Merge pull request #1407 from AkihiroSuda/x-crypto-ssh

go.mod: golang.org/x/crypto v0.1.0 (Fix `ssh: parse error in message type 27` with OpenSSH >= 8.9)
2024-11-22 15:37:16 +08:00 · 2022-11-17 13:27:05 +01:00 · 2022-11-17 13:27:05 +01:00 · 468b3b9c8c
commit 468b3b9c8c
parent 0d8c853917 4dda2ad58b
215 changed files with 19992 additions and 2319 deletions
--- a/go.mod
+++ b/go.mod
@ -31,7 +31,7 @@ require (
 	go.opentelemetry.io/otel v1.4.1
 	go.opentelemetry.io/otel/trace v1.4.1
 	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
-	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211
+	golang.org/x/term v0.1.0
 	google.golang.org/grpc v1.47.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.23.5
@ -144,11 +144,11 @@ require (
 	go.opentelemetry.io/otel/metric v0.27.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.4.1 // indirect
 	go.opentelemetry.io/proto/otlp v0.12.0 // indirect
-	golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd // indirect
+	golang.org/x/crypto v0.1.0 // indirect
-	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
+	golang.org/x/net v0.1.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f // indirect
-	golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect
+	golang.org/x/sys v0.1.0 // indirect
-	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/text v0.4.0 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6 // indirect
--- a/go.sum
+++ b/go.sum
@ -668,8 +668,8 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38=
+golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
-golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@ -750,8 +750,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk=
+golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@ -844,13 +844,14 @@ golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
+golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -859,8 +860,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
+golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
--- a/vendor/golang.org/x/crypto/AUTHORS
+++ b/vendor/golang.org/x/crypto/AUTHORS
@ -1,3 +0,0 @@
 # This source code refers to The Go Authors for copyright purposes.
 # The master list of authors is in the main Go distribution,
 # visible at https://tip.golang.org/AUTHORS.
--- a/vendor/golang.org/x/crypto/CONTRIBUTORS
+++ b/vendor/golang.org/x/crypto/CONTRIBUTORS
@ -1,3 +0,0 @@
 # This source code was written by the Go contributors.
 # The master list of contributors is in the main Go distribution,
 # visible at https://tip.golang.org/CONTRIBUTORS.
--- a/vendor/golang.org/x/crypto/chacha20/chacha_generic.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_generic.go
@ -12,7 +12,7 @@ import (
 	"errors"
 	"math/bits"
-	"golang.org/x/crypto/internal/subtle"
+	"golang.org/x/crypto/internal/alias"
 )
 const (
@ -189,7 +189,7 @@ func (s *Cipher) XORKeyStream(dst, src []byte) {
 		panic("chacha20: output smaller than input")
 	}
 	dst = dst[:len(src)]
-	if subtle.InexactOverlap(dst, src) {
+	if alias.InexactOverlap(dst, src) {
 		panic("chacha20: invalid buffer overlap")
 	}
--- a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
@ -15,6 +15,7 @@ const bufSize = 256
 // xorKeyStreamVX is an assembly implementation of XORKeyStream. It must only
 // be called when the vector facility is available. Implementation in asm_s390x.s.
 //
 //go:noescape
 func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
--- a/vendor/golang.org/x/crypto/curve25519/curve25519.go
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519.go
@ -9,7 +9,8 @@ package curve25519 // import "golang.org/x/crypto/curve25519"
 import (
 	"crypto/subtle"
-	"fmt"
+	"errors"
 	"strconv"
 	"golang.org/x/crypto/curve25519/internal/field"
 )
@ -124,10 +125,10 @@ func X25519(scalar, point []byte) ([]byte, error) {
 func x25519(dst *[32]byte, scalar, point []byte) ([]byte, error) {
 	var in [32]byte
 	if l := len(scalar); l != 32 {
-		return nil, fmt.Errorf("bad scalar length: %d, expected %d", l, 32)
+		return nil, errors.New("bad scalar length: " + strconv.Itoa(l) + ", expected 32")
 	}
 	if l := len(point); l != 32 {
-		return nil, fmt.Errorf("bad point length: %d, expected %d", l, 32)
+		return nil, errors.New("bad point length: " + strconv.Itoa(l) + ", expected 32")
 	}
 	copy(in[:], scalar)
 	if &point[0] == &Basepoint[0] {
@ -138,7 +139,7 @@ func x25519(dst *[32]byte, scalar, point []byte) ([]byte, error) {
 		copy(base[:], point)
 		ScalarMult(dst, &in, &base)
 		if subtle.ConstantTimeCompare(dst[:], zero[:]) == 1 {
-			return nil, fmt.Errorf("bad input point: low order point")
+			return nil, errors.New("bad input point: low order point")
 		}
 	}
 	return dst[:], nil
--- a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.go
+++ b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.go
@ -1,13 +1,16 @@
 // Code generated by command: go run fe_amd64_asm.go -out ../fe_amd64.s -stubs ../fe_amd64.go -pkg field. DO NOT EDIT.
 //go:build amd64 && gc && !purego
 // +build amd64,gc,!purego
 package field
 // feMul sets out = a * b. It works like feMulGeneric.
 //
 //go:noescape
 func feMul(out *Element, a *Element, b *Element)
 // feSquare sets out = a * a. It works like feSquareGeneric.
 //
 //go:noescape
 func feSquare(out *Element, a *Element)
--- a/vendor/golang.org/x/crypto/internal/subtle/aliasing.go
+++ b/vendor/golang.org/x/crypto/internal/subtle/aliasing.go
@ -5,9 +5,8 @@
 //go:build !purego
 // +build !purego
-// Package subtle implements functions that are often useful in cryptographic
+// Package alias implements memory aliasing tests.
-// code but require careful thought to use correctly.
+package alias
 package subtle // import "golang.org/x/crypto/internal/subtle"
 import "unsafe"
--- a/vendor/golang.org/x/crypto/internal/subtle/aliasing_purego.go
+++ b/vendor/golang.org/x/crypto/internal/subtle/aliasing_purego.go
@ -5,9 +5,8 @@
 //go:build purego
 // +build purego
-// Package subtle implements functions that are often useful in cryptographic
+// Package alias implements memory aliasing tests.
-// code but require careful thought to use correctly.
+package alias
 package subtle // import "golang.org/x/crypto/internal/subtle"
 // This is the Google App Engine standard variant based on reflect
 // because the unsafe package and cgo are disallowed.
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go
@ -136,7 +136,7 @@ func shiftRightBy2(a uint128) uint128 {
 // updateGeneric absorbs msg into the state.h accumulator. For each chunk m of
 // 128 bits of message, it computes
 //
-//     h₊ = (h + m) * r  mod  2¹³⁰ - 5
+//	h₊ = (h + m) * r  mod  2¹³⁰ - 5
 //
 // If the msg length is not a multiple of TagSize, it assumes the last
 // incomplete chunk is the final one.
@ -278,8 +278,7 @@ const (
 // finalize completes the modular reduction of h and computes
 //
-//     out = h + s  mod  2¹²⁸
+//	out = h + s  mod  2¹²⁸
 //
 func finalize(out *[TagSize]byte, h *[3]uint64, s *[2]uint64) {
 	h0, h1, h2 := h[0], h[1], h[2]
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go
@ -14,6 +14,7 @@ import (
 // updateVX is an assembly implementation of Poly1305 that uses vector
 // instructions. It must only be called if the vector facility (vx) is
 // available.
 //
 //go:noescape
 func updateVX(state *macState, msg []byte)
--- a/vendor/golang.org/x/crypto/nacl/sign/sign.go
+++ b/vendor/golang.org/x/crypto/nacl/sign/sign.go
@ -24,7 +24,7 @@ import (
 	"io"
 	"golang.org/x/crypto/ed25519"
-	"golang.org/x/crypto/internal/subtle"
+	"golang.org/x/crypto/internal/alias"
 )
 // Overhead is the number of bytes of overhead when signing a message.
@ -48,7 +48,7 @@ func GenerateKey(rand io.Reader) (publicKey *[32]byte, privateKey *[64]byte, err
 func Sign(out, message []byte, privateKey *[64]byte) []byte {
 	sig := ed25519.Sign(ed25519.PrivateKey((*privateKey)[:]), message)
 	ret, out := sliceForAppend(out, Overhead+len(message))
-	if subtle.AnyOverlap(out, message) {
+	if alias.AnyOverlap(out, message) {
 		panic("nacl: invalid buffer overlap")
 	}
 	copy(out, sig)
@ -67,7 +67,7 @@ func Open(out, signedMessage []byte, publicKey *[32]byte) ([]byte, bool) {
 		return nil, false
 	}
 	ret, out := sliceForAppend(out, len(signedMessage)-Overhead)
-	if subtle.AnyOverlap(out, signedMessage) {
+	if alias.AnyOverlap(out, signedMessage) {
 		panic("nacl: invalid buffer overlap")
 	}
 	copy(out, signedMessage[Overhead:])
--- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
+++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
@ -32,7 +32,7 @@ import (
 // can get a derived key for e.g. AES-256 (which needs a 32-byte key) by
 // doing:
 //
-// 	dk := pbkdf2.Key([]byte("some password"), salt, 4096, 32, sha1.New)
+//	dk := pbkdf2.Key([]byte("some password"), salt, 4096, 32, sha1.New)
 //
 // Remember to get a good random salt. At least 8 bytes is recommended by the
 // RFC.
--- a/vendor/golang.org/x/crypto/pkcs12/crypto.go
+++ b/vendor/golang.org/x/crypto/pkcs12/crypto.go
@ -117,7 +117,7 @@ func pbDecrypt(info decryptable, password []byte) (decrypted []byte, err error)
 	}
 	ps := decrypted[len(decrypted)-psLen:]
 	decrypted = decrypted[:len(decrypted)-psLen]
-	if bytes.Compare(ps, bytes.Repeat([]byte{byte(psLen)}, psLen)) != 0 {
+	if !bytes.Equal(ps, bytes.Repeat([]byte{byte(psLen)}, psLen)) {
 		return nil, ErrDecryption
 	}
--- a/vendor/golang.org/x/crypto/ssh/agent/client.go
+++ b/vendor/golang.org/x/crypto/ssh/agent/client.go
@ -8,7 +8,8 @@
 // ssh-agent process using the sample server.
 //
 // References:
-//  [PROTOCOL.agent]: https://tools.ietf.org/html/draft-miller-ssh-agent-00
+//
 //	[PROTOCOL.agent]: https://tools.ietf.org/html/draft-miller-ssh-agent-00
 package agent // import "golang.org/x/crypto/ssh/agent"
 import (
@ -92,7 +93,7 @@ type ExtendedAgent interface {
 type ConstraintExtension struct {
 	// ExtensionName consist of a UTF-8 string suffixed by the
 	// implementation domain following the naming scheme defined
-	// in Section 4.2 of [RFC4251], e.g.  "foo@example.com".
+	// in Section 4.2 of RFC 4251, e.g.  "foo@example.com".
 	ExtensionName string
 	// ExtensionDetails contains the actual content of the extended
 	// constraint.
@ -225,7 +226,9 @@ var ErrExtensionUnsupported = errors.New("agent: extension unsupported")
 type extensionAgentMsg struct {
 	ExtensionType string `sshtype:"27"`
-	Contents      []byte
+	// NOTE: this matches OpenSSH's PROTOCOL.agent, not the IETF draft [PROTOCOL.agent],
 	// so that it matches what OpenSSH actually implements in the wild.
 	Contents []byte `ssh:"rest"`
 }
 // Key represents a protocol 2 public key as defined in
@ -728,7 +731,7 @@ func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string
 	if err != nil {
 		return err
 	}
-	if bytes.Compare(cert.Key.Marshal(), signer.PublicKey().Marshal()) != 0 {
+	if !bytes.Equal(cert.Key.Marshal(), signer.PublicKey().Marshal()) {
 		return errors.New("agent: signer and cert have different public key")
 	}
@ -771,7 +774,7 @@ func (s *agentKeyringSigner) Sign(rand io.Reader, data []byte) (*ssh.Signature,
 }
 func (s *agentKeyringSigner) SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*ssh.Signature, error) {
-	if algorithm == "" || algorithm == s.pub.Type() {
+	if algorithm == "" || algorithm == underlyingAlgo(s.pub.Type()) {
 		return s.Sign(rand, data)
 	}
@ -790,6 +793,33 @@ func (s *agentKeyringSigner) SignWithAlgorithm(rand io.Reader, data []byte, algo
 var _ ssh.AlgorithmSigner = &agentKeyringSigner{}
 // certKeyAlgoNames is a mapping from known certificate algorithm names to the
 // corresponding public key signature algorithm.
 //
 // This map must be kept in sync with the one in certs.go.
 var certKeyAlgoNames = map[string]string{
 	ssh.CertAlgoRSAv01:        ssh.KeyAlgoRSA,
 	ssh.CertAlgoRSASHA256v01:  ssh.KeyAlgoRSASHA256,
 	ssh.CertAlgoRSASHA512v01:  ssh.KeyAlgoRSASHA512,
 	ssh.CertAlgoDSAv01:        ssh.KeyAlgoDSA,
 	ssh.CertAlgoECDSA256v01:   ssh.KeyAlgoECDSA256,
 	ssh.CertAlgoECDSA384v01:   ssh.KeyAlgoECDSA384,
 	ssh.CertAlgoECDSA521v01:   ssh.KeyAlgoECDSA521,
 	ssh.CertAlgoSKECDSA256v01: ssh.KeyAlgoSKECDSA256,
 	ssh.CertAlgoED25519v01:    ssh.KeyAlgoED25519,
 	ssh.CertAlgoSKED25519v01:  ssh.KeyAlgoSKED25519,
 }
 // underlyingAlgo returns the signature algorithm associated with algo (which is
 // an advertised or negotiated public key or host key algorithm). These are
 // usually the same, except for certificate algorithms.
 func underlyingAlgo(algo string) string {
 	if a, ok := certKeyAlgoNames[algo]; ok {
 		return a
 	}
 	return algo
 }
 // Calls an extension method. It is up to the agent implementation as to whether or not
 // any particular extension is supported and may always return an error. Because the
 // type of the response is up to the implementation, this returns the bytes of the
--- a/vendor/golang.org/x/crypto/ssh/certs.go
+++ b/vendor/golang.org/x/crypto/ssh/certs.go
@ -251,7 +251,7 @@ type algorithmOpenSSHCertSigner struct {
 // private key is held by signer. It returns an error if the public key in cert
 // doesn't match the key used by signer.
 func NewCertSigner(cert *Certificate, signer Signer) (Signer, error) {
-	if bytes.Compare(cert.Key.Marshal(), signer.PublicKey().Marshal()) != 0 {
+	if !bytes.Equal(cert.Key.Marshal(), signer.PublicKey().Marshal()) {
 		return nil, errors.New("ssh: signer and cert have different public key")
 	}
@ -460,6 +460,8 @@ func (c *Certificate) SignCert(rand io.Reader, authority Signer) error {
 // certKeyAlgoNames is a mapping from known certificate algorithm names to the
 // corresponding public key signature algorithm.
 //
 // This map must be kept in sync with the one in agent/client.go.
 var certKeyAlgoNames = map[string]string{
 	CertAlgoRSAv01:        KeyAlgoRSA,
 	CertAlgoRSASHA256v01:  KeyAlgoRSASHA256,
--- a/vendor/golang.org/x/crypto/ssh/cipher.go
+++ b/vendor/golang.org/x/crypto/ssh/cipher.go
@ -15,7 +15,6 @@ import (
 	"fmt"
 	"hash"
 	"io"
 	"io/ioutil"
 	"golang.org/x/crypto/chacha20"
 	"golang.org/x/crypto/internal/poly1305"
@ -97,13 +96,13 @@ func streamCipherMode(skip int, createFunc func(key, iv []byte) (cipher.Stream,
 // are not supported and will not be negotiated, even if explicitly requested in
 // ClientConfig.Crypto.Ciphers.
 var cipherModes = map[string]*cipherMode{
-	// Ciphers from RFC4344, which introduced many CTR-based ciphers. Algorithms
+	// Ciphers from RFC 4344, which introduced many CTR-based ciphers. Algorithms
 	// are defined in the order specified in the RFC.
 	"aes128-ctr": {16, aes.BlockSize, streamCipherMode(0, newAESCTR)},
 	"aes192-ctr": {24, aes.BlockSize, streamCipherMode(0, newAESCTR)},
 	"aes256-ctr": {32, aes.BlockSize, streamCipherMode(0, newAESCTR)},
-	// Ciphers from RFC4345, which introduces security-improved arcfour ciphers.
+	// Ciphers from RFC 4345, which introduces security-improved arcfour ciphers.
 	// They are defined in the order specified in the RFC.
 	"arcfour128": {16, 0, streamCipherMode(1536, newRC4)},
 	"arcfour256": {32, 0, streamCipherMode(1536, newRC4)},
@ -111,7 +110,7 @@ var cipherModes = map[string]*cipherMode{
 	// Cipher defined in RFC 4253, which describes SSH Transport Layer Protocol.
 	// Note that this cipher is not safe, as stated in RFC 4253: "Arcfour (and
 	// RC4) has problems with weak keys, and should be used with caution."
-	// RFC4345 introduces improved versions of Arcfour.
+	// RFC 4345 introduces improved versions of Arcfour.
 	"arcfour": {16, 0, streamCipherMode(0, newRC4)},
 	// AEAD ciphers
@ -497,7 +496,7 @@ func (c *cbcCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error)
 			// data, to make distinguishing between
 			// failing MAC and failing length check more
 			// difficult.
-			io.CopyN(ioutil.Discard, r, int64(c.oracleCamouflage))
+			io.CopyN(io.Discard, r, int64(c.oracleCamouflage))
 		}
 	}
 	return p, err
@ -640,9 +639,9 @@ const chacha20Poly1305ID = "chacha20-poly1305@openssh.com"
 // chacha20Poly1305Cipher implements the chacha20-poly1305@openssh.com
 // AEAD, which is described here:
 //
-//   https://tools.ietf.org/html/draft-josefsson-ssh-chacha20-poly1305-openssh-00
+//	https://tools.ietf.org/html/draft-josefsson-ssh-chacha20-poly1305-openssh-00
 //
-// the methods here also implement padding, which RFC4253 Section 6
+// the methods here also implement padding, which RFC 4253 Section 6
 // also requires of stream ciphers.
 type chacha20Poly1305Cipher struct {
 	lengthKey  [32]byte
--- a/vendor/golang.org/x/crypto/ssh/common.go
+++ b/vendor/golang.org/x/crypto/ssh/common.go
@ -149,7 +149,7 @@ type directionAlgorithms struct {
 // rekeyBytes returns a rekeying intervals in bytes.
 func (a *directionAlgorithms) rekeyBytes() int64 {
-	// According to RFC4344 block ciphers should rekey after
+	// According to RFC 4344 block ciphers should rekey after
 	// 2^(BLOCKSIZE/4) blocks. For all AES flavors BLOCKSIZE is
 	// 128.
 	switch a.Cipher {
@ -158,7 +158,7 @@ func (a *directionAlgorithms) rekeyBytes() int64 {
 	}
-	// For others, stick with RFC4253 recommendation to rekey after 1 Gb of data.
+	// For others, stick with RFC 4253 recommendation to rekey after 1 Gb of data.
 	return 1 << 30
 }
--- a/vendor/golang.org/x/crypto/ssh/connection.go
+++ b/vendor/golang.org/x/crypto/ssh/connection.go
@ -52,7 +52,7 @@ type Conn interface {
 	// SendRequest sends a global request, and returns the
 	// reply. If wantReply is true, it returns the response status
-	// and payload. See also RFC4254, section 4.
+	// and payload. See also RFC 4254, section 4.
 	SendRequest(name string, wantReply bool, payload []byte) (bool, []byte, error)
 	// OpenChannel tries to open an channel. If the request is
--- a/vendor/golang.org/x/crypto/ssh/doc.go
+++ b/vendor/golang.org/x/crypto/ssh/doc.go
@ -12,8 +12,9 @@ the multiplexed nature of SSH is exposed to users that wish to support
 others.
 References:
-  [PROTOCOL.certkeys]: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=HEAD
+
-  [SSH-PARAMETERS]:    http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xml#ssh-parameters-1
+	[PROTOCOL.certkeys]: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=HEAD
 	[SSH-PARAMETERS]:    http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xml#ssh-parameters-1
 This package does not fall under the stability promise of the Go language itself,
 so its API may be changed when pressing needs arise.
--- a/vendor/golang.org/x/crypto/ssh/handshake.go
+++ b/vendor/golang.org/x/crypto/ssh/handshake.go
@ -479,10 +479,12 @@ func (t *handshakeTransport) sendKexInit() error {
 		// As a client we opt in to receiving SSH_MSG_EXT_INFO so we know what
 		// algorithms the server supports for public key authentication. See RFC
-		// 8303, Section 2.1.
+		// 8308, Section 2.1.
-		msg.KexAlgos = make([]string, 0, len(t.config.KeyExchanges)+1)
+		if firstKeyExchange := t.sessionID == nil; firstKeyExchange {
-		msg.KexAlgos = append(msg.KexAlgos, t.config.KeyExchanges...)
+			msg.KexAlgos = make([]string, 0, len(t.config.KeyExchanges)+1)
-		msg.KexAlgos = append(msg.KexAlgos, "ext-info-c")
+			msg.KexAlgos = append(msg.KexAlgos, t.config.KeyExchanges...)
 			msg.KexAlgos = append(msg.KexAlgos, "ext-info-c")
 		}
 	}
 	packet := Marshal(msg)
--- a/vendor/golang.org/x/crypto/ssh/keys.go
+++ b/vendor/golang.org/x/crypto/ssh/keys.go
@ -184,7 +184,7 @@ func ParseKnownHosts(in []byte) (marker string, hosts []string, pubKey PublicKey
 	return "", nil, nil, "", nil, io.EOF
 }
-// ParseAuthorizedKeys parses a public key from an authorized_keys
+// ParseAuthorizedKey parses a public key from an authorized_keys
 // file used in OpenSSH according to the sshd(8) manual page.
 func ParseAuthorizedKey(in []byte) (out PublicKey, comment string, options []string, rest []byte, err error) {
 	for len(in) > 0 {
--- a/vendor/golang.org/x/crypto/ssh/server.go
+++ b/vendor/golang.org/x/crypto/ssh/server.go
@ -68,8 +68,16 @@ type ServerConfig struct {
 	// NoClientAuth is true if clients are allowed to connect without
 	// authenticating.
 	// To determine NoClientAuth at runtime, set NoClientAuth to true
 	// and the optional NoClientAuthCallback to a non-nil value.
 	NoClientAuth bool
 	// NoClientAuthCallback, if non-nil, is called when a user
 	// attempts to authenticate with auth method "none".
 	// NoClientAuth must also be set to true for this be used, or
 	// this func is unused.
 	NoClientAuthCallback func(ConnMetadata) (*Permissions, error)
 	// MaxAuthTries specifies the maximum number of authentication attempts
 	// permitted per connection. If set to a negative number, the number of
 	// attempts are unlimited. If set to zero, the number of attempts are limited
@ -455,7 +463,11 @@ userAuthLoop:
 		switch userAuthReq.Method {
 		case "none":
 			if config.NoClientAuth {
-				authErr = nil
+				if config.NoClientAuthCallback != nil {
 					perms, authErr = config.NoClientAuthCallback(s)
 				} else {
 					authErr = nil
 				}
 			}
 			// allow initial attempt of 'none' without penalty
--- a/vendor/golang.org/x/crypto/ssh/session.go
+++ b/vendor/golang.org/x/crypto/ssh/session.go
@ -13,7 +13,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"sync"
 )
@ -124,7 +123,7 @@ type Session struct {
 	// output and error.
 	//
 	// If either is nil, Run connects the corresponding file
-	// descriptor to an instance of ioutil.Discard. There is a
+	// descriptor to an instance of io.Discard. There is a
 	// fixed amount of buffering that is shared for the two streams.
 	// If either blocks it may eventually cause the remote
 	// command to block.
@ -506,7 +505,7 @@ func (s *Session) stdout() {
 		return
 	}
 	if s.Stdout == nil {
-		s.Stdout = ioutil.Discard
+		s.Stdout = io.Discard
 	}
 	s.copyFuncs = append(s.copyFuncs, func() error {
 		_, err := io.Copy(s.Stdout, s.ch)
@ -519,7 +518,7 @@ func (s *Session) stderr() {
 		return
 	}
 	if s.Stderr == nil {
-		s.Stderr = ioutil.Discard
+		s.Stderr = io.Discard
 	}
 	s.copyFuncs = append(s.copyFuncs, func() error {
 		_, err := io.Copy(s.Stderr, s.ch.Stderr())
--- a/vendor/golang.org/x/net/AUTHORS
+++ b/vendor/golang.org/x/net/AUTHORS
@ -1,3 +0,0 @@
 # This source code refers to The Go Authors for copyright purposes.
 # The master list of authors is in the main Go distribution,
 # visible at http://tip.golang.org/AUTHORS.
--- a/vendor/golang.org/x/net/CONTRIBUTORS
+++ b/vendor/golang.org/x/net/CONTRIBUTORS
@ -1,3 +0,0 @@
 # This source code was written by the Go contributors.
 # The master list of contributors is in the main Go distribution,
 # visible at http://tip.golang.org/CONTRIBUTORS.
--- a/vendor/golang.org/x/net/context/context.go
+++ b/vendor/golang.org/x/net/context/context.go
@ -21,9 +21,9 @@
 // explicitly to each function that needs it. The Context should be the first
 // parameter, typically named ctx:
 //
-// 	func DoSomething(ctx context.Context, arg Arg) error {
+//	func DoSomething(ctx context.Context, arg Arg) error {
-// 		// ... use ctx ...
+//		// ... use ctx ...
-// 	}
+//	}
 //
 // Do not pass a nil Context, even if a function permits it. Pass context.TODO
 // if you are unsure about which Context to use.
--- a/vendor/golang.org/x/net/context/go17.go
+++ b/vendor/golang.org/x/net/context/go17.go
@ -32,7 +32,7 @@ var DeadlineExceeded = context.DeadlineExceeded
 // call cancel as soon as the operations running in this Context complete.
 func WithCancel(parent Context) (ctx Context, cancel CancelFunc) {
 	ctx, f := context.WithCancel(parent)
-	return ctx, CancelFunc(f)
+	return ctx, f
 }
 // WithDeadline returns a copy of the parent context with the deadline adjusted
@ -46,7 +46,7 @@ func WithCancel(parent Context) (ctx Context, cancel CancelFunc) {
 // call cancel as soon as the operations running in this Context complete.
 func WithDeadline(parent Context, deadline time.Time) (Context, CancelFunc) {
 	ctx, f := context.WithDeadline(parent, deadline)
-	return ctx, CancelFunc(f)
+	return ctx, f
 }
 // WithTimeout returns WithDeadline(parent, time.Now().Add(timeout)).
@ -54,11 +54,11 @@ func WithDeadline(parent Context, deadline time.Time) (Context, CancelFunc) {
 // Canceling this context releases resources associated with it, so code should
 // call cancel as soon as the operations running in this Context complete:
 //
-// 	func slowOperationWithTimeout(ctx context.Context) (Result, error) {
+//	func slowOperationWithTimeout(ctx context.Context) (Result, error) {
-// 		ctx, cancel := context.WithTimeout(ctx, 100*time.Millisecond)
+//		ctx, cancel := context.WithTimeout(ctx, 100*time.Millisecond)
-// 		defer cancel()  // releases resources if slowOperation completes before timeout elapses
+//		defer cancel()  // releases resources if slowOperation completes before timeout elapses
-// 		return slowOperation(ctx)
+//		return slowOperation(ctx)
-// 	}
+//	}
 func WithTimeout(parent Context, timeout time.Duration) (Context, CancelFunc) {
 	return WithDeadline(parent, time.Now().Add(timeout))
 }
--- a/vendor/golang.org/x/net/context/pre_go17.go
+++ b/vendor/golang.org/x/net/context/pre_go17.go
@ -264,11 +264,11 @@ func (c *timerCtx) cancel(removeFromParent bool, err error) {
 // Canceling this context releases resources associated with it, so code should
 // call cancel as soon as the operations running in this Context complete:
 //
-// 	func slowOperationWithTimeout(ctx context.Context) (Result, error) {
+//	func slowOperationWithTimeout(ctx context.Context) (Result, error) {
-// 		ctx, cancel := context.WithTimeout(ctx, 100*time.Millisecond)
+//		ctx, cancel := context.WithTimeout(ctx, 100*time.Millisecond)
-// 		defer cancel()  // releases resources if slowOperation completes before timeout elapses
+//		defer cancel()  // releases resources if slowOperation completes before timeout elapses
-// 		return slowOperation(ctx)
+//		return slowOperation(ctx)
-// 	}
+//	}
 func WithTimeout(parent Context, timeout time.Duration) (Context, CancelFunc) {
 	return WithDeadline(parent, time.Now().Add(timeout))
 }
--- a/vendor/golang.org/x/net/http/httpguts/httplex.go
+++ b/vendor/golang.org/x/net/http/httpguts/httplex.go
@ -173,13 +173,15 @@ func tokenEqual(t1, t2 string) bool {
 // isLWS reports whether b is linear white space, according
 // to http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
-//      LWS            = [CRLF] 1*( SP | HT )
+//
 //	LWS            = [CRLF] 1*( SP | HT )
 func isLWS(b byte) bool { return b == ' ' || b == '\t' }
 // isCTL reports whether b is a control byte, according
 // to http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
-//      CTL            = <any US-ASCII control character
+//
-//                       (octets 0 - 31) and DEL (127)>
+//	CTL            = <any US-ASCII control character
 //	                 (octets 0 - 31) and DEL (127)>
 func isCTL(b byte) bool {
 	const del = 0x7f // a CTL
 	return b < ' ' || b == del
@ -189,12 +191,13 @@ func isCTL(b byte) bool {
 // HTTP/2 imposes the additional restriction that uppercase ASCII
 // letters are not allowed.
 //
-//  RFC 7230 says:
+// RFC 7230 says:
-//   header-field   = field-name ":" OWS field-value OWS
+//
-//   field-name     = token
+//	header-field   = field-name ":" OWS field-value OWS
-//   token          = 1*tchar
+//	field-name     = token
-//   tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." /
+//	token          = 1*tchar
-//           "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
+//	tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." /
 //	        "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
 func ValidHeaderFieldName(v string) bool {
 	if len(v) == 0 {
 		return false
@ -267,27 +270,28 @@ var validHostByte = [256]bool{
 // ValidHeaderFieldValue reports whether v is a valid "field-value" according to
 // http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 :
 //
-//        message-header = field-name ":" [ field-value ]
+//	message-header = field-name ":" [ field-value ]
-//        field-value    = *( field-content | LWS )
+//	field-value    = *( field-content | LWS )
-//        field-content  = <the OCTETs making up the field-value
+//	field-content  = <the OCTETs making up the field-value
-//                         and consisting of either *TEXT or combinations
+//	                 and consisting of either *TEXT or combinations
-//                         of token, separators, and quoted-string>
+//	                 of token, separators, and quoted-string>
 //
 // http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2 :
 //
-//        TEXT           = <any OCTET except CTLs,
+//	TEXT           = <any OCTET except CTLs,
-//                          but including LWS>
+//	                  but including LWS>
-//        LWS            = [CRLF] 1*( SP | HT )
+//	LWS            = [CRLF] 1*( SP | HT )
-//        CTL            = <any US-ASCII control character
+//	CTL            = <any US-ASCII control character
-//                         (octets 0 - 31) and DEL (127)>
+//	                 (octets 0 - 31) and DEL (127)>
 //
 // RFC 7230 says:
-//  field-value    = *( field-content / obs-fold )
+//
-//  obj-fold       =  N/A to http2, and deprecated
+//	field-value    = *( field-content / obs-fold )
-//  field-content  = field-vchar [ 1*( SP / HTAB ) field-vchar ]
+//	obj-fold       =  N/A to http2, and deprecated
-//  field-vchar    = VCHAR / obs-text
+//	field-content  = field-vchar [ 1*( SP / HTAB ) field-vchar ]
-//  obs-text       = %x80-FF
+//	field-vchar    = VCHAR / obs-text
-//  VCHAR          = "any visible [USASCII] character"
+//	obs-text       = %x80-FF
 //	VCHAR          = "any visible [USASCII] character"
 //
 // http2 further says: "Similarly, HTTP/2 allows header field values
 // that are not valid. While most of the values that can be encoded
--- a/vendor/golang.org/x/net/http2/client_conn_pool.go
+++ b/vendor/golang.org/x/net/http2/client_conn_pool.go
@ -139,7 +139,6 @@ func (p *clientConnPool) getStartDialLocked(ctx context.Context, addr string) *d
 func (c *dialCall) dial(ctx context.Context, addr string) {
 	const singleUse = false // shared conn
 	c.res, c.err = c.p.t.dialClientConn(ctx, addr, singleUse)
 	close(c.done)
 	c.p.mu.Lock()
 	delete(c.p.dialing, addr)
@ -147,6 +146,8 @@ func (c *dialCall) dial(ctx context.Context, addr string) {
 		c.p.addConnLocked(addr, c.res)
 	}
 	c.p.mu.Unlock()
 	close(c.done)
 }
 // addConnIfNeeded makes a NewClientConn out of c if a connection for key doesn't
--- a/vendor/golang.org/x/net/http2/errors.go
+++ b/vendor/golang.org/x/net/http2/errors.go
@ -136,7 +136,7 @@ func (e headerFieldNameError) Error() string {
 type headerFieldValueError string
 func (e headerFieldValueError) Error() string {
-	return fmt.Sprintf("invalid header field value %q", string(e))
+	return fmt.Sprintf("invalid header field value for %q", string(e))
 }
 var (
--- a/vendor/golang.org/x/net/http2/frame.go
+++ b/vendor/golang.org/x/net/http2/frame.go
@ -23,7 +23,7 @@ const frameHeaderLen = 9
 var padZeros = make([]byte, 255) // zeros for padding
 // A FrameType is a registered frame type as defined in
-// http://http2.github.io/http2-spec/#rfc.section.11.2
+// https://httpwg.org/specs/rfc7540.html#rfc.section.11.2
 type FrameType uint8
 const (
@ -146,7 +146,7 @@ func typeFrameParser(t FrameType) frameParser {
 // A FrameHeader is the 9 byte header of all HTTP/2 frames.
 //
-// See http://http2.github.io/http2-spec/#FrameHeader
+// See https://httpwg.org/specs/rfc7540.html#FrameHeader
 type FrameHeader struct {
 	valid bool // caller can access []byte fields in the Frame
@ -575,7 +575,7 @@ func (fr *Framer) checkFrameOrder(f Frame) error {
 // A DataFrame conveys arbitrary, variable-length sequences of octets
 // associated with a stream.
-// See http://http2.github.io/http2-spec/#rfc.section.6.1
+// See https://httpwg.org/specs/rfc7540.html#rfc.section.6.1
 type DataFrame struct {
 	FrameHeader
 	data []byte
@ -698,7 +698,7 @@ func (f *Framer) WriteDataPadded(streamID uint32, endStream bool, data, pad []by
 // endpoints communicate, such as preferences and constraints on peer
 // behavior.
 //
-// See http://http2.github.io/http2-spec/#SETTINGS
+// See https://httpwg.org/specs/rfc7540.html#SETTINGS
 type SettingsFrame struct {
 	FrameHeader
 	p []byte
@ -837,7 +837,7 @@ func (f *Framer) WriteSettingsAck() error {
 // A PingFrame is a mechanism for measuring a minimal round trip time
 // from the sender, as well as determining whether an idle connection
 // is still functional.
-// See http://http2.github.io/http2-spec/#rfc.section.6.7
+// See https://httpwg.org/specs/rfc7540.html#rfc.section.6.7
 type PingFrame struct {
 	FrameHeader
 	Data [8]byte
@ -870,7 +870,7 @@ func (f *Framer) WritePing(ack bool, data [8]byte) error {
 }
 // A GoAwayFrame informs the remote peer to stop creating streams on this connection.
-// See http://http2.github.io/http2-spec/#rfc.section.6.8
+// See https://httpwg.org/specs/rfc7540.html#rfc.section.6.8
 type GoAwayFrame struct {
 	FrameHeader
 	LastStreamID uint32
@ -934,7 +934,7 @@ func parseUnknownFrame(_ *frameCache, fh FrameHeader, countError func(string), p
 }
 // A WindowUpdateFrame is used to implement flow control.
-// See http://http2.github.io/http2-spec/#rfc.section.6.9
+// See https://httpwg.org/specs/rfc7540.html#rfc.section.6.9
 type WindowUpdateFrame struct {
 	FrameHeader
 	Increment uint32 // never read with high bit set
@ -1123,7 +1123,7 @@ func (f *Framer) WriteHeaders(p HeadersFrameParam) error {
 }
 // A PriorityFrame specifies the sender-advised priority of a stream.
-// See http://http2.github.io/http2-spec/#rfc.section.6.3
+// See https://httpwg.org/specs/rfc7540.html#rfc.section.6.3
 type PriorityFrame struct {
 	FrameHeader
 	PriorityParam
@ -1193,7 +1193,7 @@ func (f *Framer) WritePriority(streamID uint32, p PriorityParam) error {
 }
 // A RSTStreamFrame allows for abnormal termination of a stream.
-// See http://http2.github.io/http2-spec/#rfc.section.6.4
+// See https://httpwg.org/specs/rfc7540.html#rfc.section.6.4
 type RSTStreamFrame struct {
 	FrameHeader
 	ErrCode ErrCode
@ -1225,7 +1225,7 @@ func (f *Framer) WriteRSTStream(streamID uint32, code ErrCode) error {
 }
 // A ContinuationFrame is used to continue a sequence of header block fragments.
-// See http://http2.github.io/http2-spec/#rfc.section.6.10
+// See https://httpwg.org/specs/rfc7540.html#rfc.section.6.10
 type ContinuationFrame struct {
 	FrameHeader
 	headerFragBuf []byte
@ -1266,7 +1266,7 @@ func (f *Framer) WriteContinuation(streamID uint32, endHeaders bool, headerBlock
 }
 // A PushPromiseFrame is used to initiate a server stream.
-// See http://http2.github.io/http2-spec/#rfc.section.6.6
+// See https://httpwg.org/specs/rfc7540.html#rfc.section.6.6
 type PushPromiseFrame struct {
 	FrameHeader
 	PromiseID     uint32
@ -1532,7 +1532,8 @@ func (fr *Framer) readMetaFrame(hf *HeadersFrame) (*MetaHeadersFrame, error) {
 			fr.debugReadLoggerf("http2: decoded hpack field %+v", hf)
 		}
 		if !httpguts.ValidHeaderFieldValue(hf.Value) {
-			invalid = headerFieldValueError(hf.Value)
+			// Don't include the value in the error, because it may be sensitive.
 			invalid = headerFieldValueError(hf.Name)
 		}
 		isPseudo := strings.HasPrefix(hf.Name, ":")
 		if isPseudo {
--- a/vendor/golang.org/x/net/http2/go118.go
+++ b/vendor/golang.org/x/net/http2/go118.go
@ -0,0 +1,17 @@
 // Copyright 2021 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build go1.18
 // +build go1.18
 package http2
 import (
 	"crypto/tls"
 	"net"
 )
 func tlsUnderlyingConn(tc *tls.Conn) net.Conn {
 	return tc.NetConn()
 }
--- a/vendor/golang.org/x/net/http2/hpack/encode.go
+++ b/vendor/golang.org/x/net/http2/hpack/encode.go
@ -191,7 +191,7 @@ func appendTableSize(dst []byte, v uint32) []byte {
 // bit prefix, to dst and returns the extended buffer.
 //
 // See
-// http://http2.github.io/http2-spec/compression.html#integer.representation
+// https://httpwg.org/specs/rfc7541.html#integer.representation
 func appendVarInt(dst []byte, n byte, i uint64) []byte {
 	k := uint64((1 << n) - 1)
 	if i < k {
--- a/vendor/golang.org/x/net/http2/hpack/hpack.go
+++ b/vendor/golang.org/x/net/http2/hpack/hpack.go
@ -59,7 +59,7 @@ func (hf HeaderField) String() string {
 // Size returns the size of an entry per RFC 7541 section 4.1.
 func (hf HeaderField) Size() uint32 {
-	// http://http2.github.io/http2-spec/compression.html#rfc.section.4.1
+	// https://httpwg.org/specs/rfc7541.html#rfc.section.4.1
 	// "The size of the dynamic table is the sum of the size of
 	// its entries. The size of an entry is the sum of its name's
 	// length in octets (as defined in Section 5.2), its value's
@ -158,7 +158,7 @@ func (d *Decoder) SetAllowedMaxDynamicTableSize(v uint32) {
 }
 type dynamicTable struct {
-	// http://http2.github.io/http2-spec/compression.html#rfc.section.2.3.2
+	// https://httpwg.org/specs/rfc7541.html#rfc.section.2.3.2
 	table          headerFieldTable
 	size           uint32 // in bytes
 	maxSize        uint32 // current maxSize
@ -307,27 +307,27 @@ func (d *Decoder) parseHeaderFieldRepr() error {
 	case b&128 != 0:
 		// Indexed representation.
 		// High bit set?
-		// http://http2.github.io/http2-spec/compression.html#rfc.section.6.1
+		// https://httpwg.org/specs/rfc7541.html#rfc.section.6.1
 		return d.parseFieldIndexed()
 	case b&192 == 64:
 		// 6.2.1 Literal Header Field with Incremental Indexing
 		// 0b10xxxxxx: top two bits are 10
-		// http://http2.github.io/http2-spec/compression.html#rfc.section.6.2.1
+		// https://httpwg.org/specs/rfc7541.html#rfc.section.6.2.1
 		return d.parseFieldLiteral(6, indexedTrue)
 	case b&240 == 0:
 		// 6.2.2 Literal Header Field without Indexing
 		// 0b0000xxxx: top four bits are 0000
-		// http://http2.github.io/http2-spec/compression.html#rfc.section.6.2.2
+		// https://httpwg.org/specs/rfc7541.html#rfc.section.6.2.2
 		return d.parseFieldLiteral(4, indexedFalse)
 	case b&240 == 16:
 		// 6.2.3 Literal Header Field never Indexed
 		// 0b0001xxxx: top four bits are 0001
-		// http://http2.github.io/http2-spec/compression.html#rfc.section.6.2.3
+		// https://httpwg.org/specs/rfc7541.html#rfc.section.6.2.3
 		return d.parseFieldLiteral(4, indexedNever)
 	case b&224 == 32:
 		// 6.3 Dynamic Table Size Update
 		// Top three bits are '001'.
-		// http://http2.github.io/http2-spec/compression.html#rfc.section.6.3
+		// https://httpwg.org/specs/rfc7541.html#rfc.section.6.3
 		return d.parseDynamicTableSizeUpdate()
 	}
@ -420,7 +420,7 @@ var errVarintOverflow = DecodingError{errors.New("varint integer overflow")}
 // readVarInt reads an unsigned variable length integer off the
 // beginning of p. n is the parameter as described in
-// http://http2.github.io/http2-spec/compression.html#rfc.section.5.1.
+// https://httpwg.org/specs/rfc7541.html#rfc.section.5.1.
 //
 // n must always be between 1 and 8.
 //
--- a/vendor/golang.org/x/net/http2/hpack/huffman.go
+++ b/vendor/golang.org/x/net/http2/hpack/huffman.go
@ -169,25 +169,50 @@ func buildRootHuffmanNode() {
 // AppendHuffmanString appends s, as encoded in Huffman codes, to dst
 // and returns the extended buffer.
 func AppendHuffmanString(dst []byte, s string) []byte {
-	rembits := uint8(8)
+	// This relies on the maximum huffman code length being 30 (See tables.go huffmanCodeLen array)
-
+	// So if a uint64 buffer has less than 32 valid bits can always accommodate another huffmanCode.
 	var (
 		x uint64 // buffer
 		n uint   // number valid of bits present in x
 	)
 	for i := 0; i < len(s); i++ {
-		if rembits == 8 {
+		c := s[i]
-			dst = append(dst, 0)
+		n += uint(huffmanCodeLen[c])
 		x <<= huffmanCodeLen[c] % 64
 		x |= uint64(huffmanCodes[c])
 		if n >= 32 {
 			n %= 32             // Normally would be -= 32 but %= 32 informs compiler 0 <= n <= 31 for upcoming shift
 			y := uint32(x >> n) // Compiler doesn't combine memory writes if y isn't uint32
 			dst = append(dst, byte(y>>24), byte(y>>16), byte(y>>8), byte(y))
 		}
 		dst, rembits = appendByteToHuffmanCode(dst, rembits, s[i])
 	}
-
+	// Add padding bits if necessary
-	if rembits < 8 {
+	if over := n % 8; over > 0 {
-		// special EOS symbol
+		const (
-		code := uint32(0x3fffffff)
+			eosCode    = 0x3fffffff
-		nbits := uint8(30)
+			eosNBits   = 30
-
+			eosPadByte = eosCode >> (eosNBits - 8)
-		t := uint8(code >> (nbits - rembits))
+		)
-		dst[len(dst)-1] |= t
+		pad := 8 - over
 		x = (x << pad) | (eosPadByte >> over)
 		n += pad // 8 now divides into n exactly
 	}
-
+	// n in (0, 8, 16, 24, 32)
-	return dst
+	switch n / 8 {
 	case 0:
 		return dst
 	case 1:
 		return append(dst, byte(x))
 	case 2:
 		y := uint16(x)
 		return append(dst, byte(y>>8), byte(y))
 	case 3:
 		y := uint16(x >> 8)
 		return append(dst, byte(y>>8), byte(y), byte(x))
 	}
 	//	case 4:
 	y := uint32(x)
 	return append(dst, byte(y>>24), byte(y>>16), byte(y>>8), byte(y))
 }
 // HuffmanEncodeLength returns the number of bytes required to encode
@ -199,35 +224,3 @@ func HuffmanEncodeLength(s string) uint64 {
 	}
 	return (n + 7) / 8
 }
 // appendByteToHuffmanCode appends Huffman code for c to dst and
 // returns the extended buffer and the remaining bits in the last
 // element. The appending is not byte aligned and the remaining bits
 // in the last element of dst is given in rembits.
 func appendByteToHuffmanCode(dst []byte, rembits uint8, c byte) ([]byte, uint8) {
 	code := huffmanCodes[c]
 	nbits := huffmanCodeLen[c]
 	for {
 		if rembits > nbits {
 			t := uint8(code << (rembits - nbits))
 			dst[len(dst)-1] |= t
 			rembits -= nbits
 			break
 		}
 		t := uint8(code >> (nbits - rembits))
 		dst[len(dst)-1] |= t
 		nbits -= rembits
 		rembits = 8
 		if nbits == 0 {
 			break
 		}
 		dst = append(dst, 0)
 	}
 	return dst, rembits
 }
--- a/vendor/golang.org/x/net/http2/http2.go
+++ b/vendor/golang.org/x/net/http2/http2.go
@ -13,7 +13,6 @@
 // See https://http2.github.io/ for more information on HTTP/2.
 //
 // See https://http2.golang.org/ for a test server running this code.
 //
 package http2 // import "golang.org/x/net/http2"
 import (
@ -56,14 +55,14 @@ const (
 	ClientPreface = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"
 	// SETTINGS_MAX_FRAME_SIZE default
-	// http://http2.github.io/http2-spec/#rfc.section.6.5.2
+	// https://httpwg.org/specs/rfc7540.html#rfc.section.6.5.2
 	initialMaxFrameSize = 16384
 	// NextProtoTLS is the NPN/ALPN protocol negotiated during
 	// HTTP/2's TLS setup.
 	NextProtoTLS = "h2"
-	// http://http2.github.io/http2-spec/#SettingValues
+	// https://httpwg.org/specs/rfc7540.html#SettingValues
 	initialHeaderTableSize = 4096
 	initialWindowSize = 65535 // 6.9.2 Initial Flow Control Window Size
@ -112,7 +111,7 @@ func (st streamState) String() string {
 // Setting is a setting parameter: which setting it is, and its value.
 type Setting struct {
 	// ID is which setting is being set.
-	// See http://http2.github.io/http2-spec/#SettingValues
+	// See https://httpwg.org/specs/rfc7540.html#SettingFormat
 	ID SettingID
 	// Val is the value.
@ -144,7 +143,7 @@ func (s Setting) Valid() error {
 }
 // A SettingID is an HTTP/2 setting as defined in
-// http://http2.github.io/http2-spec/#iana-settings
+// https://httpwg.org/specs/rfc7540.html#iana-settings
 type SettingID uint16
 const (
@ -176,10 +175,11 @@ func (s SettingID) String() string {
 // name (key). See httpguts.ValidHeaderName for the base rules.
 //
 // Further, http2 says:
-//   "Just as in HTTP/1.x, header field names are strings of ASCII
+//
-//   characters that are compared in a case-insensitive
+//	"Just as in HTTP/1.x, header field names are strings of ASCII
-//   fashion. However, header field names MUST be converted to
+//	characters that are compared in a case-insensitive
-//   lowercase prior to their encoding in HTTP/2. "
+//	fashion. However, header field names MUST be converted to
 //	lowercase prior to their encoding in HTTP/2. "
 func validWireHeaderFieldName(v string) bool {
 	if len(v) == 0 {
 		return false
@ -365,8 +365,8 @@ func (s *sorter) SortStrings(ss []string) {
 // validPseudoPath reports whether v is a valid :path pseudo-header
 // value. It must be either:
 //
-//     *) a non-empty string starting with '/'
+//   - a non-empty string starting with '/'
-//     *) the string '*', for OPTIONS requests.
+//   - the string '*', for OPTIONS requests.
 //
 // For now this is only used a quick check for deciding when to clean
 // up Opaque URLs before sending requests from the Transport.
--- a/vendor/golang.org/x/net/http2/not_go118.go
+++ b/vendor/golang.org/x/net/http2/not_go118.go
@ -0,0 +1,17 @@
 // Copyright 2021 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build !go1.18
 // +build !go1.18
 package http2
 import (
 	"crypto/tls"
 	"net"
 )
 func tlsUnderlyingConn(tc *tls.Conn) net.Conn {
 	return nil
 }
--- a/vendor/golang.org/x/net/http2/server.go
+++ b/vendor/golang.org/x/net/http2/server.go
@ -143,7 +143,7 @@ type Server struct {
 }
 func (s *Server) initialConnRecvWindowSize() int32 {
-	if s.MaxUploadBufferPerConnection > initialWindowSize {
+	if s.MaxUploadBufferPerConnection >= initialWindowSize {
 		return s.MaxUploadBufferPerConnection
 	}
 	return 1 << 20
@ -315,6 +315,20 @@ type ServeConnOpts struct {
 	// requests. If nil, BaseConfig.Handler is used. If BaseConfig
 	// or BaseConfig.Handler is nil, http.DefaultServeMux is used.
 	Handler http.Handler
 	// UpgradeRequest is an initial request received on a connection
 	// undergoing an h2c upgrade. The request body must have been
 	// completely read from the connection before calling ServeConn,
 	// and the 101 Switching Protocols response written.
 	UpgradeRequest *http.Request
 	// Settings is the decoded contents of the HTTP2-Settings header
 	// in an h2c upgrade request.
 	Settings []byte
 	// SawClientPreface is set if the HTTP/2 connection preface
 	// has already been read from the connection.
 	SawClientPreface bool
 }
 func (o *ServeConnOpts) context() context.Context {
@ -383,6 +397,7 @@ func (s *Server) ServeConn(c net.Conn, opts *ServeConnOpts) {
 		headerTableSize:             initialHeaderTableSize,
 		serveG:                      newGoroutineLock(),
 		pushEnabled:                 true,
 		sawClientPreface:            opts.SawClientPreface,
 	}
 	s.state.registerConn(sc)
@ -400,7 +415,7 @@ func (s *Server) ServeConn(c net.Conn, opts *ServeConnOpts) {
 	if s.NewWriteScheduler != nil {
 		sc.writeSched = s.NewWriteScheduler()
 	} else {
-		sc.writeSched = NewRandomWriteScheduler()
+		sc.writeSched = NewPriorityWriteScheduler(nil)
 	}
 	// These start at the RFC-specified defaults. If there is a higher
@ -465,9 +480,27 @@ func (s *Server) ServeConn(c net.Conn, opts *ServeConnOpts) {
 		}
 	}
 	if opts.Settings != nil {
 		fr := &SettingsFrame{
 			FrameHeader: FrameHeader{valid: true},
 			p:           opts.Settings,
 		}
 		if err := fr.ForeachSetting(sc.processSetting); err != nil {
 			sc.rejectConn(ErrCodeProtocol, "invalid settings")
 			return
 		}
 		opts.Settings = nil
 	}
 	if hook := testHookGetServerConn; hook != nil {
 		hook(sc)
 	}
 	if opts.UpgradeRequest != nil {
 		sc.upgradeRequest(opts.UpgradeRequest)
 		opts.UpgradeRequest = nil
 	}
 	sc.serve()
 }
@ -512,6 +545,7 @@ type serverConn struct {
 	// Everything following is owned by the serve loop; use serveG.check():
 	serveG                      goroutineLock // used to verify funcs are on serve()
 	pushEnabled                 bool
 	sawClientPreface            bool // preface has already been read, used in h2c upgrade
 	sawFirstSettings            bool // got the initial SETTINGS frame after the preface
 	needToSendSettingsAck       bool
 	unackedSettings             int    // how many SETTINGS have we sent without ACKs?
@ -835,9 +869,7 @@ func (sc *serverConn) serve() {
 	// Each connection starts with initialWindowSize inflow tokens.
 	// If a higher value is configured, we add more tokens.
-	if diff := sc.srv.initialConnRecvWindowSize() - initialWindowSize; diff > 0 {
+	sc.sendWindowUpdate(nil)
 		sc.sendWindowUpdate(nil, int(diff))
 	}
 	if err := sc.readPreface(); err != nil {
 		sc.condlogf(err, "http2: server: error reading preface from client %v: %v", sc.conn.RemoteAddr(), err)
@ -974,6 +1006,9 @@ var errPrefaceTimeout = errors.New("timeout waiting for client preface")
 // returns errPrefaceTimeout on timeout, or an error if the greeting
 // is invalid.
 func (sc *serverConn) readPreface() error {
 	if sc.sawClientPreface {
 		return nil
 	}
 	errc := make(chan error, 1)
 	go func() {
 		// Read the client preface
@ -1334,6 +1369,9 @@ func (sc *serverConn) startGracefulShutdownInternal() {
 func (sc *serverConn) goAway(code ErrCode) {
 	sc.serveG.check()
 	if sc.inGoAway {
 		if sc.goAwayCode == ErrCodeNo {
 			sc.goAwayCode = code
 		}
 		return
 	}
 	sc.inGoAway = true
@ -1548,7 +1586,7 @@ func (sc *serverConn) closeStream(st *stream, err error) {
 	if p := st.body; p != nil {
 		// Return any buffered unread bytes worth of conn-level flow control.
 		// See golang.org/issue/16481
-		sc.sendWindowUpdate(nil, p.Len())
+		sc.sendWindowUpdate(nil)
 		p.CloseWithError(err)
 	}
@ -1696,7 +1734,7 @@ func (sc *serverConn) processData(f *DataFrame) error {
 		// sendWindowUpdate, which also schedules sending the
 		// frames.
 		sc.inflow.take(int32(f.Length))
-		sc.sendWindowUpdate(nil, int(f.Length)) // conn-level
+		sc.sendWindowUpdate(nil) // conn-level
 		if st != nil && st.resetQueued {
 			// Already have a stream error in flight. Don't send another.
@ -1710,6 +1748,12 @@ func (sc *serverConn) processData(f *DataFrame) error {
 	// Sender sending more than they'd declared?
 	if st.declBodyBytes != -1 && st.bodyBytes+int64(len(data)) > st.declBodyBytes {
 		if sc.inflow.available() < int32(f.Length) {
 			return sc.countError("data_flow", streamError(id, ErrCodeFlowControl))
 		}
 		sc.inflow.take(int32(f.Length))
 		sc.sendWindowUpdate(nil) // conn-level
 		st.body.CloseWithError(fmt.Errorf("sender tried to send more than declared Content-Length of %d bytes", st.declBodyBytes))
 		// RFC 7540, sec 8.1.2.6: A request or response is also malformed if the
 		// value of a content-length header field does not equal the sum of the
@ -1726,7 +1770,7 @@ func (sc *serverConn) processData(f *DataFrame) error {
 		if len(data) > 0 {
 			wrote, err := st.body.Write(data)
 			if err != nil {
-				sc.sendWindowUpdate(nil, int(f.Length)-wrote)
+				sc.sendWindowUpdate32(nil, int32(f.Length)-int32(wrote))
 				return sc.countError("body_write_err", streamError(id, ErrCodeStreamClosed))
 			}
 			if wrote != len(data) {
@ -1915,6 +1959,26 @@ func (sc *serverConn) processHeaders(f *MetaHeadersFrame) error {
 	return nil
 }
 func (sc *serverConn) upgradeRequest(req *http.Request) {
 	sc.serveG.check()
 	id := uint32(1)
 	sc.maxClientStreamID = id
 	st := sc.newStream(id, 0, stateHalfClosedRemote)
 	st.reqTrailer = req.Trailer
 	if st.reqTrailer != nil {
 		st.trailer = make(http.Header)
 	}
 	rw := sc.newResponseWriter(st, req)
 	// Disable any read deadline set by the net/http package
 	// prior to the upgrade.
 	if sc.hs.ReadTimeout != 0 {
 		sc.conn.SetReadDeadline(time.Time{})
 	}
 	go sc.runHandler(rw, req, sc.handler.ServeHTTP)
 }
 func (st *stream) processTrailerHeaders(f *MetaHeadersFrame) error {
 	sc := st.sc
 	sc.serveG.check()
@ -2033,12 +2097,6 @@ func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*res
 		return nil, nil, sc.countError("bad_path_method", streamError(f.StreamID, ErrCodeProtocol))
 	}
 	bodyOpen := !f.StreamEnded()
 	if rp.method == "HEAD" && bodyOpen {
 		// HEAD requests can't have bodies
 		return nil, nil, sc.countError("head_body", streamError(f.StreamID, ErrCodeProtocol))
 	}
 	rp.header = make(http.Header)
 	for _, hf := range f.RegularFields() {
 		rp.header.Add(sc.canonicalHeader(hf.Name), hf.Value)
@ -2051,6 +2109,7 @@ func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*res
 	if err != nil {
 		return nil, nil, err
 	}
 	bodyOpen := !f.StreamEnded()
 	if bodyOpen {
 		if vv, ok := rp.header["Content-Length"]; ok {
 			if cl, err := strconv.ParseUint(vv[0], 10, 63); err == nil {
@ -2145,6 +2204,11 @@ func (sc *serverConn) newWriterAndRequestNoBody(st *stream, rp requestParam) (*r
 	}
 	req = req.WithContext(st.ctx)
 	rw := sc.newResponseWriter(st, req)
 	return rw, req, nil
 }
 func (sc *serverConn) newResponseWriter(st *stream, req *http.Request) *responseWriter {
 	rws := responseWriterStatePool.Get().(*responseWriterState)
 	bwSave := rws.bw
 	*rws = responseWriterState{} // zero all the fields
@ -2153,10 +2217,7 @@ func (sc *serverConn) newWriterAndRequestNoBody(st *stream, rp requestParam) (*r
 	rws.bw.Reset(chunkWriter{rws})
 	rws.stream = st
 	rws.req = req
-	rws.body = body
+	return &responseWriter{rws: rws}
 	rw := &responseWriter{rws: rws}
 	return rw, req, nil
 }
 // Run on its own goroutine.
@ -2164,6 +2225,9 @@ func (sc *serverConn) runHandler(rw *responseWriter, req *http.Request, handler
 	didPanic := true
 	defer func() {
 		rw.rws.stream.cancelCtx()
 		if req.MultipartForm != nil {
 			req.MultipartForm.RemoveAll()
 		}
 		if didPanic {
 			e := recover()
 			sc.writeFrameFromHandler(FrameWriteRequest{
@ -2258,17 +2322,32 @@ func (sc *serverConn) noteBodyReadFromHandler(st *stream, n int, err error) {
 func (sc *serverConn) noteBodyRead(st *stream, n int) {
 	sc.serveG.check()
-	sc.sendWindowUpdate(nil, n) // conn-level
+	sc.sendWindowUpdate(nil) // conn-level
 	if st.state != stateHalfClosedRemote && st.state != stateClosed {
 		// Don't send this WINDOW_UPDATE if the stream is closed
 		// remotely.
-		sc.sendWindowUpdate(st, n)
+		sc.sendWindowUpdate(st)
 	}
 }
 // st may be nil for conn-level
-func (sc *serverConn) sendWindowUpdate(st *stream, n int) {
+func (sc *serverConn) sendWindowUpdate(st *stream) {
 	sc.serveG.check()
 	var n int32
 	if st == nil {
 		if avail, windowSize := sc.inflow.available(), sc.srv.initialConnRecvWindowSize(); avail > windowSize/2 {
 			return
 		} else {
 			n = windowSize - avail
 		}
 	} else {
 		if avail, windowSize := st.inflow.available(), sc.srv.initialStreamRecvWindowSize(); avail > windowSize/2 {
 			return
 		} else {
 			n = windowSize - avail
 		}
 	}
 	// "The legal range for the increment to the flow control
 	// window is 1 to 2^31-1 (2,147,483,647) octets."
 	// A Go Read call on 64-bit machines could in theory read
@ -2316,17 +2395,18 @@ type requestBody struct {
 	_             incomparable
 	stream        *stream
 	conn          *serverConn
-	closed        bool  // for use by Close only
+	closeOnce     sync.Once // for use by Close only
-	sawEOF        bool  // for use by Read only
+	sawEOF        bool      // for use by Read only
-	pipe          *pipe // non-nil if we have a HTTP entity message body
+	pipe          *pipe     // non-nil if we have a HTTP entity message body
-	needsContinue bool  // need to send a 100-continue
+	needsContinue bool      // need to send a 100-continue
 }
 func (b *requestBody) Close() error {
-	if b.pipe != nil && !b.closed {
+	b.closeOnce.Do(func() {
-		b.pipe.BreakWithError(errClosedBody)
+		if b.pipe != nil {
-	}
+			b.pipe.BreakWithError(errClosedBody)
-	b.closed = true
+		}
 	})
 	return nil
 }
@ -2370,7 +2450,6 @@ type responseWriterState struct {
 	// immutable within a request:
 	stream *stream
 	req    *http.Request
 	body   *requestBody // to close at end of request, if DATA frames didn't
 	conn   *serverConn
 	// TODO: adjust buffer writing sizes based on server config, frame size updates from peer, etc
@ -2434,6 +2513,10 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
 		rws.writeHeader(200)
 	}
 	if rws.handlerDone {
 		rws.promoteUndeclaredTrailers()
 	}
 	isHeadResp := rws.req.Method == "HEAD"
 	if !rws.sentHeader {
 		rws.sentHeader = true
@ -2505,10 +2588,6 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
 		return 0, nil
 	}
 	if rws.handlerDone {
 		rws.promoteUndeclaredTrailers()
 	}
 	// only send trailers if they have actually been defined by the
 	// server handler.
 	hasNonemptyTrailers := rws.hasNonemptyTrailers()
@ -2546,8 +2625,9 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
 // prior to the headers being written. If the set of trailers is fixed
 // or known before the header is written, the normal Go trailers mechanism
 // is preferred:
-//    https://golang.org/pkg/net/http/#ResponseWriter
+//
-//    https://golang.org/pkg/net/http/#example_ResponseWriter_trailers
+//	https://golang.org/pkg/net/http/#ResponseWriter
 //	https://golang.org/pkg/net/http/#example_ResponseWriter_trailers
 const TrailerPrefix = "Trailer:"
 // promoteUndeclaredTrailers permits http.Handlers to set trailers
@ -2643,8 +2723,7 @@ func checkWriteHeaderCode(code int) {
 	// Issue 22880: require valid WriteHeader status codes.
 	// For now we only enforce that it's three digits.
 	// In the future we might block things over 599 (600 and above aren't defined
-	// at http://httpwg.org/specs/rfc7231.html#status.codes)
+	// at http://httpwg.org/specs/rfc7231.html#status.codes).
 	// and we might block under 200 (once we have more mature 1xx support).
 	// But for now any three digits.
 	//
 	// We used to send "HTTP/1.1 000 0" on the wire in responses but there's
@ -2665,13 +2744,41 @@ func (w *responseWriter) WriteHeader(code int) {
 }
 func (rws *responseWriterState) writeHeader(code int) {
-	if !rws.wroteHeader {
+	if rws.wroteHeader {
-		checkWriteHeaderCode(code)
+		return
-		rws.wroteHeader = true
+	}
-		rws.status = code
+
-		if len(rws.handlerHeader) > 0 {
+	checkWriteHeaderCode(code)
-			rws.snapHeader = cloneHeader(rws.handlerHeader)
+
 	// Handle informational headers
 	if code >= 100 && code <= 199 {
 		// Per RFC 8297 we must not clear the current header map
 		h := rws.handlerHeader
 		_, cl := h["Content-Length"]
 		_, te := h["Transfer-Encoding"]
 		if cl || te {
 			h = h.Clone()
 			h.Del("Content-Length")
 			h.Del("Transfer-Encoding")
 		}
 		if rws.conn.writeHeaders(rws.stream, &writeResHeaders{
 			streamID:    rws.stream.id,
 			httpResCode: code,
 			h:           h,
 			endStream:   rws.handlerDone && !rws.hasTrailers(),
 		}) != nil {
 			rws.dirty = true
 		}
 		return
 	}
 	rws.wroteHeader = true
 	rws.status = code
 	if len(rws.handlerHeader) > 0 {
 		rws.snapHeader = cloneHeader(rws.handlerHeader)
 	}
 }
--- a/vendor/golang.org/x/net/http2/transport.go
+++ b/vendor/golang.org/x/net/http2/transport.go
@ -16,7 +16,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"log"
 	"math"
 	mathrand "math/rand"
@ -68,13 +67,23 @@ const (
 // A Transport internally caches connections to servers. It is safe
 // for concurrent use by multiple goroutines.
 type Transport struct {
-	// DialTLS specifies an optional dial function for creating
+	// DialTLSContext specifies an optional dial function with context for
-	// TLS connections for requests.
+	// creating TLS connections for requests.
 	//
-	// If DialTLS is nil, tls.Dial is used.
+	// If DialTLSContext and DialTLS is nil, tls.Dial is used.
 	//
 	// If the returned net.Conn has a ConnectionState method like tls.Conn,
 	// it will be used to set http.Response.TLS.
 	DialTLSContext func(ctx context.Context, network, addr string, cfg *tls.Config) (net.Conn, error)
 	// DialTLS specifies an optional dial function for creating
 	// TLS connections for requests.
 	//
 	// If DialTLSContext and DialTLS is nil, tls.Dial is used.
 	//
 	// Deprecated: Use DialTLSContext instead, which allows the transport
 	// to cancel dials as soon as they are no longer needed.
 	// If both are set, DialTLSContext takes priority.
 	DialTLS func(network, addr string, cfg *tls.Config) (net.Conn, error)
 	// TLSClientConfig specifies the TLS configuration to use with
@ -249,7 +258,8 @@ func (t *Transport) initConnPool() {
 // HTTP/2 server.
 type ClientConn struct {
 	t             *Transport
-	tconn         net.Conn             // usually *tls.Conn, except specialized impls
+	tconn         net.Conn // usually *tls.Conn, except specialized impls
 	tconnClosed   bool
 	tlsState      *tls.ConnectionState // nil only for specialized impls
 	reused        uint32               // whether conn is being reused; atomic
 	singleUse     bool                 // whether being used for a single http.Request
@ -335,8 +345,8 @@ type clientStream struct {
 	readErr     error // sticky read error; owned by transportResponseBody.Read
 	reqBody              io.ReadCloser
-	reqBodyContentLength int64 // -1 means unknown
+	reqBodyContentLength int64         // -1 means unknown
-	reqBodyClosed        bool  // body has been closed; guarded by cc.mu
+	reqBodyClosed        chan struct{} // guarded by cc.mu; non-nil on Close, closed when done
 	// owned by writeRequest:
 	sentEndStream bool // sent an END_STREAM flag to the peer
@ -376,9 +386,8 @@ func (cs *clientStream) abortStreamLocked(err error) {
 		cs.abortErr = err
 		close(cs.abort)
 	})
-	if cs.reqBody != nil && !cs.reqBodyClosed {
+	if cs.reqBody != nil {
-		cs.reqBody.Close()
+		cs.closeReqBodyLocked()
 		cs.reqBodyClosed = true
 	}
 	// TODO(dneil): Clean up tests where cs.cc.cond is nil.
 	if cs.cc.cond != nil {
@ -391,13 +400,24 @@ func (cs *clientStream) abortRequestBodyWrite() {
 	cc := cs.cc
 	cc.mu.Lock()
 	defer cc.mu.Unlock()
-	if cs.reqBody != nil && !cs.reqBodyClosed {
+	if cs.reqBody != nil && cs.reqBodyClosed == nil {
-		cs.reqBody.Close()
+		cs.closeReqBodyLocked()
 		cs.reqBodyClosed = true
 		cc.cond.Broadcast()
 	}
 }
 func (cs *clientStream) closeReqBodyLocked() {
 	if cs.reqBodyClosed != nil {
 		return
 	}
 	cs.reqBodyClosed = make(chan struct{})
 	reqBodyClosed := cs.reqBodyClosed
 	go func() {
 		cs.reqBody.Close()
 		close(reqBodyClosed)
 	}()
 }
 type stickyErrWriter struct {
 	conn    net.Conn
 	timeout time.Duration
@ -501,12 +521,14 @@ func (t *Transport) RoundTripOpt(req *http.Request, opt RoundTripOpt) (*http.Res
 			if req, err = shouldRetryRequest(req, err); err == nil {
 				// After the first retry, do exponential backoff with 10% jitter.
 				if retry == 0 {
 					t.vlogf("RoundTrip retrying after failure: %v", err)
 					continue
 				}
 				backoff := float64(uint(1) << (uint(retry) - 1))
 				backoff += backoff * (0.1 * mathrand.Float64())
 				select {
 				case <-time.After(time.Second * time.Duration(backoff)):
 					t.vlogf("RoundTrip retrying after failure: %v", err)
 					continue
 				case <-req.Context().Done():
 					err = req.Context().Err()
@ -591,7 +613,7 @@ func (t *Transport) dialClientConn(ctx context.Context, addr string, singleUse b
 	if err != nil {
 		return nil, err
 	}
-	tconn, err := t.dialTLS(ctx)("tcp", addr, t.newTLSConfig(host))
+	tconn, err := t.dialTLS(ctx, "tcp", addr, t.newTLSConfig(host))
 	if err != nil {
 		return nil, err
 	}
@ -612,24 +634,25 @@ func (t *Transport) newTLSConfig(host string) *tls.Config {
 	return cfg
 }
-func (t *Transport) dialTLS(ctx context.Context) func(string, string, *tls.Config) (net.Conn, error) {
+func (t *Transport) dialTLS(ctx context.Context, network, addr string, tlsCfg *tls.Config) (net.Conn, error) {
-	if t.DialTLS != nil {
+	if t.DialTLSContext != nil {
-		return t.DialTLS
+		return t.DialTLSContext(ctx, network, addr, tlsCfg)
 	} else if t.DialTLS != nil {
 		return t.DialTLS(network, addr, tlsCfg)
 	}
-	return func(network, addr string, cfg *tls.Config) (net.Conn, error) {
+
-		tlsCn, err := t.dialTLSWithContext(ctx, network, addr, cfg)
+	tlsCn, err := t.dialTLSWithContext(ctx, network, addr, tlsCfg)
-		if err != nil {
+	if err != nil {
-			return nil, err
+		return nil, err
 		}
 		state := tlsCn.ConnectionState()
 		if p := state.NegotiatedProtocol; p != NextProtoTLS {
 			return nil, fmt.Errorf("http2: unexpected ALPN protocol %q; want %q", p, NextProtoTLS)
 		}
 		if !state.NegotiatedProtocolIsMutual {
 			return nil, errors.New("http2: could not negotiate protocol mutually")
 		}
 		return tlsCn, nil
 	}
 	state := tlsCn.ConnectionState()
 	if p := state.NegotiatedProtocol; p != NextProtoTLS {
 		return nil, fmt.Errorf("http2: unexpected ALPN protocol %q; want %q", p, NextProtoTLS)
 	}
 	if !state.NegotiatedProtocolIsMutual {
 		return nil, errors.New("http2: could not negotiate protocol mutually")
 	}
 	return tlsCn, nil
 }
 // disableKeepAlives reports whether connections should be closed as
@ -732,11 +755,13 @@ func (cc *ClientConn) healthCheck() {
 	// trigger the healthCheck again if there is no frame received.
 	ctx, cancel := context.WithTimeout(context.Background(), pingTimeout)
 	defer cancel()
 	cc.vlogf("http2: Transport sending health check")
 	err := cc.Ping(ctx)
 	if err != nil {
 		cc.vlogf("http2: Transport health check failure: %v", err)
 		cc.closeForLostPing()
-		cc.t.connPool().MarkDead(cc)
+	} else {
-		return
+		cc.vlogf("http2: Transport health check success")
 	}
 }
@ -907,6 +932,24 @@ func (cc *ClientConn) onIdleTimeout() {
 	cc.closeIfIdle()
 }
 func (cc *ClientConn) closeConn() {
 	t := time.AfterFunc(250*time.Millisecond, cc.forceCloseConn)
 	defer t.Stop()
 	cc.tconn.Close()
 }
 // A tls.Conn.Close can hang for a long time if the peer is unresponsive.
 // Try to shut it down more aggressively.
 func (cc *ClientConn) forceCloseConn() {
 	tc, ok := cc.tconn.(*tls.Conn)
 	if !ok {
 		return
 	}
 	if nc := tlsUnderlyingConn(tc); nc != nil {
 		nc.Close()
 	}
 }
 func (cc *ClientConn) closeIfIdle() {
 	cc.mu.Lock()
 	if len(cc.streams) > 0 || cc.streamsReserved > 0 {
@ -921,7 +964,7 @@ func (cc *ClientConn) closeIfIdle() {
 	if VerboseLogs {
 		cc.vlogf("http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)", cc, cc.singleUse, nextID-2)
 	}
-	cc.tconn.Close()
+	cc.closeConn()
 }
 func (cc *ClientConn) isDoNotReuseAndIdle() bool {
@ -938,7 +981,7 @@ func (cc *ClientConn) Shutdown(ctx context.Context) error {
 		return err
 	}
 	// Wait for all in-flight streams to complete or connection to close
-	done := make(chan error, 1)
+	done := make(chan struct{})
 	cancelled := false // guarded by cc.mu
 	go func() {
 		cc.mu.Lock()
@ -946,7 +989,7 @@ func (cc *ClientConn) Shutdown(ctx context.Context) error {
 		for {
 			if len(cc.streams) == 0 || cc.closed {
 				cc.closed = true
-				done <- cc.tconn.Close()
+				close(done)
 				break
 			}
 			if cancelled {
@ -957,8 +1000,9 @@ func (cc *ClientConn) Shutdown(ctx context.Context) error {
 	}()
 	shutdownEnterWaitStateHook()
 	select {
-	case err := <-done:
+	case <-done:
-		return err
+		cc.closeConn()
 		return nil
 	case <-ctx.Done():
 		cc.mu.Lock()
 		// Free the goroutine above
@ -995,15 +1039,15 @@ func (cc *ClientConn) sendGoAway() error {
 // closes the client connection immediately. In-flight requests are interrupted.
 // err is sent to streams.
-func (cc *ClientConn) closeForError(err error) error {
+func (cc *ClientConn) closeForError(err error) {
 	cc.mu.Lock()
 	cc.closed = true
 	for _, cs := range cc.streams {
 		cs.abortStreamLocked(err)
 	}
-	defer cc.cond.Broadcast()
+	cc.cond.Broadcast()
-	defer cc.mu.Unlock()
+	cc.mu.Unlock()
-	return cc.tconn.Close()
+	cc.closeConn()
 }
 // Close closes the client connection immediately.
@ -1011,16 +1055,17 @@ func (cc *ClientConn) closeForError(err error) error {
 // In-flight requests are interrupted. For a graceful shutdown, use Shutdown instead.
 func (cc *ClientConn) Close() error {
 	err := errors.New("http2: client connection force closed via ClientConn.Close")
-	return cc.closeForError(err)
+	cc.closeForError(err)
 	return nil
 }
 // closes the client connection immediately. In-flight requests are interrupted.
-func (cc *ClientConn) closeForLostPing() error {
+func (cc *ClientConn) closeForLostPing() {
 	err := errors.New("http2: client connection lost")
 	if f := cc.t.CountError; f != nil {
 		f("conn_close_lost_ping")
 	}
-	return cc.closeForError(err)
+	cc.closeForError(err)
 }
 // errRequestCanceled is a copy of net/http's errRequestCanceled because it's not
@ -1398,11 +1443,19 @@ func (cs *clientStream) cleanupWriteRequest(err error) {
 	// and in multiple cases: server replies <=299 and >299
 	// while still writing request body
 	cc.mu.Lock()
 	mustCloseBody := false
 	if cs.reqBody != nil && cs.reqBodyClosed == nil {
 		mustCloseBody = true
 		cs.reqBodyClosed = make(chan struct{})
 	}
 	bodyClosed := cs.reqBodyClosed
 	cs.reqBodyClosed = true
 	cc.mu.Unlock()
-	if !bodyClosed && cs.reqBody != nil {
+	if mustCloseBody {
 		cs.reqBody.Close()
 		close(bodyClosed)
 	}
 	if bodyClosed != nil {
 		<-bodyClosed
 	}
 	if err != nil && cs.sentEndStream {
@ -1582,7 +1635,7 @@ func (cs *clientStream) writeRequestBody(req *http.Request) (err error) {
 		}
 		if err != nil {
 			cc.mu.Lock()
-			bodyClosed := cs.reqBodyClosed
+			bodyClosed := cs.reqBodyClosed != nil
 			cc.mu.Unlock()
 			switch {
 			case bodyClosed:
@ -1677,7 +1730,7 @@ func (cs *clientStream) awaitFlowControl(maxBytes int) (taken int32, err error)
 		if cc.closed {
 			return 0, errClientConnClosed
 		}
-		if cs.reqBodyClosed {
+		if cs.reqBodyClosed != nil {
 			return 0, errStopReqBodyWrite
 		}
 		select {
@ -1748,7 +1801,8 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail
 		}
 		for _, v := range vv {
 			if !httpguts.ValidHeaderFieldValue(v) {
-				return nil, fmt.Errorf("invalid HTTP header value %q for header %q", v, k)
+				// Don't include the value in the error, because it may be sensitive.
 				return nil, fmt.Errorf("invalid HTTP header value for header %q", k)
 			}
 		}
 	}
@ -1972,13 +2026,13 @@ func (cc *ClientConn) forgetStreamID(id uint32) {
 	// wake up RoundTrip if there is a pending request.
 	cc.cond.Broadcast()
-	closeOnIdle := cc.singleUse || cc.doNotReuse || cc.t.disableKeepAlives()
+	closeOnIdle := cc.singleUse || cc.doNotReuse || cc.t.disableKeepAlives() || cc.goAway != nil
 	if closeOnIdle && cc.streamsReserved == 0 && len(cc.streams) == 0 {
 		if VerboseLogs {
 			cc.vlogf("http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)", cc, cc.singleUse, cc.nextStreamID-2)
 		}
 		cc.closed = true
-		defer cc.tconn.Close()
+		defer cc.closeConn()
 	}
 	cc.mu.Unlock()
@ -2025,8 +2079,8 @@ func isEOFOrNetReadError(err error) bool {
 func (rl *clientConnReadLoop) cleanup() {
 	cc := rl.cc
-	defer cc.tconn.Close()
+	cc.t.connPool().MarkDead(cc)
-	defer cc.t.connPool().MarkDead(cc)
+	defer cc.closeConn()
 	defer close(cc.readerDone)
 	if cc.idleTimer != nil {
@ -2048,6 +2102,7 @@ func (rl *clientConnReadLoop) cleanup() {
 		err = io.ErrUnexpectedEOF
 	}
 	cc.closed = true
 	for _, cs := range cc.streams {
 		select {
 		case <-cs.peerClosed:
@ -2641,7 +2696,6 @@ func (rl *clientConnReadLoop) processGoAway(f *GoAwayFrame) error {
 		if fn := cc.t.CountError; fn != nil {
 			fn("recv_goaway_" + f.ErrCode.stringToken())
 		}
 	}
 	cc.setGoAway(f)
 	return nil
@ -2881,7 +2935,12 @@ func (t *Transport) logf(format string, args ...interface{}) {
 	log.Printf(format, args...)
 }
-var noBody io.ReadCloser = ioutil.NopCloser(bytes.NewReader(nil))
+var noBody io.ReadCloser = noBodyReader{}
 type noBodyReader struct{}
 func (noBodyReader) Close() error             { return nil }
 func (noBodyReader) Read([]byte) (int, error) { return 0, io.EOF }
 type missingBody struct{}
@ -2990,7 +3049,7 @@ func traceGotConn(req *http.Request, cc *ClientConn, reused bool) {
 	cc.mu.Lock()
 	ci.WasIdle = len(cc.streams) == 0 && reused
 	if ci.WasIdle && !cc.lastActive.IsZero() {
-		ci.IdleTime = time.Now().Sub(cc.lastActive)
+		ci.IdleTime = time.Since(cc.lastActive)
 	}
 	cc.mu.Unlock()
--- a/vendor/golang.org/x/net/http2/writesched_priority.go
+++ b/vendor/golang.org/x/net/http2/writesched_priority.go
@ -383,16 +383,15 @@ func (ws *priorityWriteScheduler) AdjustStream(streamID uint32, priority Priorit
 func (ws *priorityWriteScheduler) Push(wr FrameWriteRequest) {
 	var n *priorityNode
-	if id := wr.StreamID(); id == 0 {
+	if wr.isControl() {
 		n = &ws.root
 	} else {
 		id := wr.StreamID()
 		n = ws.nodes[id]
 		if n == nil {
 			// id is an idle or closed stream. wr should not be a HEADERS or
-			// DATA frame. However, wr can be a RST_STREAM. In this case, we
+			// DATA frame. In other case, we push wr onto the root, rather
-			// push wr onto the root, rather than creating a new priorityNode,
+			// than creating a new priorityNode.
 			// since RST_STREAM is tiny and the stream's priority is unknown
 			// anyway. See issue #17919.
 			if wr.DataSize() > 0 {
 				panic("add DATA on non-open stream")
 			}
--- a/vendor/golang.org/x/net/idna/trieval.go
+++ b/vendor/golang.org/x/net/idna/trieval.go
@ -17,23 +17,23 @@ package idna
 //
 // The per-rune values have the following format:
 //
-//   if mapped {
+//	if mapped {
-//     if inlinedXOR {
+//	  if inlinedXOR {
-//       15..13 inline XOR marker
+//	    15..13 inline XOR marker
-//       12..11 unused
+//	    12..11 unused
-//       10..3  inline XOR mask
+//	    10..3  inline XOR mask
-//     } else {
+//	  } else {
-//       15..3  index into xor or mapping table
+//	    15..3  index into xor or mapping table
-//     }
+//	  }
-//   } else {
+//	} else {
-//       15..14 unused
+//	    15..14 unused
-//       13     mayNeedNorm
+//	    13     mayNeedNorm
-//       12..11 attributes
+//	    12..11 attributes
-//       10..8  joining type
+//	    10..8  joining type
-//        7..3  category type
+//	     7..3  category type
-//   }
+//	}
-//      2  use xor pattern
+//	   2  use xor pattern
-//   1..0  mapped category
+//	1..0  mapped category
 //
 // See the definitions below for a more detailed description of the various
 // bits.
--- a/vendor/golang.org/x/net/trace/trace.go
+++ b/vendor/golang.org/x/net/trace/trace.go
@ -395,7 +395,7 @@ func New(family, title string) Trace {
 }
 func (tr *trace) Finish() {
-	elapsed := time.Now().Sub(tr.Start)
+	elapsed := time.Since(tr.Start)
 	tr.mu.Lock()
 	tr.Elapsed = elapsed
 	tr.mu.Unlock()
--- a/vendor/golang.org/x/sys/AUTHORS
+++ b/vendor/golang.org/x/sys/AUTHORS
@ -1,3 +0,0 @@
 # This source code refers to The Go Authors for copyright purposes.
 # The master list of authors is in the main Go distribution,
 # visible at http://tip.golang.org/AUTHORS.
--- a/vendor/golang.org/x/sys/CONTRIBUTORS
+++ b/vendor/golang.org/x/sys/CONTRIBUTORS
@ -1,3 +0,0 @@
 # This source code was written by the Go contributors.
 # The master list of contributors is in the main Go distribution,
 # visible at http://tip.golang.org/CONTRIBUTORS.
--- a/vendor/golang.org/x/sys/cpu/cpu_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
@ -6,7 +6,10 @@ package cpu
 import "runtime"
-const cacheLineSize = 64
+// cacheLineSize is used to prevent false sharing of cache lines.
 // We choose 128 because Apple Silicon, a.k.a. M1, has 128-byte cache line size.
 // It doesn't cost much and is much more future-proof.
 const cacheLineSize = 128
 func initOptions() {
 	options = []option{
@ -41,13 +44,10 @@ func archInit() {
 	switch runtime.GOOS {
 	case "freebsd":
 		readARM64Registers()
-	case "linux", "netbsd":
+	case "linux", "netbsd", "openbsd":
 		doinit()
 	default:
-		// Most platforms don't seem to allow reading these registers.
+		// Many platforms don't seem to allow reading these registers.
 		//
 		// OpenBSD:
 		// See https://golang.org/issue/31746
 		setMinimalFeatures()
 	}
 }
--- a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go
@ -0,0 +1,65 @@
 // Copyright 2022 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package cpu
 import (
 	"syscall"
 	"unsafe"
 )
 // Minimal copy of functionality from x/sys/unix so the cpu package can call
 // sysctl without depending on x/sys/unix.
 const (
 	// From OpenBSD's sys/sysctl.h.
 	_CTL_MACHDEP = 7
 	// From OpenBSD's machine/cpu.h.
 	_CPU_ID_AA64ISAR0 = 2
 	_CPU_ID_AA64ISAR1 = 3
 )
 // Implemented in the runtime package (runtime/sys_openbsd3.go)
 func syscall_syscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno)
 //go:linkname syscall_syscall6 syscall.syscall6
 func sysctl(mib []uint32, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	_, _, errno := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(unsafe.Pointer(&mib[0])), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
 	if errno != 0 {
 		return errno
 	}
 	return nil
 }
 var libc_sysctl_trampoline_addr uintptr
 //go:cgo_import_dynamic libc_sysctl sysctl "libc.so"
 func sysctlUint64(mib []uint32) (uint64, bool) {
 	var out uint64
 	nout := unsafe.Sizeof(out)
 	if err := sysctl(mib, (*byte)(unsafe.Pointer(&out)), &nout, nil, 0); err != nil {
 		return 0, false
 	}
 	return out, true
 }
 func doinit() {
 	setMinimalFeatures()
 	// Get ID_AA64ISAR0 and ID_AA64ISAR1 from sysctl.
 	isar0, ok := sysctlUint64([]uint32{_CTL_MACHDEP, _CPU_ID_AA64ISAR0})
 	if !ok {
 		return
 	}
 	isar1, ok := sysctlUint64([]uint32{_CTL_MACHDEP, _CPU_ID_AA64ISAR1})
 	if !ok {
 		return
 	}
 	parseARM64SystemRegisters(isar0, isar1, 0)
 	Initialized = true
 }
--- a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s
@ -0,0 +1,11 @@
 // Copyright 2022 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 #include "textflag.h"
 TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_sysctl(SB)
 GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
 DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
--- a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-//go:build !linux && !netbsd && arm64
+//go:build !linux && !netbsd && !openbsd && arm64
-// +build !linux,!netbsd,arm64
+// +build !linux,!netbsd,!openbsd,arm64
 package cpu
--- a/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
@ -0,0 +1,15 @@
 // Copyright 2022 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build !aix && !linux && (ppc64 || ppc64le)
 // +build !aix
 // +build !linux
 // +build ppc64 ppc64le
 package cpu
 func archInit() {
 	PPC64.IsPOWER8 = true
 	Initialized = true
 }
--- a/vendor/golang.org/x/sys/plan9/mkerrors.sh
+++ b/vendor/golang.org/x/sys/plan9/mkerrors.sh
@ -126,7 +126,7 @@ errors=$(
 signals=$(
 	echo '#include <signal.h>' | $CC -x c - -E -dM $ccflags |
 	awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print $2 }' |
-	egrep -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT)' |
+	grep -v 'SIGSTKSIZE\|SIGSTKSZ\|SIGRT' |
 	sort
 )
@ -136,7 +136,7 @@ echo '#include <errno.h>' | $CC -x c - -E -dM $ccflags |
 	sort >_error.grep
 echo '#include <signal.h>' | $CC -x c - -E -dM $ccflags |
 	awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print "^\t" $2 "[ \t]*=" }' |
-	egrep -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT)' |
+	grep -v 'SIGSTKSIZE\|SIGSTKSZ\|SIGRT' |
 	sort >_signal.grep
 echo '// mkerrors.sh' "$@"
--- a/vendor/golang.org/x/sys/plan9/syscall.go
+++ b/vendor/golang.org/x/sys/plan9/syscall.go
@ -29,8 +29,6 @@ import (
 	"bytes"
 	"strings"
 	"unsafe"
 	"golang.org/x/sys/internal/unsafeheader"
 )
 // ByteSliceFromString returns a NUL-terminated slice of bytes
@ -82,13 +80,7 @@ func BytePtrToString(p *byte) string {
 		ptr = unsafe.Pointer(uintptr(ptr) + 1)
 	}
-	var s []byte
+	return string(unsafe.Slice(p, n))
 	h := (*unsafeheader.Slice)(unsafe.Pointer(&s))
 	h.Data = unsafe.Pointer(p)
 	h.Len = n
 	h.Cap = n
 	return string(s)
 }
 // Single-word zero for use when we need a valid pointer to 0 bytes.
--- a/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
@ -0,0 +1,31 @@
 // Copyright 2022 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
 // +build darwin freebsd netbsd openbsd
 // +build gc
 #include "textflag.h"
 //
 // System call support for ppc64, BSD
 //
 // Just jump to package syscall's implementation for all these functions.
 // The runtime may know about them.
 TEXT	·Syscall(SB),NOSPLIT,$0-56
 	JMP	syscall·Syscall(SB)
 TEXT	·Syscall6(SB),NOSPLIT,$0-80
 	JMP	syscall·Syscall6(SB)
 TEXT	·Syscall9(SB),NOSPLIT,$0-104
 	JMP	syscall·Syscall9(SB)
 TEXT	·RawSyscall(SB),NOSPLIT,$0-56
 	JMP	syscall·RawSyscall(SB)
 TEXT	·RawSyscall6(SB),NOSPLIT,$0-80
 	JMP	syscall·RawSyscall6(SB)
--- a/vendor/golang.org/x/sys/unix/dirent.go
+++ b/vendor/golang.org/x/sys/unix/dirent.go
@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 package unix
--- a/vendor/golang.org/x/sys/unix/ioctl_linux.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_linux.go
@ -4,9 +4,7 @@
 package unix
-import (
+import "unsafe"
 	"unsafe"
 )
 // IoctlRetInt performs an ioctl operation specified by req on a device
 // associated with opened file descriptor fd, and returns a non-negative
@ -217,3 +215,19 @@ func IoctlKCMAttach(fd int, info KCMAttach) error {
 func IoctlKCMUnattach(fd int, info KCMUnattach) error {
 	return ioctlPtr(fd, SIOCKCMUNATTACH, unsafe.Pointer(&info))
 }
 // IoctlLoopGetStatus64 gets the status of the loop device associated with the
 // file descriptor fd using the LOOP_GET_STATUS64 operation.
 func IoctlLoopGetStatus64(fd int) (*LoopInfo64, error) {
 	var value LoopInfo64
 	if err := ioctlPtr(fd, LOOP_GET_STATUS64, unsafe.Pointer(&value)); err != nil {
 		return nil, err
 	}
 	return &value, nil
 }
 // IoctlLoopSetStatus64 sets the status of the loop device associated with the
 // file descriptor fd using the LOOP_SET_STATUS64 operation.
 func IoctlLoopSetStatus64(fd int, value *LoopInfo64) error {
 	return ioctlPtr(fd, LOOP_SET_STATUS64, unsafe.Pointer(value))
 }
--- a/vendor/golang.org/x/sys/unix/mkall.sh
+++ b/vendor/golang.org/x/sys/unix/mkall.sh
@ -73,12 +73,12 @@ aix_ppc64)
 darwin_amd64)
 	mkerrors="$mkerrors -m64"
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
-	mkasm="go run mkasm_darwin.go"
+	mkasm="go run mkasm.go"
 	;;
 darwin_arm64)
 	mkerrors="$mkerrors -m64"
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
-	mkasm="go run mkasm_darwin.go"
+	mkasm="go run mkasm.go"
 	;;
 dragonfly_amd64)
 	mkerrors="$mkerrors -m64"
@ -142,33 +142,33 @@ netbsd_arm64)
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
 	;;
 openbsd_386)
 	mkasm="go run mkasm.go"
 	mkerrors="$mkerrors -m32"
-	mksyscall="go run mksyscall.go -l32 -openbsd"
+	mksyscall="go run mksyscall.go -l32 -openbsd -libc"
 	mksysctl="go run mksysctl_openbsd.go"
 	mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'"
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
 	;;
 openbsd_amd64)
 	mkasm="go run mkasm.go"
 	mkerrors="$mkerrors -m64"
-	mksyscall="go run mksyscall.go -openbsd"
+	mksyscall="go run mksyscall.go -openbsd -libc"
 	mksysctl="go run mksysctl_openbsd.go"
 	mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'"
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
 	;;
 openbsd_arm)
 	mkasm="go run mkasm.go"
 	mkerrors="$mkerrors"
-	mksyscall="go run mksyscall.go -l32 -openbsd -arm"
+	mksyscall="go run mksyscall.go -l32 -openbsd -arm -libc"
 	mksysctl="go run mksysctl_openbsd.go"
 	mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'"
 	# Let the type of C char be signed for making the bare syscall
 	# API consistent across platforms.
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char"
 	;;
 openbsd_arm64)
 	mkasm="go run mkasm.go"
 	mkerrors="$mkerrors -m64"
-	mksyscall="go run mksyscall.go -openbsd"
+	mksyscall="go run mksyscall.go -openbsd -libc"
 	mksysctl="go run mksysctl_openbsd.go"
 	mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'"
 	# Let the type of C char be signed for making the bare syscall
 	# API consistent across platforms.
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char"
@ -182,6 +182,24 @@ openbsd_mips64)
 	# API consistent across platforms.
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char"
 	;;
 openbsd_ppc64)
 	mkasm="go run mkasm.go"
 	mkerrors="$mkerrors -m64"
 	mksyscall="go run mksyscall.go -openbsd -libc"
 	mksysctl="go run mksysctl_openbsd.go"
 	# Let the type of C char be signed for making the bare syscall
 	# API consistent across platforms.
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char"
 	;;
 openbsd_riscv64)
 	mkasm="go run mkasm.go"
 	mkerrors="$mkerrors -m64"
 	mksyscall="go run mksyscall.go -openbsd -libc"
 	mksysctl="go run mksysctl_openbsd.go"
 	# Let the type of C char be signed for making the bare syscall
 	# API consistent across platforms.
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char"
 	;;
 solaris_amd64)
 	mksyscall="go run mksyscall_solaris.go"
 	mkerrors="$mkerrors -m64"
@ -214,11 +232,6 @@ esac
 			if [ "$GOOSARCH" == "aix_ppc64" ]; then
 				# aix/ppc64 script generates files instead of writing to stdin.
 				echo "$mksyscall -tags $GOOS,$GOARCH $syscall_goos $GOOSARCH_in && gofmt -w zsyscall_$GOOSARCH.go && gofmt -w zsyscall_"$GOOSARCH"_gccgo.go && gofmt -w zsyscall_"$GOOSARCH"_gc.go " ;
 			elif [ "$GOOS" == "darwin" ]; then
 			        # 1.12 and later, syscalls via libSystem
 				echo "$mksyscall -tags $GOOS,$GOARCH,go1.12 $syscall_goos $GOOSARCH_in |gofmt >zsyscall_$GOOSARCH.go";
 				# 1.13 and later, syscalls via libSystem (including syscallPtr)
 				echo "$mksyscall -tags $GOOS,$GOARCH,go1.13 syscall_darwin.1_13.go |gofmt >zsyscall_$GOOSARCH.1_13.go";
 			elif [ "$GOOS" == "illumos" ]; then
 			        # illumos code generation requires a --illumos switch
 			        echo "$mksyscall -illumos -tags illumos,$GOARCH syscall_illumos.go |gofmt > zsyscall_illumos_$GOARCH.go";
@ -232,5 +245,5 @@ esac
 	if [ -n "$mksysctl" ]; then echo "$mksysctl |gofmt >$zsysctl"; fi
 	if [ -n "$mksysnum" ]; then echo "$mksysnum |gofmt >zsysnum_$GOOSARCH.go"; fi
 	if [ -n "$mktypes" ]; then echo "$mktypes types_$GOOS.go | go run mkpost.go > ztypes_$GOOSARCH.go"; fi
-	if [ -n "$mkasm" ]; then echo "$mkasm $GOARCH"; fi
+	if [ -n "$mkasm" ]; then echo "$mkasm $GOOS $GOARCH"; fi
 ) | $run
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@ -297,6 +297,10 @@ struct ltchars {
 #define SOL_NETLINK	270
 #endif
 #ifndef SOL_SMC
 #define SOL_SMC 286
 #endif
 #ifdef SOL_BLUETOOTH
 // SPARC includes this in /usr/include/sparc64-linux-gnu/bits/socket.h
 // but it is already in bluetooth_linux.go
@ -638,7 +642,7 @@ errors=$(
 signals=$(
 	echo '#include <signal.h>' | $CC -x c - -E -dM $ccflags |
 	awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print $2 }' |
-	egrep -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT|SIGMAX64)' |
+	grep -v 'SIGSTKSIZE\|SIGSTKSZ\|SIGRT\|SIGMAX64' |
 	sort
 )
@ -648,7 +652,7 @@ echo '#include <errno.h>' | $CC -x c - -E -dM $ccflags |
 	sort >_error.grep
 echo '#include <signal.h>' | $CC -x c - -E -dM $ccflags |
 	awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print "^\t" $2 "[ \t]*=" }' |
-	egrep -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT|SIGMAX64)' |
+	grep -v 'SIGSTKSIZE\|SIGSTKSZ\|SIGRT\|SIGMAX64' |
 	sort >_signal.grep
 echo '// mkerrors.sh' "$@"
--- a/vendor/golang.org/x/sys/unix/str.go
+++ b/vendor/golang.org/x/sys/unix/str.go
@ -1,27 +0,0 @@
 // Copyright 2009 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
 // +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 package unix
 func itoa(val int) string { // do it here rather than with fmt to avoid dependency
 	if val < 0 {
 		return "-" + uitoa(uint(-val))
 	}
 	return uitoa(uint(val))
 }
 func uitoa(val uint) string {
 	var buf [32]byte // big enough for int64
 	i := len(buf) - 1
 	for val >= 10 {
 		buf[i] = byte(val%10 + '0')
 		i--
 		val /= 10
 	}
 	buf[i] = byte(val + '0')
 	return string(buf[i:])
 }
--- a/vendor/golang.org/x/sys/unix/syscall.go
+++ b/vendor/golang.org/x/sys/unix/syscall.go
@ -29,8 +29,6 @@ import (
 	"bytes"
 	"strings"
 	"unsafe"
 	"golang.org/x/sys/internal/unsafeheader"
 )
 // ByteSliceFromString returns a NUL-terminated slice of bytes
@ -82,13 +80,7 @@ func BytePtrToString(p *byte) string {
 		ptr = unsafe.Pointer(uintptr(ptr) + 1)
 	}
-	var s []byte
+	return string(unsafe.Slice(p, n))
 	h := (*unsafeheader.Slice)(unsafe.Pointer(&s))
 	h.Data = unsafe.Pointer(p)
 	h.Len = n
 	h.Cap = n
 	return string(s)
 }
 // Single-word zero for use when we need a valid pointer to 0 bytes.
--- a/vendor/golang.org/x/sys/unix/syscall_aix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix.go
@ -218,13 +218,62 @@ func Accept(fd int) (nfd int, sa Sockaddr, err error) {
 }
 func recvmsgRaw(fd int, iov []Iovec, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) {
-	// Recvmsg not implemented on AIX
+	var msg Msghdr
-	return -1, -1, -1, ENOSYS
+	msg.Name = (*byte)(unsafe.Pointer(rsa))
 	msg.Namelen = uint32(SizeofSockaddrAny)
 	var dummy byte
 	if len(oob) > 0 {
 		// receive at least one normal byte
 		if emptyIovecs(iov) {
 			var iova [1]Iovec
 			iova[0].Base = &dummy
 			iova[0].SetLen(1)
 			iov = iova[:]
 		}
 		msg.Control = (*byte)(unsafe.Pointer(&oob[0]))
 		msg.SetControllen(len(oob))
 	}
 	if len(iov) > 0 {
 		msg.Iov = &iov[0]
 		msg.SetIovlen(len(iov))
 	}
 	if n, err = recvmsg(fd, &msg, flags); n == -1 {
 		return
 	}
 	oobn = int(msg.Controllen)
 	recvflags = int(msg.Flags)
 	return
 }
 func sendmsgN(fd int, iov []Iovec, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) {
-	// SendmsgN not implemented on AIX
+	var msg Msghdr
-	return -1, ENOSYS
+	msg.Name = (*byte)(unsafe.Pointer(ptr))
 	msg.Namelen = uint32(salen)
 	var dummy byte
 	var empty bool
 	if len(oob) > 0 {
 		// send at least one normal byte
 		empty = emptyIovecs(iov)
 		if empty {
 			var iova [1]Iovec
 			iova[0].Base = &dummy
 			iova[0].SetLen(1)
 			iov = iova[:]
 		}
 		msg.Control = (*byte)(unsafe.Pointer(&oob[0]))
 		msg.SetControllen(len(oob))
 	}
 	if len(iov) > 0 {
 		msg.Iov = &iov[0]
 		msg.SetIovlen(len(iov))
 	}
 	if n, err = sendmsg(fd, &msg, flags); err != nil {
 		return 0, err
 	}
 	if len(oob) > 0 && empty {
 		n = 0
 	}
 	return n, nil
 }
 func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
--- a/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go
@ -363,7 +363,7 @@ func sendmsgN(fd int, iov []Iovec, oob []byte, ptr unsafe.Pointer, salen _Sockle
 	var empty bool
 	if len(oob) > 0 {
 		// send at least one normal byte
-		empty := emptyIovecs(iov)
+		empty = emptyIovecs(iov)
 		if empty {
 			var iova [1]Iovec
 			iova[0].Base = &dummy
--- a/vendor/golang.org/x/sys/unix/syscall_darwin.1_12.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin.1_12.go
@ -1,32 +0,0 @@
 // Copyright 2019 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build darwin && go1.12 && !go1.13
 // +build darwin,go1.12,!go1.13
 package unix
 import (
 	"unsafe"
 )
 const _SYS_GETDIRENTRIES64 = 344
 func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	// To implement this using libSystem we'd need syscall_syscallPtr for
 	// fdopendir. However, syscallPtr was only added in Go 1.13, so we fall
 	// back to raw syscalls for this func on Go 1.12.
 	var p unsafe.Pointer
 	if len(buf) > 0 {
 		p = unsafe.Pointer(&buf[0])
 	} else {
 		p = unsafe.Pointer(&_zero)
 	}
 	r0, _, e1 := Syscall6(_SYS_GETDIRENTRIES64, uintptr(fd), uintptr(p), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
 	n = int(r0)
 	if e1 != 0 {
 		return n, errnoErr(e1)
 	}
 	return n, nil
 }
--- a/vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go
@ -1,108 +0,0 @@
 // Copyright 2019 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build darwin && go1.13
 // +build darwin,go1.13
 package unix
 import (
 	"unsafe"
 	"golang.org/x/sys/internal/unsafeheader"
 )
 //sys	closedir(dir uintptr) (err error)
 //sys	readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno)
 func fdopendir(fd int) (dir uintptr, err error) {
 	r0, _, e1 := syscall_syscallPtr(libc_fdopendir_trampoline_addr, uintptr(fd), 0, 0)
 	dir = uintptr(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 var libc_fdopendir_trampoline_addr uintptr
 //go:cgo_import_dynamic libc_fdopendir fdopendir "/usr/lib/libSystem.B.dylib"
 func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	// Simulate Getdirentries using fdopendir/readdir_r/closedir.
 	// We store the number of entries to skip in the seek
 	// offset of fd. See issue #31368.
 	// It's not the full required semantics, but should handle the case
 	// of calling Getdirentries or ReadDirent repeatedly.
 	// It won't handle assigning the results of lseek to *basep, or handle
 	// the directory being edited underfoot.
 	skip, err := Seek(fd, 0, 1 /* SEEK_CUR */)
 	if err != nil {
 		return 0, err
 	}
 	// We need to duplicate the incoming file descriptor
 	// because the caller expects to retain control of it, but
 	// fdopendir expects to take control of its argument.
 	// Just Dup'ing the file descriptor is not enough, as the
 	// result shares underlying state. Use Openat to make a really
 	// new file descriptor referring to the same directory.
 	fd2, err := Openat(fd, ".", O_RDONLY, 0)
 	if err != nil {
 		return 0, err
 	}
 	d, err := fdopendir(fd2)
 	if err != nil {
 		Close(fd2)
 		return 0, err
 	}
 	defer closedir(d)
 	var cnt int64
 	for {
 		var entry Dirent
 		var entryp *Dirent
 		e := readdir_r(d, &entry, &entryp)
 		if e != 0 {
 			return n, errnoErr(e)
 		}
 		if entryp == nil {
 			break
 		}
 		if skip > 0 {
 			skip--
 			cnt++
 			continue
 		}
 		reclen := int(entry.Reclen)
 		if reclen > len(buf) {
 			// Not enough room. Return for now.
 			// The counter will let us know where we should start up again.
 			// Note: this strategy for suspending in the middle and
 			// restarting is O(n^2) in the length of the directory. Oh well.
 			break
 		}
 		// Copy entry into return buffer.
 		var s []byte
 		hdr := (*unsafeheader.Slice)(unsafe.Pointer(&s))
 		hdr.Data = unsafe.Pointer(&entry)
 		hdr.Cap = reclen
 		hdr.Len = reclen
 		copy(buf, s)
 		buf = buf[reclen:]
 		n += reclen
 		cnt++
 	}
 	// Set the seek offset of the input fd to record
 	// how many files we've already returned.
 	_, err = Seek(fd, cnt, 0 /* SEEK_SET */)
 	if err != nil {
 		return n, err
 	}
 	return n, nil
 }
--- a/vendor/golang.org/x/sys/unix/syscall_darwin.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go
@ -19,6 +19,96 @@ import (
 	"unsafe"
 )
 //sys	closedir(dir uintptr) (err error)
 //sys	readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno)
 func fdopendir(fd int) (dir uintptr, err error) {
 	r0, _, e1 := syscall_syscallPtr(libc_fdopendir_trampoline_addr, uintptr(fd), 0, 0)
 	dir = uintptr(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 var libc_fdopendir_trampoline_addr uintptr
 //go:cgo_import_dynamic libc_fdopendir fdopendir "/usr/lib/libSystem.B.dylib"
 func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	// Simulate Getdirentries using fdopendir/readdir_r/closedir.
 	// We store the number of entries to skip in the seek
 	// offset of fd. See issue #31368.
 	// It's not the full required semantics, but should handle the case
 	// of calling Getdirentries or ReadDirent repeatedly.
 	// It won't handle assigning the results of lseek to *basep, or handle
 	// the directory being edited underfoot.
 	skip, err := Seek(fd, 0, 1 /* SEEK_CUR */)
 	if err != nil {
 		return 0, err
 	}
 	// We need to duplicate the incoming file descriptor
 	// because the caller expects to retain control of it, but
 	// fdopendir expects to take control of its argument.
 	// Just Dup'ing the file descriptor is not enough, as the
 	// result shares underlying state. Use Openat to make a really
 	// new file descriptor referring to the same directory.
 	fd2, err := Openat(fd, ".", O_RDONLY, 0)
 	if err != nil {
 		return 0, err
 	}
 	d, err := fdopendir(fd2)
 	if err != nil {
 		Close(fd2)
 		return 0, err
 	}
 	defer closedir(d)
 	var cnt int64
 	for {
 		var entry Dirent
 		var entryp *Dirent
 		e := readdir_r(d, &entry, &entryp)
 		if e != 0 {
 			return n, errnoErr(e)
 		}
 		if entryp == nil {
 			break
 		}
 		if skip > 0 {
 			skip--
 			cnt++
 			continue
 		}
 		reclen := int(entry.Reclen)
 		if reclen > len(buf) {
 			// Not enough room. Return for now.
 			// The counter will let us know where we should start up again.
 			// Note: this strategy for suspending in the middle and
 			// restarting is O(n^2) in the length of the directory. Oh well.
 			break
 		}
 		// Copy entry into return buffer.
 		s := unsafe.Slice((*byte)(unsafe.Pointer(&entry)), reclen)
 		copy(buf, s)
 		buf = buf[reclen:]
 		n += reclen
 		cnt++
 	}
 	// Set the seek offset of the input fd to record
 	// how many files we've already returned.
 	_, err = Seek(fd, cnt, 0 /* SEEK_SET */)
 	if err != nil {
 		return n, err
 	}
 	return n, nil
 }
 // SockaddrDatalink implements the Sockaddr interface for AF_LINK type sockets.
 type SockaddrDatalink struct {
 	Len    uint8
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
@ -61,7 +61,7 @@ func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
 }
 func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint32(countin)}
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint32(countin)}
 	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
 	return int(ioDesc.Len), err
 }
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
@ -61,7 +61,7 @@ func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
 }
 func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)}
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)}
 	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
 	return int(ioDesc.Len), err
 }
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
@ -57,7 +57,7 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint32(countin)}
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint32(countin)}
 	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
 	return int(ioDesc.Len), err
 }
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
@ -57,7 +57,7 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)}
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)}
 	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
 	return int(ioDesc.Len), err
 }
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
@ -57,7 +57,7 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
-	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)}
+	ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)}
 	err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)
 	return int(ioDesc.Len), err
 }
--- a/vendor/golang.org/x/sys/unix/syscall_illumos.go
+++ b/vendor/golang.org/x/sys/unix/syscall_illumos.go
@ -10,8 +10,6 @@
 package unix
 import (
 	"fmt"
 	"runtime"
 	"unsafe"
 )
@ -79,107 +77,3 @@ func Accept4(fd int, flags int) (nfd int, sa Sockaddr, err error) {
 	}
 	return
 }
 //sys	putmsg(fd int, clptr *strbuf, dataptr *strbuf, flags int) (err error)
 func Putmsg(fd int, cl []byte, data []byte, flags int) (err error) {
 	var clp, datap *strbuf
 	if len(cl) > 0 {
 		clp = &strbuf{
 			Len: int32(len(cl)),
 			Buf: (*int8)(unsafe.Pointer(&cl[0])),
 		}
 	}
 	if len(data) > 0 {
 		datap = &strbuf{
 			Len: int32(len(data)),
 			Buf: (*int8)(unsafe.Pointer(&data[0])),
 		}
 	}
 	return putmsg(fd, clp, datap, flags)
 }
 //sys	getmsg(fd int, clptr *strbuf, dataptr *strbuf, flags *int) (err error)
 func Getmsg(fd int, cl []byte, data []byte) (retCl []byte, retData []byte, flags int, err error) {
 	var clp, datap *strbuf
 	if len(cl) > 0 {
 		clp = &strbuf{
 			Maxlen: int32(len(cl)),
 			Buf:    (*int8)(unsafe.Pointer(&cl[0])),
 		}
 	}
 	if len(data) > 0 {
 		datap = &strbuf{
 			Maxlen: int32(len(data)),
 			Buf:    (*int8)(unsafe.Pointer(&data[0])),
 		}
 	}
 	if err = getmsg(fd, clp, datap, &flags); err != nil {
 		return nil, nil, 0, err
 	}
 	if len(cl) > 0 {
 		retCl = cl[:clp.Len]
 	}
 	if len(data) > 0 {
 		retData = data[:datap.Len]
 	}
 	return retCl, retData, flags, nil
 }
 func IoctlSetIntRetInt(fd int, req uint, arg int) (int, error) {
 	return ioctlRet(fd, req, uintptr(arg))
 }
 func IoctlSetString(fd int, req uint, val string) error {
 	bs := make([]byte, len(val)+1)
 	copy(bs[:len(bs)-1], val)
 	err := ioctl(fd, req, uintptr(unsafe.Pointer(&bs[0])))
 	runtime.KeepAlive(&bs[0])
 	return err
 }
 // Lifreq Helpers
 func (l *Lifreq) SetName(name string) error {
 	if len(name) >= len(l.Name) {
 		return fmt.Errorf("name cannot be more than %d characters", len(l.Name)-1)
 	}
 	for i := range name {
 		l.Name[i] = int8(name[i])
 	}
 	return nil
 }
 func (l *Lifreq) SetLifruInt(d int) {
 	*(*int)(unsafe.Pointer(&l.Lifru[0])) = d
 }
 func (l *Lifreq) GetLifruInt() int {
 	return *(*int)(unsafe.Pointer(&l.Lifru[0]))
 }
 func (l *Lifreq) SetLifruUint(d uint) {
 	*(*uint)(unsafe.Pointer(&l.Lifru[0])) = d
 }
 func (l *Lifreq) GetLifruUint() uint {
 	return *(*uint)(unsafe.Pointer(&l.Lifru[0]))
 }
 func IoctlLifreq(fd int, req uint, l *Lifreq) error {
 	return ioctl(fd, req, uintptr(unsafe.Pointer(l)))
 }
 // Strioctl Helpers
 func (s *Strioctl) SetInt(i int) {
 	s.Len = int32(unsafe.Sizeof(i))
 	s.Dp = (*int8)(unsafe.Pointer(&i))
 }
 func IoctlSetStrioctlRetInt(fd int, req uint, s *Strioctl) (int, error) {
 	return ioctlRet(fd, req, uintptr(unsafe.Pointer(s)))
 }
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@ -13,6 +13,7 @@ package unix
 import (
 	"encoding/binary"
 	"strconv"
 	"syscall"
 	"time"
 	"unsafe"
@ -233,7 +234,7 @@ func Futimesat(dirfd int, path string, tv []Timeval) error {
 func Futimes(fd int, tv []Timeval) (err error) {
 	// Believe it or not, this is the best we can do on Linux
 	// (and is what glibc does).
-	return Utimes("/proc/self/fd/"+itoa(fd), tv)
+	return Utimes("/proc/self/fd/"+strconv.Itoa(fd), tv)
 }
 const ImplementsGetwd = true
@ -1541,7 +1542,7 @@ func sendmsgN(fd int, iov []Iovec, oob []byte, ptr unsafe.Pointer, salen _Sockle
 	var dummy byte
 	var empty bool
 	if len(oob) > 0 {
-		empty := emptyIovecs(iov)
+		empty = emptyIovecs(iov)
 		if empty {
 			var sockType int
 			sockType, err = GetsockoptInt(fd, SOL_SOCKET, SO_TYPE)
@ -1891,17 +1892,28 @@ func PrctlRetInt(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uint
 	return int(ret), nil
 }
 // issue 1435.
 // On linux Setuid and Setgid only affects the current thread, not the process.
 // This does not match what most callers expect so we must return an error
 // here rather than letting the caller think that the call succeeded.
 func Setuid(uid int) (err error) {
-	return EOPNOTSUPP
+	return syscall.Setuid(uid)
 }
-func Setgid(uid int) (err error) {
+func Setgid(gid int) (err error) {
-	return EOPNOTSUPP
+	return syscall.Setgid(gid)
 }
 func Setreuid(ruid, euid int) (err error) {
 	return syscall.Setreuid(ruid, euid)
 }
 func Setregid(rgid, egid int) (err error) {
 	return syscall.Setregid(rgid, egid)
 }
 func Setresuid(ruid, euid, suid int) (err error) {
 	return syscall.Setresuid(ruid, euid, suid)
 }
 func Setresgid(rgid, egid, sgid int) (err error) {
 	return syscall.Setresgid(rgid, egid, sgid)
 }
 // SetfsgidRetGid sets fsgid for current thread and returns previous fsgid set.
@ -2240,7 +2252,7 @@ func (fh *FileHandle) Bytes() []byte {
 	if n == 0 {
 		return nil
 	}
-	return (*[1 << 30]byte)(unsafe.Pointer(uintptr(unsafe.Pointer(&fh.fileHandle.Type)) + 4))[:n:n]
+	return unsafe.Slice((*byte)(unsafe.Pointer(uintptr(unsafe.Pointer(&fh.fileHandle.Type))+4)), n)
 }
 // NameToHandleAt wraps the name_to_handle_at system call; it obtains
@ -2356,6 +2368,16 @@ func Setitimer(which ItimerWhich, it Itimerval) (Itimerval, error) {
 	return prev, nil
 }
 //sysnb	rtSigprocmask(how int, set *Sigset_t, oldset *Sigset_t, sigsetsize uintptr) (err error) = SYS_RT_SIGPROCMASK
 func PthreadSigmask(how int, set, oldset *Sigset_t) error {
 	if oldset != nil {
 		// Explicitly clear in case Sigset_t is larger than _C__NSIG.
 		*oldset = Sigset_t{}
 	}
 	return rtSigprocmask(how, set, oldset, _C__NSIG/8)
 }
 /*
 * Unimplemented
 */
@ -2414,7 +2436,6 @@ func Setitimer(which ItimerWhich, it Itimerval) (Itimerval, error) {
 // RestartSyscall
 // RtSigaction
 // RtSigpending
 // RtSigprocmask
 // RtSigqueueinfo
 // RtSigreturn
 // RtSigsuspend
--- a/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_386.go
@ -41,10 +41,6 @@ func setTimeval(sec, usec int64) Timeval {
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64
 //sys	setfsgid(gid int) (prev int, err error) = SYS_SETFSGID32
 //sys	setfsuid(uid int) (prev int, err error) = SYS_SETFSUID32
 //sysnb	Setregid(rgid int, egid int) (err error) = SYS_SETREGID32
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error) = SYS_SETRESGID32
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error) = SYS_SETRESUID32
 //sysnb	Setreuid(ruid int, euid int) (err error) = SYS_SETREUID32
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
 //sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
 //sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
--- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
@ -46,11 +46,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
 //sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
@ -62,10 +62,6 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 //sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT
 //sys	setfsgid(gid int) (prev int, err error) = SYS_SETFSGID32
 //sys	setfsuid(uid int) (prev int, err error) = SYS_SETFSUID32
 //sysnb	Setregid(rgid int, egid int) (err error) = SYS_SETREGID32
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error) = SYS_SETRESGID32
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error) = SYS_SETRESUID32
 //sysnb	Setreuid(ruid int, euid int) (err error) = SYS_SETREUID32
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
 //sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
@ -39,11 +39,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	setrlimit(resource int, rlim *Rlimit) (err error)
 //sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
--- a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
@ -34,10 +34,6 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
--- a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
@ -37,11 +37,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
 //sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
 //sys	Statfs(path string, buf *Statfs_t) (err error)
--- a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
@ -32,10 +32,6 @@ func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr,
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
 //sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
--- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
@ -34,10 +34,6 @@ import (
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
 //sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
--- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
@ -34,11 +34,7 @@ package unix
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
 //sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
 //sys	Stat(path string, stat *Stat_t) (err error)
--- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
@ -38,11 +38,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
 //sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
--- a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
@ -34,11 +34,7 @@ import (
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
 //sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
 //sys	Stat(path string, stat *Stat_t) (err error)
 //sys	Statfs(path string, buf *Statfs_t) (err error)
--- a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
@ -31,11 +31,7 @@ package unix
 //sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error)
 //sys	setfsgid(gid int) (prev int, err error)
 //sys	setfsuid(uid int) (prev int, err error)
 //sysnb	Setregid(rgid int, egid int) (err error)
 //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
 //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
 //sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
 //sysnb	Setreuid(ruid int, euid int) (err error)
 //sys	Shutdown(fd int, how int) (err error)
 //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
 //sys	Stat(path string, stat *Stat_t) (err error)
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
@ -0,0 +1,27 @@
 // Copyright 2022 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build openbsd && !mips64
 // +build openbsd,!mips64
 package unix
 import _ "unsafe"
 // Implemented in the runtime package (runtime/sys_openbsd3.go)
 func syscall_syscall(fn, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
 func syscall_syscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
 func syscall_syscall10(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10 uintptr) (r1, r2 uintptr, err Errno)
 func syscall_rawSyscall(fn, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
 func syscall_rawSyscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
 //go:linkname syscall_syscall syscall.syscall
 //go:linkname syscall_syscall6 syscall.syscall6
 //go:linkname syscall_syscall10 syscall.syscall10
 //go:linkname syscall_rawSyscall syscall.rawSyscall
 //go:linkname syscall_rawSyscall6 syscall.rawSyscall6
 func syscall_syscall9(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno) {
 	return syscall_syscall10(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9, 0)
 }
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
@ -0,0 +1,42 @@
 // Copyright 2019 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build ppc64 && openbsd
 // +build ppc64,openbsd
 package unix
 func setTimespec(sec, nsec int64) Timespec {
 	return Timespec{Sec: sec, Nsec: nsec}
 }
 func setTimeval(sec, usec int64) Timeval {
 	return Timeval{Sec: sec, Usec: usec}
 }
 func SetKevent(k *Kevent_t, fd, mode, flags int) {
 	k.Ident = uint64(fd)
 	k.Filter = int16(mode)
 	k.Flags = uint16(flags)
 }
 func (iov *Iovec) SetLen(length int) {
 	iov.Len = uint64(length)
 }
 func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 func (msghdr *Msghdr) SetIovlen(length int) {
 	msghdr.Iovlen = uint32(length)
 }
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 // SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions
 // of openbsd/ppc64 the syscall is called sysctl instead of __sysctl.
 const SYS___SYSCTL = SYS_SYSCTL
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
@ -0,0 +1,42 @@
 // Copyright 2019 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build riscv64 && openbsd
 // +build riscv64,openbsd
 package unix
 func setTimespec(sec, nsec int64) Timespec {
 	return Timespec{Sec: sec, Nsec: nsec}
 }
 func setTimeval(sec, usec int64) Timeval {
 	return Timeval{Sec: sec, Usec: usec}
 }
 func SetKevent(k *Kevent_t, fd, mode, flags int) {
 	k.Ident = uint64(fd)
 	k.Filter = int16(mode)
 	k.Flags = uint16(flags)
 }
 func (iov *Iovec) SetLen(length int) {
 	iov.Len = uint64(length)
 }
 func (msghdr *Msghdr) SetControllen(length int) {
 	msghdr.Controllen = uint32(length)
 }
 func (msghdr *Msghdr) SetIovlen(length int) {
 	msghdr.Iovlen = uint32(length)
 }
 func (cmsg *Cmsghdr) SetLen(length int) {
 	cmsg.Len = uint32(length)
 }
 // SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions
 // of openbsd/riscv64 the syscall is called sysctl instead of __sysctl.
 const SYS___SYSCTL = SYS_SYSCTL
--- a/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go
@ -750,8 +750,8 @@ type EventPort struct {
 	// we should handle things gracefully. To do so, we need to keep an extra
 	// reference to the cookie around until the event is processed
 	// thus the otherwise seemingly extraneous "cookies" map
-	// The key of this map is a pointer to the corresponding &fCookie.cookie
+	// The key of this map is a pointer to the corresponding fCookie
-	cookies map[*interface{}]*fileObjCookie
+	cookies map[*fileObjCookie]struct{}
 }
 // PortEvent is an abstraction of the port_event C struct.
@ -778,7 +778,7 @@ func NewEventPort() (*EventPort, error) {
 		port:    port,
 		fds:     make(map[uintptr]*fileObjCookie),
 		paths:   make(map[string]*fileObjCookie),
-		cookies: make(map[*interface{}]*fileObjCookie),
+		cookies: make(map[*fileObjCookie]struct{}),
 	}
 	return e, nil
 }
@ -799,6 +799,7 @@ func (e *EventPort) Close() error {
 	}
 	e.fds = nil
 	e.paths = nil
 	e.cookies = nil
 	return nil
 }
@ -826,17 +827,16 @@ func (e *EventPort) AssociatePath(path string, stat os.FileInfo, events int, coo
 	if _, found := e.paths[path]; found {
 		return fmt.Errorf("%v is already associated with this Event Port", path)
 	}
-	fobj, err := createFileObj(path, stat)
+	fCookie, err := createFileObjCookie(path, stat, cookie)
 	if err != nil {
 		return err
 	}
-	fCookie := &fileObjCookie{fobj, cookie}
+	_, err = port_associate(e.port, PORT_SOURCE_FILE, uintptr(unsafe.Pointer(fCookie.fobj)), events, (*byte)(unsafe.Pointer(fCookie)))
 	_, err = port_associate(e.port, PORT_SOURCE_FILE, uintptr(unsafe.Pointer(fobj)), events, (*byte)(unsafe.Pointer(&fCookie.cookie)))
 	if err != nil {
 		return err
 	}
 	e.paths[path] = fCookie
-	e.cookies[&fCookie.cookie] = fCookie
+	e.cookies[fCookie] = struct{}{}
 	return nil
 }
@ -858,7 +858,7 @@ func (e *EventPort) DissociatePath(path string) error {
 	if err == nil {
 		// dissociate was successful, safe to delete the cookie
 		fCookie := e.paths[path]
-		delete(e.cookies, &fCookie.cookie)
+		delete(e.cookies, fCookie)
 	}
 	delete(e.paths, path)
 	return err
@ -871,13 +871,16 @@ func (e *EventPort) AssociateFd(fd uintptr, events int, cookie interface{}) erro
 	if _, found := e.fds[fd]; found {
 		return fmt.Errorf("%v is already associated with this Event Port", fd)
 	}
-	fCookie := &fileObjCookie{nil, cookie}
+	fCookie, err := createFileObjCookie("", nil, cookie)
-	_, err := port_associate(e.port, PORT_SOURCE_FD, fd, events, (*byte)(unsafe.Pointer(&fCookie.cookie)))
+	if err != nil {
 		return err
 	}
 	_, err = port_associate(e.port, PORT_SOURCE_FD, fd, events, (*byte)(unsafe.Pointer(fCookie)))
 	if err != nil {
 		return err
 	}
 	e.fds[fd] = fCookie
-	e.cookies[&fCookie.cookie] = fCookie
+	e.cookies[fCookie] = struct{}{}
 	return nil
 }
@ -896,27 +899,31 @@ func (e *EventPort) DissociateFd(fd uintptr) error {
 	if err == nil {
 		// dissociate was successful, safe to delete the cookie
 		fCookie := e.fds[fd]
-		delete(e.cookies, &fCookie.cookie)
+		delete(e.cookies, fCookie)
 	}
 	delete(e.fds, fd)
 	return err
 }
-func createFileObj(name string, stat os.FileInfo) (*fileObj, error) {
+func createFileObjCookie(name string, stat os.FileInfo, cookie interface{}) (*fileObjCookie, error) {
-	fobj := new(fileObj)
+	fCookie := new(fileObjCookie)
-	bs, err := ByteSliceFromString(name)
+	fCookie.cookie = cookie
-	if err != nil {
+	if name != "" && stat != nil {
-		return nil, err
+		fCookie.fobj = new(fileObj)
 		bs, err := ByteSliceFromString(name)
 		if err != nil {
 			return nil, err
 		}
 		fCookie.fobj.Name = (*int8)(unsafe.Pointer(&bs[0]))
 		s := stat.Sys().(*syscall.Stat_t)
 		fCookie.fobj.Atim.Sec = s.Atim.Sec
 		fCookie.fobj.Atim.Nsec = s.Atim.Nsec
 		fCookie.fobj.Mtim.Sec = s.Mtim.Sec
 		fCookie.fobj.Mtim.Nsec = s.Mtim.Nsec
 		fCookie.fobj.Ctim.Sec = s.Ctim.Sec
 		fCookie.fobj.Ctim.Nsec = s.Ctim.Nsec
 	}
-	fobj.Name = (*int8)(unsafe.Pointer(&bs[0]))
+	return fCookie, nil
 	s := stat.Sys().(*syscall.Stat_t)
 	fobj.Atim.Sec = s.Atim.Sec
 	fobj.Atim.Nsec = s.Atim.Nsec
 	fobj.Mtim.Sec = s.Mtim.Sec
 	fobj.Mtim.Nsec = s.Mtim.Nsec
 	fobj.Ctim.Sec = s.Ctim.Sec
 	fobj.Ctim.Nsec = s.Ctim.Nsec
 	return fobj, nil
 }
 // GetOne wraps port_get(3c) and returns a single PortEvent.
@ -929,44 +936,50 @@ func (e *EventPort) GetOne(t *Timespec) (*PortEvent, error) {
 	p := new(PortEvent)
 	e.mu.Lock()
 	defer e.mu.Unlock()
-	e.peIntToExt(pe, p)
+	err = e.peIntToExt(pe, p)
 	if err != nil {
 		return nil, err
 	}
 	return p, nil
 }
 // peIntToExt converts a cgo portEvent struct into the friendlier PortEvent
 // NOTE: Always call this function while holding the e.mu mutex
-func (e *EventPort) peIntToExt(peInt *portEvent, peExt *PortEvent) {
+func (e *EventPort) peIntToExt(peInt *portEvent, peExt *PortEvent) error {
 	if e.cookies == nil {
 		return fmt.Errorf("this EventPort is already closed")
 	}
 	peExt.Events = peInt.Events
 	peExt.Source = peInt.Source
-	cookie := (*interface{})(unsafe.Pointer(peInt.User))
+	fCookie := (*fileObjCookie)(unsafe.Pointer(peInt.User))
-	peExt.Cookie = *cookie
+	_, found := e.cookies[fCookie]
 	if !found {
 		panic("unexpected event port address; may be due to kernel bug; see https://go.dev/issue/54254")
 	}
 	peExt.Cookie = fCookie.cookie
 	delete(e.cookies, fCookie)
 	switch peInt.Source {
 	case PORT_SOURCE_FD:
 		delete(e.cookies, cookie)
 		peExt.Fd = uintptr(peInt.Object)
 		// Only remove the fds entry if it exists and this cookie matches
 		if fobj, ok := e.fds[peExt.Fd]; ok {
-			if &fobj.cookie == cookie {
+			if fobj == fCookie {
 				delete(e.fds, peExt.Fd)
 			}
 		}
 	case PORT_SOURCE_FILE:
-		if fCookie, ok := e.cookies[cookie]; ok && uintptr(unsafe.Pointer(fCookie.fobj)) == uintptr(peInt.Object) {
+		peExt.fobj = fCookie.fobj
 			// Use our stashed reference rather than using unsafe on what we got back
 			// the unsafe version would be (*fileObj)(unsafe.Pointer(uintptr(peInt.Object)))
 			peExt.fobj = fCookie.fobj
 		} else {
 			panic("mismanaged memory")
 		}
 		delete(e.cookies, cookie)
 		peExt.Path = BytePtrToString((*byte)(unsafe.Pointer(peExt.fobj.Name)))
 		// Only remove the paths entry if it exists and this cookie matches
 		if fobj, ok := e.paths[peExt.Path]; ok {
-			if &fobj.cookie == cookie {
+			if fobj == fCookie {
 				delete(e.paths, peExt.Path)
 			}
 		}
 	}
 	return nil
 }
 // Pending wraps port_getn(3c) and returns how many events are pending.
@ -990,7 +1003,7 @@ func (e *EventPort) Get(s []PortEvent, min int, timeout *Timespec) (int, error)
 	got := uint32(min)
 	max := uint32(len(s))
 	var err error
-	ps := make([]portEvent, max, max)
+	ps := make([]portEvent, max)
 	_, err = port_getn(e.port, &ps[0], max, &got, timeout)
 	// got will be trustworthy with ETIME, but not any other error.
 	if err != nil && err != ETIME {
@ -998,8 +1011,122 @@ func (e *EventPort) Get(s []PortEvent, min int, timeout *Timespec) (int, error)
 	}
 	e.mu.Lock()
 	defer e.mu.Unlock()
 	valid := 0
 	for i := 0; i < int(got); i++ {
-		e.peIntToExt(&ps[i], &s[i])
+		err2 := e.peIntToExt(&ps[i], &s[i])
 		if err2 != nil {
 			if valid == 0 && err == nil {
 				// If err2 is the only error and there are no valid events
 				// to return, return it to the caller.
 				err = err2
 			}
 			break
 		}
 		valid = i + 1
 	}
-	return int(got), err
+	return valid, err
 }
 //sys	putmsg(fd int, clptr *strbuf, dataptr *strbuf, flags int) (err error)
 func Putmsg(fd int, cl []byte, data []byte, flags int) (err error) {
 	var clp, datap *strbuf
 	if len(cl) > 0 {
 		clp = &strbuf{
 			Len: int32(len(cl)),
 			Buf: (*int8)(unsafe.Pointer(&cl[0])),
 		}
 	}
 	if len(data) > 0 {
 		datap = &strbuf{
 			Len: int32(len(data)),
 			Buf: (*int8)(unsafe.Pointer(&data[0])),
 		}
 	}
 	return putmsg(fd, clp, datap, flags)
 }
 //sys	getmsg(fd int, clptr *strbuf, dataptr *strbuf, flags *int) (err error)
 func Getmsg(fd int, cl []byte, data []byte) (retCl []byte, retData []byte, flags int, err error) {
 	var clp, datap *strbuf
 	if len(cl) > 0 {
 		clp = &strbuf{
 			Maxlen: int32(len(cl)),
 			Buf:    (*int8)(unsafe.Pointer(&cl[0])),
 		}
 	}
 	if len(data) > 0 {
 		datap = &strbuf{
 			Maxlen: int32(len(data)),
 			Buf:    (*int8)(unsafe.Pointer(&data[0])),
 		}
 	}
 	if err = getmsg(fd, clp, datap, &flags); err != nil {
 		return nil, nil, 0, err
 	}
 	if len(cl) > 0 {
 		retCl = cl[:clp.Len]
 	}
 	if len(data) > 0 {
 		retData = data[:datap.Len]
 	}
 	return retCl, retData, flags, nil
 }
 func IoctlSetIntRetInt(fd int, req uint, arg int) (int, error) {
 	return ioctlRet(fd, req, uintptr(arg))
 }
 func IoctlSetString(fd int, req uint, val string) error {
 	bs := make([]byte, len(val)+1)
 	copy(bs[:len(bs)-1], val)
 	err := ioctl(fd, req, uintptr(unsafe.Pointer(&bs[0])))
 	runtime.KeepAlive(&bs[0])
 	return err
 }
 // Lifreq Helpers
 func (l *Lifreq) SetName(name string) error {
 	if len(name) >= len(l.Name) {
 		return fmt.Errorf("name cannot be more than %d characters", len(l.Name)-1)
 	}
 	for i := range name {
 		l.Name[i] = int8(name[i])
 	}
 	return nil
 }
 func (l *Lifreq) SetLifruInt(d int) {
 	*(*int)(unsafe.Pointer(&l.Lifru[0])) = d
 }
 func (l *Lifreq) GetLifruInt() int {
 	return *(*int)(unsafe.Pointer(&l.Lifru[0]))
 }
 func (l *Lifreq) SetLifruUint(d uint) {
 	*(*uint)(unsafe.Pointer(&l.Lifru[0])) = d
 }
 func (l *Lifreq) GetLifruUint() uint {
 	return *(*uint)(unsafe.Pointer(&l.Lifru[0]))
 }
 func IoctlLifreq(fd int, req uint, l *Lifreq) error {
 	return ioctl(fd, req, uintptr(unsafe.Pointer(l)))
 }
 // Strioctl Helpers
 func (s *Strioctl) SetInt(i int) {
 	s.Len = int32(unsafe.Sizeof(i))
 	s.Dp = (*int8)(unsafe.Pointer(&i))
 }
 func IoctlSetStrioctlRetInt(fd int, req uint, s *Strioctl) (int, error) {
 	return ioctlRet(fd, req, uintptr(unsafe.Pointer(s)))
 }
--- a/vendor/golang.org/x/sys/unix/syscall_unix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix.go
@ -13,8 +13,6 @@ import (
 	"sync"
 	"syscall"
 	"unsafe"
 	"golang.org/x/sys/internal/unsafeheader"
 )
 var (
@ -117,11 +115,7 @@ func (m *mmapper) Mmap(fd int, offset int64, length int, prot int, flags int) (d
 	}
 	// Use unsafe to convert addr into a []byte.
-	var b []byte
+	b := unsafe.Slice((*byte)(unsafe.Pointer(addr)), length)
 	hdr := (*unsafeheader.Slice)(unsafe.Pointer(&b))
 	hdr.Data = unsafe.Pointer(addr)
 	hdr.Cap = length
 	hdr.Len = length
 	// Register mapping in m and return it.
 	p := &b[cap(b)-1]
@ -429,11 +423,15 @@ func Send(s int, buf []byte, flags int) (err error) {
 }
 func Sendto(fd int, p []byte, flags int, to Sockaddr) (err error) {
-	ptr, n, err := to.sockaddr()
+	var ptr unsafe.Pointer
-	if err != nil {
+	var salen _Socklen
-		return err
+	if to != nil {
 		ptr, salen, err = to.sockaddr()
 		if err != nil {
 			return err
 		}
 	}
-	return sendto(fd, p, flags, ptr, n)
+	return sendto(fd, p, flags, ptr, salen)
 }
 func SetsockoptByte(fd, level, opt int, value byte) (err error) {
--- a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
@ -2,11 +2,9 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-//go:build (darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris) && gc && !ppc64le && !ppc64
+//go:build (darwin || dragonfly || freebsd || (linux && !ppc64 && !ppc64le) || netbsd || openbsd || solaris) && gc
-// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+// +build darwin dragonfly freebsd linux,!ppc64,!ppc64le netbsd openbsd solaris
 // +build gc
 // +build !ppc64le
 // +build !ppc64
 package unix
--- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
@ -9,8 +9,10 @@ package unix
 import (
 	"bytes"
 	"fmt"
 	"runtime"
 	"sort"
 	"strings"
 	"sync"
 	"syscall"
 	"unsafe"
@ -55,7 +57,13 @@ func (d *Dirent) NameString() string {
 	if d == nil {
 		return ""
 	}
-	return string(d.Name[:d.Namlen])
+	s := string(d.Name[:])
 	idx := strings.IndexByte(s, 0)
 	if idx == -1 {
 		return s
 	} else {
 		return s[:idx]
 	}
 }
 func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) {
@ -1230,6 +1238,14 @@ func Readdir(dir uintptr) (*Dirent, error) {
 	return &ent, err
 }
 func readdir_r(dirp uintptr, entry *direntLE, result **direntLE) (err error) {
 	r0, _, e1 := syscall_syscall(SYS___READDIR_R_A, dirp, uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result)))
 	if int64(r0) == -1 {
 		err = errnoErr(Errno(e1))
 	}
 	return
 }
 func Closedir(dir uintptr) error {
 	_, _, e := syscall_syscall(SYS_CLOSEDIR, dir, 0, 0)
 	if e != 0 {
@ -1821,3 +1837,158 @@ func Unmount(name string, mtm int) (err error) {
 	}
 	return err
 }
 func fdToPath(dirfd int) (path string, err error) {
 	var buffer [1024]byte
 	// w_ctrl()
 	ret := runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_W_IOCTL<<4,
 		[]uintptr{uintptr(dirfd), 17, 1024, uintptr(unsafe.Pointer(&buffer[0]))})
 	if ret == 0 {
 		zb := bytes.IndexByte(buffer[:], 0)
 		if zb == -1 {
 			zb = len(buffer)
 		}
 		// __e2a_l()
 		runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4,
 			[]uintptr{uintptr(unsafe.Pointer(&buffer[0])), uintptr(zb)})
 		return string(buffer[:zb]), nil
 	}
 	// __errno()
 	errno := int(*(*int32)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4,
 		[]uintptr{}))))
 	// __errno2()
 	errno2 := int(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO2<<4,
 		[]uintptr{}))
 	// strerror_r()
 	ret = runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_STRERROR_R<<4,
 		[]uintptr{uintptr(errno), uintptr(unsafe.Pointer(&buffer[0])), 1024})
 	if ret == 0 {
 		zb := bytes.IndexByte(buffer[:], 0)
 		if zb == -1 {
 			zb = len(buffer)
 		}
 		return "", fmt.Errorf("%s (errno2=0x%x)", buffer[:zb], errno2)
 	} else {
 		return "", fmt.Errorf("fdToPath errno %d (errno2=0x%x)", errno, errno2)
 	}
 }
 func direntLeToDirentUnix(dirent *direntLE, dir uintptr, path string) (Dirent, error) {
 	var d Dirent
 	d.Ino = uint64(dirent.Ino)
 	offset, err := Telldir(dir)
 	if err != nil {
 		return d, err
 	}
 	d.Off = int64(offset)
 	s := string(bytes.Split(dirent.Name[:], []byte{0})[0])
 	copy(d.Name[:], s)
 	d.Reclen = uint16(24 + len(d.NameString()))
 	var st Stat_t
 	path = path + "/" + s
 	err = Lstat(path, &st)
 	if err != nil {
 		return d, err
 	}
 	d.Type = uint8(st.Mode >> 24)
 	return d, err
 }
 func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	// Simulation of Getdirentries port from the Darwin implementation.
 	// COMMENTS FROM DARWIN:
 	// It's not the full required semantics, but should handle the case
 	// of calling Getdirentries or ReadDirent repeatedly.
 	// It won't handle assigning the results of lseek to *basep, or handle
 	// the directory being edited underfoot.
 	skip, err := Seek(fd, 0, 1 /* SEEK_CUR */)
 	if err != nil {
 		return 0, err
 	}
 	// Get path from fd to avoid unavailable call (fdopendir)
 	path, err := fdToPath(fd)
 	if err != nil {
 		return 0, err
 	}
 	d, err := Opendir(path)
 	if err != nil {
 		return 0, err
 	}
 	defer Closedir(d)
 	var cnt int64
 	for {
 		var entryLE direntLE
 		var entrypLE *direntLE
 		e := readdir_r(d, &entryLE, &entrypLE)
 		if e != nil {
 			return n, e
 		}
 		if entrypLE == nil {
 			break
 		}
 		if skip > 0 {
 			skip--
 			cnt++
 			continue
 		}
 		// Dirent on zos has a different structure
 		entry, e := direntLeToDirentUnix(&entryLE, d, path)
 		if e != nil {
 			return n, e
 		}
 		reclen := int(entry.Reclen)
 		if reclen > len(buf) {
 			// Not enough room. Return for now.
 			// The counter will let us know where we should start up again.
 			// Note: this strategy for suspending in the middle and
 			// restarting is O(n^2) in the length of the directory. Oh well.
 			break
 		}
 		// Copy entry into return buffer.
 		s := unsafe.Slice((*byte)(unsafe.Pointer(&entry)), reclen)
 		copy(buf, s)
 		buf = buf[reclen:]
 		n += reclen
 		cnt++
 	}
 	// Set the seek offset of the input fd to record
 	// how many files we've already returned.
 	_, err = Seek(fd, cnt, 0 /* SEEK_SET */)
 	if err != nil {
 		return n, err
 	}
 	return n, nil
 }
 func ReadDirent(fd int, buf []byte) (n int, err error) {
 	var base = (*uintptr)(unsafe.Pointer(new(uint64)))
 	return Getdirentries(fd, buf, base)
 }
 func direntIno(buf []byte) (uint64, bool) {
 	return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino))
 }
 func direntReclen(buf []byte) (uint64, bool) {
 	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
 }
 func direntNamlen(buf []byte) (uint64, bool) {
 	reclen, ok := direntReclen(buf)
 	if !ok {
 		return 0, false
 	}
 	return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true
 }
--- a/vendor/golang.org/x/sys/unix/sysvshm_unix.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
@ -7,11 +7,7 @@
 package unix
-import (
+import "unsafe"
 	"unsafe"
 	"golang.org/x/sys/internal/unsafeheader"
 )
 // SysvShmAttach attaches the Sysv shared memory segment associated with the
 // shared memory identifier id.
@ -34,12 +30,7 @@ func SysvShmAttach(id int, addr uintptr, flag int) ([]byte, error) {
 	}
 	// Use unsafe to convert addr into a []byte.
-	// TODO: convert to unsafe.Slice once we can assume Go 1.17
+	b := unsafe.Slice((*byte)(unsafe.Pointer(addr)), int(info.Segsz))
 	var b []byte
 	hdr := (*unsafeheader.Slice)(unsafe.Pointer(&b))
 	hdr.Data = unsafe.Pointer(addr)
 	hdr.Cap = int(info.Segsz)
 	hdr.Len = int(info.Segsz)
 	return b, nil
 }
--- a/vendor/golang.org/x/sys/unix/xattr_bsd.go
+++ b/vendor/golang.org/x/sys/unix/xattr_bsd.go
@ -160,13 +160,12 @@ func Lremovexattr(link string, attr string) (err error) {
 }
 func Listxattr(file string, dest []byte) (sz int, err error) {
 	d := initxattrdest(dest, 0)
 	destsiz := len(dest)
 	// FreeBSD won't allow you to list xattrs from multiple namespaces
-	s := 0
+	s, pos := 0, 0
 	for _, nsid := range [...]int{EXTATTR_NAMESPACE_USER, EXTATTR_NAMESPACE_SYSTEM} {
-		stmp, e := ExtattrListFile(file, nsid, uintptr(d), destsiz)
+		stmp, e := ListxattrNS(file, nsid, dest[pos:])
 		/* Errors accessing system attrs are ignored so that
 		 * we can implement the Linux-like behavior of omitting errors that
@ -175,66 +174,102 @@ func Listxattr(file string, dest []byte) (sz int, err error) {
 		 * Linux will still error if we ask for user attributes on a file that
 		 * we don't have read permissions on, so don't ignore those errors
 		 */
-		if e != nil && e == EPERM && nsid != EXTATTR_NAMESPACE_USER {
+		if e != nil {
-			continue
+			if e == EPERM && nsid != EXTATTR_NAMESPACE_USER {
-		} else if e != nil {
+				continue
 			}
 			return s, e
 		}
 		s += stmp
-		destsiz -= s
+		pos = s
-		if destsiz < 0 {
+		if pos > destsiz {
-			destsiz = 0
+			pos = destsiz
 		}
-		d = initxattrdest(dest, s)
+	}
 	return s, nil
 }
 func ListxattrNS(file string, nsid int, dest []byte) (sz int, err error) {
 	d := initxattrdest(dest, 0)
 	destsiz := len(dest)
 	s, e := ExtattrListFile(file, nsid, uintptr(d), destsiz)
 	if e != nil {
 		return 0, err
 	}
 	return s, nil
 }
 func Flistxattr(fd int, dest []byte) (sz int, err error) {
 	d := initxattrdest(dest, 0)
 	destsiz := len(dest)
-	s := 0
+	s, pos := 0, 0
 	for _, nsid := range [...]int{EXTATTR_NAMESPACE_USER, EXTATTR_NAMESPACE_SYSTEM} {
-		stmp, e := ExtattrListFd(fd, nsid, uintptr(d), destsiz)
+		stmp, e := FlistxattrNS(fd, nsid, dest[pos:])
-		if e != nil && e == EPERM && nsid != EXTATTR_NAMESPACE_USER {
+
-			continue
+		if e != nil {
-		} else if e != nil {
+			if e == EPERM && nsid != EXTATTR_NAMESPACE_USER {
 				continue
 			}
 			return s, e
 		}
 		s += stmp
-		destsiz -= s
+		pos = s
-		if destsiz < 0 {
+		if pos > destsiz {
-			destsiz = 0
+			pos = destsiz
 		}
-		d = initxattrdest(dest, s)
+	}
 	return s, nil
 }
 func FlistxattrNS(fd int, nsid int, dest []byte) (sz int, err error) {
 	d := initxattrdest(dest, 0)
 	destsiz := len(dest)
 	s, e := ExtattrListFd(fd, nsid, uintptr(d), destsiz)
 	if e != nil {
 		return 0, err
 	}
 	return s, nil
 }
 func Llistxattr(link string, dest []byte) (sz int, err error) {
 	d := initxattrdest(dest, 0)
 	destsiz := len(dest)
-	s := 0
+	s, pos := 0, 0
 	for _, nsid := range [...]int{EXTATTR_NAMESPACE_USER, EXTATTR_NAMESPACE_SYSTEM} {
-		stmp, e := ExtattrListLink(link, nsid, uintptr(d), destsiz)
+		stmp, e := LlistxattrNS(link, nsid, dest[pos:])
-		if e != nil && e == EPERM && nsid != EXTATTR_NAMESPACE_USER {
+
-			continue
+		if e != nil {
-		} else if e != nil {
+			if e == EPERM && nsid != EXTATTR_NAMESPACE_USER {
 				continue
 			}
 			return s, e
 		}
 		s += stmp
-		destsiz -= s
+		pos = s
-		if destsiz < 0 {
+		if pos > destsiz {
-			destsiz = 0
+			pos = destsiz
 		}
-		d = initxattrdest(dest, s)
+	}
 	return s, nil
 }
 func LlistxattrNS(link string, nsid int, dest []byte) (sz int, err error) {
 	d := initxattrdest(dest, 0)
 	destsiz := len(dest)
 	s, e := ExtattrListLink(link, nsid, uintptr(d), destsiz)
 	if e != nil {
 		return 0, err
 	}
 	return s, nil
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@ -2940,6 +2940,7 @@ const (
 	SOL_RAW                                     = 0xff
 	SOL_RDS                                     = 0x114
 	SOL_RXRPC                                   = 0x110
 	SOL_SMC                                     = 0x11e
 	SOL_TCP                                     = 0x6
 	SOL_TIPC                                    = 0x10f
 	SOL_TLS                                     = 0x11a
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include -m32
+// mkerrors.sh -Wall -Werror -static -I/tmp/386/include -m32
 // Code generated by the command above; see README.md. DO NOT EDIT.
 //go:build 386 && linux
 // +build 386,linux
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m32 _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/386/include -m32 _const.go
 package unix
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include -m64
+// mkerrors.sh -Wall -Werror -static -I/tmp/amd64/include -m64
 // Code generated by the command above; see README.md. DO NOT EDIT.
 //go:build amd64 && linux
 // +build amd64,linux
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m64 _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/amd64/include -m64 _const.go
 package unix
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// mkerrors.sh -Wall -Werror -static -I/tmp/arm/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 //go:build arm && linux
 // +build arm,linux
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/arm/include _const.go
 package unix
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include -fsigned-char
+// mkerrors.sh -Wall -Werror -static -I/tmp/arm64/include -fsigned-char
 // Code generated by the command above; see README.md. DO NOT EDIT.
 //go:build arm64 && linux
 // +build arm64,linux
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/arm64/include -fsigned-char _const.go
 package unix
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
@ -1,11 +1,11 @@
-// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// mkerrors.sh -Wall -Werror -static -I/tmp/loong64/include
 // Code generated by the command above; see README.md. DO NOT EDIT.
 //go:build loong64 && linux
 // +build loong64,linux
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
-// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go
+// cgo -godefs -- -Wall -Werror -static -I/tmp/loong64/include _const.go
 package unix
--- a/Show More
+++ b/Show More