
+			r.restartLock.Unlock()
+		default:
+		}
 		r.state = Pending
 	}
-	r.c.Broadcast()
 }
 
 // stop the condition variable and set it as Stopped. This state is irreversible.
 func (r *ready) stop() {
-	r.c.L.Lock()
-	defer r.c.L.Unlock()
+	r.lock.Lock()
+	defer r.lock.Unlock()
 	if r.state != Stopped {
 		r.state = Stopped
-		r.c.Broadcast()
+	}
+	select {
+	case <-r.waitCh:
+	default:
+		close(r.waitCh)
 	}
 }
diff --git a/vendor/k8s.io/client-go/tools/cache/controller.go b/vendor/k8s.io/client-go/tools/cache/controller.go
index 0762da3bef..96005ff585 100644
--- a/vendor/k8s.io/client-go/tools/cache/controller.go
+++ b/vendor/k8s.io/client-go/tools/cache/controller.go
@@ -353,17 +353,6 @@ func NewIndexerInformer(
 	return clientState, newInformer(lw, objType, resyncPeriod, h, clientState, nil)
 }
 
-// TransformFunc allows for transforming an object before it will be processed
-// and put into the controller cache and before the corresponding handlers will
-// be called on it.
-// TransformFunc (similarly to ResourceEventHandler functions) should be able
-// to correctly handle the tombstone of type cache.DeletedFinalStateUnknown
-//
-// The most common usage pattern is to clean-up some parts of the object to
-// reduce component memory usage if a given component doesn't care about them.
-// given controller doesn't care for them
-type TransformFunc func(interface{}) (interface{}, error)
-
 // NewTransformingInformer returns a Store and a controller for populating
 // the store while also providing event notifications. You should only used
 // the returned Store for Get/List operations; Add/Modify/Deletes will cause
@@ -411,19 +400,11 @@ func processDeltas(
 	// Object which receives event notifications from the given deltas
 	handler ResourceEventHandler,
 	clientState Store,
-	transformer TransformFunc,
 	deltas Deltas,
 ) error {
 	// from oldest to newest
 	for _, d := range deltas {
 		obj := d.Object
-		if transformer != nil {
-			var err error
-			obj, err = transformer(obj)
-			if err != nil {
-				return err
-			}
-		}
 
 		switch d.Type {
 		case Sync, Replaced, Added, Updated:
@@ -475,6 +456,7 @@ func newInformer(
 	fifo := NewDeltaFIFOWithOptions(DeltaFIFOOptions{
 		KnownObjects:          clientState,
 		EmitDeltaTypeReplaced: true,
+		Transformer:           transformer,
 	})
 
 	cfg := &Config{
@@ -486,7 +468,7 @@ func newInformer(
 
 		Process: func(obj interface{}) error {
 			if deltas, ok := obj.(Deltas); ok {
-				return processDeltas(h, clientState, transformer, deltas)
+				return processDeltas(h, clientState, deltas)
 			}
 			return errors.New("object given as Process argument is not Deltas")
 		},
diff --git a/vendor/k8s.io/client-go/tools/cache/delta_fifo.go b/vendor/k8s.io/client-go/tools/cache/delta_fifo.go
index 0c13a41f06..84f3ab9ca1 100644
--- a/vendor/k8s.io/client-go/tools/cache/delta_fifo.go
+++ b/vendor/k8s.io/client-go/tools/cache/delta_fifo.go
@@ -51,6 +51,10 @@ type DeltaFIFOOptions struct {
 	// When true, `Replaced` events will be sent for items passed to a Replace() call.
 	// When false, `Sync` events will be sent instead.
 	EmitDeltaTypeReplaced bool
+
+	// If set, will be called for objects before enqueueing them. Please
+	// see the comment on TransformFunc for details.
+	Transformer TransformFunc
 }
 
 // DeltaFIFO is like FIFO, but differs in two ways.  One is that the
@@ -129,8 +133,32 @@ type DeltaFIFO struct {
 	// emitDeltaTypeReplaced is whether to emit the Replaced or Sync
 	// DeltaType when Replace() is called (to preserve backwards compat).
 	emitDeltaTypeReplaced bool
+
+	// Called with every object if non-nil.
+	transformer TransformFunc
 }
 
+// TransformFunc allows for transforming an object before it will be processed.
+// TransformFunc (similarly to ResourceEventHandler functions) should be able
+// to correctly handle the tombstone of type cache.DeletedFinalStateUnknown.
+//
+// New in v1.27: In such cases, the contained object will already have gone
+// through the transform object separately (when it was added / updated prior
+// to the delete), so the TransformFunc can likely safely ignore such objects
+// (i.e., just return the input object).
+//
+// The most common usage pattern is to clean-up some parts of the object to
+// reduce component memory usage if a given component doesn't care about them.
+//
+// New in v1.27: unless the object is a DeletedFinalStateUnknown, TransformFunc
+// sees the object before any other actor, and it is now safe to mutate the
+// object in place instead of making a copy.
+//
+// Note that TransformFunc is called while inserting objects into the
+// notification queue and is therefore extremely performance sensitive; please
+// do not do anything that will take a long time.
+type TransformFunc func(interface{}) (interface{}, error)
+
 // DeltaType is the type of a change (addition, deletion, etc)
 type DeltaType string
 
@@ -227,6 +255,7 @@ func NewDeltaFIFOWithOptions(opts DeltaFIFOOptions) *DeltaFIFO {
 		knownObjects: opts.KnownObjects,
 
 		emitDeltaTypeReplaced: opts.EmitDeltaTypeReplaced,
+		transformer:           opts.Transformer,
 	}
 	f.cond.L = &f.lock
 	return f
@@ -411,6 +440,21 @@ func (f *DeltaFIFO) queueActionLocked(actionType DeltaType, obj interface{}) err
 	if err != nil {
 		return KeyError{obj, err}
 	}
+
+	// Every object comes through this code path once, so this is a good
+	// place to call the transform func.  If obj is a
+	// DeletedFinalStateUnknown tombstone, then the containted inner object
+	// will already have gone through the transformer, but we document that
+	// this can happen. In cases involving Replace(), such an object can
+	// come through multiple times.
+	if f.transformer != nil {
+		var err error
+		obj, err = f.transformer(obj)
+		if err != nil {
+			return err
+		}
+	}
+
 	oldDeltas := f.items[id]
 	newDeltas := append(oldDeltas, Delta{actionType, obj})
 	newDeltas = dedupDeltas(newDeltas)
@@ -566,12 +610,11 @@ func (f *DeltaFIFO) Pop(process PopProcessFunc) (interface{}, error) {
 // using the Sync or Replace DeltaType and then (2) it does some deletions.
 // In particular: for every pre-existing key K that is not the key of
 // an object in `list` there is the effect of
-// `Delete(DeletedFinalStateUnknown{K, O})` where O is current object
-// of K.  If `f.knownObjects == nil` then the pre-existing keys are
-// those in `f.items` and the current object of K is the `.Newest()`
-// of the Deltas associated with K.  Otherwise the pre-existing keys
-// are those listed by `f.knownObjects` and the current object of K is
-// what `f.knownObjects.GetByKey(K)` returns.
+// `Delete(DeletedFinalStateUnknown{K, O})` where O is the latest known
+// object of K. The pre-existing keys are those in the union set of the keys in
+// `f.items` and `f.knownObjects` (if not nil). The last known object for key K is
+// the one present in the last delta in `f.items`. If there is no delta for K
+// in `f.items`, it is the object in `f.knownObjects`
 func (f *DeltaFIFO) Replace(list []interface{}, _ string) error {
 	f.lock.Lock()
 	defer f.lock.Unlock()
@@ -595,51 +638,23 @@ func (f *DeltaFIFO) Replace(list []interface{}, _ string) error {
 		}
 	}
 
-	if f.knownObjects == nil {
-		// Do deletion detection against our own list.
-		queuedDeletions := 0
-		for k, oldItem := range f.items {
-			if keys.Has(k) {
-				continue
-			}
-			// Delete pre-existing items not in the new list.
-			// This could happen if watch deletion event was missed while
-			// disconnected from apiserver.
-			var deletedObj interface{}
-			if n := oldItem.Newest(); n != nil {
-				deletedObj = n.Object
-			}
-			queuedDeletions++
-			if err := f.queueActionLocked(Deleted, DeletedFinalStateUnknown{k, deletedObj}); err != nil {
-				return err
-			}
-		}
-
-		if !f.populated {
-			f.populated = true
-			// While there shouldn't be any queued deletions in the initial
-			// population of the queue, it's better to be on the safe side.
-			f.initialPopulationCount = keys.Len() + queuedDeletions
-		}
-
-		return nil
-	}
-
-	// Detect deletions not already in the queue.
-	knownKeys := f.knownObjects.ListKeys()
+	// Do deletion detection against objects in the queue
 	queuedDeletions := 0
-	for _, k := range knownKeys {
+	for k, oldItem := range f.items {
 		if keys.Has(k) {
 			continue
 		}
-
-		deletedObj, exists, err := f.knownObjects.GetByKey(k)
-		if err != nil {
-			deletedObj = nil
-			klog.Errorf("Unexpected error %v during lookup of key %v, placing DeleteFinalStateUnknown marker without object", err, k)
-		} else if !exists {
-			deletedObj = nil
-			klog.Infof("Key %v does not exist in known objects store, placing DeleteFinalStateUnknown marker without object", k)
+		// Delete pre-existing items not in the new list.
+		// This could happen if watch deletion event was missed while
+		// disconnected from apiserver.
+		var deletedObj interface{}
+		if n := oldItem.Newest(); n != nil {
+			deletedObj = n.Object
+
+			// if the previous object is a DeletedFinalStateUnknown, we have to extract the actual Object
+			if d, ok := deletedObj.(DeletedFinalStateUnknown); ok {
+				deletedObj = d.Obj
+			}
 		}
 		queuedDeletions++
 		if err := f.queueActionLocked(Deleted, DeletedFinalStateUnknown{k, deletedObj}); err != nil {
@@ -647,6 +662,32 @@ func (f *DeltaFIFO) Replace(list []interface{}, _ string) error {
 		}
 	}
 
+	if f.knownObjects != nil {
+		// Detect deletions for objects not present in the queue, but present in KnownObjects
+		knownKeys := f.knownObjects.ListKeys()
+		for _, k := range knownKeys {
+			if keys.Has(k) {
+				continue
+			}
+			if len(f.items[k]) > 0 {
+				continue
+			}
+
+			deletedObj, exists, err := f.knownObjects.GetByKey(k)
+			if err != nil {
+				deletedObj = nil
+				klog.Errorf("Unexpected error %v during lookup of key %v, placing DeleteFinalStateUnknown marker without object", err, k)
+			} else if !exists {
+				deletedObj = nil
+				klog.Infof("Key %v does not exist in known objects store, placing DeleteFinalStateUnknown marker without object", k)
+			}
+			queuedDeletions++
+			if err := f.queueActionLocked(Deleted, DeletedFinalStateUnknown{k, deletedObj}); err != nil {
+				return err
+			}
+		}
+	}
+
 	if !f.populated {
 		f.populated = true
 		f.initialPopulationCount = keys.Len() + queuedDeletions
diff --git a/vendor/k8s.io/client-go/tools/cache/shared_informer.go b/vendor/k8s.io/client-go/tools/cache/shared_informer.go
index 9f42782d17..35ebd396cc 100644
--- a/vendor/k8s.io/client-go/tools/cache/shared_informer.go
+++ b/vendor/k8s.io/client-go/tools/cache/shared_informer.go
@@ -190,10 +190,7 @@ type SharedInformer interface {
 	//
 	// Must be set before starting the informer.
 	//
-	// Note: Since the object given to the handler may be already shared with
-	//	other goroutines, it is advisable to copy the object being
-	//  transform before mutating it at all and returning the copy to prevent
-	//	data races.
+	// Please see the comment on TransformFunc for more details.
 	SetTransform(handler TransformFunc) error
 }
 
@@ -404,6 +401,7 @@ func (s *sharedIndexInformer) Run(stopCh <-chan struct{}) {
 	fifo := NewDeltaFIFOWithOptions(DeltaFIFOOptions{
 		KnownObjects:          s.indexer,
 		EmitDeltaTypeReplaced: true,
+		Transformer:           s.transform,
 	})
 
 	cfg := &Config{
@@ -568,7 +566,7 @@ func (s *sharedIndexInformer) HandleDeltas(obj interface{}) error {
 	defer s.blockDeltas.Unlock()
 
 	if deltas, ok := obj.(Deltas); ok {
-		return processDeltas(s, s.indexer, s.transform, deltas)
+		return processDeltas(s, s.indexer, deltas)
 	}
 	return errors.New("object given as Process argument is not Deltas")
 }
diff --git a/vendor/k8s.io/cloud-provider/cloud.go b/vendor/k8s.io/cloud-provider/cloud.go
index 44c62ccc03..7e7bf9dfab 100644
--- a/vendor/k8s.io/cloud-provider/cloud.go
+++ b/vendor/k8s.io/cloud-provider/cloud.go
@@ -218,6 +218,11 @@ type Route struct {
 	Name string
 	// TargetNode is the NodeName of the target instance.
 	TargetNode types.NodeName
+	// EnableNodeAddresses is a feature gate for TargetNodeAddresses. If false, ignore TargetNodeAddresses.
+	// Without this, if users haven't updated their cloud-provider, reconcile() will delete and create same route every time.
+	EnableNodeAddresses bool
+	// TargetNodeAddresses are the Node IPs of the target Node.
+	TargetNodeAddresses []v1.NodeAddress
 	// DestinationCIDR is the CIDR format IP range that this routing rule
 	// applies to.
 	DestinationCIDR string
diff --git a/vendor/k8s.io/cloud-provider/controllers/route/route_controller.go b/vendor/k8s.io/cloud-provider/controllers/route/route_controller.go
index d70863a83f..53f945eff1 100644
--- a/vendor/k8s.io/cloud-provider/controllers/route/route_controller.go
+++ b/vendor/k8s.io/cloud-provider/controllers/route/route_controller.go
@@ -20,6 +20,7 @@ import (
 	"context"
 	"fmt"
 	"net"
+	"reflect"
 	"sync"
 	"time"
 
@@ -47,9 +48,9 @@ import (
 )
 
 const (
-	// Maximal number of concurrent CreateRoute API calls.
+	// Maximal number of concurrent route operation API calls.
 	// TODO: This should be per-provider.
-	maxConcurrentRouteCreations int = 200
+	maxConcurrentRouteOperations int = 200
 )
 
 var updateNetworkConditionBackoff = wait.Backoff{
@@ -140,22 +141,56 @@ func (rc *RouteController) reconcileNodeRoutes(ctx context.Context) error {
 	return rc.reconcile(ctx, nodes, routeList)
 }
 
+type routeAction string
+
+var (
+	keep   routeAction = "keep"
+	add    routeAction = "add"
+	remove routeAction = "remove"
+	update routeAction = "update"
+)
+
+type routeNode struct {
+	name            types.NodeName
+	addrs           []v1.NodeAddress
+	routes          []*cloudprovider.Route
+	cidrWithActions *map[string]routeAction
+}
+
 func (rc *RouteController) reconcile(ctx context.Context, nodes []*v1.Node, routes []*cloudprovider.Route) error {
 	var l sync.Mutex
-	// for each node a map of podCIDRs and their created status
-	nodeRoutesStatuses := make(map[types.NodeName]map[string]bool)
-	// routeMap maps routeTargetNode->route
-	routeMap := make(map[types.NodeName][]*cloudprovider.Route)
+	// routeMap includes info about a target Node and its addresses, routes and a map between Pod CIDRs and actions.
+	// If action is add/remove, the route will be added/removed.
+	// If action is keep, the route will not be touched.
+	// If action is update, the route will be deleted and then added.
+	routeMap := make(map[types.NodeName]routeNode)
+
+	// Put current routes into routeMap.
 	for _, route := range routes {
-		if route.TargetNode != "" {
-			routeMap[route.TargetNode] = append(routeMap[route.TargetNode], route)
+		if route.TargetNode == "" {
+			continue
 		}
+		rn, ok := routeMap[route.TargetNode]
+		if !ok {
+			rn = routeNode{
+				name:            route.TargetNode,
+				addrs:           []v1.NodeAddress{},
+				routes:          []*cloudprovider.Route{},
+				cidrWithActions: &map[string]routeAction{},
+			}
+		} else if rn.routes == nil {
+			rn.routes = []*cloudprovider.Route{}
+		}
+		rn.routes = append(rn.routes, route)
+		routeMap[route.TargetNode] = rn
 	}
 
 	wg := sync.WaitGroup{}
-	rateLimiter := make(chan struct{}, maxConcurrentRouteCreations)
+	rateLimiter := make(chan struct{}, maxConcurrentRouteOperations)
 	// searches existing routes by node for a matching route
 
+	// Check Nodes and their Pod CIDRs. Then put expected route actions into nodePodCIDRActionMap.
+	// Add addresses of Nodes into routeMap.
 	for _, node := range nodes {
 		// Skip if the node hasn't been assigned a CIDR yet.
 		if len(node.Spec.PodCIDRs) == 0 {
@@ -163,26 +198,101 @@ func (rc *RouteController) reconcile(ctx context.Context, nodes []*v1.Node, rout
 		}
 		nodeName := types.NodeName(node.Name)
 		l.Lock()
-		nodeRoutesStatuses[nodeName] = make(map[string]bool)
+		rn, ok := routeMap[nodeName]
+		if !ok {
+			rn = routeNode{
+				name:            nodeName,
+				addrs:           []v1.NodeAddress{},
+				routes:          []*cloudprovider.Route{},
+				cidrWithActions: &map[string]routeAction{},
+			}
+		}
+		rn.addrs = node.Status.Addresses
+		routeMap[nodeName] = rn
 		l.Unlock()
 		// for every node, for every cidr
 		for _, podCIDR := range node.Spec.PodCIDRs {
-			// we add it to our nodeCIDRs map here because add and delete go routines run at the same time
+			// we add it to our nodeCIDRs map here because if we don't consider Node addresses change,
+			// add and delete go routines run simultaneously.
 			l.Lock()
-			nodeRoutesStatuses[nodeName][podCIDR] = false
+			action := getRouteAction(rn.routes, podCIDR, nodeName, node.Status.Addresses)
+			(*routeMap[nodeName].cidrWithActions)[podCIDR] = action
 			l.Unlock()
-			// ignore if already created
-			if hasRoute(routeMap, nodeName, podCIDR) {
-				l.Lock()
-				nodeRoutesStatuses[nodeName][podCIDR] = true // a route for this podCIDR is already created
-				l.Unlock()
+			klog.Infof("action for Node %q with CIDR %q: %q", nodeName, podCIDR, action)
+		}
+	}
+
+	// searches our bag of node -> cidrs for a match
+	// If the action doesn't exist, action is remove or update, then the route should be deleted.
+	shouldDeleteRoute := func(nodeName types.NodeName, cidr string) bool {
+		l.Lock()
+		defer l.Unlock()
+
+		cidrWithActions := routeMap[nodeName].cidrWithActions
+		if cidrWithActions == nil {
+			return true
+		}
+		action, exist := (*cidrWithActions)[cidr]
+		if !exist || action == remove || action == update {
+			klog.Infof("route should be deleted, spec: exist: %v, action: %q, Node %q, CIDR %q", exist, action, nodeName, cidr)
+			return true
+		}
+		return false
+	}
+
+	// remove routes that are not in use or need to be updated.
+	for _, route := range routes {
+		if !rc.isResponsibleForRoute(route) {
+			continue
+		}
+		// Check if this route is a blackhole, or applies to a node we know about & CIDR status is created.
+		if route.Blackhole || shouldDeleteRoute(route.TargetNode, route.DestinationCIDR) {
+			wg.Add(1)
+			// Delete the route.
+			go func(route *cloudprovider.Route, startTime time.Time) {
+				defer wg.Done()
+				// respect the rate limiter
+				rateLimiter <- struct{}{}
+				klog.Infof("Deleting route %s %s", route.Name, route.DestinationCIDR)
+				if err := rc.routes.DeleteRoute(ctx, rc.clusterName, route); err != nil {
+					klog.Errorf("Could not delete route %s %s after %v: %v", route.Name, route.DestinationCIDR, time.Since(startTime), err)
+				} else {
+					klog.Infof("Deleted route %s %s after %v", route.Name, route.DestinationCIDR, time.Since(startTime))
+				}
+				<-rateLimiter
+			}(route, time.Now())
+		}
+	}
+	// https://github.com/kubernetes/kubernetes/issues/98359
+	// When routesUpdated is true, Route addition and deletion cannot run simultaneously because if action is update,
+	// the same route may be added and deleted.
+	if len(routes) != 0 && routes[0].EnableNodeAddresses {
+		wg.Wait()
+	}
+
+	// Now create new routes or update existing ones.
+	for _, node := range nodes {
+		// Skip if the node hasn't been assigned a CIDR yet.
+		if len(node.Spec.PodCIDRs) == 0 {
+			continue
+		}
+		nodeName := types.NodeName(node.Name)
+
+		// for every node, for every cidr
+		for _, podCIDR := range node.Spec.PodCIDRs {
+			l.Lock()
+			action := (*routeMap[nodeName].cidrWithActions)[podCIDR]
+			l.Unlock()
+			if action == keep || action == remove {
 				continue
 			}
 			// if we are here, then a route needs to be created for this node
 			route := &cloudprovider.Route{
-				TargetNode:      nodeName,
-				DestinationCIDR: podCIDR,
+				TargetNode:          nodeName,
+				TargetNodeAddresses: node.Status.Addresses,
+				DestinationCIDR:     podCIDR,
 			}
+			klog.Infof("route spec to be created: %v", route)
 			// cloud providers that:
 			// - depend on nameHint
 			// - trying to support dual stack
@@ -193,7 +303,7 @@ func (rc *RouteController) reconcile(ctx context.Context, nodes []*v1.Node, rout
 				defer wg.Done()
 				err := clientretry.RetryOnConflict(updateNetworkConditionBackoff, func() error {
 					startTime := time.Now()
-					// Ensure that we don't have more than maxConcurrentRouteCreations
+					// Ensure that we don't have more than maxConcurrentRouteOperations
 					// CreateRoute calls in flight.
 					rateLimiter <- struct{}{}
 					klog.Infof("Creating route for node %s %s with hint %s, throttled %v", nodeName, route.DestinationCIDR, nameHint, time.Since(startTime))
@@ -214,7 +324,8 @@ func (rc *RouteController) reconcile(ctx context.Context, nodes []*v1.Node, rout
 						}
 					}
 					l.Lock()
-					nodeRoutesStatuses[nodeName][route.DestinationCIDR] = true
+					// Mark the route action as done (keep)
+					(*routeMap[nodeName].cidrWithActions)[route.DestinationCIDR] = keep
 					l.Unlock()
 					klog.Infof("Created route for node %s %s with hint %s after %v", nodeName, route.DestinationCIDR, nameHint, time.Since(startTime))
 					return nil
@@ -225,64 +336,32 @@ func (rc *RouteController) reconcile(ctx context.Context, nodes []*v1.Node, rout
 			}(nodeName, nameHint, route)
 		}
 	}
-
-	// searches our bag of node->cidrs for a match
-	nodeHasCidr := func(nodeName types.NodeName, cidr string) bool {
-		l.Lock()
-		defer l.Unlock()
-
-		nodeRoutes := nodeRoutesStatuses[nodeName]
-		if nodeRoutes == nil {
-			return false
-		}
-		_, exist := nodeRoutes[cidr]
-		return exist
-	}
-	// delete routes that are not in use
-	for _, route := range routes {
-		if rc.isResponsibleForRoute(route) {
-			// Check if this route is a blackhole, or applies to a node we know about & has an incorrect CIDR.
-			if route.Blackhole || !nodeHasCidr(route.TargetNode, route.DestinationCIDR) {
-				wg.Add(1)
-				// Delete the route.
-				go func(route *cloudprovider.Route, startTime time.Time) {
-					defer wg.Done()
-					// respect the rate limiter
-					rateLimiter <- struct{}{}
-					klog.Infof("Deleting route %s %s", route.Name, route.DestinationCIDR)
-					if err := rc.routes.DeleteRoute(ctx, rc.clusterName, route); err != nil {
-						klog.Errorf("Could not delete route %s %s after %v: %v", route.Name, route.DestinationCIDR, time.Since(startTime), err)
-					} else {
-						klog.Infof("Deleted route %s %s after %v", route.Name, route.DestinationCIDR, time.Since(startTime))
-					}
-					<-rateLimiter
-				}(route, time.Now())
-			}
-		}
-	}
 	wg.Wait()
 
-	// after all routes have been created (or not), we start updating
+	// after all route actions have been done (or not), we start updating
 	// all nodes' statuses with the outcome
 	for _, node := range nodes {
-		wg.Add(1)
-		nodeRoutes := nodeRoutesStatuses[types.NodeName(node.Name)]
-		allRoutesCreated := true
+		actions := routeMap[types.NodeName(node.Name)].cidrWithActions
+		if actions == nil {
+			continue
+		}
 
-		if len(nodeRoutes) == 0 {
+		wg.Add(1)
+		if len(*actions) == 0 {
 			go func(n *v1.Node) {
 				defer wg.Done()
 				klog.Infof("node %v has no routes assigned to it. NodeNetworkUnavailable will be set to true", n.Name)
 				if err := rc.updateNetworkingCondition(n, false); err != nil {
-					klog.Errorf("failed to update networking condition when no nodeRoutes: %v", err)
+					klog.Errorf("failed to update networking condition when no actions: %v", err)
 				}
 			}(node)
 			continue
 		}
 
-		// check if all routes were created. if so, then it should be ready
-		for _, created := range nodeRoutes {
-			if !created {
+		// check if all route actions were done. if so, then it should be ready
+		allRoutesCreated := true
+		for _, action := range *actions {
+			if action == add || action == update {
 				allRoutesCreated = false
 				break
 			}
@@ -370,14 +449,35 @@ func (rc *RouteController) isResponsibleForRoute(route *cloudprovider.Route) boo
 	return false
 }
 
-// checks if a node owns a route with a specific cidr
-func hasRoute(rm map[types.NodeName][]*cloudprovider.Route, nodeName types.NodeName, cidr string) bool {
-	if routes, ok := rm[nodeName]; ok {
-		for _, route := range routes {
-			if route.DestinationCIDR == cidr {
-				return true
+// getRouteAction returns an action according to if there's a route matches a specific cidr and target Node addresses.
+func getRouteAction(routes []*cloudprovider.Route, cidr string, nodeName types.NodeName, realNodeAddrs []v1.NodeAddress) routeAction {
+	for _, route := range routes {
+		if route.DestinationCIDR == cidr {
+			if !route.EnableNodeAddresses || equalNodeAddrs(realNodeAddrs, route.TargetNodeAddresses) {
+				return keep
 			}
+			klog.Infof("Node addresses have changed from %v to %v", route.TargetNodeAddresses, realNodeAddrs)
+			return update
 		}
 	}
-	return false
+	return add
+}
+
+func equalNodeAddrs(addrs0 []v1.NodeAddress, addrs1 []v1.NodeAddress) bool {
+	if len(addrs0) != len(addrs1) {
+		return false
+	}
+	for _, ip0 := range addrs0 {
+		found := false
+		for _, ip1 := range addrs1 {
+			if reflect.DeepEqual(ip0, ip1) {
+				found = true
+				break
+			}
+		}
+		if !found {
+			return false
+		}
+	}
+	return true
 }
diff --git a/vendor/k8s.io/controller-manager/app/serve.go b/vendor/k8s.io/controller-manager/app/serve.go
index 0f6364b59e..2a99efbdda 100644
--- a/vendor/k8s.io/controller-manager/app/serve.go
+++ b/vendor/k8s.io/controller-manager/app/serve.go
@@ -44,7 +44,7 @@ func BuildHandlerChain(apiHandler http.Handler, authorizationInfo *apiserver.Aut
 		handler = genericapifilters.WithAuthorization(apiHandler, authorizationInfo.Authorizer, scheme.Codecs)
 	}
 	if authenticationInfo != nil {
-		handler = genericapifilters.WithAuthentication(handler, authenticationInfo.Authenticator, failedHandler, nil)
+		handler = genericapifilters.WithAuthentication(handler, authenticationInfo.Authenticator, failedHandler, nil, nil)
 	}
 	handler = genericapifilters.WithRequestInfo(handler, requestInfoResolver)
 	handler = genericapifilters.WithCacheControl(handler)
diff --git a/vendor/k8s.io/kubernetes/cmd/kube-scheduler/app/server.go b/vendor/k8s.io/kubernetes/cmd/kube-scheduler/app/server.go
index dbf85c3774..477723a269 100644
--- a/vendor/k8s.io/kubernetes/cmd/kube-scheduler/app/server.go
+++ b/vendor/k8s.io/kubernetes/cmd/kube-scheduler/app/server.go
@@ -253,7 +253,7 @@ func buildHandlerChain(handler http.Handler, authn authenticator.Request, authz
 	failedHandler := genericapifilters.Unauthorized(scheme.Codecs)
 
 	handler = genericapifilters.WithAuthorization(handler, authz, scheme.Codecs)
-	handler = genericapifilters.WithAuthentication(handler, authn, failedHandler, nil)
+	handler = genericapifilters.WithAuthentication(handler, authn, failedHandler, nil, nil)
 	handler = genericapifilters.WithRequestInfo(handler, requestInfoResolver)
 	handler = genericapifilters.WithCacheControl(handler)
 	handler = genericfilters.WithHTTPLogging(handler, nil)
diff --git a/vendor/k8s.io/kubernetes/pkg/apis/core/types.go b/vendor/k8s.io/kubernetes/pkg/apis/core/types.go
index 693f183a08..493671dde6 100644
--- a/vendor/k8s.io/kubernetes/pkg/apis/core/types.go
+++ b/vendor/k8s.io/kubernetes/pkg/apis/core/types.go
@@ -2012,7 +2012,8 @@ type SecretEnvSource struct {
 
 // HTTPHeader describes a custom header to be used in HTTP probes
 type HTTPHeader struct {
-	// The header field name
+	// The header field name.
+	// This will be canonicalized upon output, so case-variant names will be understood as the same header.
 	Name string
 	// The header field value
 	Value string
diff --git a/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go b/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go
index da23aa5b6c..44b3f32fdf 100644
--- a/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go
+++ b/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go
@@ -18207,7 +18207,7 @@ func schema_k8sio_api_core_v1_HTTPHeader(ref common.ReferenceCallback) common.Op
 				Properties: map[string]spec.Schema{
 					"name": {
 						SchemaProps: spec.SchemaProps{
-							Description: "The header field name",
+							Description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.",
 							Default:     "",
 							Type:        []string{"string"},
 							Format:      "",
diff --git a/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/authentication.go b/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/authentication.go
index bde2778b93..65908b57a1 100644
--- a/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/authentication.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/authentication.go
@@ -238,6 +238,10 @@ func (o *BuiltInAuthenticationOptions) Validate() []error {
 		}
 	}
 
+	if o.RequestHeader != nil {
+		allErrors = append(allErrors, o.RequestHeader.Validate()...)
+	}
+
 	return allErrors
 }
 
@@ -473,6 +477,7 @@ func (o *BuiltInAuthenticationOptions) ApplyTo(authInfo *genericapiserver.Authen
 		}
 	}
 
+	authInfo.RequestHeaderConfig = authenticatorConfig.RequestHeaderConfig
 	authInfo.APIAudiences = o.APIAudiences
 	if o.ServiceAccounts != nil && len(o.ServiceAccounts.Issuers) != 0 && len(o.APIAudiences) == 0 {
 		authInfo.APIAudiences = authenticator.Audiences(o.ServiceAccounts.Issuers)
diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go b/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go
index 7b0283d93e..5f0d4e102a 100644
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/cm/devicemanager/manager.go
@@ -536,15 +536,29 @@ func (m *ManagerImpl) devicesToAllocate(podUID, contName, resource string, requi
 			return nil, fmt.Errorf("pod %q container %q changed request for resource %q from %d to %d", string(podUID), contName, resource, devices.Len(), required)
 		}
 	}
+
+	klog.V(3).InfoS("Need devices to allocate for pod", "deviceNumber", needed, "resourceName", resource, "podUID", string(podUID), "containerName", contName)
+	healthyDevices, hasRegistered := m.healthyDevices[resource]
+
+	// Check if resource registered with devicemanager
+	if !hasRegistered {
+		return nil, fmt.Errorf("cannot allocate unregistered device %s", resource)
+	}
+
+	// Check if registered resource has healthy devices
+	if healthyDevices.Len() == 0 {
+		return nil, fmt.Errorf("no healthy devices present; cannot allocate unhealthy devices %s", resource)
+	}
+
+	// Check if all the previously allocated devices are healthy
+	if !healthyDevices.IsSuperset(devices) {
+		return nil, fmt.Errorf("previously allocated devices are no longer healthy; cannot allocate unhealthy devices %s", resource)
+	}
+
 	if needed == 0 {
 		// No change, no work.
 		return nil, nil
 	}
-	klog.V(3).InfoS("Need devices to allocate for pod", "deviceNumber", needed, "resourceName", resource, "podUID", string(podUID), "containerName", contName)
-	// Check if resource registered with devicemanager
-	if _, ok := m.healthyDevices[resource]; !ok {
-		return nil, fmt.Errorf("can't allocate unregistered device %s", resource)
-	}
 
 	// Declare the list of allocated devices.
 	// This will be populated and returned below.
diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_getters.go b/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_getters.go
index 1d393abd9d..8fff402e1e 100644
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_getters.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/kubelet_getters.go
@@ -176,11 +176,14 @@ func (kl *Kubelet) GetPods() []*v1.Pod {
 	pods := kl.podManager.GetPods()
 	// a kubelet running without apiserver requires an additional
 	// update of the static pod status. See #57106
-	for _, p := range pods {
+	for i, p := range pods {
 		if kubelettypes.IsStaticPod(p) {
 			if status, ok := kl.statusManager.GetPodStatus(p.UID); ok {
 				klog.V(2).InfoS("Pod status updated", "pod", klog.KObj(p), "status", status.Phase)
+				// do not mutate the cache
+				p = p.DeepCopy()
 				p.Status = status
+				pods[i] = p
 			}
 		}
 	}
diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go b/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go
index 9343b78335..14ed0dd3bf 100644
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/helpers.go
@@ -210,32 +210,36 @@ func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus) *kubecontainer.Runtim
 	return &kubecontainer.RuntimeStatus{Conditions: conditions}
 }
 
-func fieldProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) string {
+func fieldProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) (string, error) {
 	if scmp == nil {
 		if fallbackToRuntimeDefault {
-			return v1.SeccompProfileRuntimeDefault
+			return v1.SeccompProfileRuntimeDefault, nil
 		}
-		return ""
+		return "", nil
 	}
 	if scmp.Type == v1.SeccompProfileTypeRuntimeDefault {
-		return v1.SeccompProfileRuntimeDefault
+		return v1.SeccompProfileRuntimeDefault, nil
 	}
-	if scmp.Type == v1.SeccompProfileTypeLocalhost && scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 {
-		fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile)
-		return v1.SeccompLocalhostProfileNamePrefix + fname
+	if scmp.Type == v1.SeccompProfileTypeLocalhost {
+		if scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 {
+			fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile)
+			return v1.SeccompLocalhostProfileNamePrefix + fname, nil
+		} else {
+			return "", fmt.Errorf("localhostProfile must be set if seccompProfile type is Localhost.")
+		}
 	}
 	if scmp.Type == v1.SeccompProfileTypeUnconfined {
-		return v1.SeccompProfileNameUnconfined
+		return v1.SeccompProfileNameUnconfined, nil
 	}
 
 	if fallbackToRuntimeDefault {
-		return v1.SeccompProfileRuntimeDefault
+		return v1.SeccompProfileRuntimeDefault, nil
 	}
-	return ""
+	return "", nil
 }
 
 func (m *kubeGenericRuntimeManager) getSeccompProfilePath(annotations map[string]string, containerName string,
-	podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) string {
+	podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) (string, error) {
 	// container fields are applied first
 	if containerSecContext != nil && containerSecContext.SeccompProfile != nil {
 		return fieldProfile(containerSecContext.SeccompProfile, m.seccompProfileRoot, fallbackToRuntimeDefault)
@@ -247,42 +251,46 @@ func (m *kubeGenericRuntimeManager) getSeccompProfilePath(annotations map[string
 	}
 
 	if fallbackToRuntimeDefault {
-		return v1.SeccompProfileRuntimeDefault
+		return v1.SeccompProfileRuntimeDefault, nil
 	}
 
-	return ""
+	return "", nil
 }
 
-func fieldSeccompProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) *runtimeapi.SecurityProfile {
+func fieldSeccompProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) (*runtimeapi.SecurityProfile, error) {
 	if scmp == nil {
 		if fallbackToRuntimeDefault {
 			return &runtimeapi.SecurityProfile{
 				ProfileType: runtimeapi.SecurityProfile_RuntimeDefault,
-			}
+			}, nil
 		}
 		return &runtimeapi.SecurityProfile{
 			ProfileType: runtimeapi.SecurityProfile_Unconfined,
-		}
+		}, nil
 	}
 	if scmp.Type == v1.SeccompProfileTypeRuntimeDefault {
 		return &runtimeapi.SecurityProfile{
 			ProfileType: runtimeapi.SecurityProfile_RuntimeDefault,
-		}
+		}, nil
 	}
-	if scmp.Type == v1.SeccompProfileTypeLocalhost && scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 {
-		fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile)
-		return &runtimeapi.SecurityProfile{
-			ProfileType:  runtimeapi.SecurityProfile_Localhost,
-			LocalhostRef: fname,
+	if scmp.Type == v1.SeccompProfileTypeLocalhost {
+		if scmp.LocalhostProfile != nil && len(*scmp.LocalhostProfile) > 0 {
+			fname := filepath.Join(profileRootPath, *scmp.LocalhostProfile)
+			return &runtimeapi.SecurityProfile{
+				ProfileType:  runtimeapi.SecurityProfile_Localhost,
+				LocalhostRef: fname,
+			}, nil
+		} else {
+			return nil, fmt.Errorf("localhostProfile must be set if seccompProfile type is Localhost.")
 		}
 	}
 	return &runtimeapi.SecurityProfile{
 		ProfileType: runtimeapi.SecurityProfile_Unconfined,
-	}
+	}, nil
 }
 
 func (m *kubeGenericRuntimeManager) getSeccompProfile(annotations map[string]string, containerName string,
-	podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) *runtimeapi.SecurityProfile {
+	podSecContext *v1.PodSecurityContext, containerSecContext *v1.SecurityContext, fallbackToRuntimeDefault bool) (*runtimeapi.SecurityProfile, error) {
 	// container fields are applied first
 	if containerSecContext != nil && containerSecContext.SeccompProfile != nil {
 		return fieldSeccompProfile(containerSecContext.SeccompProfile, m.seccompProfileRoot, fallbackToRuntimeDefault)
@@ -296,10 +304,10 @@ func (m *kubeGenericRuntimeManager) getSeccompProfile(annotations map[string]str
 	if fallbackToRuntimeDefault {
 		return &runtimeapi.SecurityProfile{
 			ProfileType: runtimeapi.SecurityProfile_RuntimeDefault,
-		}
+		}, nil
 	}
 
 	return &runtimeapi.SecurityProfile{
 		ProfileType: runtimeapi.SecurityProfile_Unconfined,
-	}
+	}, nil
 }
diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go b/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go
index 5e6f05b4e1..d933a71042 100644
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/security_context.go
@@ -37,9 +37,16 @@ func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *v1.Po
 
 	// TODO: Deprecated, remove after we switch to Seccomp field
 	// set SeccompProfilePath.
-	synthesized.SeccompProfilePath = m.getSeccompProfilePath(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault)
+	var err error
+	synthesized.SeccompProfilePath, err = m.getSeccompProfilePath(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault)
+	if err != nil {
+		return nil, err
+	}
 
-	synthesized.Seccomp = m.getSeccompProfile(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault)
+	synthesized.Seccomp, err = m.getSeccompProfile(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault)
+	if err != nil {
+		return nil, err
+	}
 
 	// set ApparmorProfile.
 	synthesized.ApparmorProfile = apparmor.GetProfileNameFromPodAnnotations(pod.Annotations, container.Name)
diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/prober/prober.go b/vendor/k8s.io/kubernetes/pkg/kubelet/prober/prober.go
index ee757a3fb1..83d877b64b 100644
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/prober/prober.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/prober/prober.go
@@ -145,7 +145,7 @@ func (pb *prober) runProbeWithRetries(probeType probeType, p *v1.Probe, pod *v1.
 func buildHeader(headerList []v1.HTTPHeader) http.Header {
 	headers := make(http.Header)
 	for _, header := range headerList {
-		headers[header.Name] = append(headers[header.Name], header.Value)
+		headers.Add(header.Name, header.Value)
 	}
 	return headers
 }
diff --git a/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/pods.go b/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/pods.go
index f85fbde45d..d7ee78280e 100644
--- a/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/pods.go
+++ b/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/pods.go
@@ -321,6 +321,11 @@ func podMatchesScopeFunc(selector corev1.ScopedResourceSelectorRequirement, obje
 	case corev1.ResourceQuotaScopeNotBestEffort:
 		return !isBestEffort(pod), nil
 	case corev1.ResourceQuotaScopePriorityClass:
+		if selector.Operator == corev1.ScopeSelectorOpExists {
+			// This is just checking for existence of a priorityClass on the pod,
+			// no need to take the overhead of selector parsing/evaluation.
+			return len(pod.Spec.PriorityClassName) != 0, nil
+		}
 		return podMatchesSelector(pod, selector)
 	case corev1.ResourceQuotaScopeCrossNamespacePodAffinity:
 		return usesCrossNamespacePodAffinity(pod), nil
diff --git a/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/storage.go b/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/storage.go
index db21b59da4..1e00819e88 100644
--- a/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/storage.go
+++ b/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/storage.go
@@ -162,6 +162,7 @@ func (r *BindingREST) Destroy() {
 }
 
 var _ = rest.NamedCreater(&BindingREST{})
+var _ = rest.SubresourceObjectMetaPreserver(&BindingREST{})
 
 // Create ensures a pod is bound to a specific host.
 func (r *BindingREST) Create(ctx context.Context, name string, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (out runtime.Object, err error) {
@@ -190,6 +191,13 @@ func (r *BindingREST) Create(ctx context.Context, name string, obj runtime.Objec
 	return
 }
 
+// PreserveRequestObjectMetaSystemFieldsOnSubresourceCreate indicates to a
+// handler that this endpoint requires the UID and ResourceVersion to use as
+// preconditions. Other fields, such as timestamp, are ignored.
+func (r *BindingREST) PreserveRequestObjectMetaSystemFieldsOnSubresourceCreate() bool {
+	return true
+}
+
 // setPodHostAndAnnotations sets the given pod's host to 'machine' if and only if
 // the pod is unassigned and merges the provided annotations with those of the pod.
 // Returns the current state of the pod, or an error.
diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go
index 1da789c863..30e89024c6 100644
--- a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go
+++ b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/preemption/preemption.go
@@ -343,6 +343,7 @@ func (ev *Evaluator) prepareCandidate(ctx context.Context, c Candidate, pod *v1.
 		// Otherwise we should delete the victim.
 		if waitingPod := fh.GetWaitingPod(victim.UID); waitingPod != nil {
 			waitingPod.Reject(pluginName, "preempted")
+			klog.V(2).InfoS("Preemptor pod rejected a waiting pod", "preemptor", klog.KObj(pod), "waitingPod", klog.KObj(victim), "node", c.Name())
 		} else {
 			if feature.DefaultFeatureGate.Enabled(features.PodDisruptionConditions) {
 				condition := &v1.PodCondition{
@@ -363,7 +364,9 @@ func (ev *Evaluator) prepareCandidate(ctx context.Context, c Candidate, pod *v1.
 				klog.ErrorS(err, "Preempting pod", "pod", klog.KObj(victim), "preemptor", klog.KObj(pod))
 				return framework.AsStatus(err)
 			}
+			klog.V(2).InfoS("Preemptor Pod preempted victim Pod", "preemptor", klog.KObj(pod), "victim", klog.KObj(victim), "node", c.Name())
 		}
+
 		fh.EventRecorder().Eventf(victim, pod, v1.EventTypeNormal, "Preempted", "Preempting", "Preempted by a pod on node %v", c.Name())
 	}
 	metrics.PreemptionVictims.Observe(float64(len(c.Victims().Pods)))
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/awsebs/aws_ebs.go b/vendor/k8s.io/kubernetes/pkg/volume/awsebs/aws_ebs.go
index c50e8e0363..8b9b490552 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/awsebs/aws_ebs.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/awsebs/aws_ebs.go
@@ -426,7 +426,7 @@ func (b *awsElasticBlockStoreMounter) SetUpAt(dir string, mounterArgs volume.Mou
 	}
 
 	if !b.readOnly {
-		volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil))
+		volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil))
 	}
 
 	klog.V(4).Infof("Successfully mounted %s", dir)
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/azuredd/azure_mounter.go b/vendor/k8s.io/kubernetes/pkg/volume/azuredd/azure_mounter.go
index 0fe6eec523..789e751685 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/azuredd/azure_mounter.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/azuredd/azure_mounter.go
@@ -160,7 +160,7 @@ func (m *azureDiskMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs) e
 	}
 
 	if volumeSource.ReadOnly == nil || !*volumeSource.ReadOnly {
-		volume.SetVolumeOwnership(m, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(m.plugin, m.spec))
+		volume.SetVolumeOwnership(m, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(m.plugin, m.spec))
 	}
 
 	klog.V(2).Infof("azureDisk - successfully mounted disk %s on %s", diskName, dir)
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/cinder/cinder.go b/vendor/k8s.io/kubernetes/pkg/volume/cinder/cinder.go
index ef422e24c5..3478f1992c 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/cinder/cinder.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/cinder/cinder.go
@@ -446,7 +446,7 @@ func (b *cinderVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs
 	}
 
 	if !b.readOnly {
-		volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil))
+		volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil))
 	}
 	klog.V(3).Infof("Cinder volume %s mounted to %s", b.pdName, dir)
 
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go b/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go
index 8aca9bc231..11d358f759 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/configmap/configmap.go
@@ -253,7 +253,7 @@ func (b *configMapVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterA
 		return err
 	}
 
-	err = volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil))
+	err = volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil))
 	if err != nil {
 		klog.Errorf("Error applying volume ownership settings for group: %v", mounterArgs.FsGroup)
 		return err
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go
index 57fbcb7e9c..97a0c7027b 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_attacher.go
@@ -595,14 +595,13 @@ func (c *csiAttacher) UnmountDevice(deviceMountPath string) error {
 		driverName = data[volDataKey.driverName]
 		volID = data[volDataKey.volHandle]
 	} else {
-		klog.Error(log("UnmountDevice failed to load volume data file [%s]: %v", dataDir, err))
-
-		// The volume might have been mounted by old CSI volume plugin. Fall back to the old behavior: read PV from API server
-		driverName, volID, err = getDriverAndVolNameFromDeviceMountPath(c.k8s, deviceMountPath)
-		if err != nil {
-			klog.Errorf(log("attacher.UnmountDevice failed to get driver and volume name from device mount path: %v", err))
-			return err
+		if errors.Is(err, os.ErrNotExist) {
+			klog.V(4).Info(log("attacher.UnmountDevice skipped because volume data file [%s] does not exist", dataDir))
+			return nil
 		}
+
+		klog.Errorf(log("attacher.UnmountDevice failed to get driver and volume name from device mount path: %v", err))
+		return err
 	}
 
 	if c.csiClient == nil {
@@ -682,36 +681,6 @@ func makeDeviceMountPath(plugin *csiPlugin, spec *volume.Spec) (string, error) {
 	return filepath.Join(plugin.host.GetPluginDir(plugin.GetPluginName()), driver, volSha, globalMountInGlobalPath), nil
 }
 
-func getDriverAndVolNameFromDeviceMountPath(k8s kubernetes.Interface, deviceMountPath string) (string, string, error) {
-	// deviceMountPath structure: /var/lib/kubelet/plugins/kubernetes.io/csi/pv/{pvname}/globalmount
-	dir := filepath.Dir(deviceMountPath)
-	if file := filepath.Base(deviceMountPath); file != globalMountInGlobalPath {
-		return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath failed, path did not end in %s", globalMountInGlobalPath))
-	}
-	// dir is now /var/lib/kubelet/plugins/kubernetes.io/csi/pv/{pvname}
-	pvName := filepath.Base(dir)
-
-	// Get PV and check for errors
-	pv, err := k8s.CoreV1().PersistentVolumes().Get(context.TODO(), pvName, metav1.GetOptions{})
-	if err != nil {
-		return "", "", err
-	}
-	if pv == nil || pv.Spec.CSI == nil {
-		return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath could not find CSI Persistent Volume Source for pv: %s", pvName))
-	}
-
-	// Get VolumeHandle and PluginName from pv
-	csiSource := pv.Spec.CSI
-	if csiSource.Driver == "" {
-		return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath failed, driver name empty"))
-	}
-	if csiSource.VolumeHandle == "" {
-		return "", "", errors.New(log("getDriverAndVolNameFromDeviceMountPath failed, VolumeHandle empty"))
-	}
-
-	return csiSource.Driver, csiSource.VolumeHandle, nil
-}
-
 func verifyAttachmentStatus(attachment *storage.VolumeAttachment, volumeHandle string) (bool, error) {
 	// when we received a deleted event during attachment, fail fast
 	if attachment == nil {
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go
index 4b9f05ca0b..b72866e6f6 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_mounter.go
@@ -321,7 +321,7 @@ func (c *csiMountMgr) SetUpAt(dir string, mounterArgs volume.MounterArgs) error
 		// Driver doesn't support applying FSGroup. Kubelet must apply it instead.
 
 		// fullPluginName helps to distinguish different driver from csi plugin
-		err := volume.SetVolumeOwnership(c, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(c.plugin, c.spec))
+		err := volume.SetVolumeOwnership(c, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(c.plugin, c.spec))
 		if err != nil {
 			// At this point mount operation is successful:
 			//   1. Since volume can not be used by the pod because of invalid permissions, we must return error
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go
index ee2bdc193b..bb4d799ff3 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/csi/csi_util.go
@@ -79,7 +79,7 @@ func loadVolumeData(dir string, fileName string) (map[string]string, error) {
 
 	file, err := os.Open(dataFileName)
 	if err != nil {
-		return nil, errors.New(log("failed to open volume data file [%s]: %v", dataFileName, err))
+		return nil, fmt.Errorf("%s: %w", log("failed to open volume data file [%s]", dataFileName), err)
 	}
 	defer file.Close()
 	data := map[string]string{}
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go b/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go
index 714254c5c7..cdef6dadaf 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/downwardapi/downwardapi.go
@@ -224,7 +224,7 @@ func (b *downwardAPIVolumeMounter) SetUpAt(dir string, mounterArgs volume.Mounte
 		return err
 	}
 
-	err = volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil))
+	err = volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil))
 	if err != nil {
 		klog.Errorf("Error applying volume ownership settings for group: %v", mounterArgs.FsGroup)
 		return err
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go b/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go
index 6370902d0e..6a5a4e3a57 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/emptydir/empty_dir.go
@@ -278,7 +278,7 @@ func (ed *emptyDir) SetUpAt(dir string, mounterArgs volume.MounterArgs) error {
 		err = fmt.Errorf("unknown storage medium %q", ed.medium)
 	}
 
-	volume.SetVolumeOwnership(ed, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(ed.plugin, nil))
+	volume.SetVolumeOwnership(ed, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(ed.plugin, nil))
 
 	// If setting up the quota fails, just log a message but don't actually error out.
 	// We'll use the old du mechanism in this case, at least until we support
@@ -300,11 +300,11 @@ func (ed *emptyDir) assignQuota(dir string, mounterSize *resource.Quantity) erro
 			klog.V(3).Infof("Unable to check for quota support on %s: %s", dir, err.Error())
 		} else if hasQuotas {
 			klog.V(4).Infof("emptydir trying to assign quota %v on %s", mounterSize, dir)
-			err := fsquota.AssignQuota(ed.mounter, dir, ed.pod.UID, mounterSize)
-			if err != nil {
+			if err := fsquota.AssignQuota(ed.mounter, dir, ed.pod.UID, mounterSize); err != nil {
 				klog.V(3).Infof("Set quota on %s failed %s", dir, err.Error())
+				return err
 			}
-			return err
+			return nil
 		}
 	}
 	return nil
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go b/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go
index bb054ea166..02e15c4f85 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/fc/disk_manager.go
@@ -91,7 +91,7 @@ func diskSetUp(manager diskManager, b fcDiskMounter, volPath string, mounter mou
 	}
 
 	if !b.readOnly {
-		volume.SetVolumeOwnership(&b, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil))
+		volume.SetVolumeOwnership(&b, volPath, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil))
 	}
 
 	return nil
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go b/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go
index 8098cfdb66..3821af7e92 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/flexvolume/mounter.go
@@ -95,7 +95,7 @@ func (f *flexVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs)
 	if !f.readOnly {
 		if f.plugin.capabilities.FSGroup {
 			// fullPluginName helps to distinguish different driver from flex volume plugin
-			volume.SetVolumeOwnership(f, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(f.plugin, f.spec))
+			volume.SetVolumeOwnership(f, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(f.plugin, f.spec))
 		}
 	}
 
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go b/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go
index cb33c1e3dd..52f820962a 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/gcepd/gce_pd.go
@@ -428,7 +428,7 @@ func (b *gcePersistentDiskMounter) SetUpAt(dir string, mounterArgs volume.Mounte
 
 	klog.V(4).Infof("mount of disk %s succeeded", dir)
 	if !b.readOnly {
-		if err := volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)); err != nil {
+		if err := volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)); err != nil {
 			klog.Errorf("SetVolumeOwnership returns error %v", err)
 		}
 	}
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go b/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go
index 76dafd7c83..0c0029abc3 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/git_repo/git_repo.go
@@ -233,7 +233,7 @@ func (b *gitRepoVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArg
 		return fmt.Errorf("failed to exec 'git reset --hard': %s: %v", output, err)
 	}
 
-	volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil))
+	volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil))
 
 	volumeutil.SetReady(b.getMetaDir())
 	return nil
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go b/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go
index 6d60e44efa..6aa8652bd6 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/iscsi/disk_manager.go
@@ -96,7 +96,7 @@ func diskSetUp(manager diskManager, b iscsiDiskMounter, volPath string, mounter
 	}
 
 	if !b.readOnly {
-		volume.SetVolumeOwnership(&b, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil))
+		volume.SetVolumeOwnership(&b, volPath, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil))
 	}
 
 	return nil
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/local/local.go b/vendor/k8s.io/kubernetes/pkg/volume/local/local.go
index ab2af54c2e..6347d7202f 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/local/local.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/local/local.go
@@ -613,7 +613,7 @@ func (m *localVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs)
 	if !m.readOnly {
 		// Volume owner will be written only once on the first volume mount
 		if len(refs) == 0 {
-			return volume.SetVolumeOwnership(m, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(m.plugin, nil))
+			return volume.SetVolumeOwnership(m, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(m.plugin, nil))
 		}
 	}
 	return nil
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go b/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go
index 417929b780..327ce2f872 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/portworx/portworx.go
@@ -333,7 +333,7 @@ func (b *portworxVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterAr
 		return err
 	}
 	if !b.readOnly {
-		volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil))
+		volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil))
 	}
 	klog.Infof("Portworx Volume %s setup at %s", b.volumeID, dir)
 	return nil
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go b/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go
index ecbe408098..ceb5cd12c8 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/projected/projected.go
@@ -234,7 +234,7 @@ func (s *projectedVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterA
 		return err
 	}
 
-	err = volume.SetVolumeOwnership(s, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(s.plugin, nil))
+	err = volume.SetVolumeOwnership(s, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(s.plugin, nil))
 	if err != nil {
 		klog.Errorf("Error applying volume ownership settings for group: %v", mounterArgs.FsGroup)
 		return err
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go b/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go
index edff33540f..2131c7eced 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/rbd/disk_manager.go
@@ -96,7 +96,7 @@ func diskSetUp(manager diskManager, b rbdMounter, volPath string, mounter mount.
 	klog.V(3).Infof("rbd: successfully bind mount %s to %s with options %v", globalPDPath, volPath, mountOptions)
 
 	if !b.ReadOnly {
-		volume.SetVolumeOwnership(&b, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil))
+		volume.SetVolumeOwnership(&b, volPath, fsGroup, fsGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil))
 	}
 
 	return nil
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go b/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go
index a8a2d633b5..13d3b2ff27 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/secret/secret.go
@@ -248,7 +248,7 @@ func (b *secretVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs
 		return err
 	}
 
-	err = volume.SetVolumeOwnership(b, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil))
+	err = volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil))
 	if err != nil {
 		klog.Errorf("Error applying volume ownership settings for group: %v", mounterArgs.FsGroup)
 		return err
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common.go b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common.go
new file mode 100644
index 0000000000..4259442076
--- /dev/null
+++ b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common.go
@@ -0,0 +1,28 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package common
+
+// QuotaID is generic quota identifier.
+// Data type based on quotactl(2).
+type QuotaID int32
+
+const (
+	// UnknownQuotaID -- cannot determine whether a quota is in force
+	UnknownQuotaID QuotaID = -1
+	// BadQuotaID -- Invalid quota
+	BadQuotaID QuotaID = 0
+)
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common.go b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common_linux.go
similarity index 92%
rename from vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common.go
rename to vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common_linux.go
index 8275a7f1c8..77f845837b 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common_linux.go
@@ -23,17 +23,6 @@ import (
 	"regexp"
 )
 
-// QuotaID is generic quota identifier.
-// Data type based on quotactl(2).
-type QuotaID int32
-
-const (
-	// UnknownQuotaID -- cannot determine whether a quota is in force
-	UnknownQuotaID QuotaID = -1
-	// BadQuotaID -- Invalid quota
-	BadQuotaID QuotaID = 0
-)
-
 // QuotaType -- type of quota to be applied
 type QuotaType int
 
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common_impl.go b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common_linux_impl.go
similarity index 100%
rename from vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common_impl.go
rename to vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_common_linux_impl.go
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/project.go b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/project.go
index 3861f99059..8ebc006874 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/project.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/project.go
@@ -164,6 +164,9 @@ func readProjectFiles(projects *os.File, projid *os.File) projectsList {
 	return projectsList{parseProjFile(projects, parseProject), parseProjFile(projid, parseProjid)}
 }
 
+// findAvailableQuota finds the next available quota from the FirstQuota
+// it returns error if QuotaIDIsInUse returns error when getting quota id in use;
+// it searches at most maxUnusedQuotasToSearch(128) time
 func findAvailableQuota(path string, idMap map[common.QuotaID]bool) (common.QuotaID, error) {
 	unusedQuotasSearched := 0
 	for id := common.FirstQuota; true; id++ {
@@ -187,13 +190,13 @@ func addDirToProject(path string, id common.QuotaID, list *projectsList) (common
 	idMap := make(map[common.QuotaID]bool)
 	for _, project := range list.projects {
 		if project.data == path {
-			if id != project.id {
+			if id != common.BadQuotaID && id != project.id {
 				return common.BadQuotaID, false, fmt.Errorf("attempt to reassign project ID for %s", path)
 			}
 			// Trying to reassign a directory to the project it's
 			// already in.  Maybe this should be an error, but for
 			// now treat it as an idempotent operation
-			return id, false, nil
+			return project.id, false, nil
 		}
 		idMap[project.id] = true
 	}
@@ -318,6 +321,7 @@ func writeProjectFiles(fProjects *os.File, fProjid *os.File, writeProjid bool, l
 	return fmt.Errorf("unable to write project files: %v", err)
 }
 
+// if ID is common.BadQuotaID, generate new project id if the dir is not in a project
 func createProjectID(path string, ID common.QuotaID) (common.QuotaID, error) {
 	quotaIDLock.Lock()
 	defer quotaIDLock.Unlock()
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota.go b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota.go
index fbd29fba73..eb0048d371 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota.go
@@ -23,10 +23,15 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	"k8s.io/kubernetes/pkg/features"
+	"k8s.io/kubernetes/pkg/volume/util/fsquota/common"
 )
 
 // Interface -- quota interface
 type Interface interface {
+	// GetQuotaOnDir gets the quota ID (if any) that applies to
+	// this directory
+	GetQuotaOnDir(m mount.Interface, path string) (common.QuotaID, error)
+
 	// Does the path provided support quotas, and if so, what types
 	SupportsQuotas(m mount.Interface, path string) (bool, error)
 	// Assign a quota (picked by the quota mechanism) to a path,
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_linux.go b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_linux.go
index 85784204aa..240cc356ee 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_linux.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_linux.go
@@ -35,6 +35,9 @@ import (
 	"k8s.io/kubernetes/pkg/volume/util/fsquota/common"
 )
 
+// Pod -> External Pod UID
+var podUidMap = make(map[types.UID]types.UID)
+
 // Pod -> ID
 var podQuotaMap = make(map[types.UID]common.QuotaID)
 
@@ -214,7 +217,7 @@ func setQuotaOnDir(path string, id common.QuotaID, bytes int64) error {
 	return getApplier(path).SetQuotaOnDir(path, id, bytes)
 }
 
-func getQuotaOnDir(m mount.Interface, path string) (common.QuotaID, error) {
+func GetQuotaOnDir(m mount.Interface, path string) (common.QuotaID, error) {
 	_, _, err := getFSInfo(m, path)
 	if err != nil {
 		return common.BadQuotaID, err
@@ -235,7 +238,7 @@ func clearQuotaOnDir(m mount.Interface, path string) error {
 	if !supportsQuotas {
 		return nil
 	}
-	projid, err := getQuotaOnDir(m, path)
+	projid, err := GetQuotaOnDir(m, path)
 	if err == nil && projid != common.BadQuotaID {
 		// This means that we have a quota on the directory but
 		// we can't clear it.  That's not good.
@@ -304,7 +307,7 @@ func SupportsQuotas(m mount.Interface, path string) (bool, error) {
 // AssignQuota chooses the quota ID based on the pod UID and path.
 // If the pod UID is identical to another one known, it may (but presently
 // doesn't) choose the same quota ID as other volumes in the pod.
-func AssignQuota(m mount.Interface, path string, poduid types.UID, bytes *resource.Quantity) error { //nolint:staticcheck // SA4009 poduid is overwritten by design, see comment below
+func AssignQuota(m mount.Interface, path string, poduid types.UID, bytes *resource.Quantity) error { //nolint:staticcheck
 	if bytes == nil {
 		return fmt.Errorf("attempting to assign null quota to %s", path)
 	}
@@ -314,20 +317,32 @@ func AssignQuota(m mount.Interface, path string, poduid types.UID, bytes *resour
 	}
 	quotaLock.Lock()
 	defer quotaLock.Unlock()
-	// Current policy is to set individual quotas on each volumes.
+	// Current policy is to set individual quotas on each volume,
+	// for each new volume we generate a random UUID and we use that as
+	// the internal pod uid.
+	// From fsquota point of view each volume is attached to a
+	// single unique pod.
 	// If we decide later that we want to assign one quota for all
-	// volumes in a pod, we can simply remove this line of code.
+	// volumes in a pod, we can simply use poduid parameter directly
 	// If and when we decide permanently that we're going to adopt
 	// one quota per volume, we can rip all of the pod code out.
-	poduid = types.UID(uuid.NewUUID()) //nolint:staticcheck // SA4009 poduid is overwritten by design, see comment above
-	if pod, ok := dirPodMap[path]; ok && pod != poduid {
-		return fmt.Errorf("requesting quota on existing directory %s but different pod %s %s", path, pod, poduid)
+	externalPodUid := poduid
+	internalPodUid, ok := dirPodMap[path]
+	if ok {
+		if podUidMap[internalPodUid] != externalPodUid {
+			return fmt.Errorf("requesting quota on existing directory %s but different pod %s %s", path, podUidMap[internalPodUid], externalPodUid)
+		}
+	} else {
+		internalPodUid = types.UID(uuid.NewUUID())
 	}
-	oid, ok := podQuotaMap[poduid]
+	oid, ok := podQuotaMap[internalPodUid]
 	if ok {
 		if quotaSizeMap[oid] != ibytes {
 			return fmt.Errorf("requesting quota of different size: old %v new %v", quotaSizeMap[oid], bytes)
 		}
+		if _, ok := dirPodMap[path]; ok {
+			return nil
+		}
 	} else {
 		oid = common.BadQuotaID
 	}
@@ -342,12 +357,13 @@ func AssignQuota(m mount.Interface, path string, poduid types.UID, bytes *resour
 			ibytes = -1
 		}
 		if err = setQuotaOnDir(path, id, ibytes); err == nil {
-			quotaPodMap[id] = poduid
+			quotaPodMap[id] = internalPodUid
 			quotaSizeMap[id] = ibytes
-			podQuotaMap[poduid] = id
+			podQuotaMap[internalPodUid] = id
 			dirQuotaMap[path] = id
-			dirPodMap[path] = poduid
-			podDirCountMap[poduid]++
+			dirPodMap[path] = internalPodUid
+			podUidMap[internalPodUid] = externalPodUid
+			podDirCountMap[internalPodUid]++
 			klog.V(4).Infof("Assigning quota ID %d (%d) to %s", id, ibytes, path)
 			return nil
 		}
@@ -415,7 +431,7 @@ func ClearQuota(m mount.Interface, path string) error {
 	if !ok {
 		return fmt.Errorf("clearQuota: No quota available for %s", path)
 	}
-	projid, err := getQuotaOnDir(m, path)
+	projid, err := GetQuotaOnDir(m, path)
 	if err != nil {
 		// Log-and-continue instead of returning an error for now
 		// due to unspecified backwards compatibility concerns (a subject to revise)
@@ -436,6 +452,7 @@ func ClearQuota(m mount.Interface, path string) error {
 		delete(quotaPodMap, podQuotaMap[poduid])
 		delete(podDirCountMap, poduid)
 		delete(podQuotaMap, poduid)
+		delete(podUidMap, poduid)
 	} else {
 		err = removeProjectID(path, projid)
 		podDirCountMap[poduid]--
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_unsupported.go b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_unsupported.go
index 8579f53893..c5b89a6970 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_unsupported.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_unsupported.go
@@ -22,6 +22,7 @@ package fsquota
 import (
 	"errors"
 
+	"k8s.io/kubernetes/pkg/volume/util/fsquota/common"
 	"k8s.io/mount-utils"
 
 	"k8s.io/apimachinery/pkg/api/resource"
@@ -33,6 +34,10 @@ import (
 
 var errNotImplemented = errors.New("not implemented")
 
+func GetQuotaOnDir(_ mount.Interface, _ string) (common.QuotaID, error) {
+	return common.BadQuotaID, errNotImplemented
+}
+
 // SupportsQuotas -- dummy implementation
 func SupportsQuotas(_ mount.Interface, _ string) (bool, error) {
 	return false, errNotImplemented
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go b/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go
index 57c0281502..ec7f6da4bf 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go
@@ -40,22 +40,22 @@ const (
 // SetVolumeOwnership modifies the given volume to be owned by
 // fsGroup, and sets SetGid so that newly created files are owned by
 // fsGroup. If fsGroup is nil nothing is done.
-func SetVolumeOwnership(mounter Mounter, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error {
+func SetVolumeOwnership(mounter Mounter, dir string, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error {
 	if fsGroup == nil {
 		return nil
 	}
 
 	timer := time.AfterFunc(30*time.Second, func() {
-		klog.Warningf("Setting volume ownership for %s and fsGroup set. If the volume has a lot of files then setting volume ownership could be slow, see https://github.com/kubernetes/kubernetes/issues/69699", mounter.GetPath())
+		klog.Warningf("Setting volume ownership for %s and fsGroup set. If the volume has a lot of files then setting volume ownership could be slow, see https://github.com/kubernetes/kubernetes/issues/69699", dir)
 	})
 	defer timer.Stop()
 
-	if skipPermissionChange(mounter, fsGroup, fsGroupChangePolicy) {
-		klog.V(3).InfoS("Skipping permission and ownership change for volume", "path", mounter.GetPath())
+	if skipPermissionChange(mounter, dir, fsGroup, fsGroupChangePolicy) {
+		klog.V(3).InfoS("Skipping permission and ownership change for volume", "path", dir)
 		return nil
 	}
 
-	err := walkDeep(mounter.GetPath(), func(path string, info os.FileInfo, err error) error {
+	err := walkDeep(dir, func(path string, info os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}
@@ -104,14 +104,12 @@ func changeFilePermission(filename string, fsGroup *int64, readonly bool, info o
 	return nil
 }
 
-func skipPermissionChange(mounter Mounter, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy) bool {
-	dir := mounter.GetPath()
-
+func skipPermissionChange(mounter Mounter, dir string, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy) bool {
 	if fsGroupChangePolicy == nil || *fsGroupChangePolicy != v1.FSGroupChangeOnRootMismatch {
 		klog.V(4).InfoS("Perform recursive ownership change for directory", "path", dir)
 		return false
 	}
-	return !requiresPermissionChange(mounter.GetPath(), fsGroup, mounter.GetAttributes().ReadOnly)
+	return !requiresPermissionChange(dir, fsGroup, mounter.GetAttributes().ReadOnly)
 }
 
 func requiresPermissionChange(rootDir string, fsGroup *int64, readonly bool) bool {
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go b/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go
index 20c56d4b63..3b5a200a61 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go
@@ -24,6 +24,6 @@ import (
 	"k8s.io/kubernetes/pkg/volume/util/types"
 )
 
-func SetVolumeOwnership(mounter Mounter, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error {
+func SetVolumeOwnership(mounter Mounter, dir string, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error {
 	return nil
 }
diff --git a/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go b/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go
index 1507269037..c0a095a6fb 100644
--- a/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/vsphere_volume/vsphere_volume.go
@@ -275,7 +275,7 @@ func (b *vsphereVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArg
 		os.Remove(dir)
 		return err
 	}
-	volume.SetVolumeOwnership(b, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil))
+	volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil))
 	klog.V(3).Infof("vSphere volume %s mounted to %s", b.volPath, dir)
 
 	return nil
diff --git a/vendor/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go b/vendor/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go
index f3f9a98c3a..5a3bb73889 100644
--- a/vendor/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go
+++ b/vendor/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go
@@ -116,13 +116,13 @@ func (t *TokenAuthenticator) AuthenticateToken(ctx context.Context, token string
 
 	ts := bootstrapsecretutil.GetData(secret, bootstrapapi.BootstrapTokenSecretKey)
 	if subtle.ConstantTimeCompare([]byte(ts), []byte(tokenSecret)) != 1 {
-		tokenErrorf(secret, "has invalid value for key %s, expected %s.", bootstrapapi.BootstrapTokenSecretKey, tokenSecret)
+		tokenErrorf(secret, "has invalid value for key %s.", bootstrapapi.BootstrapTokenSecretKey)
 		return nil, false, nil
 	}
 
 	id := bootstrapsecretutil.GetData(secret, bootstrapapi.BootstrapTokenIDKey)
 	if id != tokenID {
-		tokenErrorf(secret, "has invalid value for key %s, expected %s.", bootstrapapi.BootstrapTokenIDKey, tokenID)
+		tokenErrorf(secret, "has invalid value for key %s.", bootstrapapi.BootstrapTokenIDKey)
 		return nil, false, nil
 	}
 
diff --git a/vendor/modules.txt b/vendor/modules.txt
index b6df50bb92..123eae00c9 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -576,8 +576,8 @@ github.com/mxk/go-flowrate/flowrate
 # github.com/opencontainers/go-digest v1.0.0
 ## explicit; go 1.13
 github.com/opencontainers/go-digest
-# github.com/opencontainers/runc v1.1.3
-## explicit; go 1.16
+# github.com/opencontainers/runc v1.1.6
+## explicit; go 1.17
 github.com/opencontainers/runc/libcontainer
 github.com/opencontainers/runc/libcontainer/apparmor
 github.com/opencontainers/runc/libcontainer/capabilities
@@ -863,7 +863,7 @@ github.com/openshift/client-go/user/informers/externalversions/internalinterface
 github.com/openshift/client-go/user/informers/externalversions/user
 github.com/openshift/client-go/user/informers/externalversions/user/v1
 github.com/openshift/client-go/user/listers/user/v1
-# github.com/openshift/cluster-policy-controller v0.0.0-20230227104154-139ac0499ac4
+# github.com/openshift/cluster-policy-controller v0.0.0-20230525171858-9aaf6fea45f7
 ## explicit; go 1.19
 github.com/openshift/cluster-policy-controller/pkg/client/genericinformers
 github.com/openshift/cluster-policy-controller/pkg/cmd/cluster-policy-controller
@@ -1274,12 +1274,12 @@ golang.org/x/crypto/pbkdf2
 golang.org/x/crypto/pkcs12
 golang.org/x/crypto/pkcs12/internal/rc2
 golang.org/x/crypto/salsa20/salsa
-# golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4
+# golang.org/x/mod v0.8.0
 ## explicit; go 1.17
 golang.org/x/mod/internal/lazyregexp
 golang.org/x/mod/module
 golang.org/x/mod/semver
-# golang.org/x/net v0.7.0 => golang.org/x/net v0.7.0
+# golang.org/x/net v0.8.0 => golang.org/x/net v0.8.0
 ## explicit; go 1.17
 golang.org/x/net/bpf
 golang.org/x/net/context
@@ -1308,10 +1308,10 @@ golang.org/x/oauth2/google/internal/externalaccount
 golang.org/x/oauth2/internal
 golang.org/x/oauth2/jws
 golang.org/x/oauth2/jwt
-# golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
+# golang.org/x/sync v0.1.0
 ## explicit
 golang.org/x/sync/singleflight
-# golang.org/x/sys v0.5.0
+# golang.org/x/sys v0.6.0
 ## explicit; go 1.17
 golang.org/x/sys/cpu
 golang.org/x/sys/execabs
@@ -1321,10 +1321,10 @@ golang.org/x/sys/unix
 golang.org/x/sys/windows
 golang.org/x/sys/windows/registry
 golang.org/x/sys/windows/svc
-# golang.org/x/term v0.5.0
+# golang.org/x/term v0.6.0
 ## explicit; go 1.17
 golang.org/x/term
-# golang.org/x/text v0.7.0
+# golang.org/x/text v0.8.0
 ## explicit; go 1.17
 golang.org/x/text/encoding
 golang.org/x/text/encoding/internal
@@ -1340,7 +1340,7 @@ golang.org/x/text/width
 # golang.org/x/time v0.0.0-20220210224613-90d013bbcef8
 ## explicit
 golang.org/x/time/rate
-# golang.org/x/tools v0.1.12
+# golang.org/x/tools v0.6.0
 ## explicit; go 1.18
 golang.org/x/tools/container/intsets
 golang.org/x/tools/go/ast/astutil
@@ -1546,7 +1546,7 @@ gopkg.in/yaml.v2
 # gopkg.in/yaml.v3 v3.0.1
 ## explicit
 gopkg.in/yaml.v3
-# k8s.io/api v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/api v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/api/admission/v1
 k8s.io/api/admission/v1beta1
@@ -1597,7 +1597,7 @@ k8s.io/api/scheduling/v1beta1
 k8s.io/api/storage/v1
 k8s.io/api/storage/v1alpha1
 k8s.io/api/storage/v1beta1
-# k8s.io/apiextensions-apiserver v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/apiextensions-apiserver v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/apiextensions-apiserver/pkg/apihelpers
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions
@@ -1643,7 +1643,7 @@ k8s.io/apiextensions-apiserver/pkg/registry/customresource
 k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor
 k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition
 k8s.io/apiextensions-apiserver/third_party/forked/celopenapi/model
-# k8s.io/apimachinery v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/apimachinery v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/apimachinery/pkg/api/equality
 k8s.io/apimachinery/pkg/api/errors
@@ -1707,7 +1707,7 @@ k8s.io/apimachinery/pkg/watch
 k8s.io/apimachinery/third_party/forked/golang/json
 k8s.io/apimachinery/third_party/forked/golang/netutil
 k8s.io/apimachinery/third_party/forked/golang/reflect
-# k8s.io/apiserver v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/apiserver v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/apiserver/pkg/admission
 k8s.io/apiserver/pkg/admission/configuration
@@ -1853,12 +1853,12 @@ k8s.io/apiserver/plugin/pkg/audit/webhook
 k8s.io/apiserver/plugin/pkg/authenticator/token/oidc
 k8s.io/apiserver/plugin/pkg/authenticator/token/webhook
 k8s.io/apiserver/plugin/pkg/authorizer/webhook
-# k8s.io/cli-runtime v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/cli-runtime v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/cli-runtime/pkg/genericclioptions
 k8s.io/cli-runtime/pkg/printers
 k8s.io/cli-runtime/pkg/resource
-# k8s.io/client-go v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/client-go v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/client-go/applyconfigurations/admissionregistration/v1
 k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1
@@ -2170,7 +2170,7 @@ k8s.io/client-go/util/jsonpath
 k8s.io/client-go/util/keyutil
 k8s.io/client-go/util/retry
 k8s.io/client-go/util/workqueue
-# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/cloud-provider
 k8s.io/cloud-provider/api
@@ -2190,14 +2190,14 @@ k8s.io/cloud-provider/service/helpers
 k8s.io/cloud-provider/volume
 k8s.io/cloud-provider/volume/errors
 k8s.io/cloud-provider/volume/helpers
-# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/cluster-bootstrap/token/api
 k8s.io/cluster-bootstrap/token/jws
 k8s.io/cluster-bootstrap/token/util
 k8s.io/cluster-bootstrap/util/secrets
 k8s.io/cluster-bootstrap/util/tokens
-# k8s.io/component-base v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/component-base v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/component-base/cli
 k8s.io/component-base/cli/flag
@@ -2240,7 +2240,7 @@ k8s.io/component-helpers/scheduling/corev1
 k8s.io/component-helpers/scheduling/corev1/nodeaffinity
 k8s.io/component-helpers/storage/ephemeral
 k8s.io/component-helpers/storage/volume
-# k8s.io/controller-manager v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/controller-manager v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/controller-manager/app
 k8s.io/controller-manager/config
@@ -2257,13 +2257,13 @@ k8s.io/controller-manager/pkg/informerfactory
 k8s.io/controller-manager/pkg/leadermigration
 k8s.io/controller-manager/pkg/leadermigration/config
 k8s.io/controller-manager/pkg/leadermigration/options
-# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/cri-api/pkg/apis
 k8s.io/cri-api/pkg/apis/runtime/v1
 k8s.io/cri-api/pkg/apis/runtime/v1alpha2
 k8s.io/cri-api/pkg/errors
-# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/csi-translation-lib
 k8s.io/csi-translation-lib/plugins
@@ -2283,7 +2283,7 @@ k8s.io/klog/v2/internal/clock
 k8s.io/klog/v2/internal/dbg
 k8s.io/klog/v2/internal/serialize
 k8s.io/klog/v2/internal/severity
-# k8s.io/kube-aggregator v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/kube-aggregator v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/kube-aggregator/pkg/apis/apiregistration
 k8s.io/kube-aggregator/pkg/apis/apiregistration/install
@@ -2314,7 +2314,7 @@ k8s.io/kube-aggregator/pkg/controllers/status
 k8s.io/kube-aggregator/pkg/registry/apiservice
 k8s.io/kube-aggregator/pkg/registry/apiservice/etcd
 k8s.io/kube-aggregator/pkg/registry/apiservice/rest
-# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/kube-controller-manager/config/v1alpha1
 # k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea => k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1
@@ -2345,13 +2345,13 @@ k8s.io/kube-openapi/pkg/validation/spec
 k8s.io/kube-openapi/pkg/validation/strfmt
 k8s.io/kube-openapi/pkg/validation/strfmt/bson
 k8s.io/kube-openapi/pkg/validation/validate
-# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/kube-scheduler/config/v1
 k8s.io/kube-scheduler/config/v1beta2
 k8s.io/kube-scheduler/config/v1beta3
 k8s.io/kube-scheduler/extender/v1
-# k8s.io/kubectl v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/kubectl v0.25.2 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/kubectl/pkg/apps
 k8s.io/kubectl/pkg/cmd/apiresources
@@ -2387,7 +2387,7 @@ k8s.io/kubectl/pkg/util/storage
 k8s.io/kubectl/pkg/util/templates
 k8s.io/kubectl/pkg/util/term
 k8s.io/kubectl/pkg/validation
-# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/kubelet/config/v1alpha1
 k8s.io/kubelet/config/v1beta1
@@ -2401,7 +2401,7 @@ k8s.io/kubelet/pkg/apis/pluginregistration/v1
 k8s.io/kubelet/pkg/apis/podresources/v1
 k8s.io/kubelet/pkg/apis/podresources/v1alpha1
 k8s.io/kubelet/pkg/apis/stats/v1alpha1
-# k8s.io/kubernetes v1.25.2 => github.com/openshift/kubernetes v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/kubernetes v1.25.2 => github.com/openshift/kubernetes v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/kubernetes/cmd/kube-apiserver/app
 k8s.io/kubernetes/cmd/kube-apiserver/app/options
@@ -3155,7 +3155,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph
 k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear
 k8s.io/kubernetes/third_party/forked/gonum/graph/simple
 k8s.io/kubernetes/third_party/forked/gonum/graph/traverse
-# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/legacy-cloud-providers/aws
 k8s.io/legacy-cloud-providers/azure
@@ -3199,7 +3199,7 @@ k8s.io/legacy-cloud-providers/openstack
 k8s.io/legacy-cloud-providers/vsphere
 k8s.io/legacy-cloud-providers/vsphere/vclib
 k8s.io/legacy-cloud-providers/vsphere/vclib/diskmanagers
-# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/metrics/pkg/apis/custom_metrics
 k8s.io/metrics/pkg/apis/custom_metrics/v1beta1
@@ -3214,10 +3214,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1
 k8s.io/metrics/pkg/client/custom_metrics
 k8s.io/metrics/pkg/client/custom_metrics/scheme
 k8s.io/metrics/pkg/client/external_metrics
-# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/mount-utils
-# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230526022022-3fe29064317f
 ## explicit; go 1.19
 k8s.io/pod-security-admission/admission
 k8s.io/pod-security-admission/admission/api
@@ -3250,7 +3250,7 @@ k8s.io/utils/pointer
 k8s.io/utils/strings
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35
+# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.37
 ## explicit; go 1.17
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics
@@ -3397,39 +3397,39 @@ sigs.k8s.io/yaml
 # go.etcd.io/etcd/v3 => github.com/openshift/etcd/v3 v3.5.1-0.20220707134052-31b6b2d9b4d7
 # golang.org/x/crypto => golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
 # golang.org/x/exp => golang.org/x/exp v0.0.0-20210220032938-85be41e4509f
-# golang.org/x/net => golang.org/x/net v0.7.0
+# golang.org/x/net => golang.org/x/net v0.8.0
 # gonum.org/v1/netlib => gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e
 # gopkg.in/square/go-jose.v2 => gopkg.in/square/go-jose.v2 v2.2.2
 # gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.4.0
-# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230526022022-3fe29064317f
+# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230526022022-3fe29064317f
+# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230526022022-3fe29064317f
+# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230526022022-3fe29064317f
+# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230526022022-3fe29064317f
+# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230526022022-3fe29064317f
+# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230526022022-3fe29064317f
+# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230526022022-3fe29064317f
+# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230526022022-3fe29064317f
+# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230526022022-3fe29064317f
 # k8s.io/component-helpers => k8s.io/component-helpers v0.25.0
-# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230526022022-3fe29064317f
+# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230526022022-3fe29064317f
+# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230526022022-3fe29064317f
 # k8s.io/klog/v2 => k8s.io/klog/v2 v2.70.1
-# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230526022022-3fe29064317f
+# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230526022022-3fe29064317f
 # k8s.io/kube-openapi => k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1
-# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230419005830-37a9a084bcb4
-# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230419005830-37a9a084bcb4
+# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230526022022-3fe29064317f
+# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230526022022-3fe29064317f
+# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230526022022-3fe29064317f
+# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230526022022-3fe29064317f
+# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230526022022-3fe29064317f
+# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230526022022-3fe29064317f
+# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230526022022-3fe29064317f
+# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230526022022-3fe29064317f
+# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230526022022-3fe29064317f
+# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230526022022-3fe29064317f
+# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230526022022-3fe29064317f
+# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230526022022-3fe29064317f
 # sigs.k8s.io/json => sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2
 # sigs.k8s.io/yaml => sigs.k8s.io/yaml v1.2.0
diff --git a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go
index cb186cefc2..d9c151e983 100644
--- a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go
+++ b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go
@@ -118,6 +118,8 @@ func (cm *connectionManager) closeAll() {
 // grpcTunnel implements Tunnel
 type grpcTunnel struct {
 	stream      client.ProxyService_ProxyClient
+	sendLock    sync.Mutex
+	recvLock    sync.Mutex
 	clientConn  clientConn
 	pendingDial pendingDialManager
 	conns       connectionManager
@@ -243,20 +245,17 @@ func (t *grpcTunnel) serve(tunnelCtx context.Context) {
 	}()
 
 	for {
-		pkt, err := t.stream.Recv()
+		pkt, err := t.Recv()
 		if err == io.EOF {
 			return
 		}
-		const segment = commonmetrics.SegmentToClient
 		isClosing := t.isClosing()
 		if err != nil || pkt == nil {
 			if !isClosing {
 				klog.ErrorS(err, "stream read failure")
 			}
-			metrics.Metrics.ObserveStreamErrorNoPacket(segment, err)
 			return
 		}
-		metrics.Metrics.ObservePacket(segment, pkt.Type)
 		if isClosing {
 			return
 		}
@@ -335,11 +334,23 @@ func (t *grpcTunnel) serve(tunnelCtx context.Context) {
 
 		case client.PacketType_DATA:
 			resp := pkt.GetData()
+			if resp.ConnectID == 0 {
+				klog.ErrorS(nil, "Received packet missing ConnectID", "packetType", "DATA")
+				continue
+			}
 			// TODO: flow control
 			conn, ok := t.conns.get(resp.ConnectID)
 
 			if !ok {
-				klog.V(1).InfoS("Connection not recognized", "connectionID", resp.ConnectID)
+				klog.ErrorS(nil, "Connection not recognized", "connectionID", resp.ConnectID, "packetType", "DATA")
+				t.Send(&client.Packet{
+					Type: client.PacketType_CLOSE_REQ,
+					Payload: &client.Packet_CloseRequest{
+						CloseRequest: &client.CloseRequest{
+							ConnectID: resp.ConnectID,
+						},
+					},
+				})
 				continue
 			}
 			timer := time.NewTimer((time.Duration)(t.readTimeoutSeconds) * time.Second)
@@ -358,7 +369,7 @@ func (t *grpcTunnel) serve(tunnelCtx context.Context) {
 			conn, ok := t.conns.get(resp.ConnectID)
 
 			if !ok {
-				klog.V(1).InfoS("Connection not recognized", "connectionID", resp.ConnectID)
+				klog.V(1).InfoS("Connection not recognized", "connectionID", resp.ConnectID, "packetType", "CLOSE_RSP")
 				continue
 			}
 			close(conn.readCh)
@@ -418,18 +429,15 @@ func (t *grpcTunnel) dialContext(requestCtx context.Context, protocol, address s
 	}
 	klog.V(5).InfoS("[tracing] send packet", "type", req.Type)
 
-	const segment = commonmetrics.SegmentFromClient
-	metrics.Metrics.ObservePacket(segment, req.Type)
-	err := t.stream.Send(req)
+	err := t.Send(req)
 	if err != nil {
-		metrics.Metrics.ObserveStreamError(segment, err, req.Type)
 		return nil, err
 	}
 
 	klog.V(5).Infoln("DIAL_REQ sent to proxy server")
 
 	c := &conn{
-		stream:      t.stream,
+		tunnel:      t,
 		random:      random,
 		closeTunnel: t.closeTunnel,
 	}
@@ -473,10 +481,7 @@ func (t *grpcTunnel) closeDial(dialID int64) {
 			},
 		},
 	}
-	const segment = commonmetrics.SegmentFromClient
-	metrics.Metrics.ObservePacket(segment, req.Type)
-	if err := t.stream.Send(req); err != nil {
-		metrics.Metrics.ObserveStreamError(segment, err, req.Type)
+	if err := t.Send(req); err != nil {
 		klog.V(5).InfoS("Failed to send DIAL_CLS", "err", err, "dialID", dialID)
 	}
 	t.closeTunnel()
@@ -491,6 +496,35 @@ func (t *grpcTunnel) isClosing() bool {
 	return atomic.LoadUint32(&t.closing) != 0
 }
 
+func (t *grpcTunnel) Send(pkt *client.Packet) error {
+	t.sendLock.Lock()
+	defer t.sendLock.Unlock()
+
+	const segment = commonmetrics.SegmentFromClient
+	metrics.Metrics.ObservePacket(segment, pkt.Type)
+	err := t.stream.Send(pkt)
+	if err != nil && err != io.EOF {
+		metrics.Metrics.ObserveStreamError(segment, err, pkt.Type)
+	}
+	return err
+}
+
+func (t *grpcTunnel) Recv() (*client.Packet, error) {
+	t.recvLock.Lock()
+	defer t.recvLock.Unlock()
+
+	const segment = commonmetrics.SegmentToClient
+	pkt, err := t.stream.Recv()
+	if err != nil {
+		if err != io.EOF {
+			metrics.Metrics.ObserveStreamErrorNoPacket(segment, err)
+		}
+		return nil, err
+	}
+	metrics.Metrics.ObservePacket(segment, pkt.Type)
+	return pkt, nil
+}
+
 func GetDialFailureReason(err error) (isDialFailure bool, reason metrics.DialFailureReason) {
 	var df *dialFailure
 	if errors.As(err, &df) {
diff --git a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go
index 14384a62cb..f4d3f78865 100644
--- a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go
+++ b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go
@@ -24,8 +24,6 @@ import (
 
 	"k8s.io/klog/v2"
 
-	"sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics"
-	commonmetrics "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics"
 	"sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client"
 )
 
@@ -38,7 +36,7 @@ var errConnCloseTimeout = errors.New("close timeout")
 // conn is an implementation of net.Conn, where the data is transported
 // over an established tunnel defined by a gRPC service ProxyService.
 type conn struct {
-	stream  client.ProxyService_ProxyClient
+	tunnel  *grpcTunnel
 	connID  int64
 	random  int64
 	readCh  chan []byte
@@ -65,11 +63,8 @@ func (c *conn) Write(data []byte) (n int, err error) {
 
 	klog.V(5).InfoS("[tracing] send req", "type", req.Type)
 
-	const segment = commonmetrics.SegmentFromClient
-	metrics.Metrics.ObservePacket(segment, req.Type)
-	err = c.stream.Send(req)
+	err = c.tunnel.Send(req)
 	if err != nil {
-		metrics.Metrics.ObserveStreamError(segment, err, req.Type)
 		return 0, err
 	}
 	return len(data), err
@@ -153,10 +148,7 @@ func (c *conn) Close() error {
 
 	klog.V(5).InfoS("[tracing] send req", "type", req.Type)
 
-	const segment = commonmetrics.SegmentFromClient
-	metrics.Metrics.ObservePacket(segment, req.Type)
-	if err := c.stream.Send(req); err != nil {
-		metrics.Metrics.ObserveStreamError(segment, err, req.Type)
+	if err := c.tunnel.Send(req); err != nil {
 		return err
 	}
 

From 63099e6ca5c70a9e39d924c10b9c867049e5bd38 Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Tue, 30 May 2023 05:58:06 +0000
Subject: [PATCH 5/7] update component images

---
 packaging/crio.conf.d/microshift_amd64.conf | 2 +-
 packaging/crio.conf.d/microshift_arm64.conf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/packaging/crio.conf.d/microshift_amd64.conf b/packaging/crio.conf.d/microshift_amd64.conf
index 245447ac43..b2c851fec2 100644
--- a/packaging/crio.conf.d/microshift_amd64.conf
+++ b/packaging/crio.conf.d/microshift_amd64.conf
@@ -15,4 +15,4 @@ plugin_dirs = [
 # for community builds on top of OKD, this setting has no effect
 [crio.image]
 global_auth_file="/etc/crio/openshift-pull-secret"
-pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e63c74cff331ad81d0c74ecd8e25e104492809723e3534ba239f473c4cc4034d"
+pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd771d475f48d1a6e187dad6efff497aefb7dfc8ed99e89215b9e383dcb28771"
diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf
index db5083f261..89aa4c17cd 100644
--- a/packaging/crio.conf.d/microshift_arm64.conf
+++ b/packaging/crio.conf.d/microshift_arm64.conf
@@ -15,4 +15,4 @@ plugin_dirs = [
 # for community builds on top of OKD, this setting has no effect
 [crio.image]
 global_auth_file="/etc/crio/openshift-pull-secret"
-pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:62caed97026a5782e6887bfe59b2efce8096667a0047006fcc59411890841749"
+pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1d052372b8fd982e4562b10b2bfc02a9b016f56e1d53f87cf837e5045fa05faf"

From 45518fbec5b087d076986111fbffb0af46b47c11 Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Tue, 30 May 2023 05:58:08 +0000
Subject: [PATCH 6/7] update manifests

---
 assets/release/release-aarch64.json | 24 ++++++++++++------------
 assets/release/release-x86_64.json  | 24 ++++++++++++------------
 2 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json
index f35e9f9dd6..a64bc9b0af 100644
--- a/assets/release/release-aarch64.json
+++ b/assets/release/release-aarch64.json
@@ -1,20 +1,20 @@
 {
   "release": {
-    "base": "4.12.0-0.nightly-arm64-2023-05-24-014824"
+    "base": "4.12.0-0.nightly-arm64-2023-05-29-183028"
   },
   "images": {
-    "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c30ab6f34cb327d28dcca7fad4b1d1d9281ff1296aa4a63f957239c6e4fceeb3",
-    "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c51c63abca4fdc2908f359ab88ad9af836f2d75f833fb1570aca79b2499ec505",
-    "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:64df35c9a0b3cbcc638eeaf77f2b449feee5283cbe641f62f9aa9fa8faa6b013",
-    "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f093c8a00adb606d317aa7f4e615fa2cbb29dfc32683174c2775870226e50c6a",
+    "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b73c893ac4a7578fd85bc7fb0dfc91a24dd759b36917c476809b0e0838f400c6",
+    "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e328759729718c5594844f37c14a8156657bd1ff1f654bb1f8965256afc7c24f",
+    "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:13b569a703bbd8f7cbf8522e0c9b156e202b76fbd1f5c51874ee0c3cc3ae65e4",
+    "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:10b46f78a0e75cceb5ac7874a7adbb6ec4487a541b1a83b65ce5e994e51ebfe6",
     "lvms-topolvm": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1",
     "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671",
-    "csi-external-provisioner": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:11b7127104153c0e70369d13e796a93570ab2c8db143f152fc72900254cea0d7",
-    "csi-external-resizer": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:42d91b64873fba1da92f6a694235c612b070d11494833a7d90fb150e6172b6e5",
-    "csi-node-driver-registrar": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9ee678922fa589c82ce577ffabf77756dd29e6505992f539960bf7f3e0df09d1",
-    "csi-livenessprobe": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0ce7e4869cd8a8389c5de0556a75c487b74b0135113cb51976eb5f3e82f8bf23",
-    "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5ff2110b1f09f187ae186d14f2db91691e40e0452b6a966ee635acd7f4492640",
-    "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:62caed97026a5782e6887bfe59b2efce8096667a0047006fcc59411890841749",
-    "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a9c16b90b14db5c12787fba494b12bb3cb246e68bd86af46f6a48514bfd42d44"
+    "csi-external-provisioner": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:26eece1da709574231bae6f6d2648c90584da082072cd28770955019ebd9cdc3",
+    "csi-external-resizer": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4ead52654f398377412222b05c8c7746d557141e95a53ce1df2a77b69cec885d",
+    "csi-node-driver-registrar": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:89773bc06995c608aadb7a501c801800969ae296b36ca637044ae0d601998d9b",
+    "csi-livenessprobe": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d1aacefdbf99136f7abd9b911e4e1c9577ee5f9e5d2257f2a3e7ff000a65fa76",
+    "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e314d2c750cc01fb705388b8eed9ff57abdd431d77dbe68e34beab004771f319",
+    "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1d052372b8fd982e4562b10b2bfc02a9b016f56e1d53f87cf837e5045fa05faf",
+    "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:20f7324150f7b6a62a49aff01e0a54ede3b725ad1e35aed492703d45213c771f"
   }
 }
diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json
index 77a9906e08..fca801311e 100644
--- a/assets/release/release-x86_64.json
+++ b/assets/release/release-x86_64.json
@@ -1,20 +1,20 @@
 {
   "release": {
-    "base": "4.12.0-0.nightly-2023-05-23-221822"
+    "base": "4.12.0-0.nightly-2023-05-29-223551"
   },
   "images": {
-    "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b45d4cac21969d8200908b9a97338c9923e8a07f843b084849791f11ffb8926c",
-    "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:830f1764d8544d4c01b47142167f9a6fe5b2edd1c34f944cd6c9ff79b268d580",
-    "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0568c5d947288c5d2ffb444ed5f7ac556d273a0d6ed43e03bda14db20d7459db",
-    "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3a248d1f647d437307ffeaa8a6ff469ab777becc62b6d0be1da0fe01c22f2a16",
+    "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f44165d99eafc66994a88f81eb2a3043cad8b43c91311beca132b8710560c8b2",
+    "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f187cc5a2d622c94d5df9101a44da998b313e27dd26ec9be4055e42642670802",
+    "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d59615b33db88552bef7ad533643fb7eb239900b524601df87c23a2cc5535392",
+    "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7e43b54411a8ae991ba69f1583cf94b84f0d54f1dcb9061eb47be9e6eb8fd23a",
     "lvms-topolvm": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1",
     "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671",
-    "csi-external-provisioner": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6e46be236e9da7c99aed1b6df7051d7f0beffbc6f2c6a9ea0a95d8690c9bda75",
-    "csi-external-resizer": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4e3791ff1c9e66224ac2ec0a1b3b17fc1f696a377c1cf3bd9da878e16fffb58b",
-    "csi-node-driver-registrar": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:81efe2d885bb60790bcafdae37e302964f69106e51abc5cb0f76e6687a4b35a9",
-    "csi-livenessprobe": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:145cb33e66f03b94980a24f1f5578a53c7392c51e14659f535ecac5999f78158",
-    "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4c81687486ef0e3df1e4f893db43c20aece615544db222a08e67a07b31d1b3d8",
-    "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e63c74cff331ad81d0c74ecd8e25e104492809723e3534ba239f473c4cc4034d",
-    "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9520b35f5431bfed022dad1c43dd52c169f8dbabe05670e0527b8cde1e4e7d04"
+    "csi-external-provisioner": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:edfb8b7505e90a55c57463aff8b19078a198713347a73bdee557690bd010953d",
+    "csi-external-resizer": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1e5021213d9cf7dfb1ab6a15d41f392513b4cd4780689878d5cf73bd009a6e45",
+    "csi-node-driver-registrar": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f812b59965f61c4f7c25496b390d5505cc346d2f04a6100e73ef3ea110db6314",
+    "csi-livenessprobe": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2dc9aea16a5b9f6b495410c4a37ddc7f1203deb387127cedbedbeb0942a31ff2",
+    "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:64f28c1086843b1c9548c30afd8eee5a87fc86ebfe75d6e7e5bd9a18f775401b",
+    "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd771d475f48d1a6e187dad6efff497aefb7dfc8ed99e89215b9e383dcb28771",
+    "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8ceb8d946e84a1d3f4a2e0895bd00429ce67d4ab44875aae354d6b9afd1cee25"
   }
 }

From dfa6bfe0feac89be0ecaa723da3f57ed003fcfc3 Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@openshift.io>
Date: Tue, 30 May 2023 05:58:10 +0000
Subject: [PATCH 7/7] update buildfiles

---
 Makefile.kube_git.var | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var
index acb3fa6d6c..87c2ff8298 100644
--- a/Makefile.kube_git.var
+++ b/Makefile.kube_git.var
@@ -1,5 +1,5 @@
 KUBE_GIT_MAJOR=1
 KUBE_GIT_MINOR=25
-KUBE_GIT_VERSION=v1.25.8
-KUBE_GIT_COMMIT=37a9a084bcb483a38e8f88349fa6a21c1b6be8a3
+KUBE_GIT_VERSION=v1.25.9
+KUBE_GIT_COMMIT=3fe29064317f72fce3606a38883d66a91a7c43dc
 KUBE_GIT_TREE_STATE=clean