Update dependencies

2024-11-01 17:33:34 +00:00
parent 033ac0b400
commit 5cdfab398d
3596 changed files with 1033483 additions and 259 deletions
--- a/default.nix
+++ b/default.nix
@@ -4,6 +4,6 @@ buildGoModule {
  version = "0.1";
  pwd = ./.;
  src = ./.;
-  vendorHash = "sha256-HWQtQ38GNN0MZV+t63ShTysCnevuMqDAAaZaCbJFTBE=";
+  vendorHash = null;
  meta.mainProgram = "tsnet-proxy";
 }
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1714906307,
+        "lastModified": 1730200266,
-        "narHash": "sha256-UlRZtrCnhPFSJlDQE7M0eyhgvuuHBTe1eJ9N9AQlJQ0=",
+        "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "25865a40d14b3f9cf19f19b924e2ab4069b09588",
+        "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -18,8 +18,13 @@
          inherit (pkgs) callPackage;
        });
  in {
-    packages = eachSystem ({callPackage, ...}: {
+    packages = eachSystem ({callPackage, pkgs, ...}: {
      default = callPackage ./. {};
      get-authkey = pkgs.tailscale.overrideAttrs {
        subPackages = ["cmd/get-authkey"];
        outputs = ["out"];
        postInstall = "";
      };
    });
    devShells = eachSystem ({callPackage, ...}: {
      default = callPackage ./shell.nix {};
@@ -63,10 +68,6 @@
      };
      config.systemd.services = let
        cfg = config.services.bluepython508.tsnet-proxy;
        get-authkey = pkgs.tailscale.overrideAttrs {
          subPackages = ["cmd/get-authkey"];
          postInstall = "";
        };
      in
        lib.mapAttrs' (hostname: {
          forwards,
@@ -88,7 +89,7 @@
              RuntimeDirectory = name;
              ExecStartPre = "!${pkgs.writeShellScript "get-authkey" ''
                set -e
-                TS_API_CLIENT_ID=${cfg.clientId} TS_API_CLIENT_SECRET=$(cat ${cfg.clientSecretFile}) ${get-authkey}/bin/get-authkey -ephemeral -tags ${lib.concatStringsSep "," cfg.tags} > $RUNTIME_DIRECTORY/authkey
+                TS_API_CLIENT_ID=${cfg.clientId} TS_API_CLIENT_SECRET=$(cat ${cfg.clientSecretFile}) ${self.packages.${pkgs.system}.get-authkey}/bin/get-authkey -ephemeral -tags ${lib.concatStringsSep "," cfg.tags} > $RUNTIME_DIRECTORY/authkey
                chown ${name}:${name} $RUNTIME_DIRECTORY/authkey
              ''}";
            };
--- a/go.mod
+++ b/go.mod
@@ -1,10 +1,10 @@
 module ben.soroos.net/tsnet-proxy
-go 1.22.0
+go 1.23.1
-toolchain go1.22.2
+toolchain go1.23.2
-require tailscale.com v1.64.2
+require tailscale.com v1.76.3
 require (
 	filippo.io/edwards25519 v1.1.0 // indirect
@@ -25,23 +25,24 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
 	github.com/aws/smithy-go v1.19.0 // indirect
 	github.com/bits-and-blooms/bitset v1.13.0 // indirect
-	github.com/coreos/go-iptables v0.7.0 // indirect
+	github.com/coder/websocket v1.8.12 // indirect
-	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
+	github.com/coreos/go-iptables v0.7.1-0.20240112124308-65c67c9f46e6 // indirect
 	github.com/dblohm7/wingoes v0.0.0-20240119213807-a09d6be7affa // indirect
 	github.com/digitalocean/go-smbios v0.0.0-20180907143718-390a4f403a8e // indirect
-	github.com/fxamacker/cbor/v2 v2.5.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.6.0 // indirect
-	github.com/gaissmai/bart v0.4.1 // indirect
+	github.com/gaissmai/bart v0.11.1 // indirect
 	github.com/go-json-experiment/json v0.0.0-20231102232822-2e55bd4e08b0 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/godbus/dbus/v5 v5.1.1-0.20230522191255-76236955d466 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/nftables v0.1.1-0.20230115205135-9aa6fdf5a28c // indirect
+	github.com/google/nftables v0.2.1-0.20240414091927-5e242ec57806 // indirect
-	github.com/google/uuid v1.5.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/csrf v1.7.2 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/hdevalence/ed25519consensus v0.2.0 // indirect
-	github.com/illarion/gonotify v1.0.1 // indirect
+	github.com/illarion/gonotify/v2 v2.0.3 // indirect
 	github.com/insomniacslk/dhcp v0.0.0-20231206064809-8c70d406f6d2 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 // indirect
@@ -55,37 +56,34 @@ require (
 	github.com/miekg/dns v1.1.58 // indirect
 	github.com/mitchellh/go-ps v1.0.0 // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
+	github.com/prometheus-community/pro-bing v0.4.0 // indirect
 	github.com/safchain/ethtool v0.3.0 // indirect
 	github.com/tailscale/certstore v0.1.1-0.20231202035212-d3fa0460f47e // indirect
 	github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55 // indirect
-	github.com/tailscale/golang-x-crypto v0.0.0-20240108194725-7ce1f622c780 // indirect
+	github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4 // indirect
 	github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 // indirect
 	github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a // indirect
-	github.com/tailscale/netlink v1.1.1-0.20211101221916-cabfb018fe85 // indirect
+	github.com/tailscale/netlink v1.1.1-0.20240822203006-4d49adab4de7 // indirect
 	github.com/tailscale/peercred v0.0.0-20240214030740-b535050b2aa4 // indirect
 	github.com/tailscale/web-client-prebuilt v0.0.0-20240226180453-5db17b287bf1 // indirect
-	github.com/tailscale/wireguard-go v0.0.0-20231121184858-cc193a0b3272 // indirect
+	github.com/tailscale/wireguard-go v0.0.0-20240905161824-799c1978fafc // indirect
 	github.com/tcnksm/go-httpstat v0.2.0 // indirect
 	github.com/u-root/uio v0.0.0-20240118234441-a3c409a6018e // indirect
 	github.com/vishvananda/netlink v1.2.1-beta.2 // indirect
 	github.com/vishvananda/netns v0.0.4 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go4.org/mem v0.0.0-20220726221520-4f986261bf13 // indirect
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
-	golang.org/x/crypto v0.18.0 // indirect
+	golang.org/x/crypto v0.25.0 // indirect
 	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect
-	golang.org/x/mod v0.14.0 // indirect
+	golang.org/x/mod v0.19.0 // indirect
-	golang.org/x/net v0.20.0 // indirect
+	golang.org/x/net v0.27.0 // indirect
-	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.17.0 // indirect
+	golang.org/x/sys v0.22.0 // indirect
-	golang.org/x/term v0.16.0 // indirect
+	golang.org/x/term v0.22.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.17.0 // indirect
+	golang.org/x/tools v0.23.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 	golang.zx2c4.com/wireguard/windows v0.5.3 // indirect
-	gvisor.dev/gvisor v0.0.0-20240306221502-ee1e1f6070e3 // indirect
+	gvisor.dev/gvisor v0.0.0-20240722211153-64c016c92987 // indirect
 	inet.af/peercred v0.0.0-20210906144145-0893ea02156a // indirect
 	nhooyr.io/websocket v1.8.10 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,164 +1,102 @@
 filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek=
 filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 filippo.io/mkcert v1.4.4 h1:8eVbbwfVlaqUM7OwuftKc2nuYOoTDQWqsoXmzoXZdbc=
 filippo.io/mkcert v1.4.4/go.mod h1:VyvOchVuAye3BoUsPUOOofKygVwLV2KQMVFJNRq+1dA=
-github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
+github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c h1:pxW6RcqyfI9/kWtOwnv/G+AzdKuy2ZrqINhenH4HyNs=
-github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/akutz/memconn v0.1.0 h1:NawI0TORU4hcOMsMr11g7vwlCdkYeLKXBcxWu2W/P8A=
 github.com/akutz/memconn v0.1.0/go.mod h1:Jo8rI7m0NieZyLI5e2CDlRdRqRRB4S7Xp77ukDjH+Fw=
 github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI=
 github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc=
 github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
 github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
 github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
 github.com/aws/aws-sdk-go-v2/config v1.18.42 h1:28jHROB27xZwU0CB88giDSjz7M1Sba3olb5JBGwina8=
 github.com/aws/aws-sdk-go-v2/config v1.18.42/go.mod h1:4AZM3nMMxwlG+eZlxvBKqwVbkDLlnN2a4UGTL6HjaZI=
 github.com/aws/aws-sdk-go-v2/config v1.26.5 h1:lodGSevz7d+kkFJodfauThRxK9mdJbyutUxGq1NNhvw=
 github.com/aws/aws-sdk-go-v2/config v1.26.5/go.mod h1:DxHrz6diQJOc9EwDslVRh84VjjrE17g+pVZXUeSxaDU=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.40 h1:s8yOkDh+5b1jUDhMBtngF6zKWLDs84chUk2Vk0c38Og=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.40/go.mod h1:VtEHVAAqDWASwdOqj/1huyT6uHbs5s8FUHfDQdky/Rs=
 github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8=
 github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 h1:uDZJF1hu0EVT/4bogChk8DyjSF6fof6uL/0Y26Ma7Fg=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11/go.mod h1:TEPP4tENqBGO99KwVpV9MlOX4NSrSLP8u3KRy2CDwA8=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 h1:22dGT7PneFMx4+b3pz7lMTRyN8ZKH7M2cW4GP9yUS2g=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 h1:SijA0mgjV8E+8G45ltVHs0fvKpTj8xmZJ3VwhGKtUSI=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43 h1:g+qlObJH4Kn4n21g69DjspU0hKTjWtq7naZ9OLCv0ew=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43/go.mod h1:rzfdUlfA+jdgLDmPKjd3Chq9V7LVLYo1Nz++Wb91aRo=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 h1:CdzPW9kKitgIiLV1+MHobfR5Xg25iYnyzWZhyQuSlDI=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35/go.mod h1:QGF2Rs33W5MaN9gYdEQOBBFPLwTZkEhRwI33f7KIG0o=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino=
 github.com/aws/aws-sdk-go-v2/service/ssm v1.38.0 h1:JON9MBvwUlM8HXylfB2caZuH3VXz9RxO4SMp2+TNc3Q=
 github.com/aws/aws-sdk-go-v2/service/ssm v1.38.0/go.mod h1:JjBzoceyKkpQY3v1GPIdg6kHqUFHRJ7SDlwtwoH0Qh8=
 github.com/aws/aws-sdk-go-v2/service/ssm v1.44.7 h1:a8HvP/+ew3tKwSXqL3BCSjiuicr+XTU2eFYeogV9GJE=
 github.com/aws/aws-sdk-go-v2/service/ssm v1.44.7/go.mod h1:Q7XIWsMo0JcMpI/6TGD6XXcXcV1DbTj6e9BKNntIMIM=
 github.com/aws/aws-sdk-go-v2/service/sso v1.14.1 h1:YkNzx1RLS0F5qdf9v1Q8Cuv9NXCL2TkosOxhzlUPV64=
 github.com/aws/aws-sdk-go-v2/service/sso v1.14.1/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
 github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow=
 github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1 h1:8lKOidPkmSmfUtiTgtdXWgaKItCZ/g75/jEk6Ql6GsA=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
 github.com/aws/aws-sdk-go-v2/service/sts v1.22.0 h1:s4bioTgjSFRwOoyEFzAVCmFmoowBgjTR8gkrF/sQ4wk=
 github.com/aws/aws-sdk-go-v2/service/sts v1.22.0/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
 github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0=
 github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
 github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=
 github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
 github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
 github.com/bits-and-blooms/bitset v1.13.0 h1:bAQ9OPNFYbGHV6Nez0tmNI0RiEu7/hxlYJRUA0wFAVE=
 github.com/bits-and-blooms/bitset v1.13.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
-github.com/cilium/ebpf v0.11.0 h1:V8gS/bTCCjX9uUnkUFUpPsksM8n1lXBAvHcpiFk1X2Y=
+github.com/cilium/ebpf v0.15.0 h1:7NxJhNiBT3NG8pZJ3c+yfrVdHY8ScgKD27sScgjLMMk=
-github.com/cilium/ebpf v0.11.0/go.mod h1:WE7CZAnqOL2RouJ4f1uyNhqr2P4CCvXFIqdRDUgWsVs=
+github.com/cilium/ebpf v0.15.0/go.mod h1:DHp1WyrLeiBh19Cf/tfiSMhqheEiK8fXFZ4No0P1Hso=
-github.com/cilium/ebpf v0.12.3 h1:8ht6F9MquybnY97at+VDZb3eQQr8ev79RueWeVaEcG4=
+github.com/coder/websocket v1.8.12 h1:5bUXkEPPIbewrnkU8LTCLVaxi4N4J8ahufH2vlo4NAo=
-github.com/coreos/go-iptables v0.7.0 h1:XWM3V+MPRr5/q51NuWSgU0fqMad64Zyxs8ZUoMsamr8=
+github.com/coder/websocket v1.8.12/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
-github.com/coreos/go-iptables v0.7.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
+github.com/coreos/go-iptables v0.7.1-0.20240112124308-65c67c9f46e6 h1:8h5+bWd7R6AYUslN6c6iuZWTKsKxUFDlpnmilO6R2n0=
-github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
+github.com/coreos/go-iptables v0.7.1-0.20240112124308-65c67c9f46e6/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
-github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/creack/pty v1.1.23 h1:4M6+isWdcStXEf15G/RbrMPOQj1dZ7HPZCGwE4kOeP0=
-github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
+github.com/creack/pty v1.1.23/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dblohm7/wingoes v0.0.0-20230929194252-e994401fc077 h1:WphxHslVftszsr0oZOHPaOjpmN/BsgNYF+gW/hxZXXc=
 github.com/dblohm7/wingoes v0.0.0-20230929194252-e994401fc077/go.mod h1:6NCrWM5jRefaG7iN0iMShPalLsljHWBh9v1zxM2f8Xs=
 github.com/dblohm7/wingoes v0.0.0-20240119213807-a09d6be7affa h1:h8TfIT1xc8FWbwwpmHn1J5i43Y0uZP97GqasGCzSRJk=
 github.com/dblohm7/wingoes v0.0.0-20240119213807-a09d6be7affa/go.mod h1:Nx87SkVqTKd8UtT+xu7sM/l+LgXs6c0aHrlKusR+2EQ=
 github.com/digitalocean/go-smbios v0.0.0-20180907143718-390a4f403a8e h1:vUmf0yezR0y7jJ5pceLHthLaYf4bA5T14B6q39S4q2Q=
 github.com/digitalocean/go-smbios v0.0.0-20180907143718-390a4f403a8e/go.mod h1:YTIHhz/QFSYnu/EhlF2SpU2Uk+32abacUYA5ZPljz1A=
-github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA=
+github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
-github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
 github.com/dsnet/try v0.0.3 h1:ptR59SsrcFUYbT/FhAbKTV6iLkeD6O18qfIWRml2fqI=
 github.com/dsnet/try v0.0.3/go.mod h1:WBM8tRpUmnXXhY1U6/S8dt6UWdHTQ7y8A5YSkRCkq40=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
-github.com/fxamacker/cbor/v2 v2.5.0 h1:oHsG0V/Q6E/wqTS2O1Cozzsy69nqCiguo5Q1a1ADivE=
+github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fxamacker/cbor/v2 v2.5.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
+github.com/fxamacker/cbor/v2 v2.6.0 h1:sU6J2usfADwWlYDAFhZBQ6TnLFBHxgesMrQfQgk1tWA=
-github.com/gaissmai/bart v0.4.1 h1:G1t58voWkNmT47lBDawH5QhtTDsdqRIO+ftq5x4P9Ls=
+github.com/fxamacker/cbor/v2 v2.6.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/gaissmai/bart v0.4.1/go.mod h1:KHeYECXQiBjTzQz/om2tqn3sZF1J7hw9m6z41ftj3fg=
+github.com/gaissmai/bart v0.11.1 h1:5Uv5XwsaFBRo4E5VBcb9TzY8B7zxFf+U7isDxqOrRfc=
-github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
+github.com/gaissmai/bart v0.11.1/go.mod h1:KHeYECXQiBjTzQz/om2tqn3sZF1J7hw9m6z41ftj3fg=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.6.3 h1:ahKqKTFpO5KTPHxWZjEdPScmYaGtLo8Y4DMHoEsnp14=
 github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
 github.com/github/fakeca v0.1.0 h1:Km/MVOFvclqxPM9dZBC4+QE564nU4gz4iZ0D9pMw28I=
 github.com/github/fakeca v0.1.0/go.mod h1:+bormgoGMMuamOscx7N91aOuUST7wdaJ2rNjeohylyo=
 github.com/go-json-experiment/json v0.0.0-20231102232822-2e55bd4e08b0 h1:ymLjT4f35nQbASLnvxEde4XOBL+Sn7rFuV+FOJqkljg=
 github.com/go-json-experiment/json v0.0.0-20231102232822-2e55bd4e08b0/go.mod h1:6daplAwHHGbUGib4990V3Il26O0OC4aRyvewaaAihaA=
 github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
 github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q=
 github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
 github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no=
 github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
 github.com/go-playground/validator/v10 v10.2.0 h1:KgJ0snyC2R9VXYN2rneOtQcw5aHQB1Vv0sFl1UcHBOY=
 github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
 github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0=
 github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
 github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8=
 github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
 github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo=
 github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.1.1-0.20230522191255-76236955d466 h1:sQspH8M4niEijh3PFscJRLDnkL547IeP7kpPe3uUhEg=
 github.com/godbus/dbus/v5 v5.1.1-0.20230522191255-76236955d466/go.mod h1:ZiQxhyQ+bbbfxUKVvjfO498oPYvtYhZzycal3G/NHmU=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
 github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/nftables v0.1.1-0.20230115205135-9aa6fdf5a28c h1:06RMfw+TMMHtRuUOroMeatRCCgSMWXCJQeABvHU69YQ=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/nftables v0.1.1-0.20230115205135-9aa6fdf5a28c/go.mod h1:BVIYo3cdnT4qSylnYqcd5YtmXhr51cJPGtnLBe/uLBU=
+github.com/google/nftables v0.2.1-0.20240414091927-5e242ec57806 h1:wG8RYIyctLhdFk6Vl1yPGtSRtwGpVkWyZww1OCil2MI=
-github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
+github.com/google/nftables v0.2.1-0.20240414091927-5e242ec57806/go.mod h1:Beg6V6zZ3oEn0JuiUQ4wqwuyqqzasOltcoXPtgLbFp4=
-github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
-github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/csrf v1.7.1 h1:Ir3o2c1/Uzj6FBxMlAUB6SivgVMy1ONXwYgXn+/aHPE=
 github.com/gorilla/csrf v1.7.1/go.mod h1:+a/4tCmqhG6/w4oafeAZ9pEa3/NZOWYVbD9fV0FwIQA=
 github.com/gorilla/csrf v1.7.2 h1:oTUjx0vyf2T+wkrx09Trsev1TE+/EbDAeHtSTbtC2eI=
 github.com/gorilla/csrf v1.7.2/go.mod h1:F1Fj3KG23WYHE6gozCmBAezKookxbIvUJT+121wTuLk=
 github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
 github.com/gorilla/websocket v1.4.1 h1:q7AeDBpnBk8AogcD4DSag/Ukw/KV+YhzLj2bP5HvKCM=
 github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/hdevalence/ed25519consensus v0.1.0 h1:jtBwzzcHuTmFrQN6xQZn6CQEO/V9f7HsjsjeEZ6auqU=
 github.com/hdevalence/ed25519consensus v0.1.0/go.mod h1:w3BHWjwJbFU29IRHL1Iqkw3sus+7FctEyM4RqDxYNzo=
 github.com/hdevalence/ed25519consensus v0.2.0 h1:37ICyZqdyj0lAZ8P4D1d1id3HqbbG1N3iBb1Tb4rdcU=
 github.com/hdevalence/ed25519consensus v0.2.0/go.mod h1:w3BHWjwJbFU29IRHL1Iqkw3sus+7FctEyM4RqDxYNzo=
-github.com/illarion/gonotify v1.0.1 h1:F1d+0Fgbq/sDWjj/r66ekjDG+IDeecQKUFH4wNwsoio=
+github.com/illarion/gonotify/v2 v2.0.3 h1:B6+SKPo/0Sw8cRJh1aLzNEeNVFfzE3c6N+o+vyxM+9A=
-github.com/illarion/gonotify v1.0.1/go.mod h1:zt5pmDofZpU1f8aqlK0+95eQhoEAn/d4G4B/FjVW4jE=
+github.com/illarion/gonotify/v2 v2.0.3/go.mod h1:38oIJTgFqupkEydkkClkbL6i5lXV/bxdH9do5TALPEE=
 github.com/insomniacslk/dhcp v0.0.0-20230908212754-65c27093e38a h1:S33o3djA1nPRd+d/bf7jbbXytXuK/EoXow7+aa76grQ=
 github.com/insomniacslk/dhcp v0.0.0-20230908212754-65c27093e38a/go.mod h1:zmdm3sTSDP3vOOX3CEWRkkRHtKr1DxBx+J1OQFoDQQs=
 github.com/insomniacslk/dhcp v0.0.0-20231206064809-8c70d406f6d2 h1:9K06NfxkBh25x56yVhWWlKFE8YpicaSfHwoV8SFbueA=
 github.com/insomniacslk/dhcp v0.0.0-20231206064809-8c70d406f6d2/go.mod h1:3A9PQ1cunSDF/1rbTq99Ts4pVnycWg+vlPkfeD2NLFI=
 github.com/jellydator/ttlcache/v3 v3.1.0 h1:0gPFG0IHHP6xyUyXq+JaD8fwkDCqgqwohXNJBcYE71g=
 github.com/jellydator/ttlcache/v3 v3.1.0/go.mod h1:hi7MGFdMAwZna5n2tuvh63DvFLzVKySzCVW6+0gA2n4=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
@@ -166,16 +104,8 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfC
 github.com/josharian/native v1.0.1-0.20221213033349-c1e37c09b531/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
 github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 h1:elKwZS1OcdQ0WwEDBeqxKwb7WB62QX8bvZ/FJnVXIfk=
 github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86/go.mod h1:aFAMtuldEgx/4q7iSGazk22+IcgvtiC+HIimFO9XlS8=
 github.com/jsimonetti/rtnetlink v1.3.5 h1:hVlNQNRlLDGZz31gBPicsG7Q53rnlsz1l1Ix/9XlpVA=
 github.com/jsimonetti/rtnetlink v1.3.5/go.mod h1:0LFedyiTkebnd43tE4YAkWGIq9jQphow4CcwxaT2Y00=
 github.com/jsimonetti/rtnetlink v1.4.0 h1:Z1BF0fRgcETPEa0Kt0MRk3yV5+kF1FWTni6KUFKrq2I=
 github.com/jsimonetti/rtnetlink v1.4.0/go.mod h1:5W1jDvWdnthFJ7fxYX1GMK07BUpI4oskfOqvPteYS6E=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM=
 github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
 github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
 github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a h1:+RR6SqnTkDLWyICxS1xpjCi/3dhyV+TgZwA6Ww3KncQ=
@@ -186,12 +116,6 @@ github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mdlayher/genetlink v1.3.2 h1:KdrNKe+CTu+IbZnm/GVUMXSqBBLqcGpRDa0xkQy56gw=
 github.com/mdlayher/genetlink v1.3.2/go.mod h1:tcC3pkCrPUGIKKsCsp0B3AdaaKuHtaxoJRz3cc+528o=
 github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g=
@@ -200,79 +124,63 @@ github.com/mdlayher/sdnotify v1.0.0 h1:Ma9XeLVN/l0qpyx1tNeMSeTjCPH6NtuD6/N9XdTlQ
 github.com/mdlayher/sdnotify v1.0.0/go.mod h1:HQUmpM4XgYkhDLtd+Uad8ZFK1T9D5+pNxnXQjCeJlGE=
 github.com/mdlayher/socket v0.5.0 h1:ilICZmJcQz70vrWVes1MFera4jGiWNocSkykwwoy3XI=
 github.com/mdlayher/socket v0.5.0/go.mod h1:WkcBFfvyG8QENs5+hfQPl1X6Jpd2yeLIYgrGFmJiJxI=
 github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE=
 github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY=
 github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
 github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
 github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
 github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646 h1:zYyBkD/k9seD2A7fsi6Oo2LfFZAehjjQMERAvZLEDnQ=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646/go.mod h1:jpp1/29i3P1S/RLdc7JQKbRpFeM1dOBd8T9ki5s+AY8=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/pierrec/lz4/v4 v4.1.14/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pierrec/lz4/v4 v4.1.18 h1:xaKrnTkyoqfh1YItXl56+6KJNVYWlEEPuAQW9xsplYQ=
 github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
 github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.13.6 h1:JFZT4XbOU7l77xGSpOdW+pwIMqP044IyjXX6FGyEKFo=
 github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
-github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus-community/pro-bing v0.4.0 h1:YMbv+i08gQz97OZZBwLyvmmQEEzyfyrrjEaAchdy3R4=
 github.com/prometheus-community/pro-bing v0.4.0/go.mod h1:b7wRYZtCcPmt4Sz319BykUU241rWLe1VFXyiyWK/dH4=
 github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
 github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
 github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
 github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/safchain/ethtool v0.3.0 h1:gimQJpsI6sc1yIqP/y8GYgiXn/NjgvpM0RNoWLVVmP0=
 github.com/safchain/ethtool v0.3.0/go.mod h1:SA9BwrgyAqNo7M+uaL6IYbxpm5wk3L7Mm6ocLW+CJUs=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/tailscale/certstore v0.1.1-0.20231020161753-77811a65f4ff h1:vnxdYZUJbsSRcIcduDW3DcQqfqaiv4FUgy25q8X+vfI=
 github.com/tailscale/certstore v0.1.1-0.20231020161753-77811a65f4ff/go.mod h1:XrBNfAFN+pwoWuksbFS9Ccxnopa15zJGgXRFN90l3K4=
 github.com/tailscale/certstore v0.1.1-0.20231202035212-d3fa0460f47e h1:PtWT87weP5LWHEY//SWsYkSO3RWRZo4OSWagh3YD2vQ=
 github.com/tailscale/certstore v0.1.1-0.20231202035212-d3fa0460f47e/go.mod h1:XrBNfAFN+pwoWuksbFS9Ccxnopa15zJGgXRFN90l3K4=
 github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55 h1:Gzfnfk2TWrk8Jj4P4c1a3CtQyMaTVCznlkLZI++hok4=
 github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55/go.mod h1:4k4QO+dQ3R5FofL+SanAUZe+/QfeK0+OIuwDIRu2vSg=
-github.com/tailscale/golang-x-crypto v0.0.0-20230713185742-f0b76a10a08e h1:JyeJF/HuSwvxWtsR1c0oKX1lzaSH5Wh4aX+MgiStaGQ=
+github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4 h1:rXZGgEa+k2vJM8xT0PoSKfVXwFGPQ3z3CJfmnHJkZZw=
-github.com/tailscale/golang-x-crypto v0.0.0-20230713185742-f0b76a10a08e/go.mod h1:DjoeCULdP6vTJ/xY+nzzR9LaUHprkbZEpNidX0aqEEk=
+github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4/go.mod h1:ikbF+YT089eInTp9f2vmvy4+ZVnW5hzX1q2WknxSprQ=
 github.com/tailscale/golang-x-crypto v0.0.0-20240108194725-7ce1f622c780 h1:U0J2CUrrTcc2wmr9tSLYEo+USfwNikRRsmxVLD4eZ7E=
 github.com/tailscale/golang-x-crypto v0.0.0-20240108194725-7ce1f622c780/go.mod h1:ikbF+YT089eInTp9f2vmvy4+ZVnW5hzX1q2WknxSprQ=
 github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 h1:4chzWmimtJPxRs2O36yuGRW3f9SYV+bMTTvMBI0EKio=
 github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05/go.mod h1:PdCqy9JzfWMJf1H5UJW2ip33/d4YkoKN0r67yKH1mG8=
 github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a h1:SJy1Pu0eH1C29XwJucQo73FrleVK6t4kYz4NVhp34Yw=
 github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a/go.mod h1:DFSS3NAGHthKo1gTlmEcSBiZrRJXi28rLNd/1udP1c8=
-github.com/tailscale/netlink v1.1.1-0.20211101221916-cabfb018fe85 h1:zrsUcqrG2uQSPhaUPjUQwozcRdDdSxxqhNgNZ3drZFk=
+github.com/tailscale/netlink v1.1.1-0.20240822203006-4d49adab4de7 h1:uFsXVBE9Qr4ZoF094vE6iYTLDl0qCiKzYXlL6UeWObU=
-github.com/tailscale/netlink v1.1.1-0.20211101221916-cabfb018fe85/go.mod h1:NzVQi3Mleb+qzq8VmcWpSkcSYxXIg0DkI6XDzpVkhJ0=
+github.com/tailscale/netlink v1.1.1-0.20240822203006-4d49adab4de7/go.mod h1:NzVQi3Mleb+qzq8VmcWpSkcSYxXIg0DkI6XDzpVkhJ0=
 github.com/tailscale/peercred v0.0.0-20240214030740-b535050b2aa4 h1:Gz0rz40FvFVLTBk/K8UNAenb36EbDSnh+q7Z9ldcC8w=
 github.com/tailscale/peercred v0.0.0-20240214030740-b535050b2aa4/go.mod h1:phI29ccmHQBc+wvroosENp1IF9195449VDnFDhJ4rJU=
 github.com/tailscale/web-client-prebuilt v0.0.0-20231114171715-25f8d12b3c2d h1:6bpLeKxSPVTwxzoy+0SrDLEaa60G6jnGqgLAcdDhkDg=
 github.com/tailscale/web-client-prebuilt v0.0.0-20231114171715-25f8d12b3c2d/go.mod h1:agQPE6y6ldqCOui2gkIh7ZMztTkIQKH049tv8siLuNQ=
 github.com/tailscale/web-client-prebuilt v0.0.0-20240226180453-5db17b287bf1 h1:tdUdyPqJ0C97SJfjB9tW6EylTtreyee9C44de+UBG0g=
 github.com/tailscale/web-client-prebuilt v0.0.0-20240226180453-5db17b287bf1/go.mod h1:agQPE6y6ldqCOui2gkIh7ZMztTkIQKH049tv8siLuNQ=
-github.com/tailscale/wireguard-go v0.0.0-20231101022006-db7604d1aa90 h1:lMGYrokOq9NKDw1UMBH7AsS4boZ41jcduvYaRIdedhE=
+github.com/tailscale/wf v0.0.0-20240214030419-6fbb0a674ee6 h1:l10Gi6w9jxvinoiq15g8OToDdASBni4CyJOdHY1Hr8M=
-github.com/tailscale/wireguard-go v0.0.0-20231101022006-db7604d1aa90/go.mod h1:BOm5fXUBFM+m9woLNBoxI9TaBXXhGNP50LX/TGIvGb4=
+github.com/tailscale/wf v0.0.0-20240214030419-6fbb0a674ee6/go.mod h1:ZXRML051h7o4OcI0d3AaILDIad/Xw0IkXaHM17dic1Y=
-github.com/tailscale/wireguard-go v0.0.0-20231121184858-cc193a0b3272 h1:zwsem4CaamMdC3tFoTpzrsUSMDPV0K6rhnQdF7kXekQ=
+github.com/tailscale/wireguard-go v0.0.0-20240905161824-799c1978fafc h1:cezaQN9pvKVaw56Ma5qr/G646uKIYP0yQf+OyWN/okc=
-github.com/tailscale/wireguard-go v0.0.0-20231121184858-cc193a0b3272/go.mod h1:BOm5fXUBFM+m9woLNBoxI9TaBXXhGNP50LX/TGIvGb4=
+github.com/tailscale/wireguard-go v0.0.0-20240905161824-799c1978fafc/go.mod h1:BOm5fXUBFM+m9woLNBoxI9TaBXXhGNP50LX/TGIvGb4=
 github.com/tailscale/xnet v0.0.0-20240729143630-8497ac4dab2e h1:zOGKqN5D5hHhiYUp091JqK7DPCqSARyUfduhGUY8Bek=
 github.com/tailscale/xnet v0.0.0-20240729143630-8497ac4dab2e/go.mod h1:orPd6JZXXRyuDusYilywte7k094d7dycXXU5YnWsrwg=
 github.com/tc-hib/winres v0.2.1 h1:YDE0FiP0VmtRaDn7+aaChp1KiF4owBiJa5l964l5ujA=
 github.com/tc-hib/winres v0.2.1/go.mod h1:C/JaNhH3KBvhNKVbvdlDWkbMDO9H4fKKDaN7/07SSuk=
 github.com/tcnksm/go-httpstat v0.2.0 h1:rP7T5e5U2HfmOBmZzGgGZjBQ5/GluWUylujl0tJ04I0=
 github.com/tcnksm/go-httpstat v0.2.0/go.mod h1:s3JVJFtQxtBEBC9dwcdTTXS9xFnM3SXAZwPG41aurT8=
 github.com/u-root/u-root v0.11.0 h1:6gCZLOeRyevw7gbTwMj3fKxnr9+yHFlgF3N7udUVNO8=
 github.com/u-root/u-root v0.11.0/go.mod h1:DBkDtiZyONk9hzVEdB/PWI9B4TxDkElWlVTHseglrZY=
 github.com/u-root/u-root v0.12.0 h1:K0AuBFriwr0w/PGS3HawiAw89e3+MU7ks80GpghAsNs=
-github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63 h1:YcojQL98T/OO+rybuzn2+5KrD5dBwXIvYBvQ2cD3Avg=
+github.com/u-root/u-root v0.12.0/go.mod h1:FYjTOh4IkIZHhjsd17lb8nYW6udgXdJhG1c0r6u0arI=
 github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63/go.mod h1:eLL9Nub3yfAho7qB0MzZizFhTU2QkLeoVsWdHtDW264=
 github.com/u-root/uio v0.0.0-20240118234441-a3c409a6018e h1:BA9O3BmlTmpjbvajAwzWx4Wo2TRVdpPXZEeemGQcajw=
 github.com/u-root/uio v0.0.0-20240118234441-a3c409a6018e/go.mod h1:eLL9Nub3yfAho7qB0MzZizFhTU2QkLeoVsWdHtDW264=
 github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go/codec v1.1.7 h1:2SvQaVZ1ouYrrKKwoSk2pzd4A9evlKJb9oTL+OaLUSs=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs=
 github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
 github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
@@ -280,101 +188,59 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 go4.org/mem v0.0.0-20220726221520-4f986261bf13 h1:CbZeCBZ0aZj8EfVgnqQcYZgf0lpZ3H9rmp5nkDTAst8=
 go4.org/mem v0.0.0-20220726221520-4f986261bf13/go.mod h1:reUoABIJ9ikfM5sgtSF3Wushcza7+WeD01VB9Lirh3g=
 go4.org/netipx v0.0.0-20230824141953-6213f710f925 h1:eeQDDVKFkx0g4Hyy8pHgmZaK0EqB4SD6rvKbUdN3ziQ=
 go4.org/netipx v0.0.0-20230824141953-6213f710f925/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
 golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
 golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA=
 golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08=
-golang.org/x/exp/typeparams v0.0.0-20230905200255-921286631fa9 h1:j3D9DvWRpUfIyFfDPws7LoIZ2MAI1OJHdQXtTnYtN+k=
+golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f h1:phY1HzDcf18Aq9A8KkmRtY9WvOFIxN8wgfvy6Zm1DV8=
-golang.org/x/exp/typeparams v0.0.0-20230905200255-921286631fa9/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
+golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
-golang.org/x/exp/typeparams v0.0.0-20240119083558-1b970713d09a h1:8qmSSA8Gz/1kTrCe0nqR0R3Gb/NDhykzWw2q2mWZydM=
+golang.org/x/image v0.18.0 h1:jGzIakQa/ZXI1I0Fxvaa9W7yP25TqT6cHIHn+6CqvSQ=
-golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E=
-golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
-golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
+golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
 golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210301091718-77cc2087c03b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220817070843-5a390386f1f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
-golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
 golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
-golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
+golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
 golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
 golang.zx2c4.com/wireguard/windows v0.5.3 h1:On6j2Rpn3OEMXqBq00QEDC7bWSZrPIHKIus8eIuExIE=
 golang.zx2c4.com/wireguard/windows v0.5.3/go.mod h1:9TEe8TJmtwyQebdFwAkEWOPr3prrtqm+REGFifP60hI=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gvisor.dev/gvisor v0.0.0-20230928000133-4fe30062272c h1:bYb98Ra11fJ8F2xFbZx0zg2VQ28lYqC1JxfaaF53xqY=
+gvisor.dev/gvisor v0.0.0-20240722211153-64c016c92987 h1:TU8z2Lh3Bbq77w0t1eG8yRlLcNHzZu3x6mhoH2Mk0c8=
-gvisor.dev/gvisor v0.0.0-20230928000133-4fe30062272c/go.mod h1:AVgIgHMwK63XvmAzWG9vLQ41YnVHN0du0tEC46fI7yY=
+gvisor.dev/gvisor v0.0.0-20240722211153-64c016c92987/go.mod h1:sxc3Uvk/vHcd3tj7/DHVBoR5wvWT/MmRq2pj7HRJnwU=
-gvisor.dev/gvisor v0.0.0-20240306221502-ee1e1f6070e3 h1:/8/t5pz/mgdRXhYOIeqqYhFAQLE4DDGegc0Y4ZjyFJM=
+honnef.co/go/tools v0.5.1 h1:4bH5o3b5ZULQ4UrBmP+63W9r7qIkqJClEA9ko5YKx+I=
-gvisor.dev/gvisor v0.0.0-20240306221502-ee1e1f6070e3/go.mod h1:NQHVAzMwvZ+Qe3ElSiHmq9RUm1MdNHpUZ52fiEqvn+0=
+honnef.co/go/tools v0.5.1/go.mod h1:e9irvo83WDG9/irijV44wr3tbhcFeRnfpVlRqVwpzMs=
 honnef.co/go/tools v0.4.6 h1:oFEHCKeID7to/3autwsWfnuv69j3NsfcXbvJKuIcep8=
 honnef.co/go/tools v0.4.6/go.mod h1:+rnGS1THNh8zMwnd2oVOTL9QF6vmfyG6ZXBULae2uc0=
 howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM=
 howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g=
 inet.af/peercred v0.0.0-20210906144145-0893ea02156a h1:qdkS8Q5/i10xU2ArJMKYhVa1DORzBfYS/qA2UK2jheg=
 inet.af/peercred v0.0.0-20210906144145-0893ea02156a/go.mod h1:FjawnflS/udxX+SvpsMgZfdqx2aykOlkISeAsADi5IU=
 inet.af/wf v0.0.0-20221017222439-36129f591884 h1:zg9snq3Cpy50lWuVqDYM7AIRVTtU50y5WXETMFohW/Q=
 inet.af/wf v0.0.0-20221017222439-36129f591884/go.mod h1:bSAQ38BYbY68uwpasXOTZo22dKGy9SNvI6PZFeKomZE=
 nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
 nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
 nhooyr.io/websocket v1.8.10 h1:mv4p+MnGrLDcPlBoWsvPP7XCzTYMXP9F9eIGoKbgx7Q=
 nhooyr.io/websocket v1.8.10/go.mod h1:rN9OFWIUwuxg4fR5tELlYC04bXYowCP9GX47ivo2l+c=
 software.sslmate.com/src/go-pkcs12 v0.2.1 h1:tbT1jjaeFOF230tzOIRJ6U5S1jNqpsSyNjzDd58H3J8=
 software.sslmate.com/src/go-pkcs12 v0.2.1/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI=
 software.sslmate.com/src/go-pkcs12 v0.4.0 h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k=
-tailscale.com v1.54.0 h1:Dri5BTKkHYpl+/t8ofY+tyvoTDbH/FpP7iB4B0cAQOY=
+software.sslmate.com/src/go-pkcs12 v0.4.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI=
-tailscale.com v1.54.0/go.mod h1:MnLFoCRwzFWr3qtkSW2nZdQpK7wQRZEk1KtcEGAuZYw=
+tailscale.com v1.76.3 h1:UBfYxqgsSAjutLix2doZBfTw8bBuE7Cj1DzsREow1wA=
-tailscale.com v1.64.2 h1:0VNwUsjK6CwgkqyaOANndBER2SMYl8JZ5uNRTvIqCnY=
+tailscale.com v1.76.3/go.mod h1:myCwmhYBvMCF/5OgBYuIW42zscuEo30bAml7wABVZLk=
 tailscale.com v1.64.2/go.mod h1:6kGByHNxnFfK1i4gVpdtvpdS1HicHohWXnsfwmXy64I=
--- a/vendor/filippo.io/edwards25519/LICENSE
+++ b/vendor/filippo.io/edwards25519/LICENSE
@@ -0,0 +1,27 @@
 Copyright (c) 2009 The Go Authors. All rights reserved.
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
 met:
   * Redistributions of source code must retain the above copyright
 notice, this list of conditions and the following disclaimer.
   * Redistributions in binary form must reproduce the above
 copyright notice, this list of conditions and the following disclaimer
 in the documentation and/or other materials provided with the
 distribution.
   * Neither the name of Google Inc. nor the names of its
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/vendor/filippo.io/edwards25519/README.md
+++ b/vendor/filippo.io/edwards25519/README.md
@@ -0,0 +1,14 @@
 # filippo.io/edwards25519
 ```
 import "filippo.io/edwards25519"
 ```
 This library implements the edwards25519 elliptic curve, exposing the necessary APIs to build a wide array of higher-level primitives.
 Read the docs at [pkg.go.dev/filippo.io/edwards25519](https://pkg.go.dev/filippo.io/edwards25519).
 The code is originally derived from Adam Langley's internal implementation in the Go standard library, and includes George Tankersley's [performance improvements](https://golang.org/cl/71950). It was then further developed by Henry de Valence for use in ristretto255, and was finally [merged back into the Go standard library](https://golang.org/cl/276272) as of Go 1.17. It now tracks the upstream codebase and extends it with additional functionality.
 Most users don't need this package, and should instead use `crypto/ed25519` for signatures, `golang.org/x/crypto/curve25519` for Diffie-Hellman, or `github.com/gtank/ristretto255` for prime order group logic. However, for anyone currently using a fork of `crypto/internal/edwards25519`/`crypto/ed25519/internal/edwards25519` or `github.com/agl/edwards25519`, this package should be a safer, faster, and more powerful alternative.
 Since this package is meant to curb proliferation of edwards25519 implementations in the Go ecosystem, it welcomes requests for new APIs or reviewable performance improvements.
--- a/vendor/filippo.io/edwards25519/doc.go
+++ b/vendor/filippo.io/edwards25519/doc.go
@@ -0,0 +1,20 @@
 // Copyright (c) 2021 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // Package edwards25519 implements group logic for the twisted Edwards curve
 //
 //	-x^2 + y^2 = 1 + -(121665/121666)*x^2*y^2
 //
 // This is better known as the Edwards curve equivalent to Curve25519, and is
 // the curve used by the Ed25519 signature scheme.
 //
 // Most users don't need this package, and should instead use crypto/ed25519 for
 // signatures, golang.org/x/crypto/curve25519 for Diffie-Hellman, or
 // github.com/gtank/ristretto255 for prime order group logic.
 //
 // However, developers who do need to interact with low-level edwards25519
 // operations can use this package, which is an extended version of
 // crypto/internal/edwards25519 from the standard library repackaged as
 // an importable module.
 package edwards25519
--- a/vendor/filippo.io/edwards25519/edwards25519.go
+++ b/vendor/filippo.io/edwards25519/edwards25519.go
@@ -0,0 +1,427 @@
 // Copyright (c) 2017 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package edwards25519
 import (
 	"errors"
 	"filippo.io/edwards25519/field"
 )
 // Point types.
 type projP1xP1 struct {
 	X, Y, Z, T field.Element
 }
 type projP2 struct {
 	X, Y, Z field.Element
 }
 // Point represents a point on the edwards25519 curve.
 //
 // This type works similarly to math/big.Int, and all arguments and receivers
 // are allowed to alias.
 //
 // The zero value is NOT valid, and it may be used only as a receiver.
 type Point struct {
 	// Make the type not comparable (i.e. used with == or as a map key), as
 	// equivalent points can be represented by different Go values.
 	_ incomparable
 	// The point is internally represented in extended coordinates (X, Y, Z, T)
 	// where x = X/Z, y = Y/Z, and xy = T/Z per https://eprint.iacr.org/2008/522.
 	x, y, z, t field.Element
 }
 type incomparable [0]func()
 func checkInitialized(points ...*Point) {
 	for _, p := range points {
 		if p.x == (field.Element{}) && p.y == (field.Element{}) {
 			panic("edwards25519: use of uninitialized Point")
 		}
 	}
 }
 type projCached struct {
 	YplusX, YminusX, Z, T2d field.Element
 }
 type affineCached struct {
 	YplusX, YminusX, T2d field.Element
 }
 // Constructors.
 func (v *projP2) Zero() *projP2 {
 	v.X.Zero()
 	v.Y.One()
 	v.Z.One()
 	return v
 }
 // identity is the point at infinity.
 var identity, _ = new(Point).SetBytes([]byte{
 	1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0})
 // NewIdentityPoint returns a new Point set to the identity.
 func NewIdentityPoint() *Point {
 	return new(Point).Set(identity)
 }
 // generator is the canonical curve basepoint. See TestGenerator for the
 // correspondence of this encoding with the values in RFC 8032.
 var generator, _ = new(Point).SetBytes([]byte{
 	0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
 	0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
 	0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
 	0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66})
 // NewGeneratorPoint returns a new Point set to the canonical generator.
 func NewGeneratorPoint() *Point {
 	return new(Point).Set(generator)
 }
 func (v *projCached) Zero() *projCached {
 	v.YplusX.One()
 	v.YminusX.One()
 	v.Z.One()
 	v.T2d.Zero()
 	return v
 }
 func (v *affineCached) Zero() *affineCached {
 	v.YplusX.One()
 	v.YminusX.One()
 	v.T2d.Zero()
 	return v
 }
 // Assignments.
 // Set sets v = u, and returns v.
 func (v *Point) Set(u *Point) *Point {
 	*v = *u
 	return v
 }
 // Encoding.
 // Bytes returns the canonical 32-byte encoding of v, according to RFC 8032,
 // Section 5.1.2.
 func (v *Point) Bytes() []byte {
 	// This function is outlined to make the allocations inline in the caller
 	// rather than happen on the heap.
 	var buf [32]byte
 	return v.bytes(&buf)
 }
 func (v *Point) bytes(buf *[32]byte) []byte {
 	checkInitialized(v)
 	var zInv, x, y field.Element
 	zInv.Invert(&v.z)       // zInv = 1 / Z
 	x.Multiply(&v.x, &zInv) // x = X / Z
 	y.Multiply(&v.y, &zInv) // y = Y / Z
 	out := copyFieldElement(buf, &y)
 	out[31] |= byte(x.IsNegative() << 7)
 	return out
 }
 var feOne = new(field.Element).One()
 // SetBytes sets v = x, where x is a 32-byte encoding of v. If x does not
 // represent a valid point on the curve, SetBytes returns nil and an error and
 // the receiver is unchanged. Otherwise, SetBytes returns v.
 //
 // Note that SetBytes accepts all non-canonical encodings of valid points.
 // That is, it follows decoding rules that match most implementations in
 // the ecosystem rather than RFC 8032.
 func (v *Point) SetBytes(x []byte) (*Point, error) {
 	// Specifically, the non-canonical encodings that are accepted are
 	//   1) the ones where the field element is not reduced (see the
 	//      (*field.Element).SetBytes docs) and
 	//   2) the ones where the x-coordinate is zero and the sign bit is set.
 	//
 	// Read more at https://hdevalence.ca/blog/2020-10-04-its-25519am,
 	// specifically the "Canonical A, R" section.
 	y, err := new(field.Element).SetBytes(x)
 	if err != nil {
 		return nil, errors.New("edwards25519: invalid point encoding length")
 	}
 	// -x² + y² = 1 + dx²y²
 	// x² + dx²y² = x²(dy² + 1) = y² - 1
 	// x² = (y² - 1) / (dy² + 1)
 	// u = y² - 1
 	y2 := new(field.Element).Square(y)
 	u := new(field.Element).Subtract(y2, feOne)
 	// v = dy² + 1
 	vv := new(field.Element).Multiply(y2, d)
 	vv = vv.Add(vv, feOne)
 	// x = +√(u/v)
 	xx, wasSquare := new(field.Element).SqrtRatio(u, vv)
 	if wasSquare == 0 {
 		return nil, errors.New("edwards25519: invalid point encoding")
 	}
 	// Select the negative square root if the sign bit is set.
 	xxNeg := new(field.Element).Negate(xx)
 	xx = xx.Select(xxNeg, xx, int(x[31]>>7))
 	v.x.Set(xx)
 	v.y.Set(y)
 	v.z.One()
 	v.t.Multiply(xx, y) // xy = T / Z
 	return v, nil
 }
 func copyFieldElement(buf *[32]byte, v *field.Element) []byte {
 	copy(buf[:], v.Bytes())
 	return buf[:]
 }
 // Conversions.
 func (v *projP2) FromP1xP1(p *projP1xP1) *projP2 {
 	v.X.Multiply(&p.X, &p.T)
 	v.Y.Multiply(&p.Y, &p.Z)
 	v.Z.Multiply(&p.Z, &p.T)
 	return v
 }
 func (v *projP2) FromP3(p *Point) *projP2 {
 	v.X.Set(&p.x)
 	v.Y.Set(&p.y)
 	v.Z.Set(&p.z)
 	return v
 }
 func (v *Point) fromP1xP1(p *projP1xP1) *Point {
 	v.x.Multiply(&p.X, &p.T)
 	v.y.Multiply(&p.Y, &p.Z)
 	v.z.Multiply(&p.Z, &p.T)
 	v.t.Multiply(&p.X, &p.Y)
 	return v
 }
 func (v *Point) fromP2(p *projP2) *Point {
 	v.x.Multiply(&p.X, &p.Z)
 	v.y.Multiply(&p.Y, &p.Z)
 	v.z.Square(&p.Z)
 	v.t.Multiply(&p.X, &p.Y)
 	return v
 }
 // d is a constant in the curve equation.
 var d, _ = new(field.Element).SetBytes([]byte{
 	0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75,
 	0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00,
 	0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c,
 	0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52})
 var d2 = new(field.Element).Add(d, d)
 func (v *projCached) FromP3(p *Point) *projCached {
 	v.YplusX.Add(&p.y, &p.x)
 	v.YminusX.Subtract(&p.y, &p.x)
 	v.Z.Set(&p.z)
 	v.T2d.Multiply(&p.t, d2)
 	return v
 }
 func (v *affineCached) FromP3(p *Point) *affineCached {
 	v.YplusX.Add(&p.y, &p.x)
 	v.YminusX.Subtract(&p.y, &p.x)
 	v.T2d.Multiply(&p.t, d2)
 	var invZ field.Element
 	invZ.Invert(&p.z)
 	v.YplusX.Multiply(&v.YplusX, &invZ)
 	v.YminusX.Multiply(&v.YminusX, &invZ)
 	v.T2d.Multiply(&v.T2d, &invZ)
 	return v
 }
 // (Re)addition and subtraction.
 // Add sets v = p + q, and returns v.
 func (v *Point) Add(p, q *Point) *Point {
 	checkInitialized(p, q)
 	qCached := new(projCached).FromP3(q)
 	result := new(projP1xP1).Add(p, qCached)
 	return v.fromP1xP1(result)
 }
 // Subtract sets v = p - q, and returns v.
 func (v *Point) Subtract(p, q *Point) *Point {
 	checkInitialized(p, q)
 	qCached := new(projCached).FromP3(q)
 	result := new(projP1xP1).Sub(p, qCached)
 	return v.fromP1xP1(result)
 }
 func (v *projP1xP1) Add(p *Point, q *projCached) *projP1xP1 {
 	var YplusX, YminusX, PP, MM, TT2d, ZZ2 field.Element
 	YplusX.Add(&p.y, &p.x)
 	YminusX.Subtract(&p.y, &p.x)
 	PP.Multiply(&YplusX, &q.YplusX)
 	MM.Multiply(&YminusX, &q.YminusX)
 	TT2d.Multiply(&p.t, &q.T2d)
 	ZZ2.Multiply(&p.z, &q.Z)
 	ZZ2.Add(&ZZ2, &ZZ2)
 	v.X.Subtract(&PP, &MM)
 	v.Y.Add(&PP, &MM)
 	v.Z.Add(&ZZ2, &TT2d)
 	v.T.Subtract(&ZZ2, &TT2d)
 	return v
 }
 func (v *projP1xP1) Sub(p *Point, q *projCached) *projP1xP1 {
 	var YplusX, YminusX, PP, MM, TT2d, ZZ2 field.Element
 	YplusX.Add(&p.y, &p.x)
 	YminusX.Subtract(&p.y, &p.x)
 	PP.Multiply(&YplusX, &q.YminusX) // flipped sign
 	MM.Multiply(&YminusX, &q.YplusX) // flipped sign
 	TT2d.Multiply(&p.t, &q.T2d)
 	ZZ2.Multiply(&p.z, &q.Z)
 	ZZ2.Add(&ZZ2, &ZZ2)
 	v.X.Subtract(&PP, &MM)
 	v.Y.Add(&PP, &MM)
 	v.Z.Subtract(&ZZ2, &TT2d) // flipped sign
 	v.T.Add(&ZZ2, &TT2d)      // flipped sign
 	return v
 }
 func (v *projP1xP1) AddAffine(p *Point, q *affineCached) *projP1xP1 {
 	var YplusX, YminusX, PP, MM, TT2d, Z2 field.Element
 	YplusX.Add(&p.y, &p.x)
 	YminusX.Subtract(&p.y, &p.x)
 	PP.Multiply(&YplusX, &q.YplusX)
 	MM.Multiply(&YminusX, &q.YminusX)
 	TT2d.Multiply(&p.t, &q.T2d)
 	Z2.Add(&p.z, &p.z)
 	v.X.Subtract(&PP, &MM)
 	v.Y.Add(&PP, &MM)
 	v.Z.Add(&Z2, &TT2d)
 	v.T.Subtract(&Z2, &TT2d)
 	return v
 }
 func (v *projP1xP1) SubAffine(p *Point, q *affineCached) *projP1xP1 {
 	var YplusX, YminusX, PP, MM, TT2d, Z2 field.Element
 	YplusX.Add(&p.y, &p.x)
 	YminusX.Subtract(&p.y, &p.x)
 	PP.Multiply(&YplusX, &q.YminusX) // flipped sign
 	MM.Multiply(&YminusX, &q.YplusX) // flipped sign
 	TT2d.Multiply(&p.t, &q.T2d)
 	Z2.Add(&p.z, &p.z)
 	v.X.Subtract(&PP, &MM)
 	v.Y.Add(&PP, &MM)
 	v.Z.Subtract(&Z2, &TT2d) // flipped sign
 	v.T.Add(&Z2, &TT2d)      // flipped sign
 	return v
 }
 // Doubling.
 func (v *projP1xP1) Double(p *projP2) *projP1xP1 {
 	var XX, YY, ZZ2, XplusYsq field.Element
 	XX.Square(&p.X)
 	YY.Square(&p.Y)
 	ZZ2.Square(&p.Z)
 	ZZ2.Add(&ZZ2, &ZZ2)
 	XplusYsq.Add(&p.X, &p.Y)
 	XplusYsq.Square(&XplusYsq)
 	v.Y.Add(&YY, &XX)
 	v.Z.Subtract(&YY, &XX)
 	v.X.Subtract(&XplusYsq, &v.Y)
 	v.T.Subtract(&ZZ2, &v.Z)
 	return v
 }
 // Negation.
 // Negate sets v = -p, and returns v.
 func (v *Point) Negate(p *Point) *Point {
 	checkInitialized(p)
 	v.x.Negate(&p.x)
 	v.y.Set(&p.y)
 	v.z.Set(&p.z)
 	v.t.Negate(&p.t)
 	return v
 }
 // Equal returns 1 if v is equivalent to u, and 0 otherwise.
 func (v *Point) Equal(u *Point) int {
 	checkInitialized(v, u)
 	var t1, t2, t3, t4 field.Element
 	t1.Multiply(&v.x, &u.z)
 	t2.Multiply(&u.x, &v.z)
 	t3.Multiply(&v.y, &u.z)
 	t4.Multiply(&u.y, &v.z)
 	return t1.Equal(&t2) & t3.Equal(&t4)
 }
 // Constant-time operations
 // Select sets v to a if cond == 1 and to b if cond == 0.
 func (v *projCached) Select(a, b *projCached, cond int) *projCached {
 	v.YplusX.Select(&a.YplusX, &b.YplusX, cond)
 	v.YminusX.Select(&a.YminusX, &b.YminusX, cond)
 	v.Z.Select(&a.Z, &b.Z, cond)
 	v.T2d.Select(&a.T2d, &b.T2d, cond)
 	return v
 }
 // Select sets v to a if cond == 1 and to b if cond == 0.
 func (v *affineCached) Select(a, b *affineCached, cond int) *affineCached {
 	v.YplusX.Select(&a.YplusX, &b.YplusX, cond)
 	v.YminusX.Select(&a.YminusX, &b.YminusX, cond)
 	v.T2d.Select(&a.T2d, &b.T2d, cond)
 	return v
 }
 // CondNeg negates v if cond == 1 and leaves it unchanged if cond == 0.
 func (v *projCached) CondNeg(cond int) *projCached {
 	v.YplusX.Swap(&v.YminusX, cond)
 	v.T2d.Select(new(field.Element).Negate(&v.T2d), &v.T2d, cond)
 	return v
 }
 // CondNeg negates v if cond == 1 and leaves it unchanged if cond == 0.
 func (v *affineCached) CondNeg(cond int) *affineCached {
 	v.YplusX.Swap(&v.YminusX, cond)
 	v.T2d.Select(new(field.Element).Negate(&v.T2d), &v.T2d, cond)
 	return v
 }
--- a/vendor/filippo.io/edwards25519/extra.go
+++ b/vendor/filippo.io/edwards25519/extra.go
@@ -0,0 +1,349 @@
 // Copyright (c) 2021 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package edwards25519
 // This file contains additional functionality that is not included in the
 // upstream crypto/internal/edwards25519 package.
 import (
 	"errors"
 	"filippo.io/edwards25519/field"
 )
 // ExtendedCoordinates returns v in extended coordinates (X:Y:Z:T) where
 // x = X/Z, y = Y/Z, and xy = T/Z as in https://eprint.iacr.org/2008/522.
 func (v *Point) ExtendedCoordinates() (X, Y, Z, T *field.Element) {
 	// This function is outlined to make the allocations inline in the caller
 	// rather than happen on the heap. Don't change the style without making
 	// sure it doesn't increase the inliner cost.
 	var e [4]field.Element
 	X, Y, Z, T = v.extendedCoordinates(&e)
 	return
 }
 func (v *Point) extendedCoordinates(e *[4]field.Element) (X, Y, Z, T *field.Element) {
 	checkInitialized(v)
 	X = e[0].Set(&v.x)
 	Y = e[1].Set(&v.y)
 	Z = e[2].Set(&v.z)
 	T = e[3].Set(&v.t)
 	return
 }
 // SetExtendedCoordinates sets v = (X:Y:Z:T) in extended coordinates where
 // x = X/Z, y = Y/Z, and xy = T/Z as in https://eprint.iacr.org/2008/522.
 //
 // If the coordinates are invalid or don't represent a valid point on the curve,
 // SetExtendedCoordinates returns nil and an error and the receiver is
 // unchanged. Otherwise, SetExtendedCoordinates returns v.
 func (v *Point) SetExtendedCoordinates(X, Y, Z, T *field.Element) (*Point, error) {
 	if !isOnCurve(X, Y, Z, T) {
 		return nil, errors.New("edwards25519: invalid point coordinates")
 	}
 	v.x.Set(X)
 	v.y.Set(Y)
 	v.z.Set(Z)
 	v.t.Set(T)
 	return v, nil
 }
 func isOnCurve(X, Y, Z, T *field.Element) bool {
 	var lhs, rhs field.Element
 	XX := new(field.Element).Square(X)
 	YY := new(field.Element).Square(Y)
 	ZZ := new(field.Element).Square(Z)
 	TT := new(field.Element).Square(T)
 	// -x² + y² = 1 + dx²y²
 	// -(X/Z)² + (Y/Z)² = 1 + d(T/Z)²
 	// -X² + Y² = Z² + dT²
 	lhs.Subtract(YY, XX)
 	rhs.Multiply(d, TT).Add(&rhs, ZZ)
 	if lhs.Equal(&rhs) != 1 {
 		return false
 	}
 	// xy = T/Z
 	// XY/Z² = T/Z
 	// XY = TZ
 	lhs.Multiply(X, Y)
 	rhs.Multiply(T, Z)
 	return lhs.Equal(&rhs) == 1
 }
 // BytesMontgomery converts v to a point on the birationally-equivalent
 // Curve25519 Montgomery curve, and returns its canonical 32 bytes encoding
 // according to RFC 7748.
 //
 // Note that BytesMontgomery only encodes the u-coordinate, so v and -v encode
 // to the same value. If v is the identity point, BytesMontgomery returns 32
 // zero bytes, analogously to the X25519 function.
 //
 // The lack of an inverse operation (such as SetMontgomeryBytes) is deliberate:
 // while every valid edwards25519 point has a unique u-coordinate Montgomery
 // encoding, X25519 accepts inputs on the quadratic twist, which don't correspond
 // to any edwards25519 point, and every other X25519 input corresponds to two
 // edwards25519 points.
 func (v *Point) BytesMontgomery() []byte {
 	// This function is outlined to make the allocations inline in the caller
 	// rather than happen on the heap.
 	var buf [32]byte
 	return v.bytesMontgomery(&buf)
 }
 func (v *Point) bytesMontgomery(buf *[32]byte) []byte {
 	checkInitialized(v)
 	// RFC 7748, Section 4.1 provides the bilinear map to calculate the
 	// Montgomery u-coordinate
 	//
 	//              u = (1 + y) / (1 - y)
 	//
 	// where y = Y / Z.
 	var y, recip, u field.Element
 	y.Multiply(&v.y, y.Invert(&v.z))        // y = Y / Z
 	recip.Invert(recip.Subtract(feOne, &y)) // r = 1/(1 - y)
 	u.Multiply(u.Add(feOne, &y), &recip)    // u = (1 + y)*r
 	return copyFieldElement(buf, &u)
 }
 // MultByCofactor sets v = 8 * p, and returns v.
 func (v *Point) MultByCofactor(p *Point) *Point {
 	checkInitialized(p)
 	result := projP1xP1{}
 	pp := (&projP2{}).FromP3(p)
 	result.Double(pp)
 	pp.FromP1xP1(&result)
 	result.Double(pp)
 	pp.FromP1xP1(&result)
 	result.Double(pp)
 	return v.fromP1xP1(&result)
 }
 // Given k > 0, set s = s**(2*i).
 func (s *Scalar) pow2k(k int) {
 	for i := 0; i < k; i++ {
 		s.Multiply(s, s)
 	}
 }
 // Invert sets s to the inverse of a nonzero scalar v, and returns s.
 //
 // If t is zero, Invert returns zero.
 func (s *Scalar) Invert(t *Scalar) *Scalar {
 	// Uses a hardcoded sliding window of width 4.
 	var table [8]Scalar
 	var tt Scalar
 	tt.Multiply(t, t)
 	table[0] = *t
 	for i := 0; i < 7; i++ {
 		table[i+1].Multiply(&table[i], &tt)
 	}
 	// Now table = [t**1, t**3, t**5, t**7, t**9, t**11, t**13, t**15]
 	// so t**k = t[k/2] for odd k
 	// To compute the sliding window digits, use the following Sage script:
 	// sage: import itertools
 	// sage: def sliding_window(w,k):
 	// ....:     digits = []
 	// ....:     while k > 0:
 	// ....:         if k % 2 == 1:
 	// ....:             kmod = k % (2**w)
 	// ....:             digits.append(kmod)
 	// ....:             k = k - kmod
 	// ....:         else:
 	// ....:             digits.append(0)
 	// ....:         k = k // 2
 	// ....:     return digits
 	// Now we can compute s roughly as follows:
 	// sage: s = 1
 	// sage: for coeff in reversed(sliding_window(4,l-2)):
 	// ....:     s = s*s
 	// ....:     if coeff > 0 :
 	// ....:         s = s*t**coeff
 	// This works on one bit at a time, with many runs of zeros.
 	// The digits can be collapsed into [(count, coeff)] as follows:
 	// sage: [(len(list(group)),d) for d,group in itertools.groupby(sliding_window(4,l-2))]
 	// Entries of the form (k, 0) turn into pow2k(k)
 	// Entries of the form (1, coeff) turn into a squaring and then a table lookup.
 	// We can fold the squaring into the previous pow2k(k) as pow2k(k+1).
 	*s = table[1/2]
 	s.pow2k(127 + 1)
 	s.Multiply(s, &table[1/2])
 	s.pow2k(4 + 1)
 	s.Multiply(s, &table[9/2])
 	s.pow2k(3 + 1)
 	s.Multiply(s, &table[11/2])
 	s.pow2k(3 + 1)
 	s.Multiply(s, &table[13/2])
 	s.pow2k(3 + 1)
 	s.Multiply(s, &table[15/2])
 	s.pow2k(4 + 1)
 	s.Multiply(s, &table[7/2])
 	s.pow2k(4 + 1)
 	s.Multiply(s, &table[15/2])
 	s.pow2k(3 + 1)
 	s.Multiply(s, &table[5/2])
 	s.pow2k(3 + 1)
 	s.Multiply(s, &table[1/2])
 	s.pow2k(4 + 1)
 	s.Multiply(s, &table[15/2])
 	s.pow2k(4 + 1)
 	s.Multiply(s, &table[15/2])
 	s.pow2k(4 + 1)
 	s.Multiply(s, &table[7/2])
 	s.pow2k(3 + 1)
 	s.Multiply(s, &table[3/2])
 	s.pow2k(4 + 1)
 	s.Multiply(s, &table[11/2])
 	s.pow2k(5 + 1)
 	s.Multiply(s, &table[11/2])
 	s.pow2k(9 + 1)
 	s.Multiply(s, &table[9/2])
 	s.pow2k(3 + 1)
 	s.Multiply(s, &table[3/2])
 	s.pow2k(4 + 1)
 	s.Multiply(s, &table[3/2])
 	s.pow2k(4 + 1)
 	s.Multiply(s, &table[3/2])
 	s.pow2k(4 + 1)
 	s.Multiply(s, &table[9/2])
 	s.pow2k(3 + 1)
 	s.Multiply(s, &table[7/2])
 	s.pow2k(3 + 1)
 	s.Multiply(s, &table[3/2])
 	s.pow2k(3 + 1)
 	s.Multiply(s, &table[13/2])
 	s.pow2k(3 + 1)
 	s.Multiply(s, &table[7/2])
 	s.pow2k(4 + 1)
 	s.Multiply(s, &table[9/2])
 	s.pow2k(3 + 1)
 	s.Multiply(s, &table[15/2])
 	s.pow2k(4 + 1)
 	s.Multiply(s, &table[11/2])
 	return s
 }
 // MultiScalarMult sets v = sum(scalars[i] * points[i]), and returns v.
 //
 // Execution time depends only on the lengths of the two slices, which must match.
 func (v *Point) MultiScalarMult(scalars []*Scalar, points []*Point) *Point {
 	if len(scalars) != len(points) {
 		panic("edwards25519: called MultiScalarMult with different size inputs")
 	}
 	checkInitialized(points...)
 	// Proceed as in the single-base case, but share doublings
 	// between each point in the multiscalar equation.
 	// Build lookup tables for each point
 	tables := make([]projLookupTable, len(points))
 	for i := range tables {
 		tables[i].FromP3(points[i])
 	}
 	// Compute signed radix-16 digits for each scalar
 	digits := make([][64]int8, len(scalars))
 	for i := range digits {
 		digits[i] = scalars[i].signedRadix16()
 	}
 	// Unwrap first loop iteration to save computing 16*identity
 	multiple := &projCached{}
 	tmp1 := &projP1xP1{}
 	tmp2 := &projP2{}
 	// Lookup-and-add the appropriate multiple of each input point
 	for j := range tables {
 		tables[j].SelectInto(multiple, digits[j][63])
 		tmp1.Add(v, multiple) // tmp1 = v + x_(j,63)*Q in P1xP1 coords
 		v.fromP1xP1(tmp1)     // update v
 	}
 	tmp2.FromP3(v) // set up tmp2 = v in P2 coords for next iteration
 	for i := 62; i >= 0; i-- {
 		tmp1.Double(tmp2)    // tmp1 =  2*(prev) in P1xP1 coords
 		tmp2.FromP1xP1(tmp1) // tmp2 =  2*(prev) in P2 coords
 		tmp1.Double(tmp2)    // tmp1 =  4*(prev) in P1xP1 coords
 		tmp2.FromP1xP1(tmp1) // tmp2 =  4*(prev) in P2 coords
 		tmp1.Double(tmp2)    // tmp1 =  8*(prev) in P1xP1 coords
 		tmp2.FromP1xP1(tmp1) // tmp2 =  8*(prev) in P2 coords
 		tmp1.Double(tmp2)    // tmp1 = 16*(prev) in P1xP1 coords
 		v.fromP1xP1(tmp1)    //    v = 16*(prev) in P3 coords
 		// Lookup-and-add the appropriate multiple of each input point
 		for j := range tables {
 			tables[j].SelectInto(multiple, digits[j][i])
 			tmp1.Add(v, multiple) // tmp1 = v + x_(j,i)*Q in P1xP1 coords
 			v.fromP1xP1(tmp1)     // update v
 		}
 		tmp2.FromP3(v) // set up tmp2 = v in P2 coords for next iteration
 	}
 	return v
 }
 // VarTimeMultiScalarMult sets v = sum(scalars[i] * points[i]), and returns v.
 //
 // Execution time depends on the inputs.
 func (v *Point) VarTimeMultiScalarMult(scalars []*Scalar, points []*Point) *Point {
 	if len(scalars) != len(points) {
 		panic("edwards25519: called VarTimeMultiScalarMult with different size inputs")
 	}
 	checkInitialized(points...)
 	// Generalize double-base NAF computation to arbitrary sizes.
 	// Here all the points are dynamic, so we only use the smaller
 	// tables.
 	// Build lookup tables for each point
 	tables := make([]nafLookupTable5, len(points))
 	for i := range tables {
 		tables[i].FromP3(points[i])
 	}
 	// Compute a NAF for each scalar
 	nafs := make([][256]int8, len(scalars))
 	for i := range nafs {
 		nafs[i] = scalars[i].nonAdjacentForm(5)
 	}
 	multiple := &projCached{}
 	tmp1 := &projP1xP1{}
 	tmp2 := &projP2{}
 	tmp2.Zero()
 	// Move from high to low bits, doubling the accumulator
 	// at each iteration and checking whether there is a nonzero
 	// coefficient to look up a multiple of.
 	//
 	// Skip trying to find the first nonzero coefficent, because
 	// searching might be more work than a few extra doublings.
 	for i := 255; i >= 0; i-- {
 		tmp1.Double(tmp2)
 		for j := range nafs {
 			if nafs[j][i] > 0 {
 				v.fromP1xP1(tmp1)
 				tables[j].SelectInto(multiple, nafs[j][i])
 				tmp1.Add(v, multiple)
 			} else if nafs[j][i] < 0 {
 				v.fromP1xP1(tmp1)
 				tables[j].SelectInto(multiple, -nafs[j][i])
 				tmp1.Sub(v, multiple)
 			}
 		}
 		tmp2.FromP1xP1(tmp1)
 	}
 	v.fromP2(tmp2)
 	return v
 }
--- a/vendor/filippo.io/edwards25519/field/fe.go
+++ b/vendor/filippo.io/edwards25519/field/fe.go
@@ -0,0 +1,420 @@
 // Copyright (c) 2017 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // Package field implements fast arithmetic modulo 2^255-19.
 package field
 import (
 	"crypto/subtle"
 	"encoding/binary"
 	"errors"
 	"math/bits"
 )
 // Element represents an element of the field GF(2^255-19). Note that this
 // is not a cryptographically secure group, and should only be used to interact
 // with edwards25519.Point coordinates.
 //
 // This type works similarly to math/big.Int, and all arguments and receivers
 // are allowed to alias.
 //
 // The zero value is a valid zero element.
 type Element struct {
 	// An element t represents the integer
 	//     t.l0 + t.l1*2^51 + t.l2*2^102 + t.l3*2^153 + t.l4*2^204
 	//
 	// Between operations, all limbs are expected to be lower than 2^52.
 	l0 uint64
 	l1 uint64
 	l2 uint64
 	l3 uint64
 	l4 uint64
 }
 const maskLow51Bits uint64 = (1 << 51) - 1
 var feZero = &Element{0, 0, 0, 0, 0}
 // Zero sets v = 0, and returns v.
 func (v *Element) Zero() *Element {
 	*v = *feZero
 	return v
 }
 var feOne = &Element{1, 0, 0, 0, 0}
 // One sets v = 1, and returns v.
 func (v *Element) One() *Element {
 	*v = *feOne
 	return v
 }
 // reduce reduces v modulo 2^255 - 19 and returns it.
 func (v *Element) reduce() *Element {
 	v.carryPropagate()
 	// After the light reduction we now have a field element representation
 	// v < 2^255 + 2^13 * 19, but need v < 2^255 - 19.
 	// If v >= 2^255 - 19, then v + 19 >= 2^255, which would overflow 2^255 - 1,
 	// generating a carry. That is, c will be 0 if v < 2^255 - 19, and 1 otherwise.
 	c := (v.l0 + 19) >> 51
 	c = (v.l1 + c) >> 51
 	c = (v.l2 + c) >> 51
 	c = (v.l3 + c) >> 51
 	c = (v.l4 + c) >> 51
 	// If v < 2^255 - 19 and c = 0, this will be a no-op. Otherwise, it's
 	// effectively applying the reduction identity to the carry.
 	v.l0 += 19 * c
 	v.l1 += v.l0 >> 51
 	v.l0 = v.l0 & maskLow51Bits
 	v.l2 += v.l1 >> 51
 	v.l1 = v.l1 & maskLow51Bits
 	v.l3 += v.l2 >> 51
 	v.l2 = v.l2 & maskLow51Bits
 	v.l4 += v.l3 >> 51
 	v.l3 = v.l3 & maskLow51Bits
 	// no additional carry
 	v.l4 = v.l4 & maskLow51Bits
 	return v
 }
 // Add sets v = a + b, and returns v.
 func (v *Element) Add(a, b *Element) *Element {
 	v.l0 = a.l0 + b.l0
 	v.l1 = a.l1 + b.l1
 	v.l2 = a.l2 + b.l2
 	v.l3 = a.l3 + b.l3
 	v.l4 = a.l4 + b.l4
 	// Using the generic implementation here is actually faster than the
 	// assembly. Probably because the body of this function is so simple that
 	// the compiler can figure out better optimizations by inlining the carry
 	// propagation.
 	return v.carryPropagateGeneric()
 }
 // Subtract sets v = a - b, and returns v.
 func (v *Element) Subtract(a, b *Element) *Element {
 	// We first add 2 * p, to guarantee the subtraction won't underflow, and
 	// then subtract b (which can be up to 2^255 + 2^13 * 19).
 	v.l0 = (a.l0 + 0xFFFFFFFFFFFDA) - b.l0
 	v.l1 = (a.l1 + 0xFFFFFFFFFFFFE) - b.l1
 	v.l2 = (a.l2 + 0xFFFFFFFFFFFFE) - b.l2
 	v.l3 = (a.l3 + 0xFFFFFFFFFFFFE) - b.l3
 	v.l4 = (a.l4 + 0xFFFFFFFFFFFFE) - b.l4
 	return v.carryPropagate()
 }
 // Negate sets v = -a, and returns v.
 func (v *Element) Negate(a *Element) *Element {
 	return v.Subtract(feZero, a)
 }
 // Invert sets v = 1/z mod p, and returns v.
 //
 // If z == 0, Invert returns v = 0.
 func (v *Element) Invert(z *Element) *Element {
 	// Inversion is implemented as exponentiation with exponent p − 2. It uses the
 	// same sequence of 255 squarings and 11 multiplications as [Curve25519].
 	var z2, z9, z11, z2_5_0, z2_10_0, z2_20_0, z2_50_0, z2_100_0, t Element
 	z2.Square(z)             // 2
 	t.Square(&z2)            // 4
 	t.Square(&t)             // 8
 	z9.Multiply(&t, z)       // 9
 	z11.Multiply(&z9, &z2)   // 11
 	t.Square(&z11)           // 22
 	z2_5_0.Multiply(&t, &z9) // 31 = 2^5 - 2^0
 	t.Square(&z2_5_0) // 2^6 - 2^1
 	for i := 0; i < 4; i++ {
 		t.Square(&t) // 2^10 - 2^5
 	}
 	z2_10_0.Multiply(&t, &z2_5_0) // 2^10 - 2^0
 	t.Square(&z2_10_0) // 2^11 - 2^1
 	for i := 0; i < 9; i++ {
 		t.Square(&t) // 2^20 - 2^10
 	}
 	z2_20_0.Multiply(&t, &z2_10_0) // 2^20 - 2^0
 	t.Square(&z2_20_0) // 2^21 - 2^1
 	for i := 0; i < 19; i++ {
 		t.Square(&t) // 2^40 - 2^20
 	}
 	t.Multiply(&t, &z2_20_0) // 2^40 - 2^0
 	t.Square(&t) // 2^41 - 2^1
 	for i := 0; i < 9; i++ {
 		t.Square(&t) // 2^50 - 2^10
 	}
 	z2_50_0.Multiply(&t, &z2_10_0) // 2^50 - 2^0
 	t.Square(&z2_50_0) // 2^51 - 2^1
 	for i := 0; i < 49; i++ {
 		t.Square(&t) // 2^100 - 2^50
 	}
 	z2_100_0.Multiply(&t, &z2_50_0) // 2^100 - 2^0
 	t.Square(&z2_100_0) // 2^101 - 2^1
 	for i := 0; i < 99; i++ {
 		t.Square(&t) // 2^200 - 2^100
 	}
 	t.Multiply(&t, &z2_100_0) // 2^200 - 2^0
 	t.Square(&t) // 2^201 - 2^1
 	for i := 0; i < 49; i++ {
 		t.Square(&t) // 2^250 - 2^50
 	}
 	t.Multiply(&t, &z2_50_0) // 2^250 - 2^0
 	t.Square(&t) // 2^251 - 2^1
 	t.Square(&t) // 2^252 - 2^2
 	t.Square(&t) // 2^253 - 2^3
 	t.Square(&t) // 2^254 - 2^4
 	t.Square(&t) // 2^255 - 2^5
 	return v.Multiply(&t, &z11) // 2^255 - 21
 }
 // Set sets v = a, and returns v.
 func (v *Element) Set(a *Element) *Element {
 	*v = *a
 	return v
 }
 // SetBytes sets v to x, where x is a 32-byte little-endian encoding. If x is
 // not of the right length, SetBytes returns nil and an error, and the
 // receiver is unchanged.
 //
 // Consistent with RFC 7748, the most significant bit (the high bit of the
 // last byte) is ignored, and non-canonical values (2^255-19 through 2^255-1)
 // are accepted. Note that this is laxer than specified by RFC 8032, but
 // consistent with most Ed25519 implementations.
 func (v *Element) SetBytes(x []byte) (*Element, error) {
 	if len(x) != 32 {
 		return nil, errors.New("edwards25519: invalid field element input size")
 	}
 	// Bits 0:51 (bytes 0:8, bits 0:64, shift 0, mask 51).
 	v.l0 = binary.LittleEndian.Uint64(x[0:8])
 	v.l0 &= maskLow51Bits
 	// Bits 51:102 (bytes 6:14, bits 48:112, shift 3, mask 51).
 	v.l1 = binary.LittleEndian.Uint64(x[6:14]) >> 3
 	v.l1 &= maskLow51Bits
 	// Bits 102:153 (bytes 12:20, bits 96:160, shift 6, mask 51).
 	v.l2 = binary.LittleEndian.Uint64(x[12:20]) >> 6
 	v.l2 &= maskLow51Bits
 	// Bits 153:204 (bytes 19:27, bits 152:216, shift 1, mask 51).
 	v.l3 = binary.LittleEndian.Uint64(x[19:27]) >> 1
 	v.l3 &= maskLow51Bits
 	// Bits 204:255 (bytes 24:32, bits 192:256, shift 12, mask 51).
 	// Note: not bytes 25:33, shift 4, to avoid overread.
 	v.l4 = binary.LittleEndian.Uint64(x[24:32]) >> 12
 	v.l4 &= maskLow51Bits
 	return v, nil
 }
 // Bytes returns the canonical 32-byte little-endian encoding of v.
 func (v *Element) Bytes() []byte {
 	// This function is outlined to make the allocations inline in the caller
 	// rather than happen on the heap.
 	var out [32]byte
 	return v.bytes(&out)
 }
 func (v *Element) bytes(out *[32]byte) []byte {
 	t := *v
 	t.reduce()
 	var buf [8]byte
 	for i, l := range [5]uint64{t.l0, t.l1, t.l2, t.l3, t.l4} {
 		bitsOffset := i * 51
 		binary.LittleEndian.PutUint64(buf[:], l<<uint(bitsOffset%8))
 		for i, bb := range buf {
 			off := bitsOffset/8 + i
 			if off >= len(out) {
 				break
 			}
 			out[off] |= bb
 		}
 	}
 	return out[:]
 }
 // Equal returns 1 if v and u are equal, and 0 otherwise.
 func (v *Element) Equal(u *Element) int {
 	sa, sv := u.Bytes(), v.Bytes()
 	return subtle.ConstantTimeCompare(sa, sv)
 }
 // mask64Bits returns 0xffffffff if cond is 1, and 0 otherwise.
 func mask64Bits(cond int) uint64 { return ^(uint64(cond) - 1) }
 // Select sets v to a if cond == 1, and to b if cond == 0.
 func (v *Element) Select(a, b *Element, cond int) *Element {
 	m := mask64Bits(cond)
 	v.l0 = (m & a.l0) | (^m & b.l0)
 	v.l1 = (m & a.l1) | (^m & b.l1)
 	v.l2 = (m & a.l2) | (^m & b.l2)
 	v.l3 = (m & a.l3) | (^m & b.l3)
 	v.l4 = (m & a.l4) | (^m & b.l4)
 	return v
 }
 // Swap swaps v and u if cond == 1 or leaves them unchanged if cond == 0, and returns v.
 func (v *Element) Swap(u *Element, cond int) {
 	m := mask64Bits(cond)
 	t := m & (v.l0 ^ u.l0)
 	v.l0 ^= t
 	u.l0 ^= t
 	t = m & (v.l1 ^ u.l1)
 	v.l1 ^= t
 	u.l1 ^= t
 	t = m & (v.l2 ^ u.l2)
 	v.l2 ^= t
 	u.l2 ^= t
 	t = m & (v.l3 ^ u.l3)
 	v.l3 ^= t
 	u.l3 ^= t
 	t = m & (v.l4 ^ u.l4)
 	v.l4 ^= t
 	u.l4 ^= t
 }
 // IsNegative returns 1 if v is negative, and 0 otherwise.
 func (v *Element) IsNegative() int {
 	return int(v.Bytes()[0] & 1)
 }
 // Absolute sets v to |u|, and returns v.
 func (v *Element) Absolute(u *Element) *Element {
 	return v.Select(new(Element).Negate(u), u, u.IsNegative())
 }
 // Multiply sets v = x * y, and returns v.
 func (v *Element) Multiply(x, y *Element) *Element {
 	feMul(v, x, y)
 	return v
 }
 // Square sets v = x * x, and returns v.
 func (v *Element) Square(x *Element) *Element {
 	feSquare(v, x)
 	return v
 }
 // Mult32 sets v = x * y, and returns v.
 func (v *Element) Mult32(x *Element, y uint32) *Element {
 	x0lo, x0hi := mul51(x.l0, y)
 	x1lo, x1hi := mul51(x.l1, y)
 	x2lo, x2hi := mul51(x.l2, y)
 	x3lo, x3hi := mul51(x.l3, y)
 	x4lo, x4hi := mul51(x.l4, y)
 	v.l0 = x0lo + 19*x4hi // carried over per the reduction identity
 	v.l1 = x1lo + x0hi
 	v.l2 = x2lo + x1hi
 	v.l3 = x3lo + x2hi
 	v.l4 = x4lo + x3hi
 	// The hi portions are going to be only 32 bits, plus any previous excess,
 	// so we can skip the carry propagation.
 	return v
 }
 // mul51 returns lo + hi * 2⁵¹ = a * b.
 func mul51(a uint64, b uint32) (lo uint64, hi uint64) {
 	mh, ml := bits.Mul64(a, uint64(b))
 	lo = ml & maskLow51Bits
 	hi = (mh << 13) | (ml >> 51)
 	return
 }
 // Pow22523 set v = x^((p-5)/8), and returns v. (p-5)/8 is 2^252-3.
 func (v *Element) Pow22523(x *Element) *Element {
 	var t0, t1, t2 Element
 	t0.Square(x)             // x^2
 	t1.Square(&t0)           // x^4
 	t1.Square(&t1)           // x^8
 	t1.Multiply(x, &t1)      // x^9
 	t0.Multiply(&t0, &t1)    // x^11
 	t0.Square(&t0)           // x^22
 	t0.Multiply(&t1, &t0)    // x^31
 	t1.Square(&t0)           // x^62
 	for i := 1; i < 5; i++ { // x^992
 		t1.Square(&t1)
 	}
 	t0.Multiply(&t1, &t0)     // x^1023 -> 1023 = 2^10 - 1
 	t1.Square(&t0)            // 2^11 - 2
 	for i := 1; i < 10; i++ { // 2^20 - 2^10
 		t1.Square(&t1)
 	}
 	t1.Multiply(&t1, &t0)     // 2^20 - 1
 	t2.Square(&t1)            // 2^21 - 2
 	for i := 1; i < 20; i++ { // 2^40 - 2^20
 		t2.Square(&t2)
 	}
 	t1.Multiply(&t2, &t1)     // 2^40 - 1
 	t1.Square(&t1)            // 2^41 - 2
 	for i := 1; i < 10; i++ { // 2^50 - 2^10
 		t1.Square(&t1)
 	}
 	t0.Multiply(&t1, &t0)     // 2^50 - 1
 	t1.Square(&t0)            // 2^51 - 2
 	for i := 1; i < 50; i++ { // 2^100 - 2^50
 		t1.Square(&t1)
 	}
 	t1.Multiply(&t1, &t0)      // 2^100 - 1
 	t2.Square(&t1)             // 2^101 - 2
 	for i := 1; i < 100; i++ { // 2^200 - 2^100
 		t2.Square(&t2)
 	}
 	t1.Multiply(&t2, &t1)     // 2^200 - 1
 	t1.Square(&t1)            // 2^201 - 2
 	for i := 1; i < 50; i++ { // 2^250 - 2^50
 		t1.Square(&t1)
 	}
 	t0.Multiply(&t1, &t0)     // 2^250 - 1
 	t0.Square(&t0)            // 2^251 - 2
 	t0.Square(&t0)            // 2^252 - 4
 	return v.Multiply(&t0, x) // 2^252 - 3 -> x^(2^252-3)
 }
 // sqrtM1 is 2^((p-1)/4), which squared is equal to -1 by Euler's Criterion.
 var sqrtM1 = &Element{1718705420411056, 234908883556509,
 	2233514472574048, 2117202627021982, 765476049583133}
 // SqrtRatio sets r to the non-negative square root of the ratio of u and v.
 //
 // If u/v is square, SqrtRatio returns r and 1. If u/v is not square, SqrtRatio
 // sets r according to Section 4.3 of draft-irtf-cfrg-ristretto255-decaf448-00,
 // and returns r and 0.
 func (r *Element) SqrtRatio(u, v *Element) (R *Element, wasSquare int) {
 	t0 := new(Element)
 	// r = (u * v3) * (u * v7)^((p-5)/8)
 	v2 := new(Element).Square(v)
 	uv3 := new(Element).Multiply(u, t0.Multiply(v2, v))
 	uv7 := new(Element).Multiply(uv3, t0.Square(v2))
 	rr := new(Element).Multiply(uv3, t0.Pow22523(uv7))
 	check := new(Element).Multiply(v, t0.Square(rr)) // check = v * r^2
 	uNeg := new(Element).Negate(u)
 	correctSignSqrt := check.Equal(u)
 	flippedSignSqrt := check.Equal(uNeg)
 	flippedSignSqrtI := check.Equal(t0.Multiply(uNeg, sqrtM1))
 	rPrime := new(Element).Multiply(rr, sqrtM1) // r_prime = SQRT_M1 * r
 	// r = CT_SELECT(r_prime IF flipped_sign_sqrt | flipped_sign_sqrt_i ELSE r)
 	rr.Select(rPrime, rr, flippedSignSqrt|flippedSignSqrtI)
 	r.Absolute(rr) // Choose the nonnegative square root.
 	return r, correctSignSqrt | flippedSignSqrt
 }
--- a/vendor/filippo.io/edwards25519/field/fe_amd64.go
+++ b/vendor/filippo.io/edwards25519/field/fe_amd64.go
@@ -0,0 +1,16 @@
 // Code generated by command: go run fe_amd64_asm.go -out ../fe_amd64.s -stubs ../fe_amd64.go -pkg field. DO NOT EDIT.
 //go:build amd64 && gc && !purego
 // +build amd64,gc,!purego
 package field
 // feMul sets out = a * b. It works like feMulGeneric.
 //
 //go:noescape
 func feMul(out *Element, a *Element, b *Element)
 // feSquare sets out = a * a. It works like feSquareGeneric.
 //
 //go:noescape
 func feSquare(out *Element, a *Element)
--- a/vendor/filippo.io/edwards25519/field/fe_amd64.s
+++ b/vendor/filippo.io/edwards25519/field/fe_amd64.s
@@ -0,0 +1,379 @@
 // Code generated by command: go run fe_amd64_asm.go -out ../fe_amd64.s -stubs ../fe_amd64.go -pkg field. DO NOT EDIT.
 //go:build amd64 && gc && !purego
 // +build amd64,gc,!purego
 #include "textflag.h"
 // func feMul(out *Element, a *Element, b *Element)
 TEXT ·feMul(SB), NOSPLIT, $0-24
 	MOVQ a+8(FP), CX
 	MOVQ b+16(FP), BX
 	// r0 = a0×b0
 	MOVQ (CX), AX
 	MULQ (BX)
 	MOVQ AX, DI
 	MOVQ DX, SI
 	// r0 += 19×a1×b4
 	MOVQ   8(CX), AX
 	IMUL3Q $0x13, AX, AX
 	MULQ   32(BX)
 	ADDQ   AX, DI
 	ADCQ   DX, SI
 	// r0 += 19×a2×b3
 	MOVQ   16(CX), AX
 	IMUL3Q $0x13, AX, AX
 	MULQ   24(BX)
 	ADDQ   AX, DI
 	ADCQ   DX, SI
 	// r0 += 19×a3×b2
 	MOVQ   24(CX), AX
 	IMUL3Q $0x13, AX, AX
 	MULQ   16(BX)
 	ADDQ   AX, DI
 	ADCQ   DX, SI
 	// r0 += 19×a4×b1
 	MOVQ   32(CX), AX
 	IMUL3Q $0x13, AX, AX
 	MULQ   8(BX)
 	ADDQ   AX, DI
 	ADCQ   DX, SI
 	// r1 = a0×b1
 	MOVQ (CX), AX
 	MULQ 8(BX)
 	MOVQ AX, R9
 	MOVQ DX, R8
 	// r1 += a1×b0
 	MOVQ 8(CX), AX
 	MULQ (BX)
 	ADDQ AX, R9
 	ADCQ DX, R8
 	// r1 += 19×a2×b4
 	MOVQ   16(CX), AX
 	IMUL3Q $0x13, AX, AX
 	MULQ   32(BX)
 	ADDQ   AX, R9
 	ADCQ   DX, R8
 	// r1 += 19×a3×b3
 	MOVQ   24(CX), AX
 	IMUL3Q $0x13, AX, AX
 	MULQ   24(BX)
 	ADDQ   AX, R9
 	ADCQ   DX, R8
 	// r1 += 19×a4×b2
 	MOVQ   32(CX), AX
 	IMUL3Q $0x13, AX, AX
 	MULQ   16(BX)
 	ADDQ   AX, R9
 	ADCQ   DX, R8
 	// r2 = a0×b2
 	MOVQ (CX), AX
 	MULQ 16(BX)
 	MOVQ AX, R11
 	MOVQ DX, R10
 	// r2 += a1×b1
 	MOVQ 8(CX), AX
 	MULQ 8(BX)
 	ADDQ AX, R11
 	ADCQ DX, R10
 	// r2 += a2×b0
 	MOVQ 16(CX), AX
 	MULQ (BX)
 	ADDQ AX, R11
 	ADCQ DX, R10
 	// r2 += 19×a3×b4
 	MOVQ   24(CX), AX
 	IMUL3Q $0x13, AX, AX
 	MULQ   32(BX)
 	ADDQ   AX, R11
 	ADCQ   DX, R10
 	// r2 += 19×a4×b3
 	MOVQ   32(CX), AX
 	IMUL3Q $0x13, AX, AX
 	MULQ   24(BX)
 	ADDQ   AX, R11
 	ADCQ   DX, R10
 	// r3 = a0×b3
 	MOVQ (CX), AX
 	MULQ 24(BX)
 	MOVQ AX, R13
 	MOVQ DX, R12
 	// r3 += a1×b2
 	MOVQ 8(CX), AX
 	MULQ 16(BX)
 	ADDQ AX, R13
 	ADCQ DX, R12
 	// r3 += a2×b1
 	MOVQ 16(CX), AX
 	MULQ 8(BX)
 	ADDQ AX, R13
 	ADCQ DX, R12
 	// r3 += a3×b0
 	MOVQ 24(CX), AX
 	MULQ (BX)
 	ADDQ AX, R13
 	ADCQ DX, R12
 	// r3 += 19×a4×b4
 	MOVQ   32(CX), AX
 	IMUL3Q $0x13, AX, AX
 	MULQ   32(BX)
 	ADDQ   AX, R13
 	ADCQ   DX, R12
 	// r4 = a0×b4
 	MOVQ (CX), AX
 	MULQ 32(BX)
 	MOVQ AX, R15
 	MOVQ DX, R14
 	// r4 += a1×b3
 	MOVQ 8(CX), AX
 	MULQ 24(BX)
 	ADDQ AX, R15
 	ADCQ DX, R14
 	// r4 += a2×b2
 	MOVQ 16(CX), AX
 	MULQ 16(BX)
 	ADDQ AX, R15
 	ADCQ DX, R14
 	// r4 += a3×b1
 	MOVQ 24(CX), AX
 	MULQ 8(BX)
 	ADDQ AX, R15
 	ADCQ DX, R14
 	// r4 += a4×b0
 	MOVQ 32(CX), AX
 	MULQ (BX)
 	ADDQ AX, R15
 	ADCQ DX, R14
 	// First reduction chain
 	MOVQ   $0x0007ffffffffffff, AX
 	SHLQ   $0x0d, DI, SI
 	SHLQ   $0x0d, R9, R8
 	SHLQ   $0x0d, R11, R10
 	SHLQ   $0x0d, R13, R12
 	SHLQ   $0x0d, R15, R14
 	ANDQ   AX, DI
 	IMUL3Q $0x13, R14, R14
 	ADDQ   R14, DI
 	ANDQ   AX, R9
 	ADDQ   SI, R9
 	ANDQ   AX, R11
 	ADDQ   R8, R11
 	ANDQ   AX, R13
 	ADDQ   R10, R13
 	ANDQ   AX, R15
 	ADDQ   R12, R15
 	// Second reduction chain (carryPropagate)
 	MOVQ   DI, SI
 	SHRQ   $0x33, SI
 	MOVQ   R9, R8
 	SHRQ   $0x33, R8
 	MOVQ   R11, R10
 	SHRQ   $0x33, R10
 	MOVQ   R13, R12
 	SHRQ   $0x33, R12
 	MOVQ   R15, R14
 	SHRQ   $0x33, R14
 	ANDQ   AX, DI
 	IMUL3Q $0x13, R14, R14
 	ADDQ   R14, DI
 	ANDQ   AX, R9
 	ADDQ   SI, R9
 	ANDQ   AX, R11
 	ADDQ   R8, R11
 	ANDQ   AX, R13
 	ADDQ   R10, R13
 	ANDQ   AX, R15
 	ADDQ   R12, R15
 	// Store output
 	MOVQ out+0(FP), AX
 	MOVQ DI, (AX)
 	MOVQ R9, 8(AX)
 	MOVQ R11, 16(AX)
 	MOVQ R13, 24(AX)
 	MOVQ R15, 32(AX)
 	RET
 // func feSquare(out *Element, a *Element)
 TEXT ·feSquare(SB), NOSPLIT, $0-16
 	MOVQ a+8(FP), CX
 	// r0 = l0×l0
 	MOVQ (CX), AX
 	MULQ (CX)
 	MOVQ AX, SI
 	MOVQ DX, BX
 	// r0 += 38×l1×l4
 	MOVQ   8(CX), AX
 	IMUL3Q $0x26, AX, AX
 	MULQ   32(CX)
 	ADDQ   AX, SI
 	ADCQ   DX, BX
 	// r0 += 38×l2×l3
 	MOVQ   16(CX), AX
 	IMUL3Q $0x26, AX, AX
 	MULQ   24(CX)
 	ADDQ   AX, SI
 	ADCQ   DX, BX
 	// r1 = 2×l0×l1
 	MOVQ (CX), AX
 	SHLQ $0x01, AX
 	MULQ 8(CX)
 	MOVQ AX, R8
 	MOVQ DX, DI
 	// r1 += 38×l2×l4
 	MOVQ   16(CX), AX
 	IMUL3Q $0x26, AX, AX
 	MULQ   32(CX)
 	ADDQ   AX, R8
 	ADCQ   DX, DI
 	// r1 += 19×l3×l3
 	MOVQ   24(CX), AX
 	IMUL3Q $0x13, AX, AX
 	MULQ   24(CX)
 	ADDQ   AX, R8
 	ADCQ   DX, DI
 	// r2 = 2×l0×l2
 	MOVQ (CX), AX
 	SHLQ $0x01, AX
 	MULQ 16(CX)
 	MOVQ AX, R10
 	MOVQ DX, R9
 	// r2 += l1×l1
 	MOVQ 8(CX), AX
 	MULQ 8(CX)
 	ADDQ AX, R10
 	ADCQ DX, R9
 	// r2 += 38×l3×l4
 	MOVQ   24(CX), AX
 	IMUL3Q $0x26, AX, AX
 	MULQ   32(CX)
 	ADDQ   AX, R10
 	ADCQ   DX, R9
 	// r3 = 2×l0×l3
 	MOVQ (CX), AX
 	SHLQ $0x01, AX
 	MULQ 24(CX)
 	MOVQ AX, R12
 	MOVQ DX, R11
 	// r3 += 2×l1×l2
 	MOVQ   8(CX), AX
 	IMUL3Q $0x02, AX, AX
 	MULQ   16(CX)
 	ADDQ   AX, R12
 	ADCQ   DX, R11
 	// r3 += 19×l4×l4
 	MOVQ   32(CX), AX
 	IMUL3Q $0x13, AX, AX
 	MULQ   32(CX)
 	ADDQ   AX, R12
 	ADCQ   DX, R11
 	// r4 = 2×l0×l4
 	MOVQ (CX), AX
 	SHLQ $0x01, AX
 	MULQ 32(CX)
 	MOVQ AX, R14
 	MOVQ DX, R13
 	// r4 += 2×l1×l3
 	MOVQ   8(CX), AX
 	IMUL3Q $0x02, AX, AX
 	MULQ   24(CX)
 	ADDQ   AX, R14
 	ADCQ   DX, R13
 	// r4 += l2×l2
 	MOVQ 16(CX), AX
 	MULQ 16(CX)
 	ADDQ AX, R14
 	ADCQ DX, R13
 	// First reduction chain
 	MOVQ   $0x0007ffffffffffff, AX
 	SHLQ   $0x0d, SI, BX
 	SHLQ   $0x0d, R8, DI
 	SHLQ   $0x0d, R10, R9
 	SHLQ   $0x0d, R12, R11
 	SHLQ   $0x0d, R14, R13
 	ANDQ   AX, SI
 	IMUL3Q $0x13, R13, R13
 	ADDQ   R13, SI
 	ANDQ   AX, R8
 	ADDQ   BX, R8
 	ANDQ   AX, R10
 	ADDQ   DI, R10
 	ANDQ   AX, R12
 	ADDQ   R9, R12
 	ANDQ   AX, R14
 	ADDQ   R11, R14
 	// Second reduction chain (carryPropagate)
 	MOVQ   SI, BX
 	SHRQ   $0x33, BX
 	MOVQ   R8, DI
 	SHRQ   $0x33, DI
 	MOVQ   R10, R9
 	SHRQ   $0x33, R9
 	MOVQ   R12, R11
 	SHRQ   $0x33, R11
 	MOVQ   R14, R13
 	SHRQ   $0x33, R13
 	ANDQ   AX, SI
 	IMUL3Q $0x13, R13, R13
 	ADDQ   R13, SI
 	ANDQ   AX, R8
 	ADDQ   BX, R8
 	ANDQ   AX, R10
 	ADDQ   DI, R10
 	ANDQ   AX, R12
 	ADDQ   R9, R12
 	ANDQ   AX, R14
 	ADDQ   R11, R14
 	// Store output
 	MOVQ out+0(FP), AX
 	MOVQ SI, (AX)
 	MOVQ R8, 8(AX)
 	MOVQ R10, 16(AX)
 	MOVQ R12, 24(AX)
 	MOVQ R14, 32(AX)
 	RET
--- a/vendor/filippo.io/edwards25519/field/fe_amd64_noasm.go
+++ b/vendor/filippo.io/edwards25519/field/fe_amd64_noasm.go
@@ -0,0 +1,12 @@
 // Copyright (c) 2019 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build !amd64 || !gc || purego
 // +build !amd64 !gc purego
 package field
 func feMul(v, x, y *Element) { feMulGeneric(v, x, y) }
 func feSquare(v, x *Element) { feSquareGeneric(v, x) }
--- a/vendor/filippo.io/edwards25519/field/fe_arm64.go
+++ b/vendor/filippo.io/edwards25519/field/fe_arm64.go
@@ -0,0 +1,16 @@
 // Copyright (c) 2020 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build arm64 && gc && !purego
 // +build arm64,gc,!purego
 package field
 //go:noescape
 func carryPropagate(v *Element)
 func (v *Element) carryPropagate() *Element {
 	carryPropagate(v)
 	return v
 }
--- a/vendor/filippo.io/edwards25519/field/fe_arm64.s
+++ b/vendor/filippo.io/edwards25519/field/fe_arm64.s
@@ -0,0 +1,42 @@
 // Copyright (c) 2020 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build arm64 && gc && !purego
 #include "textflag.h"
 // carryPropagate works exactly like carryPropagateGeneric and uses the
 // same AND, ADD, and LSR+MADD instructions emitted by the compiler, but
 // avoids loading R0-R4 twice and uses LDP and STP.
 //
 // See https://golang.org/issues/43145 for the main compiler issue.
 //
 // func carryPropagate(v *Element)
 TEXT ·carryPropagate(SB),NOFRAME|NOSPLIT,$0-8
 	MOVD v+0(FP), R20
 	LDP 0(R20), (R0, R1)
 	LDP 16(R20), (R2, R3)
 	MOVD 32(R20), R4
 	AND $0x7ffffffffffff, R0, R10
 	AND $0x7ffffffffffff, R1, R11
 	AND $0x7ffffffffffff, R2, R12
 	AND $0x7ffffffffffff, R3, R13
 	AND $0x7ffffffffffff, R4, R14
 	ADD R0>>51, R11, R11
 	ADD R1>>51, R12, R12
 	ADD R2>>51, R13, R13
 	ADD R3>>51, R14, R14
 	// R4>>51 * 19 + R10 -> R10
 	LSR $51, R4, R21
 	MOVD $19, R22
 	MADD R22, R10, R21, R10
 	STP (R10, R11), 0(R20)
 	STP (R12, R13), 16(R20)
 	MOVD R14, 32(R20)
 	RET
--- a/vendor/filippo.io/edwards25519/field/fe_arm64_noasm.go
+++ b/vendor/filippo.io/edwards25519/field/fe_arm64_noasm.go
@@ -0,0 +1,12 @@
 // Copyright (c) 2021 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build !arm64 || !gc || purego
 // +build !arm64 !gc purego
 package field
 func (v *Element) carryPropagate() *Element {
 	return v.carryPropagateGeneric()
 }
--- a/vendor/filippo.io/edwards25519/field/fe_extra.go
+++ b/vendor/filippo.io/edwards25519/field/fe_extra.go
@@ -0,0 +1,50 @@
 // Copyright (c) 2021 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package field
 import "errors"
 // This file contains additional functionality that is not included in the
 // upstream crypto/ed25519/edwards25519/field package.
 // SetWideBytes sets v to x, where x is a 64-byte little-endian encoding, which
 // is reduced modulo the field order. If x is not of the right length,
 // SetWideBytes returns nil and an error, and the receiver is unchanged.
 //
 // SetWideBytes is not necessary to select a uniformly distributed value, and is
 // only provided for compatibility: SetBytes can be used instead as the chance
 // of bias is less than 2⁻²⁵⁰.
 func (v *Element) SetWideBytes(x []byte) (*Element, error) {
 	if len(x) != 64 {
 		return nil, errors.New("edwards25519: invalid SetWideBytes input size")
 	}
 	// Split the 64 bytes into two elements, and extract the most significant
 	// bit of each, which is ignored by SetBytes.
 	lo, _ := new(Element).SetBytes(x[:32])
 	loMSB := uint64(x[31] >> 7)
 	hi, _ := new(Element).SetBytes(x[32:])
 	hiMSB := uint64(x[63] >> 7)
 	// The output we want is
 	//
 	//   v = lo + loMSB * 2²⁵⁵ + hi * 2²⁵⁶ + hiMSB * 2⁵¹¹
 	//
 	// which applying the reduction identity comes out to
 	//
 	//   v = lo + loMSB * 19 + hi * 2 * 19 + hiMSB * 2 * 19²
 	//
 	// l0 will be the sum of a 52 bits value (lo.l0), plus a 5 bits value
 	// (loMSB * 19), a 6 bits value (hi.l0 * 2 * 19), and a 10 bits value
 	// (hiMSB * 2 * 19²), so it fits in a uint64.
 	v.l0 = lo.l0 + loMSB*19 + hi.l0*2*19 + hiMSB*2*19*19
 	v.l1 = lo.l1 + hi.l1*2*19
 	v.l2 = lo.l2 + hi.l2*2*19
 	v.l3 = lo.l3 + hi.l3*2*19
 	v.l4 = lo.l4 + hi.l4*2*19
 	return v.carryPropagate(), nil
 }
--- a/vendor/filippo.io/edwards25519/field/fe_generic.go
+++ b/vendor/filippo.io/edwards25519/field/fe_generic.go
@@ -0,0 +1,266 @@
 // Copyright (c) 2017 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package field
 import "math/bits"
 // uint128 holds a 128-bit number as two 64-bit limbs, for use with the
 // bits.Mul64 and bits.Add64 intrinsics.
 type uint128 struct {
 	lo, hi uint64
 }
 // mul64 returns a * b.
 func mul64(a, b uint64) uint128 {
 	hi, lo := bits.Mul64(a, b)
 	return uint128{lo, hi}
 }
 // addMul64 returns v + a * b.
 func addMul64(v uint128, a, b uint64) uint128 {
 	hi, lo := bits.Mul64(a, b)
 	lo, c := bits.Add64(lo, v.lo, 0)
 	hi, _ = bits.Add64(hi, v.hi, c)
 	return uint128{lo, hi}
 }
 // shiftRightBy51 returns a >> 51. a is assumed to be at most 115 bits.
 func shiftRightBy51(a uint128) uint64 {
 	return (a.hi << (64 - 51)) | (a.lo >> 51)
 }
 func feMulGeneric(v, a, b *Element) {
 	a0 := a.l0
 	a1 := a.l1
 	a2 := a.l2
 	a3 := a.l3
 	a4 := a.l4
 	b0 := b.l0
 	b1 := b.l1
 	b2 := b.l2
 	b3 := b.l3
 	b4 := b.l4
 	// Limb multiplication works like pen-and-paper columnar multiplication, but
 	// with 51-bit limbs instead of digits.
 	//
 	//                          a4   a3   a2   a1   a0  x
 	//                          b4   b3   b2   b1   b0  =
 	//                         ------------------------
 	//                        a4b0 a3b0 a2b0 a1b0 a0b0  +
 	//                   a4b1 a3b1 a2b1 a1b1 a0b1       +
 	//              a4b2 a3b2 a2b2 a1b2 a0b2            +
 	//         a4b3 a3b3 a2b3 a1b3 a0b3                 +
 	//    a4b4 a3b4 a2b4 a1b4 a0b4                      =
 	//   ----------------------------------------------
 	//      r8   r7   r6   r5   r4   r3   r2   r1   r0
 	//
 	// We can then use the reduction identity (a * 2²⁵⁵ + b = a * 19 + b) to
 	// reduce the limbs that would overflow 255 bits. r5 * 2²⁵⁵ becomes 19 * r5,
 	// r6 * 2³⁰⁶ becomes 19 * r6 * 2⁵¹, etc.
 	//
 	// Reduction can be carried out simultaneously to multiplication. For
 	// example, we do not compute r5: whenever the result of a multiplication
 	// belongs to r5, like a1b4, we multiply it by 19 and add the result to r0.
 	//
 	//            a4b0    a3b0    a2b0    a1b0    a0b0  +
 	//            a3b1    a2b1    a1b1    a0b1 19×a4b1  +
 	//            a2b2    a1b2    a0b2 19×a4b2 19×a3b2  +
 	//            a1b3    a0b3 19×a4b3 19×a3b3 19×a2b3  +
 	//            a0b4 19×a4b4 19×a3b4 19×a2b4 19×a1b4  =
 	//           --------------------------------------
 	//              r4      r3      r2      r1      r0
 	//
 	// Finally we add up the columns into wide, overlapping limbs.
 	a1_19 := a1 * 19
 	a2_19 := a2 * 19
 	a3_19 := a3 * 19
 	a4_19 := a4 * 19
 	// r0 = a0×b0 + 19×(a1×b4 + a2×b3 + a3×b2 + a4×b1)
 	r0 := mul64(a0, b0)
 	r0 = addMul64(r0, a1_19, b4)
 	r0 = addMul64(r0, a2_19, b3)
 	r0 = addMul64(r0, a3_19, b2)
 	r0 = addMul64(r0, a4_19, b1)
 	// r1 = a0×b1 + a1×b0 + 19×(a2×b4 + a3×b3 + a4×b2)
 	r1 := mul64(a0, b1)
 	r1 = addMul64(r1, a1, b0)
 	r1 = addMul64(r1, a2_19, b4)
 	r1 = addMul64(r1, a3_19, b3)
 	r1 = addMul64(r1, a4_19, b2)
 	// r2 = a0×b2 + a1×b1 + a2×b0 + 19×(a3×b4 + a4×b3)
 	r2 := mul64(a0, b2)
 	r2 = addMul64(r2, a1, b1)
 	r2 = addMul64(r2, a2, b0)
 	r2 = addMul64(r2, a3_19, b4)
 	r2 = addMul64(r2, a4_19, b3)
 	// r3 = a0×b3 + a1×b2 + a2×b1 + a3×b0 + 19×a4×b4
 	r3 := mul64(a0, b3)
 	r3 = addMul64(r3, a1, b2)
 	r3 = addMul64(r3, a2, b1)
 	r3 = addMul64(r3, a3, b0)
 	r3 = addMul64(r3, a4_19, b4)
 	// r4 = a0×b4 + a1×b3 + a2×b2 + a3×b1 + a4×b0
 	r4 := mul64(a0, b4)
 	r4 = addMul64(r4, a1, b3)
 	r4 = addMul64(r4, a2, b2)
 	r4 = addMul64(r4, a3, b1)
 	r4 = addMul64(r4, a4, b0)
 	// After the multiplication, we need to reduce (carry) the five coefficients
 	// to obtain a result with limbs that are at most slightly larger than 2⁵¹,
 	// to respect the Element invariant.
 	//
 	// Overall, the reduction works the same as carryPropagate, except with
 	// wider inputs: we take the carry for each coefficient by shifting it right
 	// by 51, and add it to the limb above it. The top carry is multiplied by 19
 	// according to the reduction identity and added to the lowest limb.
 	//
 	// The largest coefficient (r0) will be at most 111 bits, which guarantees
 	// that all carries are at most 111 - 51 = 60 bits, which fits in a uint64.
 	//
 	//     r0 = a0×b0 + 19×(a1×b4 + a2×b3 + a3×b2 + a4×b1)
 	//     r0 < 2⁵²×2⁵² + 19×(2⁵²×2⁵² + 2⁵²×2⁵² + 2⁵²×2⁵² + 2⁵²×2⁵²)
 	//     r0 < (1 + 19 × 4) × 2⁵² × 2⁵²
 	//     r0 < 2⁷ × 2⁵² × 2⁵²
 	//     r0 < 2¹¹¹
 	//
 	// Moreover, the top coefficient (r4) is at most 107 bits, so c4 is at most
 	// 56 bits, and c4 * 19 is at most 61 bits, which again fits in a uint64 and
 	// allows us to easily apply the reduction identity.
 	//
 	//     r4 = a0×b4 + a1×b3 + a2×b2 + a3×b1 + a4×b0
 	//     r4 < 5 × 2⁵² × 2⁵²
 	//     r4 < 2¹⁰⁷
 	//
 	c0 := shiftRightBy51(r0)
 	c1 := shiftRightBy51(r1)
 	c2 := shiftRightBy51(r2)
 	c3 := shiftRightBy51(r3)
 	c4 := shiftRightBy51(r4)
 	rr0 := r0.lo&maskLow51Bits + c4*19
 	rr1 := r1.lo&maskLow51Bits + c0
 	rr2 := r2.lo&maskLow51Bits + c1
 	rr3 := r3.lo&maskLow51Bits + c2
 	rr4 := r4.lo&maskLow51Bits + c3
 	// Now all coefficients fit into 64-bit registers but are still too large to
 	// be passed around as an Element. We therefore do one last carry chain,
 	// where the carries will be small enough to fit in the wiggle room above 2⁵¹.
 	*v = Element{rr0, rr1, rr2, rr3, rr4}
 	v.carryPropagate()
 }
 func feSquareGeneric(v, a *Element) {
 	l0 := a.l0
 	l1 := a.l1
 	l2 := a.l2
 	l3 := a.l3
 	l4 := a.l4
 	// Squaring works precisely like multiplication above, but thanks to its
 	// symmetry we get to group a few terms together.
 	//
 	//                          l4   l3   l2   l1   l0  x
 	//                          l4   l3   l2   l1   l0  =
 	//                         ------------------------
 	//                        l4l0 l3l0 l2l0 l1l0 l0l0  +
 	//                   l4l1 l3l1 l2l1 l1l1 l0l1       +
 	//              l4l2 l3l2 l2l2 l1l2 l0l2            +
 	//         l4l3 l3l3 l2l3 l1l3 l0l3                 +
 	//    l4l4 l3l4 l2l4 l1l4 l0l4                      =
 	//   ----------------------------------------------
 	//      r8   r7   r6   r5   r4   r3   r2   r1   r0
 	//
 	//            l4l0    l3l0    l2l0    l1l0    l0l0  +
 	//            l3l1    l2l1    l1l1    l0l1 19×l4l1  +
 	//            l2l2    l1l2    l0l2 19×l4l2 19×l3l2  +
 	//            l1l3    l0l3 19×l4l3 19×l3l3 19×l2l3  +
 	//            l0l4 19×l4l4 19×l3l4 19×l2l4 19×l1l4  =
 	//           --------------------------------------
 	//              r4      r3      r2      r1      r0
 	//
 	// With precomputed 2×, 19×, and 2×19× terms, we can compute each limb with
 	// only three Mul64 and four Add64, instead of five and eight.
 	l0_2 := l0 * 2
 	l1_2 := l1 * 2
 	l1_38 := l1 * 38
 	l2_38 := l2 * 38
 	l3_38 := l3 * 38
 	l3_19 := l3 * 19
 	l4_19 := l4 * 19
 	// r0 = l0×l0 + 19×(l1×l4 + l2×l3 + l3×l2 + l4×l1) = l0×l0 + 19×2×(l1×l4 + l2×l3)
 	r0 := mul64(l0, l0)
 	r0 = addMul64(r0, l1_38, l4)
 	r0 = addMul64(r0, l2_38, l3)
 	// r1 = l0×l1 + l1×l0 + 19×(l2×l4 + l3×l3 + l4×l2) = 2×l0×l1 + 19×2×l2×l4 + 19×l3×l3
 	r1 := mul64(l0_2, l1)
 	r1 = addMul64(r1, l2_38, l4)
 	r1 = addMul64(r1, l3_19, l3)
 	// r2 = l0×l2 + l1×l1 + l2×l0 + 19×(l3×l4 + l4×l3) = 2×l0×l2 + l1×l1 + 19×2×l3×l4
 	r2 := mul64(l0_2, l2)
 	r2 = addMul64(r2, l1, l1)
 	r2 = addMul64(r2, l3_38, l4)
 	// r3 = l0×l3 + l1×l2 + l2×l1 + l3×l0 + 19×l4×l4 = 2×l0×l3 + 2×l1×l2 + 19×l4×l4
 	r3 := mul64(l0_2, l3)
 	r3 = addMul64(r3, l1_2, l2)
 	r3 = addMul64(r3, l4_19, l4)
 	// r4 = l0×l4 + l1×l3 + l2×l2 + l3×l1 + l4×l0 = 2×l0×l4 + 2×l1×l3 + l2×l2
 	r4 := mul64(l0_2, l4)
 	r4 = addMul64(r4, l1_2, l3)
 	r4 = addMul64(r4, l2, l2)
 	c0 := shiftRightBy51(r0)
 	c1 := shiftRightBy51(r1)
 	c2 := shiftRightBy51(r2)
 	c3 := shiftRightBy51(r3)
 	c4 := shiftRightBy51(r4)
 	rr0 := r0.lo&maskLow51Bits + c4*19
 	rr1 := r1.lo&maskLow51Bits + c0
 	rr2 := r2.lo&maskLow51Bits + c1
 	rr3 := r3.lo&maskLow51Bits + c2
 	rr4 := r4.lo&maskLow51Bits + c3
 	*v = Element{rr0, rr1, rr2, rr3, rr4}
 	v.carryPropagate()
 }
 // carryPropagateGeneric brings the limbs below 52 bits by applying the reduction
 // identity (a * 2²⁵⁵ + b = a * 19 + b) to the l4 carry.
 func (v *Element) carryPropagateGeneric() *Element {
 	c0 := v.l0 >> 51
 	c1 := v.l1 >> 51
 	c2 := v.l2 >> 51
 	c3 := v.l3 >> 51
 	c4 := v.l4 >> 51
 	// c4 is at most 64 - 51 = 13 bits, so c4*19 is at most 18 bits, and
 	// the final l0 will be at most 52 bits. Similarly for the rest.
 	v.l0 = v.l0&maskLow51Bits + c4*19
 	v.l1 = v.l1&maskLow51Bits + c0
 	v.l2 = v.l2&maskLow51Bits + c1
 	v.l3 = v.l3&maskLow51Bits + c2
 	v.l4 = v.l4&maskLow51Bits + c3
 	return v
 }
--- a/vendor/filippo.io/edwards25519/scalar.go
+++ b/vendor/filippo.io/edwards25519/scalar.go
@@ -0,0 +1,343 @@
 // Copyright (c) 2016 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package edwards25519
 import (
 	"encoding/binary"
 	"errors"
 )
 // A Scalar is an integer modulo
 //
 //	l = 2^252 + 27742317777372353535851937790883648493
 //
 // which is the prime order of the edwards25519 group.
 //
 // This type works similarly to math/big.Int, and all arguments and
 // receivers are allowed to alias.
 //
 // The zero value is a valid zero element.
 type Scalar struct {
 	// s is the scalar in the Montgomery domain, in the format of the
 	// fiat-crypto implementation.
 	s fiatScalarMontgomeryDomainFieldElement
 }
 // The field implementation in scalar_fiat.go is generated by the fiat-crypto
 // project (https://github.com/mit-plv/fiat-crypto) at version v0.0.9 (23d2dbc)
 // from a formally verified model.
 //
 // fiat-crypto code comes under the following license.
 //
 //     Copyright (c) 2015-2020 The fiat-crypto Authors. All rights reserved.
 //
 //     Redistribution and use in source and binary forms, with or without
 //     modification, are permitted provided that the following conditions are
 //     met:
 //
 //         1. Redistributions of source code must retain the above copyright
 //         notice, this list of conditions and the following disclaimer.
 //
 //     THIS SOFTWARE IS PROVIDED BY the fiat-crypto authors "AS IS"
 //     AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 //     THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 //     PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL Berkeley Software Design,
 //     Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 //     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 //     PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 //     PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 //     LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 //     NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 //     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 //
 // NewScalar returns a new zero Scalar.
 func NewScalar() *Scalar {
 	return &Scalar{}
 }
 // MultiplyAdd sets s = x * y + z mod l, and returns s. It is equivalent to
 // using Multiply and then Add.
 func (s *Scalar) MultiplyAdd(x, y, z *Scalar) *Scalar {
 	// Make a copy of z in case it aliases s.
 	zCopy := new(Scalar).Set(z)
 	return s.Multiply(x, y).Add(s, zCopy)
 }
 // Add sets s = x + y mod l, and returns s.
 func (s *Scalar) Add(x, y *Scalar) *Scalar {
 	// s = 1 * x + y mod l
 	fiatScalarAdd(&s.s, &x.s, &y.s)
 	return s
 }
 // Subtract sets s = x - y mod l, and returns s.
 func (s *Scalar) Subtract(x, y *Scalar) *Scalar {
 	// s = -1 * y + x mod l
 	fiatScalarSub(&s.s, &x.s, &y.s)
 	return s
 }
 // Negate sets s = -x mod l, and returns s.
 func (s *Scalar) Negate(x *Scalar) *Scalar {
 	// s = -1 * x + 0 mod l
 	fiatScalarOpp(&s.s, &x.s)
 	return s
 }
 // Multiply sets s = x * y mod l, and returns s.
 func (s *Scalar) Multiply(x, y *Scalar) *Scalar {
 	// s = x * y + 0 mod l
 	fiatScalarMul(&s.s, &x.s, &y.s)
 	return s
 }
 // Set sets s = x, and returns s.
 func (s *Scalar) Set(x *Scalar) *Scalar {
 	*s = *x
 	return s
 }
 // SetUniformBytes sets s = x mod l, where x is a 64-byte little-endian integer.
 // If x is not of the right length, SetUniformBytes returns nil and an error,
 // and the receiver is unchanged.
 //
 // SetUniformBytes can be used to set s to a uniformly distributed value given
 // 64 uniformly distributed random bytes.
 func (s *Scalar) SetUniformBytes(x []byte) (*Scalar, error) {
 	if len(x) != 64 {
 		return nil, errors.New("edwards25519: invalid SetUniformBytes input length")
 	}
 	// We have a value x of 512 bits, but our fiatScalarFromBytes function
 	// expects an input lower than l, which is a little over 252 bits.
 	//
 	// Instead of writing a reduction function that operates on wider inputs, we
 	// can interpret x as the sum of three shorter values a, b, and c.
 	//
 	//    x = a + b * 2^168 + c * 2^336  mod l
 	//
 	// We then precompute 2^168 and 2^336 modulo l, and perform the reduction
 	// with two multiplications and two additions.
 	s.setShortBytes(x[:21])
 	t := new(Scalar).setShortBytes(x[21:42])
 	s.Add(s, t.Multiply(t, scalarTwo168))
 	t.setShortBytes(x[42:])
 	s.Add(s, t.Multiply(t, scalarTwo336))
 	return s, nil
 }
 // scalarTwo168 and scalarTwo336 are 2^168 and 2^336 modulo l, encoded as a
 // fiatScalarMontgomeryDomainFieldElement, which is a little-endian 4-limb value
 // in the 2^256 Montgomery domain.
 var scalarTwo168 = &Scalar{s: [4]uint64{0x5b8ab432eac74798, 0x38afddd6de59d5d7,
 	0xa2c131b399411b7c, 0x6329a7ed9ce5a30}}
 var scalarTwo336 = &Scalar{s: [4]uint64{0xbd3d108e2b35ecc5, 0x5c3a3718bdf9c90b,
 	0x63aa97a331b4f2ee, 0x3d217f5be65cb5c}}
 // setShortBytes sets s = x mod l, where x is a little-endian integer shorter
 // than 32 bytes.
 func (s *Scalar) setShortBytes(x []byte) *Scalar {
 	if len(x) >= 32 {
 		panic("edwards25519: internal error: setShortBytes called with a long string")
 	}
 	var buf [32]byte
 	copy(buf[:], x)
 	fiatScalarFromBytes((*[4]uint64)(&s.s), &buf)
 	fiatScalarToMontgomery(&s.s, (*fiatScalarNonMontgomeryDomainFieldElement)(&s.s))
 	return s
 }
 // SetCanonicalBytes sets s = x, where x is a 32-byte little-endian encoding of
 // s, and returns s. If x is not a canonical encoding of s, SetCanonicalBytes
 // returns nil and an error, and the receiver is unchanged.
 func (s *Scalar) SetCanonicalBytes(x []byte) (*Scalar, error) {
 	if len(x) != 32 {
 		return nil, errors.New("invalid scalar length")
 	}
 	if !isReduced(x) {
 		return nil, errors.New("invalid scalar encoding")
 	}
 	fiatScalarFromBytes((*[4]uint64)(&s.s), (*[32]byte)(x))
 	fiatScalarToMontgomery(&s.s, (*fiatScalarNonMontgomeryDomainFieldElement)(&s.s))
 	return s, nil
 }
 // scalarMinusOneBytes is l - 1 in little endian.
 var scalarMinusOneBytes = [32]byte{236, 211, 245, 92, 26, 99, 18, 88, 214, 156, 247, 162, 222, 249, 222, 20, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 16}
 // isReduced returns whether the given scalar in 32-byte little endian encoded
 // form is reduced modulo l.
 func isReduced(s []byte) bool {
 	if len(s) != 32 {
 		return false
 	}
 	for i := len(s) - 1; i >= 0; i-- {
 		switch {
 		case s[i] > scalarMinusOneBytes[i]:
 			return false
 		case s[i] < scalarMinusOneBytes[i]:
 			return true
 		}
 	}
 	return true
 }
 // SetBytesWithClamping applies the buffer pruning described in RFC 8032,
 // Section 5.1.5 (also known as clamping) and sets s to the result. The input
 // must be 32 bytes, and it is not modified. If x is not of the right length,
 // SetBytesWithClamping returns nil and an error, and the receiver is unchanged.
 //
 // Note that since Scalar values are always reduced modulo the prime order of
 // the curve, the resulting value will not preserve any of the cofactor-clearing
 // properties that clamping is meant to provide. It will however work as
 // expected as long as it is applied to points on the prime order subgroup, like
 // in Ed25519. In fact, it is lost to history why RFC 8032 adopted the
 // irrelevant RFC 7748 clamping, but it is now required for compatibility.
 func (s *Scalar) SetBytesWithClamping(x []byte) (*Scalar, error) {
 	// The description above omits the purpose of the high bits of the clamping
 	// for brevity, but those are also lost to reductions, and are also
 	// irrelevant to edwards25519 as they protect against a specific
 	// implementation bug that was once observed in a generic Montgomery ladder.
 	if len(x) != 32 {
 		return nil, errors.New("edwards25519: invalid SetBytesWithClamping input length")
 	}
 	// We need to use the wide reduction from SetUniformBytes, since clamping
 	// sets the 2^254 bit, making the value higher than the order.
 	var wideBytes [64]byte
 	copy(wideBytes[:], x[:])
 	wideBytes[0] &= 248
 	wideBytes[31] &= 63
 	wideBytes[31] |= 64
 	return s.SetUniformBytes(wideBytes[:])
 }
 // Bytes returns the canonical 32-byte little-endian encoding of s.
 func (s *Scalar) Bytes() []byte {
 	// This function is outlined to make the allocations inline in the caller
 	// rather than happen on the heap.
 	var encoded [32]byte
 	return s.bytes(&encoded)
 }
 func (s *Scalar) bytes(out *[32]byte) []byte {
 	var ss fiatScalarNonMontgomeryDomainFieldElement
 	fiatScalarFromMontgomery(&ss, &s.s)
 	fiatScalarToBytes(out, (*[4]uint64)(&ss))
 	return out[:]
 }
 // Equal returns 1 if s and t are equal, and 0 otherwise.
 func (s *Scalar) Equal(t *Scalar) int {
 	var diff fiatScalarMontgomeryDomainFieldElement
 	fiatScalarSub(&diff, &s.s, &t.s)
 	var nonzero uint64
 	fiatScalarNonzero(&nonzero, (*[4]uint64)(&diff))
 	nonzero |= nonzero >> 32
 	nonzero |= nonzero >> 16
 	nonzero |= nonzero >> 8
 	nonzero |= nonzero >> 4
 	nonzero |= nonzero >> 2
 	nonzero |= nonzero >> 1
 	return int(^nonzero) & 1
 }
 // nonAdjacentForm computes a width-w non-adjacent form for this scalar.
 //
 // w must be between 2 and 8, or nonAdjacentForm will panic.
 func (s *Scalar) nonAdjacentForm(w uint) [256]int8 {
 	// This implementation is adapted from the one
 	// in curve25519-dalek and is documented there:
 	// https://github.com/dalek-cryptography/curve25519-dalek/blob/f630041af28e9a405255f98a8a93adca18e4315b/src/scalar.rs#L800-L871
 	b := s.Bytes()
 	if b[31] > 127 {
 		panic("scalar has high bit set illegally")
 	}
 	if w < 2 {
 		panic("w must be at least 2 by the definition of NAF")
 	} else if w > 8 {
 		panic("NAF digits must fit in int8")
 	}
 	var naf [256]int8
 	var digits [5]uint64
 	for i := 0; i < 4; i++ {
 		digits[i] = binary.LittleEndian.Uint64(b[i*8:])
 	}
 	width := uint64(1 << w)
 	windowMask := uint64(width - 1)
 	pos := uint(0)
 	carry := uint64(0)
 	for pos < 256 {
 		indexU64 := pos / 64
 		indexBit := pos % 64
 		var bitBuf uint64
 		if indexBit < 64-w {
 			// This window's bits are contained in a single u64
 			bitBuf = digits[indexU64] >> indexBit
 		} else {
 			// Combine the current 64 bits with bits from the next 64
 			bitBuf = (digits[indexU64] >> indexBit) | (digits[1+indexU64] << (64 - indexBit))
 		}
 		// Add carry into the current window
 		window := carry + (bitBuf & windowMask)
 		if window&1 == 0 {
 			// If the window value is even, preserve the carry and continue.
 			// Why is the carry preserved?
 			// If carry == 0 and window & 1 == 0,
 			//    then the next carry should be 0
 			// If carry == 1 and window & 1 == 0,
 			//    then bit_buf & 1 == 1 so the next carry should be 1
 			pos += 1
 			continue
 		}
 		if window < width/2 {
 			carry = 0
 			naf[pos] = int8(window)
 		} else {
 			carry = 1
 			naf[pos] = int8(window) - int8(width)
 		}
 		pos += w
 	}
 	return naf
 }
 func (s *Scalar) signedRadix16() [64]int8 {
 	b := s.Bytes()
 	if b[31] > 127 {
 		panic("scalar has high bit set illegally")
 	}
 	var digits [64]int8
 	// Compute unsigned radix-16 digits:
 	for i := 0; i < 32; i++ {
 		digits[2*i] = int8(b[i] & 15)
 		digits[2*i+1] = int8((b[i] >> 4) & 15)
 	}
 	// Recenter coefficients:
 	for i := 0; i < 63; i++ {
 		carry := (digits[i] + 8) >> 4
 		digits[i] -= carry << 4
 		digits[i+1] += carry
 	}
 	return digits
 }
--- a/vendor/filippo.io/edwards25519/scalar_fiat.go
+++ b/vendor/filippo.io/edwards25519/scalar_fiat.go
--- a/vendor/filippo.io/edwards25519/scalarmult.go
+++ b/vendor/filippo.io/edwards25519/scalarmult.go
@@ -0,0 +1,214 @@
 // Copyright (c) 2019 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package edwards25519
 import "sync"
 // basepointTable is a set of 32 affineLookupTables, where table i is generated
 // from 256i * basepoint. It is precomputed the first time it's used.
 func basepointTable() *[32]affineLookupTable {
 	basepointTablePrecomp.initOnce.Do(func() {
 		p := NewGeneratorPoint()
 		for i := 0; i < 32; i++ {
 			basepointTablePrecomp.table[i].FromP3(p)
 			for j := 0; j < 8; j++ {
 				p.Add(p, p)
 			}
 		}
 	})
 	return &basepointTablePrecomp.table
 }
 var basepointTablePrecomp struct {
 	table    [32]affineLookupTable
 	initOnce sync.Once
 }
 // ScalarBaseMult sets v = x * B, where B is the canonical generator, and
 // returns v.
 //
 // The scalar multiplication is done in constant time.
 func (v *Point) ScalarBaseMult(x *Scalar) *Point {
 	basepointTable := basepointTable()
 	// Write x = sum(x_i * 16^i) so  x*B = sum( B*x_i*16^i )
 	// as described in the Ed25519 paper
 	//
 	// Group even and odd coefficients
 	// x*B     = x_0*16^0*B + x_2*16^2*B + ... + x_62*16^62*B
 	//         + x_1*16^1*B + x_3*16^3*B + ... + x_63*16^63*B
 	// x*B     = x_0*16^0*B + x_2*16^2*B + ... + x_62*16^62*B
 	//    + 16*( x_1*16^0*B + x_3*16^2*B + ... + x_63*16^62*B)
 	//
 	// We use a lookup table for each i to get x_i*16^(2*i)*B
 	// and do four doublings to multiply by 16.
 	digits := x.signedRadix16()
 	multiple := &affineCached{}
 	tmp1 := &projP1xP1{}
 	tmp2 := &projP2{}
 	// Accumulate the odd components first
 	v.Set(NewIdentityPoint())
 	for i := 1; i < 64; i += 2 {
 		basepointTable[i/2].SelectInto(multiple, digits[i])
 		tmp1.AddAffine(v, multiple)
 		v.fromP1xP1(tmp1)
 	}
 	// Multiply by 16
 	tmp2.FromP3(v)       // tmp2 =    v in P2 coords
 	tmp1.Double(tmp2)    // tmp1 =  2*v in P1xP1 coords
 	tmp2.FromP1xP1(tmp1) // tmp2 =  2*v in P2 coords
 	tmp1.Double(tmp2)    // tmp1 =  4*v in P1xP1 coords
 	tmp2.FromP1xP1(tmp1) // tmp2 =  4*v in P2 coords
 	tmp1.Double(tmp2)    // tmp1 =  8*v in P1xP1 coords
 	tmp2.FromP1xP1(tmp1) // tmp2 =  8*v in P2 coords
 	tmp1.Double(tmp2)    // tmp1 = 16*v in P1xP1 coords
 	v.fromP1xP1(tmp1)    // now v = 16*(odd components)
 	// Accumulate the even components
 	for i := 0; i < 64; i += 2 {
 		basepointTable[i/2].SelectInto(multiple, digits[i])
 		tmp1.AddAffine(v, multiple)
 		v.fromP1xP1(tmp1)
 	}
 	return v
 }
 // ScalarMult sets v = x * q, and returns v.
 //
 // The scalar multiplication is done in constant time.
 func (v *Point) ScalarMult(x *Scalar, q *Point) *Point {
 	checkInitialized(q)
 	var table projLookupTable
 	table.FromP3(q)
 	// Write x = sum(x_i * 16^i)
 	// so  x*Q = sum( Q*x_i*16^i )
 	//         = Q*x_0 + 16*(Q*x_1 + 16*( ... + Q*x_63) ... )
 	//           <------compute inside out---------
 	//
 	// We use the lookup table to get the x_i*Q values
 	// and do four doublings to compute 16*Q
 	digits := x.signedRadix16()
 	// Unwrap first loop iteration to save computing 16*identity
 	multiple := &projCached{}
 	tmp1 := &projP1xP1{}
 	tmp2 := &projP2{}
 	table.SelectInto(multiple, digits[63])
 	v.Set(NewIdentityPoint())
 	tmp1.Add(v, multiple) // tmp1 = x_63*Q in P1xP1 coords
 	for i := 62; i >= 0; i-- {
 		tmp2.FromP1xP1(tmp1) // tmp2 =    (prev) in P2 coords
 		tmp1.Double(tmp2)    // tmp1 =  2*(prev) in P1xP1 coords
 		tmp2.FromP1xP1(tmp1) // tmp2 =  2*(prev) in P2 coords
 		tmp1.Double(tmp2)    // tmp1 =  4*(prev) in P1xP1 coords
 		tmp2.FromP1xP1(tmp1) // tmp2 =  4*(prev) in P2 coords
 		tmp1.Double(tmp2)    // tmp1 =  8*(prev) in P1xP1 coords
 		tmp2.FromP1xP1(tmp1) // tmp2 =  8*(prev) in P2 coords
 		tmp1.Double(tmp2)    // tmp1 = 16*(prev) in P1xP1 coords
 		v.fromP1xP1(tmp1)    //    v = 16*(prev) in P3 coords
 		table.SelectInto(multiple, digits[i])
 		tmp1.Add(v, multiple) // tmp1 = x_i*Q + 16*(prev) in P1xP1 coords
 	}
 	v.fromP1xP1(tmp1)
 	return v
 }
 // basepointNafTable is the nafLookupTable8 for the basepoint.
 // It is precomputed the first time it's used.
 func basepointNafTable() *nafLookupTable8 {
 	basepointNafTablePrecomp.initOnce.Do(func() {
 		basepointNafTablePrecomp.table.FromP3(NewGeneratorPoint())
 	})
 	return &basepointNafTablePrecomp.table
 }
 var basepointNafTablePrecomp struct {
 	table    nafLookupTable8
 	initOnce sync.Once
 }
 // VarTimeDoubleScalarBaseMult sets v = a * A + b * B, where B is the canonical
 // generator, and returns v.
 //
 // Execution time depends on the inputs.
 func (v *Point) VarTimeDoubleScalarBaseMult(a *Scalar, A *Point, b *Scalar) *Point {
 	checkInitialized(A)
 	// Similarly to the single variable-base approach, we compute
 	// digits and use them with a lookup table.  However, because
 	// we are allowed to do variable-time operations, we don't
 	// need constant-time lookups or constant-time digit
 	// computations.
 	//
 	// So we use a non-adjacent form of some width w instead of
 	// radix 16.  This is like a binary representation (one digit
 	// for each binary place) but we allow the digits to grow in
 	// magnitude up to 2^{w-1} so that the nonzero digits are as
 	// sparse as possible.  Intuitively, this "condenses" the
 	// "mass" of the scalar onto sparse coefficients (meaning
 	// fewer additions).
 	basepointNafTable := basepointNafTable()
 	var aTable nafLookupTable5
 	aTable.FromP3(A)
 	// Because the basepoint is fixed, we can use a wider NAF
 	// corresponding to a bigger table.
 	aNaf := a.nonAdjacentForm(5)
 	bNaf := b.nonAdjacentForm(8)
 	// Find the first nonzero coefficient.
 	i := 255
 	for j := i; j >= 0; j-- {
 		if aNaf[j] != 0 || bNaf[j] != 0 {
 			break
 		}
 	}
 	multA := &projCached{}
 	multB := &affineCached{}
 	tmp1 := &projP1xP1{}
 	tmp2 := &projP2{}
 	tmp2.Zero()
 	// Move from high to low bits, doubling the accumulator
 	// at each iteration and checking whether there is a nonzero
 	// coefficient to look up a multiple of.
 	for ; i >= 0; i-- {
 		tmp1.Double(tmp2)
 		// Only update v if we have a nonzero coeff to add in.
 		if aNaf[i] > 0 {
 			v.fromP1xP1(tmp1)
 			aTable.SelectInto(multA, aNaf[i])
 			tmp1.Add(v, multA)
 		} else if aNaf[i] < 0 {
 			v.fromP1xP1(tmp1)
 			aTable.SelectInto(multA, -aNaf[i])
 			tmp1.Sub(v, multA)
 		}
 		if bNaf[i] > 0 {
 			v.fromP1xP1(tmp1)
 			basepointNafTable.SelectInto(multB, bNaf[i])
 			tmp1.AddAffine(v, multB)
 		} else if bNaf[i] < 0 {
 			v.fromP1xP1(tmp1)
 			basepointNafTable.SelectInto(multB, -bNaf[i])
 			tmp1.SubAffine(v, multB)
 		}
 		tmp2.FromP1xP1(tmp1)
 	}
 	v.fromP2(tmp2)
 	return v
 }
--- a/vendor/filippo.io/edwards25519/tables.go
+++ b/vendor/filippo.io/edwards25519/tables.go
@@ -0,0 +1,129 @@
 // Copyright (c) 2019 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package edwards25519
 import (
 	"crypto/subtle"
 )
 // A dynamic lookup table for variable-base, constant-time scalar muls.
 type projLookupTable struct {
 	points [8]projCached
 }
 // A precomputed lookup table for fixed-base, constant-time scalar muls.
 type affineLookupTable struct {
 	points [8]affineCached
 }
 // A dynamic lookup table for variable-base, variable-time scalar muls.
 type nafLookupTable5 struct {
 	points [8]projCached
 }
 // A precomputed lookup table for fixed-base, variable-time scalar muls.
 type nafLookupTable8 struct {
 	points [64]affineCached
 }
 // Constructors.
 // Builds a lookup table at runtime. Fast.
 func (v *projLookupTable) FromP3(q *Point) {
 	// Goal: v.points[i] = (i+1)*Q, i.e., Q, 2Q, ..., 8Q
 	// This allows lookup of -8Q, ..., -Q, 0, Q, ..., 8Q
 	v.points[0].FromP3(q)
 	tmpP3 := Point{}
 	tmpP1xP1 := projP1xP1{}
 	for i := 0; i < 7; i++ {
 		// Compute (i+1)*Q as Q + i*Q and convert to a projCached
 		// This is needlessly complicated because the API has explicit
 		// receivers instead of creating stack objects and relying on RVO
 		v.points[i+1].FromP3(tmpP3.fromP1xP1(tmpP1xP1.Add(q, &v.points[i])))
 	}
 }
 // This is not optimised for speed; fixed-base tables should be precomputed.
 func (v *affineLookupTable) FromP3(q *Point) {
 	// Goal: v.points[i] = (i+1)*Q, i.e., Q, 2Q, ..., 8Q
 	// This allows lookup of -8Q, ..., -Q, 0, Q, ..., 8Q
 	v.points[0].FromP3(q)
 	tmpP3 := Point{}
 	tmpP1xP1 := projP1xP1{}
 	for i := 0; i < 7; i++ {
 		// Compute (i+1)*Q as Q + i*Q and convert to affineCached
 		v.points[i+1].FromP3(tmpP3.fromP1xP1(tmpP1xP1.AddAffine(q, &v.points[i])))
 	}
 }
 // Builds a lookup table at runtime. Fast.
 func (v *nafLookupTable5) FromP3(q *Point) {
 	// Goal: v.points[i] = (2*i+1)*Q, i.e., Q, 3Q, 5Q, ..., 15Q
 	// This allows lookup of -15Q, ..., -3Q, -Q, 0, Q, 3Q, ..., 15Q
 	v.points[0].FromP3(q)
 	q2 := Point{}
 	q2.Add(q, q)
 	tmpP3 := Point{}
 	tmpP1xP1 := projP1xP1{}
 	for i := 0; i < 7; i++ {
 		v.points[i+1].FromP3(tmpP3.fromP1xP1(tmpP1xP1.Add(&q2, &v.points[i])))
 	}
 }
 // This is not optimised for speed; fixed-base tables should be precomputed.
 func (v *nafLookupTable8) FromP3(q *Point) {
 	v.points[0].FromP3(q)
 	q2 := Point{}
 	q2.Add(q, q)
 	tmpP3 := Point{}
 	tmpP1xP1 := projP1xP1{}
 	for i := 0; i < 63; i++ {
 		v.points[i+1].FromP3(tmpP3.fromP1xP1(tmpP1xP1.AddAffine(&q2, &v.points[i])))
 	}
 }
 // Selectors.
 // Set dest to x*Q, where -8 <= x <= 8, in constant time.
 func (v *projLookupTable) SelectInto(dest *projCached, x int8) {
 	// Compute xabs = |x|
 	xmask := x >> 7
 	xabs := uint8((x + xmask) ^ xmask)
 	dest.Zero()
 	for j := 1; j <= 8; j++ {
 		// Set dest = j*Q if |x| = j
 		cond := subtle.ConstantTimeByteEq(xabs, uint8(j))
 		dest.Select(&v.points[j-1], dest, cond)
 	}
 	// Now dest = |x|*Q, conditionally negate to get x*Q
 	dest.CondNeg(int(xmask & 1))
 }
 // Set dest to x*Q, where -8 <= x <= 8, in constant time.
 func (v *affineLookupTable) SelectInto(dest *affineCached, x int8) {
 	// Compute xabs = |x|
 	xmask := x >> 7
 	xabs := uint8((x + xmask) ^ xmask)
 	dest.Zero()
 	for j := 1; j <= 8; j++ {
 		// Set dest = j*Q if |x| = j
 		cond := subtle.ConstantTimeByteEq(xabs, uint8(j))
 		dest.Select(&v.points[j-1], dest, cond)
 	}
 	// Now dest = |x|*Q, conditionally negate to get x*Q
 	dest.CondNeg(int(xmask & 1))
 }
 // Given odd x with 0 < x < 2^4, return x*Q (in variable time).
 func (v *nafLookupTable5) SelectInto(dest *projCached, x int8) {
 	*dest = v.points[x/2]
 }
 // Given odd x with 0 < x < 2^7, return x*Q (in variable time).
 func (v *nafLookupTable8) SelectInto(dest *affineCached, x int8) {
 	*dest = v.points[x/2]
 }
--- a/vendor/github.com/akutz/memconn/.gitignore
+++ b/vendor/github.com/akutz/memconn/.gitignore
@@ -0,0 +1,414 @@
 *.a
 *.out
 *.test
 *.stderr
 *.stdout
 *.log
 .vscode/
 # Created by https://www.gitignore.io
 ### Windows ###
 # Windows image file caches
 Thumbs.db
 ehthumbs.db
 # Folder config file
 Desktop.ini
 # Recycle Bin used on file shares
 $RECYCLE.BIN/
 # Windows Installer files
 *.cab
 *.msi
 *.msm
 *.msp
 # Windows shortcuts
 *.lnk
 ### OSX ###
 .DS_Store
 .AppleDouble
 .LSOverride
 # Icon must end with two \r
 Icon
 # Thumbnails
 ._*
 # Files that might appear in the root of a volume
 .DocumentRevisions-V100
 .fseventsd
 .Spotlight-V100
 .TemporaryItems
 .Trashes
 .VolumeIcon.icns
 # Directories potentially created on remote AFP share
 .AppleDB
 .AppleDesktop
 Network Trash Folder
 Temporary Items
 .apdisk
 ### Eclipse ###
 *.pydevproject
 .metadata
 .gradle
 bin/
 tmp/
 *.tmp
 *.bak
 *.swp
 *~.nib
 local.properties
 .settings/
 .loadpath
 # Eclipse Core
 .project
 # External tool builders
 .externalToolBuilders/
 # Locally stored "Eclipse launch configurations"
 *.launch
 # CDT-specific
 .cproject
 # JDT-specific (Eclipse Java Development Tools)
 .classpath
 # PDT-specific
 .buildpath
 # sbteclipse plugin
 .target
 # TeXlipse plugin
 .texlipse
 ### Go ###
 # Compiled Object files, Static and Dynamic libs (Shared Objects)
 *.o
 *.a
 *.so
 # Folders
 _obj
 _test
 # Architecture specific extensions/prefixes
 *.[568vq]
 [568vq].out
 *.cgo1.go
 *.cgo2.c
 _cgo_defun.c
 _cgo_gotypes.go
 _cgo_export.*
 _testmain.go
 *.exe
 *.test
 *.prof
 ### SublimeText ###
 # cache files for sublime text
 *.tmlanguage.cache
 *.tmPreferences.cache
 *.stTheme.cache
 # workspace files are user-specific
 *.sublime-workspace
 # project files should be checked into the repository, unless a significant
 # proportion of contributors will probably not be using SublimeText
 # *.sublime-project
 # sftp configuration file
 sftp-config.json
 ### VisualStudio ###
 ## Ignore Visual Studio temporary files, build results, and
 ## files generated by popular Visual Studio add-ons.
 # User-specific files
 *.suo
 *.user
 *.userosscache
 *.sln.docstates
 # User-specific files (MonoDevelop/Xamarin Studio)
 *.userprefs
 # Build results
 [Dd]ebug/
 [Dd]ebugPublic/
 [Rr]elease/
 [Rr]eleases/
 x64/
 x86/
 build/
 bld/
 [Bb]in/
 [Oo]bj/
 # Visual Studo 2015 cache/options directory
 .vs/
 # MSTest test Results
 [Tt]est[Rr]esult*/
 [Bb]uild[Ll]og.*
 # NUNIT
 *.VisualState.xml
 TestResult.xml
 # Build Results of an ATL Project
 [Dd]ebugPS/
 [Rr]eleasePS/
 dlldata.c
 *_i.c
 *_p.c
 *_i.h
 *.ilk
 *.meta
 *.obj
 *.pch
 *.pdb
 *.pgc
 *.pgd
 *.rsp
 *.sbr
 *.tlb
 *.tli
 *.tlh
 *.tmp
 *.tmp_proj
 *.log
 *.vspscc
 *.vssscc
 .builds
 *.pidb
 *.svclog
 *.scc
 # Chutzpah Test files
 _Chutzpah*
 # Visual C++ cache files
 ipch/
 *.aps
 *.ncb
 *.opensdf
 *.sdf
 *.cachefile
 # Visual Studio profiler
 *.psess
 *.vsp
 *.vspx
 # TFS 2012 Local Workspace
 $tf/
 # Guidance Automation Toolkit
 *.gpState
 # ReSharper is a .NET coding add-in
 _ReSharper*/
 *.[Rr]e[Ss]harper
 *.DotSettings.user
 # JustCode is a .NET coding addin-in
 .JustCode
 # TeamCity is a build add-in
 _TeamCity*
 # DotCover is a Code Coverage Tool
 *.dotCover
 # NCrunch
 _NCrunch_*
 .*crunch*.local.xml
 # MightyMoose
 *.mm.*
 AutoTest.Net/
 # Web workbench (sass)
 .sass-cache/
 # Installshield output folder
 [Ee]xpress/
 # DocProject is a documentation generator add-in
 DocProject/buildhelp/
 DocProject/Help/*.HxT
 DocProject/Help/*.HxC
 DocProject/Help/*.hhc
 DocProject/Help/*.hhk
 DocProject/Help/*.hhp
 DocProject/Help/Html2
 DocProject/Help/html
 # Click-Once directory
 publish/
 # Publish Web Output
 *.[Pp]ublish.xml
 *.azurePubxml
 # TODO: Comment the next line if you want to checkin your web deploy settings
 # but database connection strings (with potential passwords) will be unencrypted
 *.pubxml
 *.publishproj
 # NuGet Packages
 *.nupkg
 # The packages folder can be ignored because of Package Restore
 **/packages/*
 # except build/, which is used as an MSBuild target.
 !**/packages/build/
 # Uncomment if necessary however generally it will be regenerated when needed
 #!**/packages/repositories.config
 # Windows Azure Build Output
 csx/
 *.build.csdef
 # Windows Store app package directory
 AppPackages/
 # Others
 *.[Cc]ache
 ClientBin/
 [Ss]tyle[Cc]op.*
 ~$*
 *~
 *.dbmdl
 *.dbproj.schemaview
 *.pfx
 *.publishsettings
 node_modules/
 bower_components/
 # RIA/Silverlight projects
 Generated_Code/
 # Backup & report files from converting an old project file
 # to a newer Visual Studio version. Backup files are not needed,
 # because we have git ;-)
 _UpgradeReport_Files/
 Backup*/
 UpgradeLog*.XML
 UpgradeLog*.htm
 # SQL Server files
 *.mdf
 *.ldf
 # Business Intelligence projects
 *.rdl.data
 *.bim.layout
 *.bim_*.settings
 # Microsoft Fakes
 FakesAssemblies/
 # Node.js Tools for Visual Studio
 .ntvs_analysis.dat
 # Visual Studio 6 build log
 *.plg
 # Visual Studio 6 workspace options file
 *.opt
 ### Maven ###
 target/
 pom.xml.tag
 pom.xml.releaseBackup
 pom.xml.versionsBackup
 pom.xml.next
 release.properties
 dependency-reduced-pom.xml
 buildNumber.properties
 ### Java ###
 *.class
 # Mobile Tools for Java (J2ME)
 .mtj.tmp/
 # Package Files #
 *.jar
 *.war
 *.ear
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
 ### Intellij ###
 # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm
 *.iml
 ## Directory-based project format:
 .idea/
 # if you remove the above rule, at least ignore the following:
 # User-specific stuff:
 # .idea/workspace.xml
 # .idea/tasks.xml
 # .idea/dictionaries
 # Sensitive or high-churn files:
 # .idea/dataSources.ids
 # .idea/dataSources.xml
 # .idea/sqlDataSources.xml
 # .idea/dynamic.xml
 # .idea/uiDesigner.xml
 # Gradle:
 # .idea/gradle.xml
 # .idea/libraries
 # Mongo Explorer plugin:
 # .idea/mongoSettings.xml
 ## File-based project format:
 *.ipr
 *.iws
 ## Plugin-specific files:
 # IntelliJ
 /out/
 # mpeltonen/sbt-idea plugin
 .idea_modules/
 # JIRA plugin
 atlassian-ide-plugin.xml
 # Crashlytics plugin (for Android Studio and IntelliJ)
 com_crashlytics_export_strings.xml
 crashlytics.properties
 crashlytics-build.properties
--- a/vendor/github.com/akutz/memconn/.travis.yml
+++ b/vendor/github.com/akutz/memconn/.travis.yml
@@ -0,0 +1,21 @@
 # Setting "sudo" to false forces Travis-CI to use its
 # container-based build infrastructure, which has shorter
 # queue times.
 sudo: false
 # Use the newer Travis-CI build templates based on the
 # Debian Linux distribution "Trusty" release.
 dist: trusty
 # Select Go as the language used to run the buid.
 language: go
 go:
  - 1.8.x
  - 1.9.x
  - 1.10.x
 go_import_path: github.com/akutz/memconn
 install: true
 script:
  - make test
  - make benchmark
--- a/vendor/github.com/akutz/memconn/LICENSE
+++ b/vendor/github.com/akutz/memconn/LICENSE
@@ -0,0 +1,201 @@
                                Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/
   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
   1. Definitions.
      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.
      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.
      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.
      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.
      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.
      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.
      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).
      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and Derivative Works thereof.
      "Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control systems,
      and issue tracking systems that are managed by, or on behalf of, the
      Licensor for the purpose of discussing and improving the Work, but
      excluding communication that is conspicuously marked or otherwise
      designated in writing by the copyright owner as "Not a Contribution."
      "Contributor" shall mean Licensor and any individual or Legal Entity
      on behalf of whom a Contribution has been received by Licensor and
      subsequently incorporated within the Work.
   2. Grant of Copyright License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      copyright license to reproduce, prepare Derivative Works of,
      publicly display, publicly perform, sublicense, and distribute the
      Work and such Derivative Works in Source or Object form.
   3. Grant of Patent License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      (except as stated in this section) patent license to make, have made,
      use, offer to sell, sell, import, and otherwise transfer the Work,
      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work
      or a Contribution incorporated within the Work constitutes direct
      or contributory patent infringement, then any patent licenses
      granted to You under this License for that Work shall terminate
      as of the date such litigation is filed.
   4. Redistribution. You may reproduce and distribute copies of the
      Work or Derivative Works thereof in any medium, with or without
      modifications, and in Source or Object form, provided that You
      meet the following conditions:
      (a) You must give any other recipients of the Work or
          Derivative Works a copy of this License; and
      (b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and
      (c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and
      (d) If the Work includes a "NOTICE" text file as part of its
          distribution, then any Derivative Works that You distribute must
          include a readable copy of the attribution notices contained
          within such NOTICE file, excluding those notices that do not
          pertain to any part of the Derivative Works, in at least one
          of the following places: within a NOTICE text file distributed
          as part of the Derivative Works; within the Source form or
          documentation, if provided along with the Derivative Works; or,
          within a display generated by the Derivative Works, if and
          wherever such third-party notices normally appear. The contents
          of the NOTICE file are for informational purposes only and
          do not modify the License. You may add Your own attribution
          notices within Derivative Works that You distribute, alongside
          or as an addendum to the NOTICE text from the Work, provided
          that such additional attribution notices cannot be construed
          as modifying the License.
      You may add Your own copyright statement to Your modifications and
      may provide additional or different license terms and conditions
      for use, reproduction, or distribution of Your modifications, or
      for any such Derivative Works as a whole, provided Your use,
      reproduction, and distribution of the Work otherwise complies with
      the conditions stated in this License.
   5. Submission of Contributions. Unless You explicitly state otherwise,
      any Contribution intentionally submitted for inclusion in the Work
      by You to the Licensor shall be under the terms and conditions of
      this License, without any additional terms or conditions.
      Notwithstanding the above, nothing herein shall supersede or modify
      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.
   6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the
      origin of the Work and reproducing the content of the NOTICE file.
   7. Disclaimer of Warranty. Unless required by applicable law or
      agreed to in writing, Licensor provides the Work (and each
      Contributor provides its Contributions) on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
      implied, including, without limitation, any warranties or conditions
      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
      PARTICULAR PURPOSE. You are solely responsible for determining the
      appropriateness of using or redistributing the Work and assume any
      risks associated with Your exercise of permissions under this License.
   8. Limitation of Liability. In no event and under no legal theory,
      whether in tort (including negligence), contract, or otherwise,
      unless required by applicable law (such as deliberate and grossly
      negligent acts) or agreed to in writing, shall any Contributor be
      liable to You for damages, including any direct, indirect, special,
      incidental, or consequential damages of any character arising as a
      result of this License or out of the use or inability to use the
      Work (including but not limited to damages for loss of goodwill,
      work stoppage, computer failure or malfunction, or any and all
      other commercial damages or losses), even if such Contributor
      has been advised of the possibility of such damages.
   9. Accepting Warranty or Additional Liability. While redistributing
      the Work or Derivative Works thereof, You may choose to offer,
      and charge a fee for, acceptance of support, warranty, indemnity,
      or other liability obligations and/or rights consistent with this
      License. However, in accepting such obligations, You may act only
      on Your own behalf and on Your sole responsibility, not on behalf
      of any other Contributor, and only if You agree to indemnify,
      defend, and hold each Contributor harmless for any liability
      incurred by, or claims asserted against, such Contributor by reason
      of your accepting any such warranty or additional liability.
   END OF TERMS AND CONDITIONS
   APPENDIX: How to apply the Apache License to your work.
      To apply the Apache License to your work, attach the following
      boilerplate notice, with the fields enclosed by brackets "{}"
      replaced with your own identifying information. (Don't include
      the brackets!)  The text should be enclosed in the appropriate
      comment syntax for the file format. We also recommend that a
      file or class name and description of purpose be included on the
      same "printed page" as the copyright notice for easier
      identification within third-party archives.
   Copyright {yyyy} {name of copyright owner}
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
       http://www.apache.org/licenses/LICENSE-2.0
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
--- a/vendor/github.com/akutz/memconn/Makefile
+++ b/vendor/github.com/akutz/memconn/Makefile
@@ -0,0 +1,31 @@
 SHELL := /bin/bash
 all: build
 build: memconn.a
 memconn.a: $(filter-out %_test.go, $(wildcard *.go))
 	go build -o $@
 GO_VERSION ?= 1.9.4
 IMPORT_PATH := github.com/akutz/memconn
 docker-run:
 	docker run --rm -it \
      -v $$(pwd):/go/src/$(IMPORT_PATH) \
      golang:$(GO_VERSION) \
      make -C /go/src/$(IMPORT_PATH) $(MAKE_TARGET)
 BENCH ?= .
 benchmark:
 	go test -bench $(BENCH) -run Bench -benchmem .
 benchmark-go1.9:
 	MAKE_TARGET=benchmark $(MAKE) docker-run
 test:
 	go test
 	go test -race -run 'Race$$'
 test-go1.9:
 	MAKE_TARGET=test $(MAKE) docker-run
--- a/vendor/github.com/akutz/memconn/README.md
+++ b/vendor/github.com/akutz/memconn/README.md
@@ -0,0 +1,38 @@
 # MemConn [![GoDoc](https://godoc.org/github.com/akutz/memconn?status.svg)](http://godoc.org/github.com/akutz/memconn) [![Build Status](http://travis-ci.org/akutz/memconn.svg?branch=master)](https://travis-ci.org/akutz/memconn) [![Go Report Card](http://goreportcard.com/badge/akutz/memconn)](http://goreportcard.com/report/akutz/memconn)
 MemConn provides named, in-memory network connections for Go.
 ## Create a Server
 A new `net.Listener` used to serve HTTP, gRPC, etc. is created with
 `memconn.Listen`:
 ```go
 lis, err := memconn.Listen("memu", "UniqueName")
 ```
 ## Creating a Client (Dial)
 Clients can dial any named connection:
 ```go
 client, err := memconn.Dial("memu", "UniqueName")
 ```
 ## Network Types
 MemCon supports the following network types:
 | Network | Description |
 |---------|-------------|
 | `memb`  | A buffered, in-memory implementation of `net.Conn` |
 | `memu`  | An unbuffered, in-memory implementation of `net.Conn` |
 ## Performance
 The benchmark results illustrate MemConn's performance versus TCP
 and UNIX domain sockets:
 ![ops](https://imgur.com/o8mXla6.png "Ops (Larger is Better)")
 ![ns/op](https://imgur.com/8YvPmMU.png "Nanoseconds/Op (Smaller is Better)")
 ![B/op](https://imgur.com/vQSfIR2.png "Bytes/Op (Smaller is Better)")
 ![allocs/op](https://imgur.com/k263257.png "Allocs/Op (Smaller is Better)")
 MemConn is more performant than TCP and UNIX domain sockets with respect
 to the CPU. While MemConn does allocate more memory, this is to be expected
 since MemConn is an in-memory implementation of the `net.Conn` interface.
--- a/vendor/github.com/akutz/memconn/VERSION
+++ b/vendor/github.com/akutz/memconn/VERSION
@@ -0,0 +1 @@
 0.1.0
--- a/vendor/github.com/akutz/memconn/memconn.go
+++ b/vendor/github.com/akutz/memconn/memconn.go
@@ -0,0 +1,110 @@
 package memconn
 import (
 	"context"
 	"net"
 )
 const (
 	// networkMemb is a buffered network connection. Write operations
 	// do not block as they are are buffered instead of waiting on a
 	// matching Read operation.
 	networkMemb = "memb"
 	// networkMemu is an unbuffered network connection. Write operations
 	// block until they are matched by a Read operation on the other side
 	// of the connected pipe.
 	networkMemu = "memu"
 	// addrLocalhost is a reserved address name. It is used when a
 	// Listen variant omits the local address or a Dial variant omits
 	// the remote address.
 	addrLocalhost = "localhost"
 )
 // provider is the package's default provider instance. All of the
 // package-level functions interact with this object.
 var provider Provider
 // MapNetwork enables mapping the network value provided to this Provider's
 // Dial and Listen functions from the specified "from" value to the
 // specified "to" value.
 //
 // For example, calling MapNetwork("tcp", "memu") means a subsequent
 // Dial("tcp", "address") gets translated to Dial("memu", "address").
 //
 // Calling MapNetwork("tcp", "") removes any previous translation for
 // the "tcp" network.
 func MapNetwork(from, to string) {
 	provider.MapNetwork(from, to)
 }
 // Listen begins listening at address for the specified network.
 //
 // Known networks are "memb" (memconn buffered) and "memu" (memconn unbuffered).
 //
 // When the specified address is already in use on the specified
 // network an error is returned.
 //
 // When the provided network is unknown the operation defers to
 // net.Dial.
 func Listen(network, address string) (net.Listener, error) {
 	return provider.Listen(network, address)
 }
 // ListenMem begins listening at laddr.
 //
 // Known networks are "memb" (memconn buffered) and "memu" (memconn unbuffered).
 //
 // If laddr is nil then ListenMem listens on "localhost" on the
 // specified network.
 func ListenMem(network string, laddr *Addr) (*Listener, error) {
 	return provider.ListenMem(network, laddr)
 }
 // Dial dials a named connection.
 //
 // Known networks are "memb" (memconn buffered) and "memu" (memconn unbuffered).
 //
 // When the provided network is unknown the operation defers to
 // net.Dial.
 func Dial(network, address string) (net.Conn, error) {
 	return provider.Dial(network, address)
 }
 // DialContext dials a named connection using a
 // Go context to provide timeout behavior.
 //
 // Please see Dial for more information.
 func DialContext(
 	ctx context.Context,
 	network, address string) (net.Conn, error) {
 	return provider.DialContext(ctx, network, address)
 }
 // DialMem dials a named connection.
 //
 // Known networks are "memb" (memconn buffered) and "memu" (memconn unbuffered).
 //
 // If laddr is nil then a new address is generated using
 // time.Now().UnixNano(). Please note that client addresses are
 // not required to be unique.
 //
 // If raddr is nil then the "localhost" endpoint is used on the
 // specified network.
 func DialMem(network string, laddr, raddr *Addr) (*Conn, error) {
 	return provider.DialMem(network, laddr, raddr)
 }
 // DialMemContext dials a named connection using a
 // Go context to provide timeout behavior.
 //
 // Please see DialMem for more information.
 func DialMemContext(
 	ctx context.Context,
 	network string,
 	laddr, raddr *Addr) (*Conn, error) {
 	return provider.DialMemContext(ctx, network, laddr, raddr)
 }
--- a/vendor/github.com/akutz/memconn/memconn_addr.go
+++ b/vendor/github.com/akutz/memconn/memconn_addr.go
@@ -0,0 +1,25 @@
 package memconn
 // Addr represents the address of an in-memory endpoint.
 type Addr struct {
 	// Name is the name of the endpoint.
 	Name string
 	network string
 }
 // Buffered indicates whether or not the address refers to a buffered
 // network type.
 func (a Addr) Buffered() bool {
 	return a.network == networkMemb
 }
 // Network returns the address's network.
 func (a Addr) Network() string {
 	return a.network
 }
 // String returns the address's name.
 func (a Addr) String() string {
 	return a.Name
 }
--- a/vendor/github.com/akutz/memconn/memconn_conn.go
+++ b/vendor/github.com/akutz/memconn/memconn_conn.go
@@ -0,0 +1,434 @@
 package memconn
 import (
 	"net"
 	"sync"
 	"time"
 )
 // Conn is an in-memory implementation of Golang's "net.Conn" interface.
 type Conn struct {
 	pipe
 	laddr Addr
 	raddr Addr
 	// buf contains information about the connection's buffer state if
 	// the connection is buffered. Otherwise this field is nil.
 	buf *bufConn
 }
 type bufConn struct {
 	// Please see the SetCopyOnWrite function for more information.
 	cow bool
 	// Please see the SetBufferSize function for more information.
 	max uint64
 	// cur is the amount of buffered, pending Write data
 	cur uint64
 	// cond is a condition used to wait when writing buffered data
 	cond sync.Cond
 	// mu is the mutex used by the condition. The mutex is exposed
 	// directly in order to access RLock and RUnlock for getting the
 	// buffer size.
 	mu sync.RWMutex
 	// errs is the error channel returned by the Errs() function and
 	// used to report erros that occur as a result of buffered write
 	// operations. If the pipe does not use buffered writes then this
 	// field will always be nil.
 	errs chan error
 	// Please see the SetCloseTimeout function for more information.
 	closeTimeout time.Duration
 }
 func makeNewConns(network string, laddr, raddr Addr) (*Conn, *Conn) {
 	// This code is duplicated from the Pipe() function from the file
 	// "memconn_pipe.go". The reason for the duplication is to optimize
 	// the performance by removing the need to wrap the *pipe values as
 	// interface{} objects out of the Pipe() function and assert them
 	// back as *pipe* objects in this function.
 	cb1 := make(chan []byte)
 	cb2 := make(chan []byte)
 	cn1 := make(chan int)
 	cn2 := make(chan int)
 	done1 := make(chan struct{})
 	done2 := make(chan struct{})
 	// Wrap the pipes with Conn to support:
 	//
 	//   * The correct address information for the functions LocalAddr()
 	//     and RemoteAddr() return the
 	//   * Errors returns from the internal pipe are checked and
 	//     have their internal OpError addr information replaced with
 	//     the correct address information.
 	//   * A channel can be setup to cause the event of the Listener
 	//     closing closes the remoteConn immediately.
 	//   * Buffered writes
 	local := &Conn{
 		pipe: pipe{
 			rdRx: cb1, rdTx: cn1,
 			wrTx: cb2, wrRx: cn2,
 			localDone: done1, remoteDone: done2,
 			readDeadline:  makePipeDeadline(),
 			writeDeadline: makePipeDeadline(),
 		},
 		laddr: laddr,
 		raddr: raddr,
 	}
 	remote := &Conn{
 		pipe: pipe{
 			rdRx: cb2, rdTx: cn2,
 			wrTx: cb1, wrRx: cn1,
 			localDone: done2, remoteDone: done1,
 			readDeadline:  makePipeDeadline(),
 			writeDeadline: makePipeDeadline(),
 		},
 		laddr: raddr,
 		raddr: laddr,
 	}
 	if laddr.Buffered() {
 		local.buf = &bufConn{
 			errs:         make(chan error),
 			closeTimeout: 10 * time.Second,
 		}
 		local.buf.cond.L = &local.buf.mu
 	}
 	if raddr.Buffered() {
 		remote.buf = &bufConn{
 			errs:         make(chan error),
 			closeTimeout: 10 * time.Second,
 		}
 		remote.buf.cond.L = &remote.buf.mu
 	}
 	return local, remote
 }
 // LocalBuffered returns a flag indicating whether or not the local side
 // of the connection is buffered.
 func (c *Conn) LocalBuffered() bool {
 	return c.laddr.Buffered()
 }
 // RemoteBuffered returns a flag indicating whether or not the remote side
 // of the connection is buffered.
 func (c *Conn) RemoteBuffered() bool {
 	return c.raddr.Buffered()
 }
 // BufferSize gets the number of bytes allowed to be queued for
 // asynchrnous Write operations.
 //
 // Please note that this function will always return zero for unbuffered
 // connections.
 //
 // Please see the function SetBufferSize for more information.
 func (c *Conn) BufferSize() uint64 {
 	if c.laddr.Buffered() {
 		c.buf.mu.RLock()
 		defer c.buf.mu.RUnlock()
 		return c.buf.max
 	}
 	return 0
 }
 // SetBufferSize sets the number of bytes allowed to be queued for
 // asynchronous Write operations. Once the amount of data pending a Write
 // operation exceeds the specified size, subsequent Writes will
 // block until the queued data no longer exceeds the allowed ceiling.
 //
 // A value of zero means no maximum is defined.
 //
 // If a Write operation's payload length exceeds the buffer size
 // (except for zero) then the Write operation is handled synchronously.
 //
 // Please note that setting the buffer size has no effect on unbuffered
 // connections.
 func (c *Conn) SetBufferSize(i uint64) {
 	if c.laddr.Buffered() {
 		c.buf.cond.L.Lock()
 		defer c.buf.cond.L.Unlock()
 		c.buf.max = i
 	}
 }
 // CloseTimeout gets the time.Duration value used when closing buffered
 // connections.
 //
 // Please note that this function will always return zero for
 // unbuffered connections.
 //
 // Please see the function SetCloseTimeout for more information.
 func (c *Conn) CloseTimeout() time.Duration {
 	if c.laddr.Buffered() {
 		c.buf.mu.RLock()
 		defer c.buf.mu.RUnlock()
 		return c.buf.closeTimeout
 	}
 	return 0
 }
 // SetCloseTimeout sets a time.Duration value used by the Close function
 // to determine the amount of time to wait for pending, buffered Writes
 // to complete before closing the connection.
 //
 // The default timeout value is 10 seconds. A zero value does not
 // mean there is no timeout, rather it means the timeout is immediate.
 //
 // Please note that setting this value has no effect on unbuffered
 // connections.
 func (c *Conn) SetCloseTimeout(duration time.Duration) {
 	if c.laddr.Buffered() {
 		c.buf.cond.L.Lock()
 		defer c.buf.cond.L.Unlock()
 		c.buf.closeTimeout = duration
 	}
 }
 // CopyOnWrite gets a flag indicating whether or not copy-on-write is
 // enabled for this connection.
 //
 // Please note that this function will always return false for
 // unbuffered connections.
 //
 // Please see the function SetCopyOnWrite for more information.
 func (c *Conn) CopyOnWrite() bool {
 	if c.laddr.Buffered() {
 		c.buf.mu.RLock()
 		defer c.buf.mu.RUnlock()
 		return c.buf.cow
 	}
 	return false
 }
 // SetCopyOnWrite sets a flag indicating whether or not copy-on-write
 // is enabled for this connection.
 //
 // When a connection is buffered, data submitted to a Write operation
 // is processed in a goroutine and the function returns control to the
 // caller immediately. Because of this, it's possible to modify the
 // data provided to the Write function before or during the actual
 // Write operation. Enabling copy-on-write causes the payload to be
 // copied to a new buffer before control is returned to the caller.
 //
 // Please note that enabling copy-on-write will double the amount of
 // memory required for all Write operations.
 //
 // Please note that enabling copy-on-write has no effect on unbuffered
 // connections.
 func (c *Conn) SetCopyOnWrite(enabled bool) {
 	if c.laddr.Buffered() {
 		c.buf.cond.L.Lock()
 		defer c.buf.cond.L.Unlock()
 		c.buf.cow = enabled
 	}
 }
 // LocalAddr implements the net.Conn LocalAddr method.
 func (c *Conn) LocalAddr() net.Addr {
 	return c.laddr
 }
 // RemoteAddr implements the net.Conn RemoteAddr method.
 func (c *Conn) RemoteAddr() net.Addr {
 	return c.raddr
 }
 // Close implements the net.Conn Close method.
 func (c *Conn) Close() error {
 	c.pipe.once.Do(func() {
 		// Buffered connections will attempt to wait until all
 		// pending Writes are completed, until the specified
 		// timeout value has elapsed, or until the remote side
 		// of the connection is closed.
 		if c.laddr.Buffered() {
 			c.buf.mu.RLock()
 			timeout := c.buf.closeTimeout
 			c.buf.mu.RUnlock()
 			// Set up a channel that is closed when the specified
 			// timer elapses.
 			timeoutDone := make(chan struct{})
 			if timeout == 0 {
 				close(timeoutDone)
 			} else {
 				time.AfterFunc(timeout, func() { close(timeoutDone) })
 			}
 			// Set up a channel that is closed when the number of
 			// pending bytes is zero.
 			writesDone := make(chan struct{})
 			go func() {
 				c.buf.cond.L.Lock()
 				for c.buf.cur > 0 {
 					c.buf.cond.Wait()
 				}
 				close(writesDone)
 				c.buf.cond.L.Unlock()
 			}()
 			// Wait to close the connection.
 			select {
 			case <-writesDone:
 			case <-timeoutDone:
 			case <-c.pipe.remoteDone:
 			}
 		}
 		close(c.pipe.localDone)
 	})
 	return nil
 }
 // Errs returns a channel that receives errors that may occur as the
 // result of buffered write operations.
 //
 // This function will always return nil for unbuffered connections.
 //
 // Please note that the channel returned by this function is not closed
 // when the connection is closed. This is because errors may continue
 // to be sent over this channel as the result of asynchronous writes
 // occurring after the connection is closed. Therefore this channel
 // should not be used to determine when the connection is closed.
 func (c *Conn) Errs() <-chan error {
 	return c.buf.errs
 }
 // Read implements the net.Conn Read method.
 func (c *Conn) Read(b []byte) (int, error) {
 	n, err := c.pipe.Read(b)
 	if err != nil {
 		if e, ok := err.(*net.OpError); ok {
 			e.Addr = c.raddr
 			e.Source = c.laddr
 			return n, e
 		}
 		return n, &net.OpError{
 			Op:     "read",
 			Addr:   c.raddr,
 			Source: c.laddr,
 			Net:    c.raddr.Network(),
 			Err:    err,
 		}
 	}
 	return n, nil
 }
 // Write implements the net.Conn Write method.
 func (c *Conn) Write(b []byte) (int, error) {
 	if c.laddr.Buffered() {
 		return c.writeAsync(b)
 	}
 	return c.writeSync(b)
 }
 func (c *Conn) writeSync(b []byte) (int, error) {
 	n, err := c.pipe.Write(b)
 	if err != nil {
 		if e, ok := err.(*net.OpError); ok {
 			e.Addr = c.raddr
 			e.Source = c.laddr
 			return n, e
 		}
 		return n, &net.OpError{
 			Op:     "write",
 			Addr:   c.raddr,
 			Source: c.laddr,
 			Net:    c.raddr.Network(),
 			Err:    err,
 		}
 	}
 	return n, nil
 }
 // writeAsync performs the Write operation in a goroutine. This
 // behavior means the Write operation is not blocking, but also means
 // that when Write operations fail the associated error is not returned
 // from this function.
 func (c *Conn) writeAsync(b []byte) (int, error) {
 	// Perform a synchronous Write if the connection has a non-zero
 	// value for the maximum allowed buffer size and if the size of
 	// the payload exceeds that maximum value.
 	if c.buf.max > 0 && uint64(len(b)) > c.buf.max {
 		return c.writeSync(b)
 	}
 	// Block the operation from proceeding until there is available
 	// buffer space.
 	c.buf.cond.L.Lock()
 	for c.buf.max > 0 && uint64(len(b))+c.buf.cur > c.buf.max {
 		c.buf.cond.Wait()
 	}
 	// Copy the buffer if the connection uses copy-on-write.
 	cb := b
 	if c.buf.cow {
 		cb = make([]byte, len(b))
 		copy(cb, b)
 	}
 	// Update the amount of active data being written.
 	c.buf.cur = c.buf.cur + uint64(len(cb))
 	c.buf.cond.L.Unlock()
 	go func() {
 		if _, err := c.writeSync(cb); err != nil {
 			go func() { c.buf.errs <- err }()
 		}
 		// Decrement the enqueued buffer size and signal a blocked
 		// goroutine that it may proceed
 		c.buf.cond.L.Lock()
 		c.buf.cur = c.buf.cur - uint64(len(cb))
 		c.buf.cond.L.Unlock()
 		c.buf.cond.Signal()
 	}()
 	return len(cb), nil
 }
 // SetReadDeadline implements the net.Conn SetReadDeadline method.
 func (c *Conn) SetReadDeadline(t time.Time) error {
 	if err := c.pipe.SetReadDeadline(t); err != nil {
 		if e, ok := err.(*net.OpError); ok {
 			e.Addr = c.laddr
 			e.Source = c.laddr
 			return e
 		}
 		return &net.OpError{
 			Op:     "setReadDeadline",
 			Addr:   c.laddr,
 			Source: c.laddr,
 			Net:    c.laddr.Network(),
 			Err:    err,
 		}
 	}
 	return nil
 }
 // SetWriteDeadline implements the net.Conn SetWriteDeadline method.
 func (c *Conn) SetWriteDeadline(t time.Time) error {
 	if err := c.pipe.SetWriteDeadline(t); err != nil {
 		if e, ok := err.(*net.OpError); ok {
 			e.Addr = c.laddr
 			e.Source = c.laddr
 			return e
 		}
 		return &net.OpError{
 			Op:     "setWriteDeadline",
 			Addr:   c.laddr,
 			Source: c.laddr,
 			Net:    c.laddr.Network(),
 			Err:    err,
 		}
 	}
 	return nil
 }
--- a/vendor/github.com/akutz/memconn/memconn_listener.go
+++ b/vendor/github.com/akutz/memconn/memconn_listener.go
@@ -0,0 +1,105 @@
 package memconn
 import (
 	"context"
 	"errors"
 	"net"
 	"sync"
 )
 // Listener implements the net.Listener interface.
 type Listener struct {
 	addr Addr
 	once sync.Once
 	rcvr chan *Conn
 	done chan struct{}
 	rmvd chan struct{}
 }
 func (l *Listener) dial(
 	ctx context.Context,
 	network string,
 	laddr, raddr Addr) (*Conn, error) {
 	local, remote := makeNewConns(network, laddr, raddr)
 	// TODO Figure out if this logic is valid.
 	//
 	// Start a goroutine that closes the remote side of the connection
 	// as soon as the listener's done channel is no longer blocked.
 	//go func() {
 	//	<-l.done
 	//	remoteConn.Close()
 	//}()
 	// If the provided context is nill then announce a new connection
 	// by placing the new remoteConn onto the rcvr channel. An Accept
 	// call from this listener will remove the remoteConn from the channel.
 	if ctx == nil {
 		l.rcvr <- remote
 		return local, nil
 	}
 	// Announce a new connection by placing the new remoteConn
 	// onto the rcvr channel. An Accept call from this listener will
 	// remove the remoteConn from the channel. However, if that does
 	// not occur by the time the context times out / is cancelled, then
 	// an error is returned.
 	select {
 	case l.rcvr <- remote:
 		return local, nil
 	case <-ctx.Done():
 		local.Close()
 		remote.Close()
 		return nil, &net.OpError{
 			Addr:   raddr,
 			Source: laddr,
 			Net:    network,
 			Op:     "dial",
 			Err:    ctx.Err(),
 		}
 	}
 }
 // Accept implements the net.Listener Accept method.
 func (l *Listener) Accept() (net.Conn, error) {
 	return l.AcceptMemConn()
 }
 // AcceptMemConn implements the net.Listener Accept method logic and
 // returns a *memconn.Conn object.
 func (l *Listener) AcceptMemConn() (*Conn, error) {
 	select {
 	case remoteConn, ok := <-l.rcvr:
 		if ok {
 			return remoteConn, nil
 		}
 		return nil, &net.OpError{
 			Addr:   l.addr,
 			Source: l.addr,
 			Net:    l.addr.Network(),
 			Err:    errors.New("listener closed"),
 		}
 	case <-l.done:
 		return nil, &net.OpError{
 			Addr:   l.addr,
 			Source: l.addr,
 			Net:    l.addr.Network(),
 			Err:    errors.New("listener closed"),
 		}
 	}
 }
 // Close implements the net.Listener Close method.
 func (l *Listener) Close() error {
 	l.once.Do(func() {
 		close(l.done)
 		<-l.rmvd
 	})
 	return nil
 }
 // Addr implements the net.Listener Addr method.
 func (l *Listener) Addr() net.Addr {
 	return l.addr
 }
--- a/vendor/github.com/akutz/memconn/memconn_pipe.go
+++ b/vendor/github.com/akutz/memconn/memconn_pipe.go
@@ -0,0 +1,265 @@
 // This file was copied from Go stdlib "net/pipe.go"
 // and modified in order to optimally support:
 //
 //     * Buffered writes
 //     * Custom local and remote address values
 //     * Error values that follow net.Conn's rules regarding
 //       net.OpError
 //
 // The above features could be implemented using the "net.Conn" values
 // returned from the function "net.Pipe", but much of the same code
 // would need to be duplicated regarding deadlines, done semantics, etc.
 // Using the private "pipe" struct as the basis of a new, composite type
 // is much more performant.
 //
 // FYI, the reason a new, composite type is used instead of modifying
 // the existing type, "pipe", is to make it easier to replace this
 // file with whatever changes Go stdlib make make to "net/pipe.go" in
 // the future.
 //
 // This file is a Golang stdlib type and so the Go license is included:
 //
 //     Copyright 2010 The Go Authors. All rights reserved.
 //     Use of this source code is governed by a BSD-style
 //     license that can be found in the LICENSE file.
 package memconn
 import (
 	"io"
 	"net"
 	"sync"
 	"time"
 )
 // pipeDeadline is an abstraction for handling timeouts.
 type pipeDeadline struct {
 	mu     sync.Mutex // Guards timer and cancel
 	timer  *time.Timer
 	cancel chan struct{} // Must be non-nil
 }
 func makePipeDeadline() pipeDeadline {
 	return pipeDeadline{cancel: make(chan struct{})}
 }
 // set sets the point in time when the deadline will time out.
 // A timeout event is signaled by closing the channel returned by waiter.
 // Once a timeout has occurred, the deadline can be refreshed by specifying a
 // t value in the future.
 //
 // A zero value for t prevents timeout.
 func (d *pipeDeadline) set(t time.Time) {
 	d.mu.Lock()
 	defer d.mu.Unlock()
 	if d.timer != nil && !d.timer.Stop() {
 		<-d.cancel // Wait for the timer callback to finish and close cancel
 	}
 	d.timer = nil
 	// Time is zero, then there is no deadline.
 	closed := isClosedChan(d.cancel)
 	if t.IsZero() {
 		if closed {
 			d.cancel = make(chan struct{})
 		}
 		return
 	}
 	// Time in the future, setup a timer to cancel in the future.
 	if dur := time.Until(t); dur > 0 {
 		if closed {
 			d.cancel = make(chan struct{})
 		}
 		d.timer = time.AfterFunc(dur, func() {
 			close(d.cancel)
 		})
 		return
 	}
 	// Time in the past, so close immediately.
 	if !closed {
 		close(d.cancel)
 	}
 }
 // wait returns a channel that is closed when the deadline is exceeded.
 func (d *pipeDeadline) wait() chan struct{} {
 	d.mu.Lock()
 	defer d.mu.Unlock()
 	return d.cancel
 }
 func isClosedChan(c <-chan struct{}) bool {
 	select {
 	case <-c:
 		return true
 	default:
 		return false
 	}
 }
 type timeoutError struct{}
 func (timeoutError) Error() string   { return "deadline exceeded" }
 func (timeoutError) Timeout() bool   { return true }
 func (timeoutError) Temporary() bool { return true }
 type pipeAddr struct{}
 func (pipeAddr) Network() string { return "pipe" }
 func (pipeAddr) String() string  { return "pipe" }
 type pipe struct {
 	wrMu sync.Mutex // Serialize Write operations
 	// Used by local Read to interact with remote Write.
 	// Successful receive on rdRx is always followed by send on rdTx.
 	rdRx <-chan []byte
 	rdTx chan<- int
 	// Used by local Write to interact with remote Read.
 	// Successful send on wrTx is always followed by receive on wrRx.
 	wrTx chan<- []byte
 	wrRx <-chan int
 	once       sync.Once // Protects closing localDone
 	localDone  chan struct{}
 	remoteDone <-chan struct{}
 	readDeadline  pipeDeadline
 	writeDeadline pipeDeadline
 }
 // Pipe creates a synchronous, in-memory, full duplex
 // network connection; both ends implement the Conn interface.
 // Reads on one end are matched with writes on the other,
 // copying data directly between the two; there is no internal
 // buffering.
 func Pipe() (net.Conn, net.Conn) {
 	cb1 := make(chan []byte)
 	cb2 := make(chan []byte)
 	cn1 := make(chan int)
 	cn2 := make(chan int)
 	done1 := make(chan struct{})
 	done2 := make(chan struct{})
 	p1 := &pipe{
 		rdRx: cb1, rdTx: cn1,
 		wrTx: cb2, wrRx: cn2,
 		localDone: done1, remoteDone: done2,
 		readDeadline:  makePipeDeadline(),
 		writeDeadline: makePipeDeadline(),
 	}
 	p2 := &pipe{
 		rdRx: cb2, rdTx: cn2,
 		wrTx: cb1, wrRx: cn1,
 		localDone: done2, remoteDone: done1,
 		readDeadline:  makePipeDeadline(),
 		writeDeadline: makePipeDeadline(),
 	}
 	return p1, p2
 }
 func (*pipe) LocalAddr() net.Addr  { return pipeAddr{} }
 func (*pipe) RemoteAddr() net.Addr { return pipeAddr{} }
 func (p *pipe) Read(b []byte) (int, error) {
 	n, err := p.read(b)
 	if err != nil && err != io.EOF && err != io.ErrClosedPipe {
 		err = &net.OpError{Op: "read", Net: "pipe", Err: err}
 	}
 	return n, err
 }
 func (p *pipe) read(b []byte) (n int, err error) {
 	switch {
 	case isClosedChan(p.localDone):
 		return 0, io.ErrClosedPipe
 	case isClosedChan(p.remoteDone):
 		return 0, io.EOF
 	case isClosedChan(p.readDeadline.wait()):
 		return 0, timeoutError{}
 	}
 	select {
 	case bw := <-p.rdRx:
 		nr := copy(b, bw)
 		p.rdTx <- nr
 		return nr, nil
 	case <-p.localDone:
 		return 0, io.ErrClosedPipe
 	case <-p.remoteDone:
 		return 0, io.EOF
 	case <-p.readDeadline.wait():
 		return 0, timeoutError{}
 	}
 }
 func (p *pipe) Write(b []byte) (int, error) {
 	n, err := p.write(b)
 	if err != nil && err != io.ErrClosedPipe {
 		err = &net.OpError{Op: "write", Net: "pipe", Err: err}
 	}
 	return n, err
 }
 func (p *pipe) write(b []byte) (n int, err error) {
 	switch {
 	case isClosedChan(p.localDone):
 		return 0, io.ErrClosedPipe
 	case isClosedChan(p.remoteDone):
 		return 0, io.ErrClosedPipe
 	case isClosedChan(p.writeDeadline.wait()):
 		return 0, timeoutError{}
 	}
 	p.wrMu.Lock() // Ensure entirety of b is written together
 	defer p.wrMu.Unlock()
 	for once := true; once || len(b) > 0; once = false {
 		select {
 		case p.wrTx <- b:
 			nw := <-p.wrRx
 			b = b[nw:]
 			n += nw
 		case <-p.localDone:
 			return n, io.ErrClosedPipe
 		case <-p.remoteDone:
 			return n, io.ErrClosedPipe
 		case <-p.writeDeadline.wait():
 			return n, timeoutError{}
 		}
 	}
 	return n, nil
 }
 func (p *pipe) SetDeadline(t time.Time) error {
 	if isClosedChan(p.localDone) || isClosedChan(p.remoteDone) {
 		return io.ErrClosedPipe
 	}
 	p.readDeadline.set(t)
 	p.writeDeadline.set(t)
 	return nil
 }
 func (p *pipe) SetReadDeadline(t time.Time) error {
 	if isClosedChan(p.localDone) || isClosedChan(p.remoteDone) {
 		return io.ErrClosedPipe
 	}
 	p.readDeadline.set(t)
 	return nil
 }
 func (p *pipe) SetWriteDeadline(t time.Time) error {
 	if isClosedChan(p.localDone) || isClosedChan(p.remoteDone) {
 		return io.ErrClosedPipe
 	}
 	p.writeDeadline.set(t)
 	return nil
 }
 func (p *pipe) Close() error {
 	p.once.Do(func() { close(p.localDone) })
 	return nil
 }
--- a/vendor/github.com/akutz/memconn/memconn_provider.go
+++ b/vendor/github.com/akutz/memconn/memconn_provider.go
@@ -0,0 +1,245 @@
 package memconn
 import (
 	"context"
 	"errors"
 	"fmt"
 	"net"
 	"sync"
 	"time"
 )
 // Provider is used to track named MemConn objects.
 type Provider struct {
 	nets      networkMap
 	listeners listenerCache
 }
 type listenerCache struct {
 	sync.RWMutex
 	cache map[string]*Listener
 }
 type networkMap struct {
 	sync.RWMutex
 	cache map[string]string
 }
 // MapNetwork enables mapping the network value provided to this Provider's
 // Dial and Listen functions from the specified "from" value to the
 // specified "to" value.
 //
 // For example, calling MapNetwork("tcp", "memu") means a subsequent
 // Dial("tcp", "address") gets translated to Dial("memu", "address").
 //
 // Calling MapNetwork("tcp", "") removes any previous translation for
 // the "tcp" network.
 func (p *Provider) MapNetwork(from, to string) {
 	p.nets.Lock()
 	defer p.nets.Unlock()
 	if p.nets.cache == nil {
 		p.nets.cache = map[string]string{}
 	}
 	if to == "" {
 		delete(p.nets.cache, from)
 		return
 	}
 	p.nets.cache[from] = to
 }
 func (p *Provider) mapNetwork(network string) string {
 	p.nets.RLock()
 	defer p.nets.RUnlock()
 	if to, ok := p.nets.cache[network]; ok {
 		return to
 	}
 	return network
 }
 // Listen begins listening at address for the specified network.
 //
 // Known networks are "memb" (memconn buffered) and "memu" (memconn unbuffered).
 //
 // When the specified address is already in use on the specified
 // network an error is returned.
 //
 // When the provided network is unknown the operation defers to
 // net.Dial.
 func (p *Provider) Listen(network, address string) (net.Listener, error) {
 	switch p.mapNetwork(network) {
 	case networkMemb, networkMemu:
 		return p.ListenMem(
 			network, &Addr{Name: address, network: network})
 	default:
 		return net.Listen(network, address)
 	}
 }
 // ListenMem begins listening at laddr.
 //
 // Known networks are "memb" (memconn buffered) and "memu" (memconn unbuffered).
 //
 // If laddr is nil then ListenMem listens on "localhost" on the
 // specified network.
 func (p *Provider) ListenMem(network string, laddr *Addr) (*Listener, error) {
 	switch p.mapNetwork(network) {
 	case networkMemb, networkMemu:
 		// If laddr is not specified then set it to the reserved name
 		// "localhost".
 		if laddr == nil {
 			laddr = &Addr{Name: addrLocalhost, network: network}
 		} else {
 			laddr.network = network
 		}
 	default:
 		return nil, &net.OpError{
 			Addr:   laddr,
 			Source: laddr,
 			Net:    network,
 			Op:     "listen",
 			Err:    errors.New("unknown network"),
 		}
 	}
 	p.listeners.Lock()
 	defer p.listeners.Unlock()
 	if p.listeners.cache == nil {
 		p.listeners.cache = map[string]*Listener{}
 	}
 	if _, ok := p.listeners.cache[laddr.Name]; ok {
 		return nil, &net.OpError{
 			Addr:   laddr,
 			Source: laddr,
 			Net:    network,
 			Op:     "listen",
 			Err:    errors.New("addr unavailable"),
 		}
 	}
 	l := &Listener{
 		addr: *laddr,
 		done: make(chan struct{}),
 		rmvd: make(chan struct{}),
 		rcvr: make(chan *Conn, 1),
 	}
 	// Start a goroutine that removes the listener from
 	// the cache once the listener is closed.
 	go func() {
 		<-l.done
 		p.listeners.Lock()
 		defer p.listeners.Unlock()
 		delete(p.listeners.cache, laddr.Name)
 		close(l.rmvd)
 	}()
 	p.listeners.cache[laddr.Name] = l
 	return l, nil
 }
 // Dial dials a named connection.
 //
 // Known networks are "memb" (memconn buffered) and "memu" (memconn unbuffered).
 //
 // When the provided network is unknown the operation defers to
 // net.Dial.
 func (p *Provider) Dial(network, address string) (net.Conn, error) {
 	return p.DialContext(nil, network, address)
 }
 // DialMem dials a named connection.
 //
 // Known networks are "memb" (memconn buffered) and "memu" (memconn unbuffered).
 //
 // If laddr is nil then a new address is generated using
 // time.Now().UnixNano(). Please note that client addresses are
 // not required to be unique.
 //
 // If raddr is nil then the "localhost" endpoint is used on the
 // specified network.
 func (p *Provider) DialMem(
 	network string, laddr, raddr *Addr) (*Conn, error) {
 	return p.DialMemContext(nil, network, laddr, raddr)
 }
 // DialContext dials a named connection using a
 // Go context to provide timeout behavior.
 //
 // Please see Dial for more information.
 func (p *Provider) DialContext(
 	ctx context.Context,
 	network, address string) (net.Conn, error) {
 	switch p.mapNetwork(network) {
 	case networkMemb, networkMemu:
 		return p.DialMemContext(
 			ctx, network, nil, &Addr{
 				Name:    address,
 				network: network,
 			})
 	default:
 		if ctx == nil {
 			return net.Dial(network, address)
 		}
 		return (&net.Dialer{}).DialContext(ctx, network, address)
 	}
 }
 // DialMemContext dials a named connection using a
 // Go context to provide timeout behavior.
 //
 // Please see DialMem for more information.
 func (p *Provider) DialMemContext(
 	ctx context.Context,
 	network string,
 	laddr, raddr *Addr) (*Conn, error) {
 	switch p.mapNetwork(network) {
 	case networkMemb, networkMemu:
 		// If laddr is not specified then create one with the current
 		// epoch in nanoseconds. This value need not be unique.
 		if laddr == nil {
 			laddr = &Addr{
 				Name:    fmt.Sprintf("%d", time.Now().UnixNano()),
 				network: network,
 			}
 		} else {
 			laddr.network = network
 		}
 		if raddr == nil {
 			raddr = &Addr{Name: addrLocalhost, network: network}
 		} else {
 			raddr.network = network
 		}
 	default:
 		return nil, &net.OpError{
 			Addr:   raddr,
 			Source: laddr,
 			Net:    network,
 			Op:     "dial",
 			Err:    errors.New("unknown network"),
 		}
 	}
 	p.listeners.RLock()
 	defer p.listeners.RUnlock()
 	if l, ok := p.listeners.cache[raddr.Name]; ok {
 		// Update the provided raddr with the actual network type used
 		// by the listener.
 		raddr.network = l.addr.network
 		return l.dial(ctx, network, *laddr, *raddr)
 	}
 	return nil, &net.OpError{
 		Addr:   raddr,
 		Source: laddr,
 		Net:    network,
 		Op:     "dial",
 		Err:    errors.New("unknown remote address"),
 	}
 }
--- a/vendor/github.com/alexbrainman/sspi/LICENSE
+++ b/vendor/github.com/alexbrainman/sspi/LICENSE
@@ -0,0 +1,27 @@
 Copyright (c) 2012 The Go Authors. All rights reserved.
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
 met:
   * Redistributions of source code must retain the above copyright
 notice, this list of conditions and the following disclaimer.
   * Redistributions in binary form must reproduce the above
 copyright notice, this list of conditions and the following disclaimer
 in the documentation and/or other materials provided with the
 distribution.
   * Neither the name of Google Inc. nor the names of its
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/vendor/github.com/alexbrainman/sspi/README.md
+++ b/vendor/github.com/alexbrainman/sspi/README.md
@@ -0,0 +1 @@
 This repository holds Go packages for accessing Security Support Provider Interface on Windows. 
--- a/vendor/github.com/alexbrainman/sspi/buffer.go
+++ b/vendor/github.com/alexbrainman/sspi/buffer.go
@@ -0,0 +1,57 @@
 // Copyright 2015 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // +build windows
 package sspi
 import (
 	"io"
 	"unsafe"
 )
 func (b *SecBuffer) Set(buftype uint32, data []byte) {
 	b.BufferType = buftype
 	if len(data) > 0 {
 		b.Buffer = &data[0]
 		b.BufferSize = uint32(len(data))
 	} else {
 		b.Buffer = nil
 		b.BufferSize = 0
 	}
 }
 func (b *SecBuffer) Free() error {
 	if b.Buffer == nil {
 		return nil
 	}
 	return FreeContextBuffer((*byte)(unsafe.Pointer(b.Buffer)))
 }
 func (b *SecBuffer) Bytes() []byte {
 	if b.Buffer == nil || b.BufferSize <= 0 {
 		return nil
 	}
 	return (*[(1 << 31) - 1]byte)(unsafe.Pointer(b.Buffer))[:b.BufferSize]
 }
 func (b *SecBuffer) WriteAll(w io.Writer) (int, error) {
 	if b.BufferSize == 0 || b.Buffer == nil {
 		return 0, nil
 	}
 	data := b.Bytes()
 	total := 0
 	for {
 		n, err := w.Write(data)
 		total += n
 		if err != nil {
 			return total, err
 		}
 		if n >= len(data) {
 			break
 		}
 		data = data[n:]
 	}
 	return total, nil
 }
--- a/vendor/github.com/alexbrainman/sspi/internal/common/common.go
+++ b/vendor/github.com/alexbrainman/sspi/internal/common/common.go
@@ -0,0 +1,152 @@
 // Copyright 2021 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // +build windows
 package common
 import (
 	"errors"
 	"syscall"
 	"github.com/alexbrainman/sspi"
 )
 func BuildAuthIdentity(domain, username, password string) (*sspi.SEC_WINNT_AUTH_IDENTITY, error) {
 	if len(username) == 0 {
 		return nil, errors.New("username parameter cannot be empty")
 	}
 	d, err := syscall.UTF16FromString(domain)
 	if err != nil {
 		return nil, err
 	}
 	u, err := syscall.UTF16FromString(username)
 	if err != nil {
 		return nil, err
 	}
 	p, err := syscall.UTF16FromString(password)
 	if err != nil {
 		return nil, err
 	}
 	return &sspi.SEC_WINNT_AUTH_IDENTITY{
 		User:           &u[0],
 		UserLength:     uint32(len(u) - 1), // do not count terminating 0
 		Domain:         &d[0],
 		DomainLength:   uint32(len(d) - 1), // do not count terminating 0
 		Password:       &p[0],
 		PasswordLength: uint32(len(p) - 1), // do not count terminating 0
 		Flags:          sspi.SEC_WINNT_AUTH_IDENTITY_UNICODE,
 	}, nil
 }
 func UpdateContext(c *sspi.Context, dst, src []byte, targetName *uint16) (authCompleted bool, n int, err error) {
 	var inBuf, outBuf [1]sspi.SecBuffer
 	inBuf[0].Set(sspi.SECBUFFER_TOKEN, src)
 	inBufs := &sspi.SecBufferDesc{
 		Version:      sspi.SECBUFFER_VERSION,
 		BuffersCount: 1,
 		Buffers:      &inBuf[0],
 	}
 	outBuf[0].Set(sspi.SECBUFFER_TOKEN, dst)
 	outBufs := &sspi.SecBufferDesc{
 		Version:      sspi.SECBUFFER_VERSION,
 		BuffersCount: 1,
 		Buffers:      &outBuf[0],
 	}
 	ret := c.Update(targetName, outBufs, inBufs)
 	switch ret {
 	case sspi.SEC_E_OK:
 		// session established -> return success
 		return true, int(outBuf[0].BufferSize), nil
 	case sspi.SEC_I_COMPLETE_NEEDED, sspi.SEC_I_COMPLETE_AND_CONTINUE:
 		ret = sspi.CompleteAuthToken(c.Handle, outBufs)
 		if ret != sspi.SEC_E_OK {
 			return false, 0, ret
 		}
 	case sspi.SEC_I_CONTINUE_NEEDED:
 	default:
 		return false, 0, ret
 	}
 	return false, int(outBuf[0].BufferSize), nil
 }
 func MakeSignature(c *sspi.Context, msg []byte, qop, seqno uint32) ([]byte, error) {
 	_, maxSignature, _, _, err := c.Sizes()
 	if err != nil {
 		return nil, err
 	}
 	if maxSignature == 0 {
 		return nil, errors.New("integrity services are not requested or unavailable")
 	}
 	var b [2]sspi.SecBuffer
 	b[0].Set(sspi.SECBUFFER_DATA, msg)
 	b[1].Set(sspi.SECBUFFER_TOKEN, make([]byte, maxSignature))
 	ret := sspi.MakeSignature(c.Handle, qop, sspi.NewSecBufferDesc(b[:]), seqno)
 	if ret != sspi.SEC_E_OK {
 		return nil, ret
 	}
 	return b[1].Bytes(), nil
 }
 func EncryptMessage(c *sspi.Context, msg []byte, qop, seqno uint32) ([]byte, error) {
 	_ /*maxToken*/, maxSignature, cBlockSize, cSecurityTrailer, err := c.Sizes()
 	if err != nil {
 		return nil, err
 	}
 	if maxSignature == 0 {
 		return nil, errors.New("integrity services are not requested or unavailable")
 	}
 	var b [3]sspi.SecBuffer
 	b[0].Set(sspi.SECBUFFER_TOKEN, make([]byte, cSecurityTrailer))
 	b[1].Set(sspi.SECBUFFER_DATA, msg)
 	b[2].Set(sspi.SECBUFFER_PADDING, make([]byte, cBlockSize))
 	ret := sspi.EncryptMessage(c.Handle, qop, sspi.NewSecBufferDesc(b[:]), seqno)
 	if ret != sspi.SEC_E_OK {
 		return nil, ret
 	}
 	r0, r1, r2 := b[0].Bytes(), b[1].Bytes(), b[2].Bytes()
 	res := make([]byte, 0, len(r0)+len(r1)+len(r2))
 	res = append(res, r0...)
 	res = append(res, r1...)
 	res = append(res, r2...)
 	return res, nil
 }
 func DecryptMessage(c *sspi.Context, msg []byte, seqno uint32) (uint32, []byte, error) {
 	var b [2]sspi.SecBuffer
 	b[0].Set(sspi.SECBUFFER_STREAM, msg)
 	b[1].Set(sspi.SECBUFFER_DATA, []byte{})
 	var qop uint32
 	ret := sspi.DecryptMessage(c.Handle, sspi.NewSecBufferDesc(b[:]), seqno, &qop)
 	if ret != sspi.SEC_E_OK {
 		return qop, nil, ret
 	}
 	return qop, b[1].Bytes(), nil
 }
 func VerifySignature(c *sspi.Context, msg, token []byte, seqno uint32) (uint32, error) {
 	var b [2]sspi.SecBuffer
 	b[0].Set(sspi.SECBUFFER_DATA, msg)
 	b[1].Set(sspi.SECBUFFER_TOKEN, token)
 	var qop uint32
 	ret := sspi.VerifySignature(c.Handle, sspi.NewSecBufferDesc(b[:]), seqno, &qop)
 	if ret != sspi.SEC_E_OK {
 		return 0, ret
 	}
 	return qop, nil
 }
--- a/vendor/github.com/alexbrainman/sspi/mksyscall.go
+++ b/vendor/github.com/alexbrainman/sspi/mksyscall.go
@@ -0,0 +1,7 @@
 // Copyright 2018 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package sspi
 //go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -systemdll=false -output=zsyscall_windows.go syscall.go
--- a/vendor/github.com/alexbrainman/sspi/negotiate/negotiate.go
+++ b/vendor/github.com/alexbrainman/sspi/negotiate/negotiate.go
@@ -0,0 +1,368 @@
 // Copyright 2016 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //go:build windows
 // +build windows
 // Package negotiate provides access to the Microsoft Negotiate SSP Package.
 package negotiate
 import (
 	"errors"
 	"sync"
 	"syscall"
 	"time"
 	"unsafe"
 	"github.com/alexbrainman/sspi"
 	"github.com/alexbrainman/sspi/internal/common"
 )
 // TODO: maybe (if possible) move all winapi related out of sspi and into sspi/internal/winapi
 // PackageInfo contains the Negotiate SSP package description.
 //
 // It's initialized best-effort during init. During early boot it may not
 // yet be loaded & available and thus this will be nil.
 //
 // Deprecated: use GetPackageInfo instead.
 var PackageInfo *sspi.PackageInfo
 func init() {
 	PackageInfo, _ = GetPackageInfo()
 }
 var (
 	pkgInfoMu sync.Mutex
 	pkgInfo   *sspi.PackageInfo
 )
 // GetPackageInfo returns the Negotiate SSP package description.
 func GetPackageInfo() (*sspi.PackageInfo, error) {
 	pkgInfoMu.Lock()
 	defer pkgInfoMu.Unlock()
 	if pkgInfo != nil {
 		return pkgInfo, nil
 	}
 	v, err := sspi.QueryPackageInfo(sspi.NEGOSSP_NAME)
 	if err != nil {
 		return nil, err
 	}
 	pkgInfo = v
 	return v, nil
 }
 func acquireCredentials(principalName string, creduse uint32, ai *sspi.SEC_WINNT_AUTH_IDENTITY) (*sspi.Credentials, error) {
 	c, err := sspi.AcquireCredentials(principalName, sspi.NEGOSSP_NAME, creduse, (*byte)(unsafe.Pointer(ai)))
 	if err != nil {
 		return nil, err
 	}
 	return c, nil
 }
 // AcquireCurrentUserCredentials acquires credentials of currently
 // logged on user. These will be used by the client to authenticate
 // itself to the server. It will also be used by the server
 // to impersonate the user.
 func AcquireCurrentUserCredentials() (*sspi.Credentials, error) {
 	return acquireCredentials("", sspi.SECPKG_CRED_OUTBOUND, nil)
 }
 // AcquireUserCredentials acquires credentials of user described by
 // domain, username and password. These will be used by the client to
 // authenticate itself to the server. It will also be used by the
 // server to impersonate the user.
 func AcquireUserCredentials(domain, username, password string) (*sspi.Credentials, error) {
 	ai, err := common.BuildAuthIdentity(domain, username, password)
 	if err != nil {
 		return nil, err
 	}
 	return acquireCredentials("", sspi.SECPKG_CRED_OUTBOUND, ai)
 }
 // AcquireServerCredentials acquires server credentials that will
 // be used to authenticate clients.
 // The principalName parameter is passed to the underlying call to
 // the winapi AcquireCredentialsHandle function (and specifies the
 // name of the principal whose credentials the underlying handle
 // will reference).
 // As a special case, using an empty string for the principal name
 // will require the credential of the user under whose security context
 // the current process is running.
 func AcquireServerCredentials(principalName string) (*sspi.Credentials, error) {
 	return acquireCredentials(principalName, sspi.SECPKG_CRED_INBOUND, nil)
 }
 // ClientContext is used by the client to manage all steps of Negotiate negotiation.
 type ClientContext struct {
 	sctxt      *sspi.Context
 	targetName *uint16
 }
 // NewClientContext creates a new client context. It uses client
 // credentials cred generated by AcquireCurrentUserCredentials or
 // AcquireUserCredentials and SPN to start a client Negotiate
 // negotiation sequence. targetName is the service principal name
 // (SPN) or the security context of the destination server.
 // NewClientContext returns a new token to be sent to the server.
 func NewClientContext(cred *sspi.Credentials, targetName string) (cc *ClientContext, outputToken []byte, err error) {
 	return NewClientContextWithFlags(cred, targetName, sspi.ISC_REQ_CONNECTION)
 }
 // NewClientContextWithFlags creates a new client context. It uses client
 // credentials cred generated by AcquireCurrentUserCredentials or
 // AcquireUserCredentials and SPN to start a client Negotiate
 // negotiation sequence. targetName is the service principal name
 // (SPN) or the security context of the destination server.
 // The flags parameter is used to indicate requests for the context
 // (for example sspi.ISC_REQ_CONFIDENTIALITY|sspi.ISC_REQ_REPLAY_DETECT)
 // NewClientContextWithFlags returns a new token to be sent to the server.
 func NewClientContextWithFlags(cred *sspi.Credentials, targetName string, flags uint32) (cc *ClientContext, outputToken []byte, err error) {
 	var tname *uint16
 	if len(targetName) > 0 {
 		p, err2 := syscall.UTF16FromString(targetName)
 		if err2 != nil {
 			return nil, nil, err2
 		}
 		if len(p) > 0 {
 			tname = &p[0]
 		}
 	}
 	pkgInfo, err := GetPackageInfo()
 	if err != nil {
 		return nil, nil, err
 	}
 	otoken := make([]byte, pkgInfo.MaxToken)
 	c := sspi.NewClientContext(cred, flags)
 	authCompleted, n, err2 := common.UpdateContext(c, otoken, nil, tname)
 	if err2 != nil {
 		return nil, nil, err2
 	}
 	if authCompleted {
 		c.Release()
 		return nil, nil, errors.New("negotiate authentication should not be completed yet")
 	}
 	if n == 0 {
 		c.Release()
 		return nil, nil, errors.New("negotiate token should not be empty")
 	}
 	otoken = otoken[:n]
 	return &ClientContext{sctxt: c, targetName: tname}, otoken, nil
 }
 // Release free up resources associated with client context c.
 func (c *ClientContext) Release() error {
 	if c == nil {
 		return nil
 	}
 	return c.sctxt.Release()
 }
 // Expiry returns c expiry time.
 func (c *ClientContext) Expiry() time.Time {
 	return c.sctxt.Expiry()
 }
 // Update advances client part of Negotiate negotiation c. It uses
 // token received from the server and returns true if client part
 // of authentication is complete. It also returns new token to be
 // sent to the server.
 func (c *ClientContext) Update(token []byte) (authCompleted bool, outputToken []byte, err error) {
 	pkgInfo, err := GetPackageInfo()
 	if err != nil {
 		return false, nil, err
 	}
 	otoken := make([]byte, pkgInfo.MaxToken)
 	authDone, n, err2 := common.UpdateContext(c.sctxt, otoken, token, c.targetName)
 	if err2 != nil {
 		return false, nil, err2
 	}
 	if n == 0 && !authDone {
 		return false, nil, errors.New("negotiate token should not be empty")
 	}
 	otoken = otoken[:n]
 	return authDone, otoken, nil
 }
 // Sizes queries the client context for the sizes used in per-message
 // functions. It returns the maximum token size used in authentication
 // exchanges, the maximum signature size, the preferred integral size of
 // messages, the size of any security trailer, and any error.
 func (c *ClientContext) Sizes() (uint32, uint32, uint32, uint32, error) {
 	return c.sctxt.Sizes()
 }
 // MakeSignature uses the established client context to create a signature
 // for the given message using the provided quality of protection flags and
 // sequence number. It returns the signature token in addition to any error.
 func (c *ClientContext) MakeSignature(msg []byte, qop, seqno uint32) ([]byte, error) {
 	return common.MakeSignature(c.sctxt, msg, qop, seqno)
 }
 // VerifySignature uses the established client context and signature token
 // to check that the provided message hasn't been tampered or received out
 // of sequence. It returns any quality of protection flags and any error
 // that occurred.
 func (c *ClientContext) VerifySignature(msg, token []byte, seqno uint32) (uint32, error) {
 	return common.VerifySignature(c.sctxt, msg, token, seqno)
 }
 // EncryptMessage uses the established client context to encrypt a message
 // using the provided quality of protection flags and sequence number.
 // It returns the signature token in addition to any error.
 // IMPORTANT: the input msg parameter is updated in place by the low-level windows api
 // so must be copied if the initial content should not be modified.
 func (c *ClientContext) EncryptMessage(msg []byte, qop, seqno uint32) ([]byte, error) {
 	return common.EncryptMessage(c.sctxt, msg, qop, seqno)
 }
 // DecryptMessage uses the established client context to decrypt a message
 // using the provided sequence number.
 // It returns the quality of protection flag and the decrypted message in addition to any error.
 func (c *ClientContext) DecryptMessage(msg []byte, seqno uint32) (uint32, []byte, error) {
 	return common.DecryptMessage(c.sctxt, msg, seqno)
 }
 // VerifyFlags determines if all flags used to construct the client context
 // were honored (see NewClientContextWithFlags).  It should be called after c.Update.
 func (c *ClientContext) VerifyFlags() error {
 	return c.sctxt.VerifyFlags()
 }
 // VerifySelectiveFlags determines if the given flags were honored (see NewClientContextWithFlags).
 // It should be called after c.Update.
 func (c *ClientContext) VerifySelectiveFlags(flags uint32) error {
 	return c.sctxt.VerifySelectiveFlags(flags)
 }
 // ServerContext is used by the server to manage all steps of Negotiate
 // negotiation. Once authentication is completed the context can be
 // used to impersonate client.
 type ServerContext struct {
 	sctxt *sspi.Context
 }
 // NewServerContext creates new server context. It uses server
 // credentials created by AcquireServerCredentials and token from
 // the client to start server Negotiate negotiation sequence.
 // It also returns new token to be sent to the client.
 func NewServerContext(cred *sspi.Credentials, token []byte) (sc *ServerContext, authDone bool, outputToken []byte, err error) {
 	pkgInfo, err := GetPackageInfo()
 	if err != nil {
 		return nil, false, nil, err
 	}
 	otoken := make([]byte, pkgInfo.MaxToken)
 	c := sspi.NewServerContext(cred, sspi.ASC_REQ_CONNECTION)
 	authDone, n, err2 := common.UpdateContext(c, otoken, token, nil)
 	if err2 != nil {
 		return nil, false, nil, err2
 	}
 	otoken = otoken[:n]
 	return &ServerContext{sctxt: c}, authDone, otoken, nil
 }
 // Release free up resources associated with server context c.
 func (c *ServerContext) Release() error {
 	if c == nil {
 		return nil
 	}
 	return c.sctxt.Release()
 }
 // Expiry returns c expiry time.
 func (c *ServerContext) Expiry() time.Time {
 	return c.sctxt.Expiry()
 }
 // Update advances server part of Negotiate negotiation c. It uses
 // token received from the client and returns true if server part
 // of authentication is complete. It also returns new token to be
 // sent to the client.
 func (c *ServerContext) Update(token []byte) (authCompleted bool, outputToken []byte, err error) {
 	pkgInfo, err := GetPackageInfo()
 	if err != nil {
 		return false, nil, err
 	}
 	otoken := make([]byte, pkgInfo.MaxToken)
 	authDone, n, err2 := common.UpdateContext(c.sctxt, otoken, token, nil)
 	if err2 != nil {
 		return false, nil, err2
 	}
 	if n == 0 && !authDone {
 		return false, nil, errors.New("negotiate token should not be empty")
 	}
 	otoken = otoken[:n]
 	return authDone, otoken, nil
 }
 const _SECPKG_ATTR_NATIVE_NAMES = 13
 type _SecPkgContext_NativeNames struct {
 	ClientName *uint16
 	ServerName *uint16
 }
 // GetUsername returns the username corresponding to the authenticated client
 func (c *ServerContext) GetUsername() (string, error) {
 	var ns _SecPkgContext_NativeNames
 	ret := sspi.QueryContextAttributes(c.sctxt.Handle, _SECPKG_ATTR_NATIVE_NAMES, (*byte)(unsafe.Pointer(&ns)))
 	if ret != sspi.SEC_E_OK {
 		return "", ret
 	}
 	sspi.FreeContextBuffer((*byte)(unsafe.Pointer(ns.ServerName)))
 	defer sspi.FreeContextBuffer((*byte)(unsafe.Pointer(ns.ClientName)))
 	return syscall.UTF16ToString((*[2 << 20]uint16)(unsafe.Pointer(ns.ClientName))[:]), nil
 }
 // ImpersonateUser changes current OS thread user. New user is
 // the user as specified by client credentials.
 func (c *ServerContext) ImpersonateUser() error {
 	return c.sctxt.ImpersonateUser()
 }
 // RevertToSelf stops impersonation. It changes current OS thread
 // user to what it was before ImpersonateUser was executed.
 func (c *ServerContext) RevertToSelf() error {
 	return c.sctxt.RevertToSelf()
 }
 // Sizes queries the server context for the sizes used in per-message
 // functions. It returns the maximum token size used in authentication
 // exchanges, the maximum signature size, the preferred integral size of
 // messages, the size of any security trailer, and any error.
 func (c *ServerContext) Sizes() (uint32, uint32, uint32, uint32, error) {
 	return c.sctxt.Sizes()
 }
 // MakeSignature uses the established server context to create a signature
 // for the given message using the provided quality of protection flags and
 // sequence number. It returns the signature token in addition to any error.
 func (c *ServerContext) MakeSignature(msg []byte, qop, seqno uint32) ([]byte, error) {
 	return common.MakeSignature(c.sctxt, msg, qop, seqno)
 }
 // VerifySignature uses the established server context and signature token
 // to check that the provided message hasn't been tampered or received out
 // of sequence. It returns any quality of protection flags and any error
 // that occurred.
 func (c *ServerContext) VerifySignature(msg, token []byte, seqno uint32) (uint32, error) {
 	return common.VerifySignature(c.sctxt, msg, token, seqno)
 }
 // EncryptMessage uses the established server context to encrypt a message
 // using the provided quality of protection flags and sequence number.
 // It returns the signature token in addition to any error.
 // IMPORTANT: the input msg parameter is updated in place by the low-level windows api
 // so must be copied if the initial content should not be modified.
 func (c *ServerContext) EncryptMessage(msg []byte, qop, seqno uint32) ([]byte, error) {
 	return common.EncryptMessage(c.sctxt, msg, qop, seqno)
 }
 // DecryptMessage uses the established server context to decrypt a message
 // using the provided sequence number.
 // It returns the quality of protection flag and the decrypted message in addition to any error.
 func (c *ServerContext) DecryptMessage(msg []byte, seqno uint32) (uint32, []byte, error) {
 	return common.DecryptMessage(c.sctxt, msg, seqno)
 }
--- a/vendor/github.com/alexbrainman/sspi/sspi.go
+++ b/vendor/github.com/alexbrainman/sspi/sspi.go
@@ -0,0 +1,226 @@
 // Copyright 2015 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // +build windows
 package sspi
 import (
 	"fmt"
 	"syscall"
 	"time"
 	"unsafe"
 )
 // TODO: add documentation
 type PackageInfo struct {
 	Capabilities uint32
 	Version      uint16
 	RPCID        uint16
 	MaxToken     uint32
 	Name         string
 	Comment      string
 }
 func QueryPackageInfo(pkgname string) (*PackageInfo, error) {
 	name, err := syscall.UTF16PtrFromString(pkgname)
 	if err != nil {
 		return nil, err
 	}
 	var pi *SecPkgInfo
 	ret := QuerySecurityPackageInfo(name, &pi)
 	if ret != SEC_E_OK {
 		return nil, ret
 	}
 	defer FreeContextBuffer((*byte)(unsafe.Pointer(pi)))
 	return &PackageInfo{
 		Capabilities: pi.Capabilities,
 		Version:      pi.Version,
 		RPCID:        pi.RPCID,
 		MaxToken:     pi.MaxToken,
 		Name:         syscall.UTF16ToString((*[2 << 12]uint16)(unsafe.Pointer(pi.Name))[:]),
 		Comment:      syscall.UTF16ToString((*[2 << 12]uint16)(unsafe.Pointer(pi.Comment))[:]),
 	}, nil
 }
 type Credentials struct {
 	Handle CredHandle
 	expiry syscall.Filetime
 }
 // AcquireCredentials calls the windows AcquireCredentialsHandle function and
 // returns Credentials containing a security handle that can be used for
 // InitializeSecurityContext or AcceptSecurityContext operations.
 // As a special case, passing an empty string as the principal parameter will
 // pass a null string to the underlying function.
 func AcquireCredentials(principal string, pkgname string, creduse uint32, authdata *byte) (*Credentials, error) {
 	var principalName *uint16
 	if principal != "" {
 		var err error
 		principalName, err = syscall.UTF16PtrFromString(principal)
 		if err != nil {
 			return nil, err
 		}
 	}
 	name, err := syscall.UTF16PtrFromString(pkgname)
 	if err != nil {
 		return nil, err
 	}
 	var c Credentials
 	ret := AcquireCredentialsHandle(principalName, name, creduse, nil, authdata, 0, 0, &c.Handle, &c.expiry)
 	if ret != SEC_E_OK {
 		return nil, ret
 	}
 	return &c, nil
 }
 func (c *Credentials) Release() error {
 	if c == nil {
 		return nil
 	}
 	ret := FreeCredentialsHandle(&c.Handle)
 	if ret != SEC_E_OK {
 		return ret
 	}
 	return nil
 }
 func (c *Credentials) Expiry() time.Time {
 	return time.Unix(0, c.expiry.Nanoseconds())
 }
 // TODO: add functions to display and manage RequestedFlags and EstablishedFlags fields.
 // TODO: maybe get rid of RequestedFlags and EstablishedFlags fields, and replace them with input parameter for New...Context and return value of Update (instead of current bool parameter).
 type updateFunc func(c *Context, targname *uint16, h, newh *CtxtHandle, out, in *SecBufferDesc) syscall.Errno
 type Context struct {
 	Cred             *Credentials
 	Handle           *CtxtHandle
 	handle           CtxtHandle
 	updFn            updateFunc
 	expiry           syscall.Filetime
 	RequestedFlags   uint32
 	EstablishedFlags uint32
 }
 func NewClientContext(cred *Credentials, flags uint32) *Context {
 	return &Context{
 		Cred:           cred,
 		updFn:          initialize,
 		RequestedFlags: flags,
 	}
 }
 func NewServerContext(cred *Credentials, flags uint32) *Context {
 	return &Context{
 		Cred:           cred,
 		updFn:          accept,
 		RequestedFlags: flags,
 	}
 }
 func initialize(c *Context, targname *uint16, h, newh *CtxtHandle, out, in *SecBufferDesc) syscall.Errno {
 	return InitializeSecurityContext(&c.Cred.Handle, h, targname, c.RequestedFlags,
 		0, SECURITY_NATIVE_DREP, in, 0, newh, out, &c.EstablishedFlags, &c.expiry)
 }
 func accept(c *Context, targname *uint16, h, newh *CtxtHandle, out, in *SecBufferDesc) syscall.Errno {
 	return AcceptSecurityContext(&c.Cred.Handle, h, in, c.RequestedFlags,
 		SECURITY_NATIVE_DREP, newh, out, &c.EstablishedFlags, &c.expiry)
 }
 func (c *Context) Update(targname *uint16, out, in *SecBufferDesc) syscall.Errno {
 	h := c.Handle
 	if c.Handle == nil {
 		c.Handle = &c.handle
 	}
 	return c.updFn(c, targname, h, c.Handle, out, in)
 }
 func (c *Context) Release() error {
 	if c == nil {
 		return nil
 	}
 	ret := DeleteSecurityContext(c.Handle)
 	if ret != SEC_E_OK {
 		return ret
 	}
 	return nil
 }
 func (c *Context) Expiry() time.Time {
 	return time.Unix(0, c.expiry.Nanoseconds())
 }
 // TODO: add comment to function doco that this "impersonation" is applied to current OS thread.
 func (c *Context) ImpersonateUser() error {
 	ret := ImpersonateSecurityContext(c.Handle)
 	if ret != SEC_E_OK {
 		return ret
 	}
 	return nil
 }
 func (c *Context) RevertToSelf() error {
 	ret := RevertSecurityContext(c.Handle)
 	if ret != SEC_E_OK {
 		return ret
 	}
 	return nil
 }
 // Sizes queries the context for the sizes used in per-message functions.
 // It returns the maximum token size used in authentication exchanges, the
 // maximum signature size, the preferred integral size of messages, the
 // size of any security trailer, and any error.
 func (c *Context) Sizes() (uint32, uint32, uint32, uint32, error) {
 	var s _SecPkgContext_Sizes
 	ret := QueryContextAttributes(c.Handle, _SECPKG_ATTR_SIZES, (*byte)(unsafe.Pointer(&s)))
 	if ret != SEC_E_OK {
 		return 0, 0, 0, 0, ret
 	}
 	return s.MaxToken, s.MaxSignature, s.BlockSize, s.SecurityTrailer, nil
 }
 // VerifyFlags determines if all flags used to construct the context
 // were honored (see NewClientContext).  It should be called after c.Update.
 func (c *Context) VerifyFlags() error {
 	return c.VerifySelectiveFlags(c.RequestedFlags)
 }
 // VerifySelectiveFlags determines if the given flags were honored (see NewClientContext).
 // It should be called after c.Update.
 func (c *Context) VerifySelectiveFlags(flags uint32) error {
 	if valid, missing, extra := verifySelectiveFlags(flags, c.RequestedFlags); !valid {
 		return fmt.Errorf("sspi: invalid flags check: desired=%b requested=%b missing=%b extra=%b", flags, c.RequestedFlags, missing, extra)
 	}
 	if valid, missing, extra := verifySelectiveFlags(flags, c.EstablishedFlags); !valid {
 		return fmt.Errorf("sspi: invalid flags: desired=%b established=%b missing=%b extra=%b", flags, c.EstablishedFlags, missing, extra)
 	}
 	return nil
 }
 // verifySelectiveFlags determines if all bits requested in flags are set in establishedFlags.
 // missing represents the bits set in flags that are not set in establishedFlags.
 // extra represents the bits set in establishedFlags that are not set in flags.
 // valid is true and missing is zero when establishedFlags has all of the requested flags.
 func verifySelectiveFlags(flags, establishedFlags uint32) (valid bool, missing, extra uint32) {
 	missing = flags&establishedFlags ^ flags
 	extra = flags | establishedFlags ^ flags
 	valid = missing == 0
 	return valid, missing, extra
 }
 // NewSecBufferDesc returns an initialized SecBufferDesc describing the
 // provided SecBuffer.
 func NewSecBufferDesc(b []SecBuffer) *SecBufferDesc {
 	return &SecBufferDesc{
 		Version:      SECBUFFER_VERSION,
 		BuffersCount: uint32(len(b)),
 		Buffers:      &b[0],
 	}
 }
--- a/vendor/github.com/alexbrainman/sspi/syscall.go
+++ b/vendor/github.com/alexbrainman/sspi/syscall.go
@@ -0,0 +1,174 @@
 // Copyright 2015 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // +build windows
 package sspi
 import (
 	"syscall"
 )
 const (
 	SEC_E_OK = syscall.Errno(0)
 	SEC_I_COMPLETE_AND_CONTINUE = syscall.Errno(590612)
 	SEC_I_COMPLETE_NEEDED       = syscall.Errno(590611)
 	SEC_I_CONTINUE_NEEDED       = syscall.Errno(590610)
 	SEC_E_LOGON_DENIED       = syscall.Errno(0x8009030c)
 	SEC_E_CONTEXT_EXPIRED    = syscall.Errno(0x80090317) // not sure if the value is valid
 	SEC_E_INCOMPLETE_MESSAGE = syscall.Errno(0x80090318)
 	NTLMSP_NAME             = "NTLM"
 	MICROSOFT_KERBEROS_NAME = "Kerberos"
 	NEGOSSP_NAME            = "Negotiate"
 	UNISP_NAME              = "Microsoft Unified Security Protocol Provider"
 	_SECPKG_ATTR_SIZES            = 0
 	_SECPKG_ATTR_NAMES            = 1
 	_SECPKG_ATTR_LIFESPAN         = 2
 	_SECPKG_ATTR_DCE_INFO         = 3
 	_SECPKG_ATTR_STREAM_SIZES     = 4
 	_SECPKG_ATTR_KEY_INFO         = 5
 	_SECPKG_ATTR_AUTHORITY        = 6
 	_SECPKG_ATTR_PROTO_INFO       = 7
 	_SECPKG_ATTR_PASSWORD_EXPIRY  = 8
 	_SECPKG_ATTR_SESSION_KEY      = 9
 	_SECPKG_ATTR_PACKAGE_INFO     = 10
 	_SECPKG_ATTR_USER_FLAGS       = 11
 	_SECPKG_ATTR_NEGOTIATION_INFO = 12
 	_SECPKG_ATTR_NATIVE_NAMES     = 13
 	_SECPKG_ATTR_FLAGS            = 14
 )
 type SecPkgInfo struct {
 	Capabilities uint32
 	Version      uint16
 	RPCID        uint16
 	MaxToken     uint32
 	Name         *uint16
 	Comment      *uint16
 }
 type _SecPkgContext_Sizes struct {
 	MaxToken        uint32
 	MaxSignature    uint32
 	BlockSize       uint32
 	SecurityTrailer uint32
 }
 //sys	QuerySecurityPackageInfo(pkgname *uint16, pkginfo **SecPkgInfo) (ret syscall.Errno) = secur32.QuerySecurityPackageInfoW
 //sys	FreeContextBuffer(buf *byte) (ret syscall.Errno) = secur32.FreeContextBuffer
 const (
 	SECPKG_CRED_INBOUND  = 1
 	SECPKG_CRED_OUTBOUND = 2
 	SECPKG_CRED_BOTH     = (SECPKG_CRED_OUTBOUND | SECPKG_CRED_INBOUND)
 	SEC_WINNT_AUTH_IDENTITY_UNICODE = 0x2
 )
 type SEC_WINNT_AUTH_IDENTITY struct {
 	User           *uint16
 	UserLength     uint32
 	Domain         *uint16
 	DomainLength   uint32
 	Password       *uint16
 	PasswordLength uint32
 	Flags          uint32
 }
 type LUID struct {
 	LowPart  uint32
 	HighPart int32
 }
 type CredHandle struct {
 	Lower uintptr
 	Upper uintptr
 }
 //sys	AcquireCredentialsHandle(principal *uint16, pkgname *uint16, creduse uint32, logonid *LUID, authdata *byte, getkeyfn uintptr, getkeyarg uintptr, handle *CredHandle, expiry *syscall.Filetime) (ret syscall.Errno) = secur32.AcquireCredentialsHandleW
 //sys	FreeCredentialsHandle(handle *CredHandle) (ret syscall.Errno) = secur32.FreeCredentialsHandle
 const (
 	SECURITY_NATIVE_DREP = 16
 	SECBUFFER_DATA           = 1
 	SECBUFFER_TOKEN          = 2
 	SECBUFFER_PKG_PARAMS     = 3
 	SECBUFFER_MISSING        = 4
 	SECBUFFER_EXTRA          = 5
 	SECBUFFER_STREAM_TRAILER = 6
 	SECBUFFER_STREAM_HEADER  = 7
 	SECBUFFER_PADDING        = 9
 	SECBUFFER_STREAM         = 10
 	SECBUFFER_READONLY       = 0x80000000
 	SECBUFFER_ATTRMASK       = 0xf0000000
 	SECBUFFER_VERSION        = 0
 	SECBUFFER_EMPTY          = 0
 	ISC_REQ_DELEGATE               = 1
 	ISC_REQ_MUTUAL_AUTH            = 2
 	ISC_REQ_REPLAY_DETECT          = 4
 	ISC_REQ_SEQUENCE_DETECT        = 8
 	ISC_REQ_CONFIDENTIALITY        = 16
 	ISC_REQ_USE_SESSION_KEY        = 32
 	ISC_REQ_PROMPT_FOR_CREDS       = 64
 	ISC_REQ_USE_SUPPLIED_CREDS     = 128
 	ISC_REQ_ALLOCATE_MEMORY        = 256
 	ISC_REQ_USE_DCE_STYLE          = 512
 	ISC_REQ_DATAGRAM               = 1024
 	ISC_REQ_CONNECTION             = 2048
 	ISC_REQ_EXTENDED_ERROR         = 16384
 	ISC_REQ_STREAM                 = 32768
 	ISC_REQ_INTEGRITY              = 65536
 	ISC_REQ_MANUAL_CRED_VALIDATION = 524288
 	ISC_REQ_HTTP                   = 268435456
 	ASC_REQ_DELEGATE        = 1
 	ASC_REQ_MUTUAL_AUTH     = 2
 	ASC_REQ_REPLAY_DETECT   = 4
 	ASC_REQ_SEQUENCE_DETECT = 8
 	ASC_REQ_CONFIDENTIALITY = 16
 	ASC_REQ_USE_SESSION_KEY = 32
 	ASC_REQ_ALLOCATE_MEMORY = 256
 	ASC_REQ_USE_DCE_STYLE   = 512
 	ASC_REQ_DATAGRAM        = 1024
 	ASC_REQ_CONNECTION      = 2048
 	ASC_REQ_EXTENDED_ERROR  = 32768
 	ASC_REQ_STREAM          = 65536
 	ASC_REQ_INTEGRITY       = 131072
 )
 type CtxtHandle struct {
 	Lower uintptr
 	Upper uintptr
 }
 type SecBuffer struct {
 	BufferSize uint32
 	BufferType uint32
 	Buffer     *byte
 }
 type SecBufferDesc struct {
 	Version      uint32
 	BuffersCount uint32
 	Buffers      *SecBuffer
 }
 //sys	InitializeSecurityContext(credential *CredHandle, context *CtxtHandle, targname *uint16, contextreq uint32, reserved1 uint32, targdatarep uint32, input *SecBufferDesc, reserved2 uint32, newcontext *CtxtHandle, output *SecBufferDesc, contextattr *uint32, expiry *syscall.Filetime) (ret syscall.Errno) = secur32.InitializeSecurityContextW
 //sys	AcceptSecurityContext(credential *CredHandle, context *CtxtHandle, input *SecBufferDesc, contextreq uint32, targdatarep uint32, newcontext *CtxtHandle, output *SecBufferDesc, contextattr *uint32, expiry *syscall.Filetime) (ret syscall.Errno) = secur32.AcceptSecurityContext
 //sys	CompleteAuthToken(context *CtxtHandle, token *SecBufferDesc) (ret syscall.Errno) = secur32.CompleteAuthToken
 //sys	DeleteSecurityContext(context *CtxtHandle) (ret syscall.Errno) = secur32.DeleteSecurityContext
 //sys	ImpersonateSecurityContext(context *CtxtHandle) (ret syscall.Errno) = secur32.ImpersonateSecurityContext
 //sys	RevertSecurityContext(context *CtxtHandle) (ret syscall.Errno) = secur32.RevertSecurityContext
 //sys	QueryContextAttributes(context *CtxtHandle, attribute uint32, buf *byte) (ret syscall.Errno) = secur32.QueryContextAttributesW
 //sys	EncryptMessage(context *CtxtHandle, qop uint32, message *SecBufferDesc, messageseqno uint32) (ret syscall.Errno) = secur32.EncryptMessage
 //sys	DecryptMessage(context *CtxtHandle, message *SecBufferDesc, messageseqno uint32, qop *uint32) (ret syscall.Errno) = secur32.DecryptMessage
 //sys	ApplyControlToken(context *CtxtHandle, input *SecBufferDesc) (ret syscall.Errno) = secur32.ApplyControlToken
 //sys	MakeSignature(context *CtxtHandle, qop uint32, message *SecBufferDesc, messageseqno uint32) (ret syscall.Errno) = secur32.MakeSignature
 //sys	VerifySignature(context *CtxtHandle, message *SecBufferDesc, messageseqno uint32, qop *uint32) (ret syscall.Errno) = secur32.VerifySignature
--- a/vendor/github.com/alexbrainman/sspi/zsyscall_windows.go
+++ b/vendor/github.com/alexbrainman/sspi/zsyscall_windows.go
@@ -0,0 +1,152 @@
 // MACHINE GENERATED BY 'go generate' COMMAND; DO NOT EDIT
 package sspi
 import (
 	"syscall"
 	"unsafe"
 )
 var _ unsafe.Pointer
 // Do the interface allocations only once for common
 // Errno values.
 const (
 	errnoERROR_IO_PENDING = 997
 )
 var (
 	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
 )
 // errnoErr returns common boxed Errno values, to prevent
 // allocations at runtime.
 func errnoErr(e syscall.Errno) error {
 	switch e {
 	case 0:
 		return nil
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
 	// TODO: add more here, after collecting data on the common
 	// error values see on Windows. (perhaps when running
 	// all.bat?)
 	return e
 }
 var (
 	modsecur32 = syscall.NewLazyDLL("secur32.dll")
 	procQuerySecurityPackageInfoW  = modsecur32.NewProc("QuerySecurityPackageInfoW")
 	procFreeContextBuffer          = modsecur32.NewProc("FreeContextBuffer")
 	procAcquireCredentialsHandleW  = modsecur32.NewProc("AcquireCredentialsHandleW")
 	procFreeCredentialsHandle      = modsecur32.NewProc("FreeCredentialsHandle")
 	procInitializeSecurityContextW = modsecur32.NewProc("InitializeSecurityContextW")
 	procAcceptSecurityContext      = modsecur32.NewProc("AcceptSecurityContext")
 	procCompleteAuthToken          = modsecur32.NewProc("CompleteAuthToken")
 	procDeleteSecurityContext      = modsecur32.NewProc("DeleteSecurityContext")
 	procImpersonateSecurityContext = modsecur32.NewProc("ImpersonateSecurityContext")
 	procRevertSecurityContext      = modsecur32.NewProc("RevertSecurityContext")
 	procQueryContextAttributesW    = modsecur32.NewProc("QueryContextAttributesW")
 	procEncryptMessage             = modsecur32.NewProc("EncryptMessage")
 	procDecryptMessage             = modsecur32.NewProc("DecryptMessage")
 	procApplyControlToken          = modsecur32.NewProc("ApplyControlToken")
 	procMakeSignature              = modsecur32.NewProc("MakeSignature")
 	procVerifySignature            = modsecur32.NewProc("VerifySignature")
 )
 func QuerySecurityPackageInfo(pkgname *uint16, pkginfo **SecPkgInfo) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall(procQuerySecurityPackageInfoW.Addr(), 2, uintptr(unsafe.Pointer(pkgname)), uintptr(unsafe.Pointer(pkginfo)), 0)
 	ret = syscall.Errno(r0)
 	return
 }
 func FreeContextBuffer(buf *byte) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall(procFreeContextBuffer.Addr(), 1, uintptr(unsafe.Pointer(buf)), 0, 0)
 	ret = syscall.Errno(r0)
 	return
 }
 func AcquireCredentialsHandle(principal *uint16, pkgname *uint16, creduse uint32, logonid *LUID, authdata *byte, getkeyfn uintptr, getkeyarg uintptr, handle *CredHandle, expiry *syscall.Filetime) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall9(procAcquireCredentialsHandleW.Addr(), 9, uintptr(unsafe.Pointer(principal)), uintptr(unsafe.Pointer(pkgname)), uintptr(creduse), uintptr(unsafe.Pointer(logonid)), uintptr(unsafe.Pointer(authdata)), uintptr(getkeyfn), uintptr(getkeyarg), uintptr(unsafe.Pointer(handle)), uintptr(unsafe.Pointer(expiry)))
 	ret = syscall.Errno(r0)
 	return
 }
 func FreeCredentialsHandle(handle *CredHandle) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall(procFreeCredentialsHandle.Addr(), 1, uintptr(unsafe.Pointer(handle)), 0, 0)
 	ret = syscall.Errno(r0)
 	return
 }
 func InitializeSecurityContext(credential *CredHandle, context *CtxtHandle, targname *uint16, contextreq uint32, reserved1 uint32, targdatarep uint32, input *SecBufferDesc, reserved2 uint32, newcontext *CtxtHandle, output *SecBufferDesc, contextattr *uint32, expiry *syscall.Filetime) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall12(procInitializeSecurityContextW.Addr(), 12, uintptr(unsafe.Pointer(credential)), uintptr(unsafe.Pointer(context)), uintptr(unsafe.Pointer(targname)), uintptr(contextreq), uintptr(reserved1), uintptr(targdatarep), uintptr(unsafe.Pointer(input)), uintptr(reserved2), uintptr(unsafe.Pointer(newcontext)), uintptr(unsafe.Pointer(output)), uintptr(unsafe.Pointer(contextattr)), uintptr(unsafe.Pointer(expiry)))
 	ret = syscall.Errno(r0)
 	return
 }
 func AcceptSecurityContext(credential *CredHandle, context *CtxtHandle, input *SecBufferDesc, contextreq uint32, targdatarep uint32, newcontext *CtxtHandle, output *SecBufferDesc, contextattr *uint32, expiry *syscall.Filetime) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall9(procAcceptSecurityContext.Addr(), 9, uintptr(unsafe.Pointer(credential)), uintptr(unsafe.Pointer(context)), uintptr(unsafe.Pointer(input)), uintptr(contextreq), uintptr(targdatarep), uintptr(unsafe.Pointer(newcontext)), uintptr(unsafe.Pointer(output)), uintptr(unsafe.Pointer(contextattr)), uintptr(unsafe.Pointer(expiry)))
 	ret = syscall.Errno(r0)
 	return
 }
 func CompleteAuthToken(context *CtxtHandle, token *SecBufferDesc) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall(procCompleteAuthToken.Addr(), 2, uintptr(unsafe.Pointer(context)), uintptr(unsafe.Pointer(token)), 0)
 	ret = syscall.Errno(r0)
 	return
 }
 func DeleteSecurityContext(context *CtxtHandle) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall(procDeleteSecurityContext.Addr(), 1, uintptr(unsafe.Pointer(context)), 0, 0)
 	ret = syscall.Errno(r0)
 	return
 }
 func ImpersonateSecurityContext(context *CtxtHandle) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall(procImpersonateSecurityContext.Addr(), 1, uintptr(unsafe.Pointer(context)), 0, 0)
 	ret = syscall.Errno(r0)
 	return
 }
 func RevertSecurityContext(context *CtxtHandle) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall(procRevertSecurityContext.Addr(), 1, uintptr(unsafe.Pointer(context)), 0, 0)
 	ret = syscall.Errno(r0)
 	return
 }
 func QueryContextAttributes(context *CtxtHandle, attribute uint32, buf *byte) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall(procQueryContextAttributesW.Addr(), 3, uintptr(unsafe.Pointer(context)), uintptr(attribute), uintptr(unsafe.Pointer(buf)))
 	ret = syscall.Errno(r0)
 	return
 }
 func EncryptMessage(context *CtxtHandle, qop uint32, message *SecBufferDesc, messageseqno uint32) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall6(procEncryptMessage.Addr(), 4, uintptr(unsafe.Pointer(context)), uintptr(qop), uintptr(unsafe.Pointer(message)), uintptr(messageseqno), 0, 0)
 	ret = syscall.Errno(r0)
 	return
 }
 func DecryptMessage(context *CtxtHandle, message *SecBufferDesc, messageseqno uint32, qop *uint32) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall6(procDecryptMessage.Addr(), 4, uintptr(unsafe.Pointer(context)), uintptr(unsafe.Pointer(message)), uintptr(messageseqno), uintptr(unsafe.Pointer(qop)), 0, 0)
 	ret = syscall.Errno(r0)
 	return
 }
 func ApplyControlToken(context *CtxtHandle, input *SecBufferDesc) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall(procApplyControlToken.Addr(), 2, uintptr(unsafe.Pointer(context)), uintptr(unsafe.Pointer(input)), 0)
 	ret = syscall.Errno(r0)
 	return
 }
 func MakeSignature(context *CtxtHandle, qop uint32, message *SecBufferDesc, messageseqno uint32) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall6(procMakeSignature.Addr(), 4, uintptr(unsafe.Pointer(context)), uintptr(qop), uintptr(unsafe.Pointer(message)), uintptr(messageseqno), 0, 0)
 	ret = syscall.Errno(r0)
 	return
 }
 func VerifySignature(context *CtxtHandle, message *SecBufferDesc, messageseqno uint32, qop *uint32) (ret syscall.Errno) {
 	r0, _, _ := syscall.Syscall6(procVerifySignature.Addr(), 4, uintptr(unsafe.Pointer(context)), uintptr(unsafe.Pointer(message)), uintptr(messageseqno), uintptr(unsafe.Pointer(qop)), 0, 0)
 	ret = syscall.Errno(r0)
 	return
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/LICENSE.txt
+++ b/vendor/github.com/aws/aws-sdk-go-v2/LICENSE.txt
@@ -0,0 +1,202 @@
                                 Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/
   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
   1. Definitions.
      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.
      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.
      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.
      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.
      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.
      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.
      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).
      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and Derivative Works thereof.
      "Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control systems,
      and issue tracking systems that are managed by, or on behalf of, the
      Licensor for the purpose of discussing and improving the Work, but
      excluding communication that is conspicuously marked or otherwise
      designated in writing by the copyright owner as "Not a Contribution."
      "Contributor" shall mean Licensor and any individual or Legal Entity
      on behalf of whom a Contribution has been received by Licensor and
      subsequently incorporated within the Work.
   2. Grant of Copyright License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      copyright license to reproduce, prepare Derivative Works of,
      publicly display, publicly perform, sublicense, and distribute the
      Work and such Derivative Works in Source or Object form.
   3. Grant of Patent License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      (except as stated in this section) patent license to make, have made,
      use, offer to sell, sell, import, and otherwise transfer the Work,
      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work
      or a Contribution incorporated within the Work constitutes direct
      or contributory patent infringement, then any patent licenses
      granted to You under this License for that Work shall terminate
      as of the date such litigation is filed.
   4. Redistribution. You may reproduce and distribute copies of the
      Work or Derivative Works thereof in any medium, with or without
      modifications, and in Source or Object form, provided that You
      meet the following conditions:
      (a) You must give any other recipients of the Work or
          Derivative Works a copy of this License; and
      (b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and
      (c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and
      (d) If the Work includes a "NOTICE" text file as part of its
          distribution, then any Derivative Works that You distribute must
          include a readable copy of the attribution notices contained
          within such NOTICE file, excluding those notices that do not
          pertain to any part of the Derivative Works, in at least one
          of the following places: within a NOTICE text file distributed
          as part of the Derivative Works; within the Source form or
          documentation, if provided along with the Derivative Works; or,
          within a display generated by the Derivative Works, if and
          wherever such third-party notices normally appear. The contents
          of the NOTICE file are for informational purposes only and
          do not modify the License. You may add Your own attribution
          notices within Derivative Works that You distribute, alongside
          or as an addendum to the NOTICE text from the Work, provided
          that such additional attribution notices cannot be construed
          as modifying the License.
      You may add Your own copyright statement to Your modifications and
      may provide additional or different license terms and conditions
      for use, reproduction, or distribution of Your modifications, or
      for any such Derivative Works as a whole, provided Your use,
      reproduction, and distribution of the Work otherwise complies with
      the conditions stated in this License.
   5. Submission of Contributions. Unless You explicitly state otherwise,
      any Contribution intentionally submitted for inclusion in the Work
      by You to the Licensor shall be under the terms and conditions of
      this License, without any additional terms or conditions.
      Notwithstanding the above, nothing herein shall supersede or modify
      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.
   6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the
      origin of the Work and reproducing the content of the NOTICE file.
   7. Disclaimer of Warranty. Unless required by applicable law or
      agreed to in writing, Licensor provides the Work (and each
      Contributor provides its Contributions) on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
      implied, including, without limitation, any warranties or conditions
      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
      PARTICULAR PURPOSE. You are solely responsible for determining the
      appropriateness of using or redistributing the Work and assume any
      risks associated with Your exercise of permissions under this License.
   8. Limitation of Liability. In no event and under no legal theory,
      whether in tort (including negligence), contract, or otherwise,
      unless required by applicable law (such as deliberate and grossly
      negligent acts) or agreed to in writing, shall any Contributor be
      liable to You for damages, including any direct, indirect, special,
      incidental, or consequential damages of any character arising as a
      result of this License or out of the use or inability to use the
      Work (including but not limited to damages for loss of goodwill,
      work stoppage, computer failure or malfunction, or any and all
      other commercial damages or losses), even if such Contributor
      has been advised of the possibility of such damages.
   9. Accepting Warranty or Additional Liability. While redistributing
      the Work or Derivative Works thereof, You may choose to offer,
      and charge a fee for, acceptance of support, warranty, indemnity,
      or other liability obligations and/or rights consistent with this
      License. However, in accepting such obligations, You may act only
      on Your own behalf and on Your sole responsibility, not on behalf
      of any other Contributor, and only if You agree to indemnify,
      defend, and hold each Contributor harmless for any liability
      incurred by, or claims asserted against, such Contributor by reason
      of your accepting any such warranty or additional liability.
   END OF TERMS AND CONDITIONS
   APPENDIX: How to apply the Apache License to your work.
      To apply the Apache License to your work, attach the following
      boilerplate notice, with the fields enclosed by brackets "[]"
      replaced with your own identifying information. (Don't include
      the brackets!)  The text should be enclosed in the appropriate
      comment syntax for the file format. We also recommend that a
      file or class name and description of purpose be included on the
      same "printed page" as the copyright notice for easier
      identification within third-party archives.
   Copyright [yyyy] [name of copyright owner]
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
       http://www.apache.org/licenses/LICENSE-2.0
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
--- a/vendor/github.com/aws/aws-sdk-go-v2/NOTICE.txt
+++ b/vendor/github.com/aws/aws-sdk-go-v2/NOTICE.txt
@@ -0,0 +1,3 @@
 AWS SDK for Go
 Copyright 2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 Copyright 2014-2015 Stripe, Inc.
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/arn/arn.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/arn/arn.go
@@ -0,0 +1,92 @@
 // Package arn provides a parser for interacting with Amazon Resource Names.
 package arn
 import (
 	"errors"
 	"strings"
 )
 const (
 	arnDelimiter = ":"
 	arnSections  = 6
 	arnPrefix    = "arn:"
 	// zero-indexed
 	sectionPartition = 1
 	sectionService   = 2
 	sectionRegion    = 3
 	sectionAccountID = 4
 	sectionResource  = 5
 	// errors
 	invalidPrefix   = "arn: invalid prefix"
 	invalidSections = "arn: not enough sections"
 )
 // ARN captures the individual fields of an Amazon Resource Name.
 // See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more information.
 type ARN struct {
 	// The partition that the resource is in. For standard AWS regions, the partition is "aws". If you have resources in
 	// other partitions, the partition is "aws-partitionname". For example, the partition for resources in the China
 	// (Beijing) region is "aws-cn".
 	Partition string
 	// The service namespace that identifies the AWS product (for example, Amazon S3, IAM, or Amazon RDS). For a list of
 	// namespaces, see
 	// http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces.
 	Service string
 	// The region the resource resides in. Note that the ARNs for some resources do not require a region, so this
 	// component might be omitted.
 	Region string
 	// The ID of the AWS account that owns the resource, without the hyphens. For example, 123456789012. Note that the
 	// ARNs for some resources don't require an account number, so this component might be omitted.
 	AccountID string
 	// The content of this part of the ARN varies by service. It often includes an indicator of the type of resource —
 	// for example, an IAM user or Amazon RDS database - followed by a slash (/) or a colon (:), followed by the
 	// resource name itself. Some services allows paths for resource names, as described in
 	// http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arns-paths.
 	Resource string
 }
 // Parse parses an ARN into its constituent parts.
 //
 // Some example ARNs:
 // arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment
 // arn:aws:iam::123456789012:user/David
 // arn:aws:rds:eu-west-1:123456789012:db:mysql-db
 // arn:aws:s3:::my_corporate_bucket/exampleobject.png
 func Parse(arn string) (ARN, error) {
 	if !strings.HasPrefix(arn, arnPrefix) {
 		return ARN{}, errors.New(invalidPrefix)
 	}
 	sections := strings.SplitN(arn, arnDelimiter, arnSections)
 	if len(sections) != arnSections {
 		return ARN{}, errors.New(invalidSections)
 	}
 	return ARN{
 		Partition: sections[sectionPartition],
 		Service:   sections[sectionService],
 		Region:    sections[sectionRegion],
 		AccountID: sections[sectionAccountID],
 		Resource:  sections[sectionResource],
 	}, nil
 }
 // IsARN returns whether the given string is an arn
 // by looking for whether the string starts with arn:
 func IsARN(arn string) bool {
 	return strings.HasPrefix(arn, arnPrefix) && strings.Count(arn, ":") >= arnSections-1
 }
 // String returns the canonical representation of the ARN
 func (arn ARN) String() string {
 	return arnPrefix +
 		arn.Partition + arnDelimiter +
 		arn.Service + arnDelimiter +
 		arn.Region + arnDelimiter +
 		arn.AccountID + arnDelimiter +
 		arn.Resource
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go
@@ -0,0 +1,208 @@
 package aws
 import (
 	"net/http"
 	smithybearer "github.com/aws/smithy-go/auth/bearer"
 	"github.com/aws/smithy-go/logging"
 	"github.com/aws/smithy-go/middleware"
 )
 // HTTPClient provides the interface to provide custom HTTPClients. Generally
 // *http.Client is sufficient for most use cases. The HTTPClient should not
 // follow 301 or 302 redirects.
 type HTTPClient interface {
 	Do(*http.Request) (*http.Response, error)
 }
 // A Config provides service configuration for service clients.
 type Config struct {
 	// The region to send requests to. This parameter is required and must
 	// be configured globally or on a per-client basis unless otherwise
 	// noted. A full list of regions is found in the "Regions and Endpoints"
 	// document.
 	//
 	// See http://docs.aws.amazon.com/general/latest/gr/rande.html for
 	// information on AWS regions.
 	Region string
 	// The credentials object to use when signing requests.
 	// Use the LoadDefaultConfig to load configuration from all the SDK's supported
 	// sources, and resolve credentials using the SDK's default credential chain.
 	Credentials CredentialsProvider
 	// The Bearer Authentication token provider to use for authenticating API
 	// operation calls with a Bearer Authentication token. The API clients and
 	// operation must support Bearer Authentication scheme in order for the
 	// token provider to be used. API clients created with NewFromConfig will
 	// automatically be configured with this option, if the API client support
 	// Bearer Authentication.
 	//
 	// The SDK's config.LoadDefaultConfig can automatically populate this
 	// option for external configuration options such as SSO session.
 	// https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
 	BearerAuthTokenProvider smithybearer.TokenProvider
 	// The HTTP Client the SDK's API clients will use to invoke HTTP requests.
 	// The SDK defaults to a BuildableClient allowing API clients to create
 	// copies of the HTTP Client for service specific customizations.
 	//
 	// Use a (*http.Client) for custom behavior. Using a custom http.Client
 	// will prevent the SDK from modifying the HTTP client.
 	HTTPClient HTTPClient
 	// An endpoint resolver that can be used to provide or override an endpoint
 	// for the given service and region.
 	//
 	// See the `aws.EndpointResolver` documentation for additional usage
 	// information.
 	//
 	// Deprecated: See Config.EndpointResolverWithOptions
 	EndpointResolver EndpointResolver
 	// An endpoint resolver that can be used to provide or override an endpoint
 	// for the given service and region.
 	//
 	// When EndpointResolverWithOptions is specified, it will be used by a
 	// service client rather than using EndpointResolver if also specified.
 	//
 	// See the `aws.EndpointResolverWithOptions` documentation for additional
 	// usage information.
 	//
 	// Deprecated: with the release of endpoint resolution v2 in API clients,
 	// EndpointResolver and EndpointResolverWithOptions are deprecated.
 	// Providing a value for this field will likely prevent you from using
 	// newer endpoint-related service features. See API client options
 	// EndpointResolverV2 and BaseEndpoint.
 	EndpointResolverWithOptions EndpointResolverWithOptions
 	// RetryMaxAttempts specifies the maximum number attempts an API client
 	// will call an operation that fails with a retryable error.
 	//
 	// API Clients will only use this value to construct a retryer if the
 	// Config.Retryer member is not nil. This value will be ignored if
 	// Retryer is not nil.
 	RetryMaxAttempts int
 	// RetryMode specifies the retry model the API client will be created with.
 	//
 	// API Clients will only use this value to construct a retryer if the
 	// Config.Retryer member is not nil. This value will be ignored if
 	// Retryer is not nil.
 	RetryMode RetryMode
 	// Retryer is a function that provides a Retryer implementation. A Retryer
 	// guides how HTTP requests should be retried in case of recoverable
 	// failures. When nil the API client will use a default retryer.
 	//
 	// In general, the provider function should return a new instance of a
 	// Retryer if you are attempting to provide a consistent Retryer
 	// configuration across all clients. This will ensure that each client will
 	// be provided a new instance of the Retryer implementation, and will avoid
 	// issues such as sharing the same retry token bucket across services.
 	//
 	// If not nil, RetryMaxAttempts, and RetryMode will be ignored by API
 	// clients.
 	Retryer func() Retryer
 	// ConfigSources are the sources that were used to construct the Config.
 	// Allows for additional configuration to be loaded by clients.
 	ConfigSources []interface{}
 	// APIOptions provides the set of middleware mutations modify how the API
 	// client requests will be handled. This is useful for adding additional
 	// tracing data to a request, or changing behavior of the SDK's client.
 	APIOptions []func(*middleware.Stack) error
 	// The logger writer interface to write logging messages to. Defaults to
 	// standard error.
 	Logger logging.Logger
 	// Configures the events that will be sent to the configured logger. This
 	// can be used to configure the logging of signing, retries, request, and
 	// responses of the SDK clients.
 	//
 	// See the ClientLogMode type documentation for the complete set of logging
 	// modes and available configuration.
 	ClientLogMode ClientLogMode
 	// The configured DefaultsMode. If not specified, service clients will
 	// default to legacy.
 	//
 	// Supported modes are: auto, cross-region, in-region, legacy, mobile,
 	// standard
 	DefaultsMode DefaultsMode
 	// The RuntimeEnvironment configuration, only populated if the DefaultsMode
 	// is set to DefaultsModeAuto and is initialized by
 	// `config.LoadDefaultConfig`. You should not populate this structure
 	// programmatically, or rely on the values here within your applications.
 	RuntimeEnvironment RuntimeEnvironment
 	// AppId is an optional application specific identifier that can be set.
 	// When set it will be appended to the User-Agent header of every request
 	// in the form of App/{AppId}. This variable is sourced from environment
 	// variable AWS_SDK_UA_APP_ID or the shared config profile attribute sdk_ua_app_id.
 	// See https://docs.aws.amazon.com/sdkref/latest/guide/settings-reference.html for
 	// more information on environment variables and shared config settings.
 	AppID string
 	// BaseEndpoint is an intermediary transfer location to a service specific
 	// BaseEndpoint on a service's Options.
 	BaseEndpoint *string
 	// DisableRequestCompression toggles if an operation request could be
 	// compressed or not. Will be set to false by default. This variable is sourced from
 	// environment variable AWS_DISABLE_REQUEST_COMPRESSION or the shared config profile attribute
 	// disable_request_compression
 	DisableRequestCompression bool
 	// RequestMinCompressSizeBytes sets the inclusive min bytes of a request body that could be
 	// compressed. Will be set to 10240 by default and must be within 0 and 10485760 bytes inclusively.
 	// This variable is sourced from environment variable AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES or
 	// the shared config profile attribute request_min_compression_size_bytes
 	RequestMinCompressSizeBytes int64
 }
 // NewConfig returns a new Config pointer that can be chained with builder
 // methods to set multiple configuration values inline without using pointers.
 func NewConfig() *Config {
 	return &Config{}
 }
 // Copy will return a shallow copy of the Config object.
 func (c Config) Copy() Config {
 	cp := c
 	return cp
 }
 // EndpointDiscoveryEnableState indicates if endpoint discovery is
 // enabled, disabled, auto or unset state.
 //
 // Default behavior (Auto or Unset) indicates operations that require endpoint
 // discovery will use Endpoint Discovery by default. Operations that
 // optionally use Endpoint Discovery will not use Endpoint Discovery
 // unless EndpointDiscovery is explicitly enabled.
 type EndpointDiscoveryEnableState uint
 // Enumeration values for EndpointDiscoveryEnableState
 const (
 	// EndpointDiscoveryUnset represents EndpointDiscoveryEnableState is unset.
 	// Users do not need to use this value explicitly. The behavior for unset
 	// is the same as for EndpointDiscoveryAuto.
 	EndpointDiscoveryUnset EndpointDiscoveryEnableState = iota
 	// EndpointDiscoveryAuto represents an AUTO state that allows endpoint
 	// discovery only when required by the api. This is the default
 	// configuration resolved by the client if endpoint discovery is neither
 	// enabled or disabled.
 	EndpointDiscoveryAuto // default state
 	// EndpointDiscoveryDisabled indicates client MUST not perform endpoint
 	// discovery even when required.
 	EndpointDiscoveryDisabled
 	// EndpointDiscoveryEnabled indicates client MUST always perform endpoint
 	// discovery if supported for the operation.
 	EndpointDiscoveryEnabled
 )
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/context.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/context.go
@@ -0,0 +1,22 @@
 package aws
 import (
 	"context"
 	"time"
 )
 type suppressedContext struct {
 	context.Context
 }
 func (s *suppressedContext) Deadline() (deadline time.Time, ok bool) {
 	return time.Time{}, false
 }
 func (s *suppressedContext) Done() <-chan struct{} {
 	return nil
 }
 func (s *suppressedContext) Err() error {
 	return nil
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/credential_cache.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/credential_cache.go
@@ -0,0 +1,224 @@
 package aws
 import (
 	"context"
 	"fmt"
 	"sync/atomic"
 	"time"
 	sdkrand "github.com/aws/aws-sdk-go-v2/internal/rand"
 	"github.com/aws/aws-sdk-go-v2/internal/sync/singleflight"
 )
 // CredentialsCacheOptions are the options
 type CredentialsCacheOptions struct {
 	// ExpiryWindow will allow the credentials to trigger refreshing prior to
 	// the credentials actually expiring. This is beneficial so race conditions
 	// with expiring credentials do not cause request to fail unexpectedly
 	// due to ExpiredTokenException exceptions.
 	//
 	// An ExpiryWindow of 10s would cause calls to IsExpired() to return true
 	// 10 seconds before the credentials are actually expired. This can cause an
 	// increased number of requests to refresh the credentials to occur.
 	//
 	// If ExpiryWindow is 0 or less it will be ignored.
 	ExpiryWindow time.Duration
 	// ExpiryWindowJitterFrac provides a mechanism for randomizing the
 	// expiration of credentials within the configured ExpiryWindow by a random
 	// percentage. Valid values are between 0.0 and 1.0.
 	//
 	// As an example if ExpiryWindow is 60 seconds and ExpiryWindowJitterFrac
 	// is 0.5 then credentials will be set to expire between 30 to 60 seconds
 	// prior to their actual expiration time.
 	//
 	// If ExpiryWindow is 0 or less then ExpiryWindowJitterFrac is ignored.
 	// If ExpiryWindowJitterFrac is 0 then no randomization will be applied to the window.
 	// If ExpiryWindowJitterFrac < 0 the value will be treated as 0.
 	// If ExpiryWindowJitterFrac > 1 the value will be treated as 1.
 	ExpiryWindowJitterFrac float64
 }
 // CredentialsCache provides caching and concurrency safe credentials retrieval
 // via the provider's retrieve method.
 //
 // CredentialsCache will look for optional interfaces on the Provider to adjust
 // how the credential cache handles credentials caching.
 //
 //   - HandleFailRefreshCredentialsCacheStrategy - Allows provider to handle
 //     credential refresh failures. This could return an updated Credentials
 //     value, or attempt another means of retrieving credentials.
 //
 //   - AdjustExpiresByCredentialsCacheStrategy - Allows provider to adjust how
 //     credentials Expires is modified. This could modify how the Credentials
 //     Expires is adjusted based on the CredentialsCache ExpiryWindow option.
 //     Such as providing a floor not to reduce the Expires below.
 type CredentialsCache struct {
 	provider CredentialsProvider
 	options CredentialsCacheOptions
 	creds   atomic.Value
 	sf      singleflight.Group
 }
 // NewCredentialsCache returns a CredentialsCache that wraps provider. Provider
 // is expected to not be nil. A variadic list of one or more functions can be
 // provided to modify the CredentialsCache configuration. This allows for
 // configuration of credential expiry window and jitter.
 func NewCredentialsCache(provider CredentialsProvider, optFns ...func(options *CredentialsCacheOptions)) *CredentialsCache {
 	options := CredentialsCacheOptions{}
 	for _, fn := range optFns {
 		fn(&options)
 	}
 	if options.ExpiryWindow < 0 {
 		options.ExpiryWindow = 0
 	}
 	if options.ExpiryWindowJitterFrac < 0 {
 		options.ExpiryWindowJitterFrac = 0
 	} else if options.ExpiryWindowJitterFrac > 1 {
 		options.ExpiryWindowJitterFrac = 1
 	}
 	return &CredentialsCache{
 		provider: provider,
 		options:  options,
 	}
 }
 // Retrieve returns the credentials. If the credentials have already been
 // retrieved, and not expired the cached credentials will be returned. If the
 // credentials have not been retrieved yet, or expired the provider's Retrieve
 // method will be called.
 //
 // Returns and error if the provider's retrieve method returns an error.
 func (p *CredentialsCache) Retrieve(ctx context.Context) (Credentials, error) {
 	if creds, ok := p.getCreds(); ok && !creds.Expired() {
 		return creds, nil
 	}
 	resCh := p.sf.DoChan("", func() (interface{}, error) {
 		return p.singleRetrieve(&suppressedContext{ctx})
 	})
 	select {
 	case res := <-resCh:
 		return res.Val.(Credentials), res.Err
 	case <-ctx.Done():
 		return Credentials{}, &RequestCanceledError{Err: ctx.Err()}
 	}
 }
 func (p *CredentialsCache) singleRetrieve(ctx context.Context) (interface{}, error) {
 	currCreds, ok := p.getCreds()
 	if ok && !currCreds.Expired() {
 		return currCreds, nil
 	}
 	newCreds, err := p.provider.Retrieve(ctx)
 	if err != nil {
 		handleFailToRefresh := defaultHandleFailToRefresh
 		if cs, ok := p.provider.(HandleFailRefreshCredentialsCacheStrategy); ok {
 			handleFailToRefresh = cs.HandleFailToRefresh
 		}
 		newCreds, err = handleFailToRefresh(ctx, currCreds, err)
 		if err != nil {
 			return Credentials{}, fmt.Errorf("failed to refresh cached credentials, %w", err)
 		}
 	}
 	if newCreds.CanExpire && p.options.ExpiryWindow > 0 {
 		adjustExpiresBy := defaultAdjustExpiresBy
 		if cs, ok := p.provider.(AdjustExpiresByCredentialsCacheStrategy); ok {
 			adjustExpiresBy = cs.AdjustExpiresBy
 		}
 		randFloat64, err := sdkrand.CryptoRandFloat64()
 		if err != nil {
 			return Credentials{}, fmt.Errorf("failed to get random provider, %w", err)
 		}
 		var jitter time.Duration
 		if p.options.ExpiryWindowJitterFrac > 0 {
 			jitter = time.Duration(randFloat64 *
 				p.options.ExpiryWindowJitterFrac * float64(p.options.ExpiryWindow))
 		}
 		newCreds, err = adjustExpiresBy(newCreds, -(p.options.ExpiryWindow - jitter))
 		if err != nil {
 			return Credentials{}, fmt.Errorf("failed to adjust credentials expires, %w", err)
 		}
 	}
 	p.creds.Store(&newCreds)
 	return newCreds, nil
 }
 // getCreds returns the currently stored credentials and true. Returning false
 // if no credentials were stored.
 func (p *CredentialsCache) getCreds() (Credentials, bool) {
 	v := p.creds.Load()
 	if v == nil {
 		return Credentials{}, false
 	}
 	c := v.(*Credentials)
 	if c == nil || !c.HasKeys() {
 		return Credentials{}, false
 	}
 	return *c, true
 }
 // Invalidate will invalidate the cached credentials. The next call to Retrieve
 // will cause the provider's Retrieve method to be called.
 func (p *CredentialsCache) Invalidate() {
 	p.creds.Store((*Credentials)(nil))
 }
 // IsCredentialsProvider returns whether credential provider wrapped by CredentialsCache
 // matches the target provider type.
 func (p *CredentialsCache) IsCredentialsProvider(target CredentialsProvider) bool {
 	return IsCredentialsProvider(p.provider, target)
 }
 // HandleFailRefreshCredentialsCacheStrategy is an interface for
 // CredentialsCache to allow CredentialsProvider  how failed to refresh
 // credentials is handled.
 type HandleFailRefreshCredentialsCacheStrategy interface {
 	// Given the previously cached Credentials, if any, and refresh error, may
 	// returns new or modified set of Credentials, or error.
 	//
 	// Credential caches may use default implementation if nil.
 	HandleFailToRefresh(context.Context, Credentials, error) (Credentials, error)
 }
 // defaultHandleFailToRefresh returns the passed in error.
 func defaultHandleFailToRefresh(ctx context.Context, _ Credentials, err error) (Credentials, error) {
 	return Credentials{}, err
 }
 // AdjustExpiresByCredentialsCacheStrategy is an interface for CredentialCache
 // to allow CredentialsProvider to intercept adjustments to Credentials expiry
 // based on expectations and use cases of CredentialsProvider.
 //
 // Credential caches may use default implementation if nil.
 type AdjustExpiresByCredentialsCacheStrategy interface {
 	// Given a Credentials as input, applying any mutations and
 	// returning the potentially updated Credentials, or error.
 	AdjustExpiresBy(Credentials, time.Duration) (Credentials, error)
 }
 // defaultAdjustExpiresBy adds the duration to the passed in credentials Expires,
 // and returns the updated credentials value. If Credentials value's CanExpire
 // is false, the passed in credentials are returned unchanged.
 func defaultAdjustExpiresBy(creds Credentials, dur time.Duration) (Credentials, error) {
 	if !creds.CanExpire {
 		return creds, nil
 	}
 	creds.Expires = creds.Expires.Add(dur)
 	return creds, nil
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go
@@ -0,0 +1,170 @@
 package aws
 import (
 	"context"
 	"fmt"
 	"reflect"
 	"time"
 	"github.com/aws/aws-sdk-go-v2/internal/sdk"
 )
 // AnonymousCredentials provides a sentinel CredentialsProvider that should be
 // used to instruct the SDK's signing middleware to not sign the request.
 //
 // Using `nil` credentials when configuring an API client will achieve the same
 // result. The AnonymousCredentials type allows you to configure the SDK's
 // external config loading to not attempt to source credentials from the shared
 // config or environment.
 //
 // For example you can use this CredentialsProvider with an API client's
 // Options to instruct the client not to sign a request for accessing public
 // S3 bucket objects.
 //
 // The following example demonstrates using the AnonymousCredentials to prevent
 // SDK's external config loading attempt to resolve credentials.
 //
 //	cfg, err := config.LoadDefaultConfig(context.TODO(),
 //	     config.WithCredentialsProvider(aws.AnonymousCredentials{}),
 //	)
 //	if err != nil {
 //	     log.Fatalf("failed to load config, %v", err)
 //	}
 //
 //	client := s3.NewFromConfig(cfg)
 //
 // Alternatively you can leave the API client Option's `Credential` member to
 // nil. If using the `NewFromConfig` constructor you'll need to explicitly set
 // the `Credentials` member to nil, if the external config resolved a
 // credential provider.
 //
 //	client := s3.New(s3.Options{
 //	     // Credentials defaults to a nil value.
 //	})
 //
 // This can also be configured for specific operations calls too.
 //
 //	cfg, err := config.LoadDefaultConfig(context.TODO())
 //	if err != nil {
 //	     log.Fatalf("failed to load config, %v", err)
 //	}
 //
 //	client := s3.NewFromConfig(config)
 //
 //	result, err := client.GetObject(context.TODO(), s3.GetObject{
 //	     Bucket: aws.String("example-bucket"),
 //	     Key: aws.String("example-key"),
 //	}, func(o *s3.Options) {
 //	     o.Credentials = nil
 //	     // Or
 //	     o.Credentials = aws.AnonymousCredentials{}
 //	})
 type AnonymousCredentials struct{}
 // Retrieve implements the CredentialsProvider interface, but will always
 // return error, and cannot be used to sign a request. The AnonymousCredentials
 // type is used as a sentinel type instructing the AWS request signing
 // middleware to not sign a request.
 func (AnonymousCredentials) Retrieve(context.Context) (Credentials, error) {
 	return Credentials{Source: "AnonymousCredentials"},
 		fmt.Errorf("the AnonymousCredentials is not a valid credential provider, and cannot be used to sign AWS requests with")
 }
 // A Credentials is the AWS credentials value for individual credential fields.
 type Credentials struct {
 	// AWS Access key ID
 	AccessKeyID string
 	// AWS Secret Access Key
 	SecretAccessKey string
 	// AWS Session Token
 	SessionToken string
 	// Source of the credentials
 	Source string
 	// States if the credentials can expire or not.
 	CanExpire bool
 	// The time the credentials will expire at. Should be ignored if CanExpire
 	// is false.
 	Expires time.Time
 }
 // Expired returns if the credentials have expired.
 func (v Credentials) Expired() bool {
 	if v.CanExpire {
 		// Calling Round(0) on the current time will truncate the monotonic
 		// reading only. Ensures credential expiry time is always based on
 		// reported wall-clock time.
 		return !v.Expires.After(sdk.NowTime().Round(0))
 	}
 	return false
 }
 // HasKeys returns if the credentials keys are set.
 func (v Credentials) HasKeys() bool {
 	return len(v.AccessKeyID) > 0 && len(v.SecretAccessKey) > 0
 }
 // A CredentialsProvider is the interface for any component which will provide
 // credentials Credentials. A CredentialsProvider is required to manage its own
 // Expired state, and what to be expired means.
 //
 // A credentials provider implementation can be wrapped with a CredentialCache
 // to cache the credential value retrieved. Without the cache the SDK will
 // attempt to retrieve the credentials for every request.
 type CredentialsProvider interface {
 	// Retrieve returns nil if it successfully retrieved the value.
 	// Error is returned if the value were not obtainable, or empty.
 	Retrieve(ctx context.Context) (Credentials, error)
 }
 // CredentialsProviderFunc provides a helper wrapping a function value to
 // satisfy the CredentialsProvider interface.
 type CredentialsProviderFunc func(context.Context) (Credentials, error)
 // Retrieve delegates to the function value the CredentialsProviderFunc wraps.
 func (fn CredentialsProviderFunc) Retrieve(ctx context.Context) (Credentials, error) {
 	return fn(ctx)
 }
 type isCredentialsProvider interface {
 	IsCredentialsProvider(CredentialsProvider) bool
 }
 // IsCredentialsProvider returns whether the target CredentialProvider is the same type as provider when comparing the
 // implementation type.
 //
 // If provider has a method IsCredentialsProvider(CredentialsProvider) bool it will be responsible for validating
 // whether target matches the credential provider type.
 //
 // When comparing the CredentialProvider implementations provider and target for equality, the following rules are used:
 //
 //	If provider is of type T and target is of type V, true if type *T is the same as type *V, otherwise false
 //	If provider is of type *T and target is of type V, true if type *T is the same as type *V, otherwise false
 //	If provider is of type T and target is of type *V, true if type *T is the same as type *V, otherwise false
 //	If provider is of type *T and target is of type *V,true if type *T is the same as type *V, otherwise false
 func IsCredentialsProvider(provider, target CredentialsProvider) bool {
 	if target == nil || provider == nil {
 		return provider == target
 	}
 	if x, ok := provider.(isCredentialsProvider); ok {
 		return x.IsCredentialsProvider(target)
 	}
 	targetType := reflect.TypeOf(target)
 	if targetType.Kind() != reflect.Ptr {
 		targetType = reflect.PtrTo(targetType)
 	}
 	providerType := reflect.TypeOf(provider)
 	if providerType.Kind() != reflect.Ptr {
 		providerType = reflect.PtrTo(providerType)
 	}
 	return targetType.AssignableTo(providerType)
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/auto.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/auto.go
@@ -0,0 +1,38 @@
 package defaults
 import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"runtime"
 	"strings"
 )
 var getGOOS = func() string {
 	return runtime.GOOS
 }
 // ResolveDefaultsModeAuto is used to determine the effective aws.DefaultsMode when the mode
 // is set to aws.DefaultsModeAuto.
 func ResolveDefaultsModeAuto(region string, environment aws.RuntimeEnvironment) aws.DefaultsMode {
 	goos := getGOOS()
 	if goos == "android" || goos == "ios" {
 		return aws.DefaultsModeMobile
 	}
 	var currentRegion string
 	if len(environment.EnvironmentIdentifier) > 0 {
 		currentRegion = environment.Region
 	}
 	if len(currentRegion) == 0 && len(environment.EC2InstanceMetadataRegion) > 0 {
 		currentRegion = environment.EC2InstanceMetadataRegion
 	}
 	if len(region) > 0 && len(currentRegion) > 0 {
 		if strings.EqualFold(region, currentRegion) {
 			return aws.DefaultsModeInRegion
 		}
 		return aws.DefaultsModeCrossRegion
 	}
 	return aws.DefaultsModeStandard
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/configuration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/configuration.go
@@ -0,0 +1,43 @@
 package defaults
 import (
 	"time"
 	"github.com/aws/aws-sdk-go-v2/aws"
 )
 // Configuration is the set of SDK configuration options that are determined based
 // on the configured DefaultsMode.
 type Configuration struct {
 	// RetryMode is the configuration's default retry mode API clients should
 	// use for constructing a Retryer.
 	RetryMode aws.RetryMode
 	// ConnectTimeout is the maximum amount of time a dial will wait for
 	// a connect to complete.
 	//
 	// See https://pkg.go.dev/net#Dialer.Timeout
 	ConnectTimeout *time.Duration
 	// TLSNegotiationTimeout specifies the maximum amount of time waiting to
 	// wait for a TLS handshake.
 	//
 	// See https://pkg.go.dev/net/http#Transport.TLSHandshakeTimeout
 	TLSNegotiationTimeout *time.Duration
 }
 // GetConnectTimeout returns the ConnectTimeout value, returns false if the value is not set.
 func (c *Configuration) GetConnectTimeout() (time.Duration, bool) {
 	if c.ConnectTimeout == nil {
 		return 0, false
 	}
 	return *c.ConnectTimeout, true
 }
 // GetTLSNegotiationTimeout returns the TLSNegotiationTimeout value, returns false if the value is not set.
 func (c *Configuration) GetTLSNegotiationTimeout() (time.Duration, bool) {
 	if c.TLSNegotiationTimeout == nil {
 		return 0, false
 	}
 	return *c.TLSNegotiationTimeout, true
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/defaults.go
@@ -0,0 +1,50 @@
 // Code generated by github.com/aws/aws-sdk-go-v2/internal/codegen/cmd/defaultsconfig. DO NOT EDIT.
 package defaults
 import (
 	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"time"
 )
 // GetModeConfiguration returns the default Configuration descriptor for the given mode.
 //
 // Supports the following modes: cross-region, in-region, mobile, standard
 func GetModeConfiguration(mode aws.DefaultsMode) (Configuration, error) {
 	var mv aws.DefaultsMode
 	mv.SetFromString(string(mode))
 	switch mv {
 	case aws.DefaultsModeCrossRegion:
 		settings := Configuration{
 			ConnectTimeout:        aws.Duration(3100 * time.Millisecond),
 			RetryMode:             aws.RetryMode("standard"),
 			TLSNegotiationTimeout: aws.Duration(3100 * time.Millisecond),
 		}
 		return settings, nil
 	case aws.DefaultsModeInRegion:
 		settings := Configuration{
 			ConnectTimeout:        aws.Duration(1100 * time.Millisecond),
 			RetryMode:             aws.RetryMode("standard"),
 			TLSNegotiationTimeout: aws.Duration(1100 * time.Millisecond),
 		}
 		return settings, nil
 	case aws.DefaultsModeMobile:
 		settings := Configuration{
 			ConnectTimeout:        aws.Duration(30000 * time.Millisecond),
 			RetryMode:             aws.RetryMode("standard"),
 			TLSNegotiationTimeout: aws.Duration(30000 * time.Millisecond),
 		}
 		return settings, nil
 	case aws.DefaultsModeStandard:
 		settings := Configuration{
 			ConnectTimeout:        aws.Duration(3100 * time.Millisecond),
 			RetryMode:             aws.RetryMode("standard"),
 			TLSNegotiationTimeout: aws.Duration(3100 * time.Millisecond),
 		}
 		return settings, nil
 	default:
 		return Configuration{}, fmt.Errorf("unsupported defaults mode: %v", mode)
 	}
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/doc.go
@@ -0,0 +1,2 @@
 // Package defaults provides recommended configuration values for AWS SDKs and CLIs.
 package defaults
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/defaultsmode.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/defaultsmode.go
@@ -0,0 +1,95 @@
 // Code generated by github.com/aws/aws-sdk-go-v2/internal/codegen/cmd/defaultsmode. DO NOT EDIT.
 package aws
 import (
 	"strings"
 )
 // DefaultsMode is the SDK defaults mode setting.
 type DefaultsMode string
 // The DefaultsMode constants.
 const (
 	// DefaultsModeAuto is an experimental mode that builds on the standard mode.
 	// The SDK will attempt to discover the execution environment to determine the
 	// appropriate settings automatically.
 	//
 	// Note that the auto detection is heuristics-based and does not guarantee 100%
 	// accuracy. STANDARD mode will be used if the execution environment cannot
 	// be determined. The auto detection might query EC2 Instance Metadata service
 	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html),
 	// which might introduce latency. Therefore we recommend choosing an explicit
 	// defaults_mode instead if startup latency is critical to your application
 	DefaultsModeAuto DefaultsMode = "auto"
 	// DefaultsModeCrossRegion builds on the standard mode and includes optimization
 	// tailored for applications which call AWS services in a different region
 	//
 	// Note that the default values vended from this mode might change as best practices
 	// may evolve. As a result, it is encouraged to perform tests when upgrading
 	// the SDK
 	DefaultsModeCrossRegion DefaultsMode = "cross-region"
 	// DefaultsModeInRegion builds on the standard mode and includes optimization
 	// tailored for applications which call AWS services from within the same AWS
 	// region
 	//
 	// Note that the default values vended from this mode might change as best practices
 	// may evolve. As a result, it is encouraged to perform tests when upgrading
 	// the SDK
 	DefaultsModeInRegion DefaultsMode = "in-region"
 	// DefaultsModeLegacy provides default settings that vary per SDK and were used
 	// prior to establishment of defaults_mode
 	DefaultsModeLegacy DefaultsMode = "legacy"
 	// DefaultsModeMobile builds on the standard mode and includes optimization
 	// tailored for mobile applications
 	//
 	// Note that the default values vended from this mode might change as best practices
 	// may evolve. As a result, it is encouraged to perform tests when upgrading
 	// the SDK
 	DefaultsModeMobile DefaultsMode = "mobile"
 	// DefaultsModeStandard provides the latest recommended default values that
 	// should be safe to run in most scenarios
 	//
 	// Note that the default values vended from this mode might change as best practices
 	// may evolve. As a result, it is encouraged to perform tests when upgrading
 	// the SDK
 	DefaultsModeStandard DefaultsMode = "standard"
 )
 // SetFromString sets the DefaultsMode value to one of the pre-defined constants that matches
 // the provided string when compared using EqualFold. If the value does not match a known
 // constant it will be set to as-is and the function will return false. As a special case, if the
 // provided value is a zero-length string, the mode will be set to LegacyDefaultsMode.
 func (d *DefaultsMode) SetFromString(v string) (ok bool) {
 	switch {
 	case strings.EqualFold(v, string(DefaultsModeAuto)):
 		*d = DefaultsModeAuto
 		ok = true
 	case strings.EqualFold(v, string(DefaultsModeCrossRegion)):
 		*d = DefaultsModeCrossRegion
 		ok = true
 	case strings.EqualFold(v, string(DefaultsModeInRegion)):
 		*d = DefaultsModeInRegion
 		ok = true
 	case strings.EqualFold(v, string(DefaultsModeLegacy)):
 		*d = DefaultsModeLegacy
 		ok = true
 	case strings.EqualFold(v, string(DefaultsModeMobile)):
 		*d = DefaultsModeMobile
 		ok = true
 	case strings.EqualFold(v, string(DefaultsModeStandard)):
 		*d = DefaultsModeStandard
 		ok = true
 	case len(v) == 0:
 		*d = DefaultsModeLegacy
 		ok = true
 	default:
 		*d = DefaultsMode(v)
 	}
 	return ok
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/doc.go
@@ -0,0 +1,62 @@
 // Package aws provides the core SDK's utilities and shared types. Use this package's
 // utilities to simplify setting and reading API operations parameters.
 //
 // # Value and Pointer Conversion Utilities
 //
 // This package includes a helper conversion utility for each scalar type the SDK's
 // API use. These utilities make getting a pointer of the scalar, and dereferencing
 // a pointer easier.
 //
 // Each conversion utility comes in two forms. Value to Pointer and Pointer to Value.
 // The Pointer to value will safely dereference the pointer and return its value.
 // If the pointer was nil, the scalar's zero value will be returned.
 //
 // The value to pointer functions will be named after the scalar type. So get a
 // *string from a string value use the "String" function. This makes it easy to
 // to get pointer of a literal string value, because getting the address of a
 // literal requires assigning the value to a variable first.
 //
 //	var strPtr *string
 //
 //	// Without the SDK's conversion functions
 //	str := "my string"
 //	strPtr = &str
 //
 //	// With the SDK's conversion functions
 //	strPtr = aws.String("my string")
 //
 //	// Convert *string to string value
 //	str = aws.ToString(strPtr)
 //
 // In addition to scalars the aws package also includes conversion utilities for
 // map and slice for commonly types used in API parameters. The map and slice
 // conversion functions use similar naming pattern as the scalar conversion
 // functions.
 //
 //	var strPtrs []*string
 //	var strs []string = []string{"Go", "Gophers", "Go"}
 //
 //	// Convert []string to []*string
 //	strPtrs = aws.StringSlice(strs)
 //
 //	// Convert []*string to []string
 //	strs = aws.ToStringSlice(strPtrs)
 //
 // # SDK Default HTTP Client
 //
 // The SDK will use the http.DefaultClient if a HTTP client is not provided to
 // the SDK's Session, or service client constructor. This means that if the
 // http.DefaultClient is modified by other components of your application the
 // modifications will be picked up by the SDK as well.
 //
 // In some cases this might be intended, but it is a better practice to create
 // a custom HTTP Client to share explicitly through your application. You can
 // configure the SDK to use the custom HTTP Client by setting the HTTPClient
 // value of the SDK's Config type when creating a Session or service client.
 package aws
 // generate.go uses a build tag of "ignore", go run doesn't need to specify
 // this because go run ignores all build flags when running a go file directly.
 //go:generate go run -tags codegen generate.go
 //go:generate go run -tags codegen logging_generate.go
 //go:generate gofmt -w -s .
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go
@@ -0,0 +1,229 @@
 package aws
 import (
 	"fmt"
 )
 // DualStackEndpointState is a constant to describe the dual-stack endpoint resolution behavior.
 type DualStackEndpointState uint
 const (
 	// DualStackEndpointStateUnset is the default value behavior for dual-stack endpoint resolution.
 	DualStackEndpointStateUnset DualStackEndpointState = iota
 	// DualStackEndpointStateEnabled enables dual-stack endpoint resolution for service endpoints.
 	DualStackEndpointStateEnabled
 	// DualStackEndpointStateDisabled disables dual-stack endpoint resolution for endpoints.
 	DualStackEndpointStateDisabled
 )
 // GetUseDualStackEndpoint takes a service's EndpointResolverOptions and returns the UseDualStackEndpoint value.
 // Returns boolean false if the provided options does not have a method to retrieve the DualStackEndpointState.
 func GetUseDualStackEndpoint(options ...interface{}) (value DualStackEndpointState, found bool) {
 	type iface interface {
 		GetUseDualStackEndpoint() DualStackEndpointState
 	}
 	for _, option := range options {
 		if i, ok := option.(iface); ok {
 			value = i.GetUseDualStackEndpoint()
 			found = true
 			break
 		}
 	}
 	return value, found
 }
 // FIPSEndpointState is a constant to describe the FIPS endpoint resolution behavior.
 type FIPSEndpointState uint
 const (
 	// FIPSEndpointStateUnset is the default value behavior for FIPS endpoint resolution.
 	FIPSEndpointStateUnset FIPSEndpointState = iota
 	// FIPSEndpointStateEnabled enables FIPS endpoint resolution for service endpoints.
 	FIPSEndpointStateEnabled
 	// FIPSEndpointStateDisabled disables FIPS endpoint resolution for endpoints.
 	FIPSEndpointStateDisabled
 )
 // GetUseFIPSEndpoint takes a service's EndpointResolverOptions and returns the UseDualStackEndpoint value.
 // Returns boolean false if the provided options does not have a method to retrieve the DualStackEndpointState.
 func GetUseFIPSEndpoint(options ...interface{}) (value FIPSEndpointState, found bool) {
 	type iface interface {
 		GetUseFIPSEndpoint() FIPSEndpointState
 	}
 	for _, option := range options {
 		if i, ok := option.(iface); ok {
 			value = i.GetUseFIPSEndpoint()
 			found = true
 			break
 		}
 	}
 	return value, found
 }
 // Endpoint represents the endpoint a service client should make API operation
 // calls to.
 //
 // The SDK will automatically resolve these endpoints per API client using an
 // internal endpoint resolvers. If you'd like to provide custom endpoint
 // resolving behavior you can implement the EndpointResolver interface.
 type Endpoint struct {
 	// The base URL endpoint the SDK API clients will use to make API calls to.
 	// The SDK will suffix URI path and query elements to this endpoint.
 	URL string
 	// Specifies if the endpoint's hostname can be modified by the SDK's API
 	// client.
 	//
 	// If the hostname is mutable the SDK API clients may modify any part of
 	// the hostname based on the requirements of the API, (e.g. adding, or
 	// removing content in the hostname). Such as, Amazon S3 API client
 	// prefixing "bucketname" to the hostname, or changing the
 	// hostname service name component from "s3." to "s3-accesspoint.dualstack."
 	// for the dualstack endpoint of an S3 Accesspoint resource.
 	//
 	// Care should be taken when providing a custom endpoint for an API. If the
 	// endpoint hostname is mutable, and the client cannot modify the endpoint
 	// correctly, the operation call will most likely fail, or have undefined
 	// behavior.
 	//
 	// If hostname is immutable, the SDK API clients will not modify the
 	// hostname of the URL. This may cause the API client not to function
 	// correctly if the API requires the operation specific hostname values
 	// to be used by the client.
 	//
 	// This flag does not modify the API client's behavior if this endpoint
 	// will be used instead of Endpoint Discovery, or if the endpoint will be
 	// used to perform Endpoint Discovery. That behavior is configured via the
 	// API Client's Options.
 	HostnameImmutable bool
 	// The AWS partition the endpoint belongs to.
 	PartitionID string
 	// The service name that should be used for signing the requests to the
 	// endpoint.
 	SigningName string
 	// The region that should be used for signing the request to the endpoint.
 	SigningRegion string
 	// The signing method that should be used for signing the requests to the
 	// endpoint.
 	SigningMethod string
 	// The source of the Endpoint. By default, this will be EndpointSourceServiceMetadata.
 	// When providing a custom endpoint, you should set the source as EndpointSourceCustom.
 	// If source is not provided when providing a custom endpoint, the SDK may not
 	// perform required host mutations correctly. Source should be used along with
 	// HostnameImmutable property as per the usage requirement.
 	Source EndpointSource
 }
 // EndpointSource is the endpoint source type.
 type EndpointSource int
 const (
 	// EndpointSourceServiceMetadata denotes service modeled endpoint metadata is used as Endpoint Source.
 	EndpointSourceServiceMetadata EndpointSource = iota
 	// EndpointSourceCustom denotes endpoint is a custom endpoint. This source should be used when
 	// user provides a custom endpoint to be used by the SDK.
 	EndpointSourceCustom
 )
 // EndpointNotFoundError is a sentinel error to indicate that the
 // EndpointResolver implementation was unable to resolve an endpoint for the
 // given service and region. Resolvers should use this to indicate that an API
 // client should fallback and attempt to use it's internal default resolver to
 // resolve the endpoint.
 type EndpointNotFoundError struct {
 	Err error
 }
 // Error is the error message.
 func (e *EndpointNotFoundError) Error() string {
 	return fmt.Sprintf("endpoint not found, %v", e.Err)
 }
 // Unwrap returns the underlying error.
 func (e *EndpointNotFoundError) Unwrap() error {
 	return e.Err
 }
 // EndpointResolver is an endpoint resolver that can be used to provide or
 // override an endpoint for the given service and region. API clients will
 // attempt to use the EndpointResolver first to resolve an endpoint if
 // available. If the EndpointResolver returns an EndpointNotFoundError error,
 // API clients will fallback to attempting to resolve the endpoint using its
 // internal default endpoint resolver.
 //
 // Deprecated: See EndpointResolverWithOptions
 type EndpointResolver interface {
 	ResolveEndpoint(service, region string) (Endpoint, error)
 }
 // EndpointResolverFunc wraps a function to satisfy the EndpointResolver interface.
 //
 // Deprecated: See EndpointResolverWithOptionsFunc
 type EndpointResolverFunc func(service, region string) (Endpoint, error)
 // ResolveEndpoint calls the wrapped function and returns the results.
 //
 // Deprecated: See EndpointResolverWithOptions.ResolveEndpoint
 func (e EndpointResolverFunc) ResolveEndpoint(service, region string) (Endpoint, error) {
 	return e(service, region)
 }
 // EndpointResolverWithOptions is an endpoint resolver that can be used to provide or
 // override an endpoint for the given service, region, and the service client's EndpointOptions. API clients will
 // attempt to use the EndpointResolverWithOptions first to resolve an endpoint if
 // available. If the EndpointResolverWithOptions returns an EndpointNotFoundError error,
 // API clients will fallback to attempting to resolve the endpoint using its
 // internal default endpoint resolver.
 type EndpointResolverWithOptions interface {
 	ResolveEndpoint(service, region string, options ...interface{}) (Endpoint, error)
 }
 // EndpointResolverWithOptionsFunc wraps a function to satisfy the EndpointResolverWithOptions interface.
 type EndpointResolverWithOptionsFunc func(service, region string, options ...interface{}) (Endpoint, error)
 // ResolveEndpoint calls the wrapped function and returns the results.
 func (e EndpointResolverWithOptionsFunc) ResolveEndpoint(service, region string, options ...interface{}) (Endpoint, error) {
 	return e(service, region, options...)
 }
 // GetDisableHTTPS takes a service's EndpointResolverOptions and returns the DisableHTTPS value.
 // Returns boolean false if the provided options does not have a method to retrieve the DisableHTTPS.
 func GetDisableHTTPS(options ...interface{}) (value bool, found bool) {
 	type iface interface {
 		GetDisableHTTPS() bool
 	}
 	for _, option := range options {
 		if i, ok := option.(iface); ok {
 			value = i.GetDisableHTTPS()
 			found = true
 			break
 		}
 	}
 	return value, found
 }
 // GetResolvedRegion takes a service's EndpointResolverOptions and returns the ResolvedRegion value.
 // Returns boolean false if the provided options does not have a method to retrieve the ResolvedRegion.
 func GetResolvedRegion(options ...interface{}) (value string, found bool) {
 	type iface interface {
 		GetResolvedRegion() string
 	}
 	for _, option := range options {
 		if i, ok := option.(iface); ok {
 			value = i.GetResolvedRegion()
 			found = true
 			break
 		}
 	}
 	return value, found
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/errors.go
@@ -0,0 +1,9 @@
 package aws
 // MissingRegionError is an error that is returned if region configuration
 // value was not found.
 type MissingRegionError struct{}
 func (*MissingRegionError) Error() string {
 	return "an AWS region is required, but was not found"
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/from_ptr.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/from_ptr.go
@@ -0,0 +1,365 @@
 // Code generated by aws/generate.go DO NOT EDIT.
 package aws
 import (
 	"github.com/aws/smithy-go/ptr"
 	"time"
 )
 // ToBool returns bool value dereferenced if the passed
 // in pointer was not nil. Returns a bool zero value if the
 // pointer was nil.
 func ToBool(p *bool) (v bool) {
 	return ptr.ToBool(p)
 }
 // ToBoolSlice returns a slice of bool values, that are
 // dereferenced if the passed in pointer was not nil. Returns a bool
 // zero value if the pointer was nil.
 func ToBoolSlice(vs []*bool) []bool {
 	return ptr.ToBoolSlice(vs)
 }
 // ToBoolMap returns a map of bool values, that are
 // dereferenced if the passed in pointer was not nil. The bool
 // zero value is used if the pointer was nil.
 func ToBoolMap(vs map[string]*bool) map[string]bool {
 	return ptr.ToBoolMap(vs)
 }
 // ToByte returns byte value dereferenced if the passed
 // in pointer was not nil. Returns a byte zero value if the
 // pointer was nil.
 func ToByte(p *byte) (v byte) {
 	return ptr.ToByte(p)
 }
 // ToByteSlice returns a slice of byte values, that are
 // dereferenced if the passed in pointer was not nil. Returns a byte
 // zero value if the pointer was nil.
 func ToByteSlice(vs []*byte) []byte {
 	return ptr.ToByteSlice(vs)
 }
 // ToByteMap returns a map of byte values, that are
 // dereferenced if the passed in pointer was not nil. The byte
 // zero value is used if the pointer was nil.
 func ToByteMap(vs map[string]*byte) map[string]byte {
 	return ptr.ToByteMap(vs)
 }
 // ToString returns string value dereferenced if the passed
 // in pointer was not nil. Returns a string zero value if the
 // pointer was nil.
 func ToString(p *string) (v string) {
 	return ptr.ToString(p)
 }
 // ToStringSlice returns a slice of string values, that are
 // dereferenced if the passed in pointer was not nil. Returns a string
 // zero value if the pointer was nil.
 func ToStringSlice(vs []*string) []string {
 	return ptr.ToStringSlice(vs)
 }
 // ToStringMap returns a map of string values, that are
 // dereferenced if the passed in pointer was not nil. The string
 // zero value is used if the pointer was nil.
 func ToStringMap(vs map[string]*string) map[string]string {
 	return ptr.ToStringMap(vs)
 }
 // ToInt returns int value dereferenced if the passed
 // in pointer was not nil. Returns a int zero value if the
 // pointer was nil.
 func ToInt(p *int) (v int) {
 	return ptr.ToInt(p)
 }
 // ToIntSlice returns a slice of int values, that are
 // dereferenced if the passed in pointer was not nil. Returns a int
 // zero value if the pointer was nil.
 func ToIntSlice(vs []*int) []int {
 	return ptr.ToIntSlice(vs)
 }
 // ToIntMap returns a map of int values, that are
 // dereferenced if the passed in pointer was not nil. The int
 // zero value is used if the pointer was nil.
 func ToIntMap(vs map[string]*int) map[string]int {
 	return ptr.ToIntMap(vs)
 }
 // ToInt8 returns int8 value dereferenced if the passed
 // in pointer was not nil. Returns a int8 zero value if the
 // pointer was nil.
 func ToInt8(p *int8) (v int8) {
 	return ptr.ToInt8(p)
 }
 // ToInt8Slice returns a slice of int8 values, that are
 // dereferenced if the passed in pointer was not nil. Returns a int8
 // zero value if the pointer was nil.
 func ToInt8Slice(vs []*int8) []int8 {
 	return ptr.ToInt8Slice(vs)
 }
 // ToInt8Map returns a map of int8 values, that are
 // dereferenced if the passed in pointer was not nil. The int8
 // zero value is used if the pointer was nil.
 func ToInt8Map(vs map[string]*int8) map[string]int8 {
 	return ptr.ToInt8Map(vs)
 }
 // ToInt16 returns int16 value dereferenced if the passed
 // in pointer was not nil. Returns a int16 zero value if the
 // pointer was nil.
 func ToInt16(p *int16) (v int16) {
 	return ptr.ToInt16(p)
 }
 // ToInt16Slice returns a slice of int16 values, that are
 // dereferenced if the passed in pointer was not nil. Returns a int16
 // zero value if the pointer was nil.
 func ToInt16Slice(vs []*int16) []int16 {
 	return ptr.ToInt16Slice(vs)
 }
 // ToInt16Map returns a map of int16 values, that are
 // dereferenced if the passed in pointer was not nil. The int16
 // zero value is used if the pointer was nil.
 func ToInt16Map(vs map[string]*int16) map[string]int16 {
 	return ptr.ToInt16Map(vs)
 }
 // ToInt32 returns int32 value dereferenced if the passed
 // in pointer was not nil. Returns a int32 zero value if the
 // pointer was nil.
 func ToInt32(p *int32) (v int32) {
 	return ptr.ToInt32(p)
 }
 // ToInt32Slice returns a slice of int32 values, that are
 // dereferenced if the passed in pointer was not nil. Returns a int32
 // zero value if the pointer was nil.
 func ToInt32Slice(vs []*int32) []int32 {
 	return ptr.ToInt32Slice(vs)
 }
 // ToInt32Map returns a map of int32 values, that are
 // dereferenced if the passed in pointer was not nil. The int32
 // zero value is used if the pointer was nil.
 func ToInt32Map(vs map[string]*int32) map[string]int32 {
 	return ptr.ToInt32Map(vs)
 }
 // ToInt64 returns int64 value dereferenced if the passed
 // in pointer was not nil. Returns a int64 zero value if the
 // pointer was nil.
 func ToInt64(p *int64) (v int64) {
 	return ptr.ToInt64(p)
 }
 // ToInt64Slice returns a slice of int64 values, that are
 // dereferenced if the passed in pointer was not nil. Returns a int64
 // zero value if the pointer was nil.
 func ToInt64Slice(vs []*int64) []int64 {
 	return ptr.ToInt64Slice(vs)
 }
 // ToInt64Map returns a map of int64 values, that are
 // dereferenced if the passed in pointer was not nil. The int64
 // zero value is used if the pointer was nil.
 func ToInt64Map(vs map[string]*int64) map[string]int64 {
 	return ptr.ToInt64Map(vs)
 }
 // ToUint returns uint value dereferenced if the passed
 // in pointer was not nil. Returns a uint zero value if the
 // pointer was nil.
 func ToUint(p *uint) (v uint) {
 	return ptr.ToUint(p)
 }
 // ToUintSlice returns a slice of uint values, that are
 // dereferenced if the passed in pointer was not nil. Returns a uint
 // zero value if the pointer was nil.
 func ToUintSlice(vs []*uint) []uint {
 	return ptr.ToUintSlice(vs)
 }
 // ToUintMap returns a map of uint values, that are
 // dereferenced if the passed in pointer was not nil. The uint
 // zero value is used if the pointer was nil.
 func ToUintMap(vs map[string]*uint) map[string]uint {
 	return ptr.ToUintMap(vs)
 }
 // ToUint8 returns uint8 value dereferenced if the passed
 // in pointer was not nil. Returns a uint8 zero value if the
 // pointer was nil.
 func ToUint8(p *uint8) (v uint8) {
 	return ptr.ToUint8(p)
 }
 // ToUint8Slice returns a slice of uint8 values, that are
 // dereferenced if the passed in pointer was not nil. Returns a uint8
 // zero value if the pointer was nil.
 func ToUint8Slice(vs []*uint8) []uint8 {
 	return ptr.ToUint8Slice(vs)
 }
 // ToUint8Map returns a map of uint8 values, that are
 // dereferenced if the passed in pointer was not nil. The uint8
 // zero value is used if the pointer was nil.
 func ToUint8Map(vs map[string]*uint8) map[string]uint8 {
 	return ptr.ToUint8Map(vs)
 }
 // ToUint16 returns uint16 value dereferenced if the passed
 // in pointer was not nil. Returns a uint16 zero value if the
 // pointer was nil.
 func ToUint16(p *uint16) (v uint16) {
 	return ptr.ToUint16(p)
 }
 // ToUint16Slice returns a slice of uint16 values, that are
 // dereferenced if the passed in pointer was not nil. Returns a uint16
 // zero value if the pointer was nil.
 func ToUint16Slice(vs []*uint16) []uint16 {
 	return ptr.ToUint16Slice(vs)
 }
 // ToUint16Map returns a map of uint16 values, that are
 // dereferenced if the passed in pointer was not nil. The uint16
 // zero value is used if the pointer was nil.
 func ToUint16Map(vs map[string]*uint16) map[string]uint16 {
 	return ptr.ToUint16Map(vs)
 }
 // ToUint32 returns uint32 value dereferenced if the passed
 // in pointer was not nil. Returns a uint32 zero value if the
 // pointer was nil.
 func ToUint32(p *uint32) (v uint32) {
 	return ptr.ToUint32(p)
 }
 // ToUint32Slice returns a slice of uint32 values, that are
 // dereferenced if the passed in pointer was not nil. Returns a uint32
 // zero value if the pointer was nil.
 func ToUint32Slice(vs []*uint32) []uint32 {
 	return ptr.ToUint32Slice(vs)
 }
 // ToUint32Map returns a map of uint32 values, that are
 // dereferenced if the passed in pointer was not nil. The uint32
 // zero value is used if the pointer was nil.
 func ToUint32Map(vs map[string]*uint32) map[string]uint32 {
 	return ptr.ToUint32Map(vs)
 }
 // ToUint64 returns uint64 value dereferenced if the passed
 // in pointer was not nil. Returns a uint64 zero value if the
 // pointer was nil.
 func ToUint64(p *uint64) (v uint64) {
 	return ptr.ToUint64(p)
 }
 // ToUint64Slice returns a slice of uint64 values, that are
 // dereferenced if the passed in pointer was not nil. Returns a uint64
 // zero value if the pointer was nil.
 func ToUint64Slice(vs []*uint64) []uint64 {
 	return ptr.ToUint64Slice(vs)
 }
 // ToUint64Map returns a map of uint64 values, that are
 // dereferenced if the passed in pointer was not nil. The uint64
 // zero value is used if the pointer was nil.
 func ToUint64Map(vs map[string]*uint64) map[string]uint64 {
 	return ptr.ToUint64Map(vs)
 }
 // ToFloat32 returns float32 value dereferenced if the passed
 // in pointer was not nil. Returns a float32 zero value if the
 // pointer was nil.
 func ToFloat32(p *float32) (v float32) {
 	return ptr.ToFloat32(p)
 }
 // ToFloat32Slice returns a slice of float32 values, that are
 // dereferenced if the passed in pointer was not nil. Returns a float32
 // zero value if the pointer was nil.
 func ToFloat32Slice(vs []*float32) []float32 {
 	return ptr.ToFloat32Slice(vs)
 }
 // ToFloat32Map returns a map of float32 values, that are
 // dereferenced if the passed in pointer was not nil. The float32
 // zero value is used if the pointer was nil.
 func ToFloat32Map(vs map[string]*float32) map[string]float32 {
 	return ptr.ToFloat32Map(vs)
 }
 // ToFloat64 returns float64 value dereferenced if the passed
 // in pointer was not nil. Returns a float64 zero value if the
 // pointer was nil.
 func ToFloat64(p *float64) (v float64) {
 	return ptr.ToFloat64(p)
 }
 // ToFloat64Slice returns a slice of float64 values, that are
 // dereferenced if the passed in pointer was not nil. Returns a float64
 // zero value if the pointer was nil.
 func ToFloat64Slice(vs []*float64) []float64 {
 	return ptr.ToFloat64Slice(vs)
 }
 // ToFloat64Map returns a map of float64 values, that are
 // dereferenced if the passed in pointer was not nil. The float64
 // zero value is used if the pointer was nil.
 func ToFloat64Map(vs map[string]*float64) map[string]float64 {
 	return ptr.ToFloat64Map(vs)
 }
 // ToTime returns time.Time value dereferenced if the passed
 // in pointer was not nil. Returns a time.Time zero value if the
 // pointer was nil.
 func ToTime(p *time.Time) (v time.Time) {
 	return ptr.ToTime(p)
 }
 // ToTimeSlice returns a slice of time.Time values, that are
 // dereferenced if the passed in pointer was not nil. Returns a time.Time
 // zero value if the pointer was nil.
 func ToTimeSlice(vs []*time.Time) []time.Time {
 	return ptr.ToTimeSlice(vs)
 }
 // ToTimeMap returns a map of time.Time values, that are
 // dereferenced if the passed in pointer was not nil. The time.Time
 // zero value is used if the pointer was nil.
 func ToTimeMap(vs map[string]*time.Time) map[string]time.Time {
 	return ptr.ToTimeMap(vs)
 }
 // ToDuration returns time.Duration value dereferenced if the passed
 // in pointer was not nil. Returns a time.Duration zero value if the
 // pointer was nil.
 func ToDuration(p *time.Duration) (v time.Duration) {
 	return ptr.ToDuration(p)
 }
 // ToDurationSlice returns a slice of time.Duration values, that are
 // dereferenced if the passed in pointer was not nil. Returns a time.Duration
 // zero value if the pointer was nil.
 func ToDurationSlice(vs []*time.Duration) []time.Duration {
 	return ptr.ToDurationSlice(vs)
 }
 // ToDurationMap returns a map of time.Duration values, that are
 // dereferenced if the passed in pointer was not nil. The time.Duration
 // zero value is used if the pointer was nil.
 func ToDurationMap(vs map[string]*time.Duration) map[string]time.Duration {
 	return ptr.ToDurationMap(vs)
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
@@ -0,0 +1,6 @@
 // Code generated by internal/repotools/cmd/updatemodulemeta DO NOT EDIT.
 package aws
 // goModuleVersion is the tagged release for this module
 const goModuleVersion = "1.24.1"
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/logging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/logging.go
@@ -0,0 +1,119 @@
 // Code generated by aws/logging_generate.go DO NOT EDIT.
 package aws
 // ClientLogMode represents the logging mode of SDK clients. The client logging mode is a bit-field where
 // each bit is a flag that describes the logging behavior for one or more client components.
 // The entire 64-bit group is reserved for later expansion by the SDK.
 //
 // Example: Setting ClientLogMode to enable logging of retries and requests
 //
 //	clientLogMode := aws.LogRetries | aws.LogRequest
 //
 // Example: Adding an additional log mode to an existing ClientLogMode value
 //
 //	clientLogMode |= aws.LogResponse
 type ClientLogMode uint64
 // Supported ClientLogMode bits that can be configured to toggle logging of specific SDK events.
 const (
 	LogSigning ClientLogMode = 1 << (64 - 1 - iota)
 	LogRetries
 	LogRequest
 	LogRequestWithBody
 	LogResponse
 	LogResponseWithBody
 	LogDeprecatedUsage
 	LogRequestEventMessage
 	LogResponseEventMessage
 )
 // IsSigning returns whether the Signing logging mode bit is set
 func (m ClientLogMode) IsSigning() bool {
 	return m&LogSigning != 0
 }
 // IsRetries returns whether the Retries logging mode bit is set
 func (m ClientLogMode) IsRetries() bool {
 	return m&LogRetries != 0
 }
 // IsRequest returns whether the Request logging mode bit is set
 func (m ClientLogMode) IsRequest() bool {
 	return m&LogRequest != 0
 }
 // IsRequestWithBody returns whether the RequestWithBody logging mode bit is set
 func (m ClientLogMode) IsRequestWithBody() bool {
 	return m&LogRequestWithBody != 0
 }
 // IsResponse returns whether the Response logging mode bit is set
 func (m ClientLogMode) IsResponse() bool {
 	return m&LogResponse != 0
 }
 // IsResponseWithBody returns whether the ResponseWithBody logging mode bit is set
 func (m ClientLogMode) IsResponseWithBody() bool {
 	return m&LogResponseWithBody != 0
 }
 // IsDeprecatedUsage returns whether the DeprecatedUsage logging mode bit is set
 func (m ClientLogMode) IsDeprecatedUsage() bool {
 	return m&LogDeprecatedUsage != 0
 }
 // IsRequestEventMessage returns whether the RequestEventMessage logging mode bit is set
 func (m ClientLogMode) IsRequestEventMessage() bool {
 	return m&LogRequestEventMessage != 0
 }
 // IsResponseEventMessage returns whether the ResponseEventMessage logging mode bit is set
 func (m ClientLogMode) IsResponseEventMessage() bool {
 	return m&LogResponseEventMessage != 0
 }
 // ClearSigning clears the Signing logging mode bit
 func (m *ClientLogMode) ClearSigning() {
 	*m &^= LogSigning
 }
 // ClearRetries clears the Retries logging mode bit
 func (m *ClientLogMode) ClearRetries() {
 	*m &^= LogRetries
 }
 // ClearRequest clears the Request logging mode bit
 func (m *ClientLogMode) ClearRequest() {
 	*m &^= LogRequest
 }
 // ClearRequestWithBody clears the RequestWithBody logging mode bit
 func (m *ClientLogMode) ClearRequestWithBody() {
 	*m &^= LogRequestWithBody
 }
 // ClearResponse clears the Response logging mode bit
 func (m *ClientLogMode) ClearResponse() {
 	*m &^= LogResponse
 }
 // ClearResponseWithBody clears the ResponseWithBody logging mode bit
 func (m *ClientLogMode) ClearResponseWithBody() {
 	*m &^= LogResponseWithBody
 }
 // ClearDeprecatedUsage clears the DeprecatedUsage logging mode bit
 func (m *ClientLogMode) ClearDeprecatedUsage() {
 	*m &^= LogDeprecatedUsage
 }
 // ClearRequestEventMessage clears the RequestEventMessage logging mode bit
 func (m *ClientLogMode) ClearRequestEventMessage() {
 	*m &^= LogRequestEventMessage
 }
 // ClearResponseEventMessage clears the ResponseEventMessage logging mode bit
 func (m *ClientLogMode) ClearResponseEventMessage() {
 	*m &^= LogResponseEventMessage
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/logging_generate.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/logging_generate.go
@@ -0,0 +1,95 @@
 //go:build clientlogmode
 // +build clientlogmode
 package main
 import (
 	"fmt"
 	"log"
 	"os"
 	"strings"
 	"text/template"
 )
 var config = struct {
 	ModeBits []string
 }{
 	// Items should be appended only to keep bit-flag positions stable
 	ModeBits: []string{
 		"Signing",
 		"Retries",
 		"Request",
 		"RequestWithBody",
 		"Response",
 		"ResponseWithBody",
 		"DeprecatedUsage",
 		"RequestEventMessage",
 		"ResponseEventMessage",
 	},
 }
 func bitName(name string) string {
 	return strings.ToUpper(name[:1]) + name[1:]
 }
 var tmpl = template.Must(template.New("ClientLogMode").Funcs(map[string]interface{}{
 	"symbolName": func(name string) string {
 		return "Log" + bitName(name)
 	},
 	"bitName": bitName,
 }).Parse(`// Code generated by aws/logging_generate.go DO NOT EDIT.
 package aws
 // ClientLogMode represents the logging mode of SDK clients. The client logging mode is a bit-field where
 // each bit is a flag that describes the logging behavior for one or more client components.
 // The entire 64-bit group is reserved for later expansion by the SDK.
 //
 // Example: Setting ClientLogMode to enable logging of retries and requests
 //  clientLogMode := aws.LogRetries | aws.LogRequest
 //
 // Example: Adding an additional log mode to an existing ClientLogMode value
 //  clientLogMode |= aws.LogResponse
 type ClientLogMode uint64
 // Supported ClientLogMode bits that can be configured to toggle logging of specific SDK events.
 const (
 {{- range $index, $field := .ModeBits }}
 	{{ (symbolName $field) }}{{- if (eq 0 $index) }} ClientLogMode = 1 << (64 - 1 - iota){{- end }}
 {{- end }}
 )
 {{ range $_, $field := .ModeBits }}
 // Is{{- bitName $field }} returns whether the {{ bitName $field }} logging mode bit is set
 func (m ClientLogMode) Is{{- bitName $field }}() bool {
 	return m&{{- (symbolName $field) }} != 0
 }
 {{ end }}
 {{- range $_, $field := .ModeBits }}
 // Clear{{- bitName $field }} clears the {{ bitName $field }} logging mode bit
 func (m *ClientLogMode) Clear{{- bitName $field }}() {
 	*m &^= {{ (symbolName $field) }}
 }
 {{ end -}}
 `))
 func main() {
 	uniqueBitFields := make(map[string]struct{})
 	for _, bitName := range config.ModeBits {
 		if _, ok := uniqueBitFields[strings.ToLower(bitName)]; ok {
 			panic(fmt.Sprintf("duplicate bit field: %s", bitName))
 		}
 		uniqueBitFields[bitName] = struct{}{}
 	}
 	file, err := os.Create("logging.go")
 	if err != nil {
 		log.Fatal(err)
 	}
 	defer file.Close()
 	err = tmpl.Execute(file, config)
 	if err != nil {
 		log.Fatal(err)
 	}
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/metadata.go
@@ -0,0 +1,213 @@
 package middleware
 import (
 	"context"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/smithy-go/middleware"
 )
 // RegisterServiceMetadata registers metadata about the service and operation into the middleware context
 // so that it is available at runtime for other middleware to introspect.
 type RegisterServiceMetadata struct {
 	ServiceID     string
 	SigningName   string
 	Region        string
 	OperationName string
 }
 // ID returns the middleware identifier.
 func (s *RegisterServiceMetadata) ID() string {
 	return "RegisterServiceMetadata"
 }
 // HandleInitialize registers service metadata information into the middleware context, allowing for introspection.
 func (s RegisterServiceMetadata) HandleInitialize(
 	ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler,
 ) (out middleware.InitializeOutput, metadata middleware.Metadata, err error) {
 	if len(s.ServiceID) > 0 {
 		ctx = SetServiceID(ctx, s.ServiceID)
 	}
 	if len(s.SigningName) > 0 {
 		ctx = SetSigningName(ctx, s.SigningName)
 	}
 	if len(s.Region) > 0 {
 		ctx = setRegion(ctx, s.Region)
 	}
 	if len(s.OperationName) > 0 {
 		ctx = setOperationName(ctx, s.OperationName)
 	}
 	return next.HandleInitialize(ctx, in)
 }
 // service metadata keys for storing and lookup of runtime stack information.
 type (
 	serviceIDKey               struct{}
 	signingNameKey             struct{}
 	signingRegionKey           struct{}
 	regionKey                  struct{}
 	operationNameKey           struct{}
 	partitionIDKey             struct{}
 	requiresLegacyEndpointsKey struct{}
 )
 // GetServiceID retrieves the service id from the context.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 func GetServiceID(ctx context.Context) (v string) {
 	v, _ = middleware.GetStackValue(ctx, serviceIDKey{}).(string)
 	return v
 }
 // GetSigningName retrieves the service signing name from the context.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 //
 // Deprecated: This value is unstable. The resolved signing name is available
 // in the signer properties object passed to the signer.
 func GetSigningName(ctx context.Context) (v string) {
 	v, _ = middleware.GetStackValue(ctx, signingNameKey{}).(string)
 	return v
 }
 // GetSigningRegion retrieves the region from the context.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 //
 // Deprecated: This value is unstable. The resolved signing region is available
 // in the signer properties object passed to the signer.
 func GetSigningRegion(ctx context.Context) (v string) {
 	v, _ = middleware.GetStackValue(ctx, signingRegionKey{}).(string)
 	return v
 }
 // GetRegion retrieves the endpoint region from the context.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 func GetRegion(ctx context.Context) (v string) {
 	v, _ = middleware.GetStackValue(ctx, regionKey{}).(string)
 	return v
 }
 // GetOperationName retrieves the service operation metadata from the context.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 func GetOperationName(ctx context.Context) (v string) {
 	v, _ = middleware.GetStackValue(ctx, operationNameKey{}).(string)
 	return v
 }
 // GetPartitionID retrieves the endpoint partition id from the context.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 func GetPartitionID(ctx context.Context) string {
 	v, _ := middleware.GetStackValue(ctx, partitionIDKey{}).(string)
 	return v
 }
 // GetRequiresLegacyEndpoints the flag used to indicate if legacy endpoint
 // customizations need to be executed.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 func GetRequiresLegacyEndpoints(ctx context.Context) bool {
 	v, _ := middleware.GetStackValue(ctx, requiresLegacyEndpointsKey{}).(bool)
 	return v
 }
 // SetRequiresLegacyEndpoints set or modifies the flag indicated that
 // legacy endpoint customizations are needed.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 func SetRequiresLegacyEndpoints(ctx context.Context, value bool) context.Context {
 	return middleware.WithStackValue(ctx, requiresLegacyEndpointsKey{}, value)
 }
 // SetSigningName set or modifies the sigv4 or sigv4a signing name on the context.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 //
 // Deprecated: This value is unstable. Use WithSigV4SigningName client option
 // funcs instead.
 func SetSigningName(ctx context.Context, value string) context.Context {
 	return middleware.WithStackValue(ctx, signingNameKey{}, value)
 }
 // SetSigningRegion sets or modifies the region on the context.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 //
 // Deprecated: This value is unstable. Use WithSigV4SigningRegion client option
 // funcs instead.
 func SetSigningRegion(ctx context.Context, value string) context.Context {
 	return middleware.WithStackValue(ctx, signingRegionKey{}, value)
 }
 // SetServiceID sets the service id on the context.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 func SetServiceID(ctx context.Context, value string) context.Context {
 	return middleware.WithStackValue(ctx, serviceIDKey{}, value)
 }
 // setRegion sets the endpoint region on the context.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 func setRegion(ctx context.Context, value string) context.Context {
 	return middleware.WithStackValue(ctx, regionKey{}, value)
 }
 // setOperationName sets the service operation on the context.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 func setOperationName(ctx context.Context, value string) context.Context {
 	return middleware.WithStackValue(ctx, operationNameKey{}, value)
 }
 // SetPartitionID sets the partition id of a resolved region on the context
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 func SetPartitionID(ctx context.Context, value string) context.Context {
 	return middleware.WithStackValue(ctx, partitionIDKey{}, value)
 }
 // EndpointSource key
 type endpointSourceKey struct{}
 // GetEndpointSource returns an endpoint source if set on context
 func GetEndpointSource(ctx context.Context) (v aws.EndpointSource) {
 	v, _ = middleware.GetStackValue(ctx, endpointSourceKey{}).(aws.EndpointSource)
 	return v
 }
 // SetEndpointSource sets endpoint source on context
 func SetEndpointSource(ctx context.Context, value aws.EndpointSource) context.Context {
 	return middleware.WithStackValue(ctx, endpointSourceKey{}, value)
 }
 type signingCredentialsKey struct{}
 // GetSigningCredentials returns the credentials that were used for signing if set on context.
 func GetSigningCredentials(ctx context.Context) (v aws.Credentials) {
 	v, _ = middleware.GetStackValue(ctx, signingCredentialsKey{}).(aws.Credentials)
 	return v
 }
 // SetSigningCredentials sets the credentails used for signing on the context.
 func SetSigningCredentials(ctx context.Context, value aws.Credentials) context.Context {
 	return middleware.WithStackValue(ctx, signingCredentialsKey{}, value)
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/middleware.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/middleware.go
@@ -0,0 +1,168 @@
 package middleware
 import (
 	"context"
 	"fmt"
 	"time"
 	"github.com/aws/aws-sdk-go-v2/internal/rand"
 	"github.com/aws/aws-sdk-go-v2/internal/sdk"
 	"github.com/aws/smithy-go/logging"
 	"github.com/aws/smithy-go/middleware"
 	smithyrand "github.com/aws/smithy-go/rand"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 // ClientRequestID is a Smithy BuildMiddleware that will generate a unique ID for logical API operation
 // invocation.
 type ClientRequestID struct{}
 // ID the identifier for the ClientRequestID
 func (r *ClientRequestID) ID() string {
 	return "ClientRequestID"
 }
 // HandleBuild attaches a unique operation invocation id for the operation to the request
 func (r ClientRequestID) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
 	out middleware.BuildOutput, metadata middleware.Metadata, err error,
 ) {
 	req, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, fmt.Errorf("unknown transport type %T", req)
 	}
 	invocationID, err := smithyrand.NewUUID(rand.Reader).GetUUID()
 	if err != nil {
 		return out, metadata, err
 	}
 	const invocationIDHeader = "Amz-Sdk-Invocation-Id"
 	req.Header[invocationIDHeader] = append(req.Header[invocationIDHeader][:0], invocationID)
 	return next.HandleBuild(ctx, in)
 }
 // RecordResponseTiming records the response timing for the SDK client requests.
 type RecordResponseTiming struct{}
 // ID is the middleware identifier
 func (a *RecordResponseTiming) ID() string {
 	return "RecordResponseTiming"
 }
 // HandleDeserialize calculates response metadata and clock skew
 func (a RecordResponseTiming) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
 	out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
 ) {
 	out, metadata, err = next.HandleDeserialize(ctx, in)
 	responseAt := sdk.NowTime()
 	setResponseAt(&metadata, responseAt)
 	var serverTime time.Time
 	switch resp := out.RawResponse.(type) {
 	case *smithyhttp.Response:
 		respDateHeader := resp.Header.Get("Date")
 		if len(respDateHeader) == 0 {
 			break
 		}
 		var parseErr error
 		serverTime, parseErr = smithyhttp.ParseTime(respDateHeader)
 		if parseErr != nil {
 			logger := middleware.GetLogger(ctx)
 			logger.Logf(logging.Warn, "failed to parse response Date header value, got %v",
 				parseErr.Error())
 			break
 		}
 		setServerTime(&metadata, serverTime)
 	}
 	if !serverTime.IsZero() {
 		attemptSkew := serverTime.Sub(responseAt)
 		setAttemptSkew(&metadata, attemptSkew)
 	}
 	return out, metadata, err
 }
 type responseAtKey struct{}
 // GetResponseAt returns the time response was received at.
 func GetResponseAt(metadata middleware.Metadata) (v time.Time, ok bool) {
 	v, ok = metadata.Get(responseAtKey{}).(time.Time)
 	return v, ok
 }
 // setResponseAt sets the response time on the metadata.
 func setResponseAt(metadata *middleware.Metadata, v time.Time) {
 	metadata.Set(responseAtKey{}, v)
 }
 type serverTimeKey struct{}
 // GetServerTime returns the server time for response.
 func GetServerTime(metadata middleware.Metadata) (v time.Time, ok bool) {
 	v, ok = metadata.Get(serverTimeKey{}).(time.Time)
 	return v, ok
 }
 // setServerTime sets the server time on the metadata.
 func setServerTime(metadata *middleware.Metadata, v time.Time) {
 	metadata.Set(serverTimeKey{}, v)
 }
 type attemptSkewKey struct{}
 // GetAttemptSkew returns Attempt clock skew for response from metadata.
 func GetAttemptSkew(metadata middleware.Metadata) (v time.Duration, ok bool) {
 	v, ok = metadata.Get(attemptSkewKey{}).(time.Duration)
 	return v, ok
 }
 // setAttemptSkew sets the attempt clock skew on the metadata.
 func setAttemptSkew(metadata *middleware.Metadata, v time.Duration) {
 	metadata.Set(attemptSkewKey{}, v)
 }
 // AddClientRequestIDMiddleware adds ClientRequestID to the middleware stack
 func AddClientRequestIDMiddleware(stack *middleware.Stack) error {
 	return stack.Build.Add(&ClientRequestID{}, middleware.After)
 }
 // AddRecordResponseTiming adds RecordResponseTiming middleware to the
 // middleware stack.
 func AddRecordResponseTiming(stack *middleware.Stack) error {
 	return stack.Deserialize.Add(&RecordResponseTiming{}, middleware.After)
 }
 // rawResponseKey is the accessor key used to store and access the
 // raw response within the response metadata.
 type rawResponseKey struct{}
 // addRawResponse middleware adds raw response on to the metadata
 type addRawResponse struct{}
 // ID the identifier for the ClientRequestID
 func (m *addRawResponse) ID() string {
 	return "AddRawResponseToMetadata"
 }
 // HandleDeserialize adds raw response on the middleware metadata
 func (m addRawResponse) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
 	out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
 ) {
 	out, metadata, err = next.HandleDeserialize(ctx, in)
 	metadata.Set(rawResponseKey{}, out.RawResponse)
 	return out, metadata, err
 }
 // AddRawResponseToMetadata adds middleware to the middleware stack that
 // store raw response on to the metadata.
 func AddRawResponseToMetadata(stack *middleware.Stack) error {
 	return stack.Deserialize.Add(&addRawResponse{}, middleware.Before)
 }
 // GetRawResponse returns raw response set on metadata
 func GetRawResponse(metadata middleware.Metadata) interface{} {
 	return metadata.Get(rawResponseKey{})
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/osname.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/osname.go
@@ -0,0 +1,24 @@
 //go:build go1.16
 // +build go1.16
 package middleware
 import "runtime"
 func getNormalizedOSName() (os string) {
 	switch runtime.GOOS {
 	case "android":
 		os = "android"
 	case "linux":
 		os = "linux"
 	case "windows":
 		os = "windows"
 	case "darwin":
 		os = "macos"
 	case "ios":
 		os = "ios"
 	default:
 		os = "other"
 	}
 	return os
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/osname_go115.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/osname_go115.go
@@ -0,0 +1,24 @@
 //go:build !go1.16
 // +build !go1.16
 package middleware
 import "runtime"
 func getNormalizedOSName() (os string) {
 	switch runtime.GOOS {
 	case "android":
 		os = "android"
 	case "linux":
 		os = "linux"
 	case "windows":
 		os = "windows"
 	case "darwin":
 		// Due to Apple M1 we can't distinguish between macOS and iOS when GOOS/GOARCH is darwin/amd64
 		// For now declare this as "other" until we have a better detection mechanism.
 		fallthrough
 	default:
 		os = "other"
 	}
 	return os
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics/metrics.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics/metrics.go
@@ -0,0 +1,319 @@
 // Package metrics implements metrics gathering for SDK development purposes.
 //
 // This package is designated as private and is intended for use only by the
 // AWS client runtime. The exported API therein is not considered stable and
 // is subject to breaking changes without notice.
 package metrics
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"sync"
 	"time"
 	"github.com/aws/smithy-go/middleware"
 )
 const (
 	// ServiceIDKey is the key for the service ID metric.
 	ServiceIDKey = "ServiceId"
 	// OperationNameKey is the key for the operation name metric.
 	OperationNameKey = "OperationName"
 	// ClientRequestIDKey is the key for the client request ID metric.
 	ClientRequestIDKey = "ClientRequestId"
 	// APICallDurationKey is the key for the API call duration metric.
 	APICallDurationKey = "ApiCallDuration"
 	// APICallSuccessfulKey is the key for the API call successful metric.
 	APICallSuccessfulKey = "ApiCallSuccessful"
 	// MarshallingDurationKey is the key for the marshalling duration metric.
 	MarshallingDurationKey = "MarshallingDuration"
 	// InThroughputKey is the key for the input throughput metric.
 	InThroughputKey = "InThroughput"
 	// OutThroughputKey is the key for the output throughput metric.
 	OutThroughputKey = "OutThroughput"
 	// RetryCountKey is the key for the retry count metric.
 	RetryCountKey = "RetryCount"
 	// HTTPStatusCodeKey is the key for the HTTP status code metric.
 	HTTPStatusCodeKey = "HttpStatusCode"
 	// AWSExtendedRequestIDKey is the key for the AWS extended request ID metric.
 	AWSExtendedRequestIDKey = "AwsExtendedRequestId"
 	// AWSRequestIDKey is the key for the AWS request ID metric.
 	AWSRequestIDKey = "AwsRequestId"
 	// BackoffDelayDurationKey is the key for the backoff delay duration metric.
 	BackoffDelayDurationKey = "BackoffDelayDuration"
 	// StreamThroughputKey is the key for the stream throughput metric.
 	StreamThroughputKey = "Throughput"
 	// ConcurrencyAcquireDurationKey is the key for the concurrency acquire duration metric.
 	ConcurrencyAcquireDurationKey = "ConcurrencyAcquireDuration"
 	// PendingConcurrencyAcquiresKey is the key for the pending concurrency acquires metric.
 	PendingConcurrencyAcquiresKey = "PendingConcurrencyAcquires"
 	// SigningDurationKey is the key for the signing duration metric.
 	SigningDurationKey = "SigningDuration"
 	// UnmarshallingDurationKey is the key for the unmarshalling duration metric.
 	UnmarshallingDurationKey = "UnmarshallingDuration"
 	// TimeToFirstByteKey is the key for the time to first byte metric.
 	TimeToFirstByteKey = "TimeToFirstByte"
 	// ServiceCallDurationKey is the key for the service call duration metric.
 	ServiceCallDurationKey = "ServiceCallDuration"
 	// EndpointResolutionDurationKey is the key for the endpoint resolution duration metric.
 	EndpointResolutionDurationKey = "EndpointResolutionDuration"
 	// AttemptNumberKey is the key for the attempt number metric.
 	AttemptNumberKey = "AttemptNumber"
 	// MaxConcurrencyKey is the key for the max concurrency metric.
 	MaxConcurrencyKey = "MaxConcurrency"
 	// AvailableConcurrencyKey is the key for the available concurrency metric.
 	AvailableConcurrencyKey = "AvailableConcurrency"
 )
 // MetricPublisher provides the interface to provide custom MetricPublishers.
 // PostRequestMetrics will be invoked by the MetricCollection middleware to post request.
 // PostStreamMetrics will be invoked by ReadCloserWithMetrics to post stream metrics.
 type MetricPublisher interface {
 	PostRequestMetrics(*MetricData) error
 	PostStreamMetrics(*MetricData) error
 }
 // Serializer provides the interface to provide custom Serializers.
 // Serialize will transform any input object in its corresponding string representation.
 type Serializer interface {
 	Serialize(obj interface{}) (string, error)
 }
 // DefaultSerializer is an implementation of the Serializer interface.
 type DefaultSerializer struct{}
 // Serialize uses the default JSON serializer to obtain the string representation of an object.
 func (DefaultSerializer) Serialize(obj interface{}) (string, error) {
 	bytes, err := json.Marshal(obj)
 	if err != nil {
 		return "", err
 	}
 	return string(bytes), nil
 }
 type metricContextKey struct{}
 // MetricContext contains fields to store metric-related information.
 type MetricContext struct {
 	connectionCounter *SharedConnectionCounter
 	publisher         MetricPublisher
 	data              *MetricData
 }
 // MetricData stores the collected metric data.
 type MetricData struct {
 	RequestStartTime           time.Time
 	RequestEndTime             time.Time
 	APICallDuration            time.Duration
 	SerializeStartTime         time.Time
 	SerializeEndTime           time.Time
 	MarshallingDuration        time.Duration
 	ResolveEndpointStartTime   time.Time
 	ResolveEndpointEndTime     time.Time
 	EndpointResolutionDuration time.Duration
 	InThroughput               float64
 	OutThroughput              float64
 	RetryCount                 int
 	Success                    uint8
 	StatusCode                 int
 	ClientRequestID            string
 	ServiceID                  string
 	OperationName              string
 	PartitionID                string
 	Region                     string
 	RequestContentLength       int64
 	Stream                     StreamMetrics
 	Attempts                   []AttemptMetrics
 }
 // StreamMetrics stores metrics related to streaming data.
 type StreamMetrics struct {
 	ReadDuration time.Duration
 	ReadBytes    int64
 	Throughput   float64
 }
 // AttemptMetrics stores metrics related to individual attempts.
 type AttemptMetrics struct {
 	ServiceCallStart           time.Time
 	ServiceCallEnd             time.Time
 	ServiceCallDuration        time.Duration
 	FirstByteTime              time.Time
 	TimeToFirstByte            time.Duration
 	ConnRequestedTime          time.Time
 	ConnObtainedTime           time.Time
 	ConcurrencyAcquireDuration time.Duration
 	CredentialFetchStartTime   time.Time
 	CredentialFetchEndTime     time.Time
 	SignStartTime              time.Time
 	SignEndTime                time.Time
 	SigningDuration            time.Duration
 	DeserializeStartTime       time.Time
 	DeserializeEndTime         time.Time
 	UnMarshallingDuration      time.Duration
 	RetryDelay                 time.Duration
 	ResponseContentLength      int64
 	StatusCode                 int
 	RequestID                  string
 	ExtendedRequestID          string
 	HTTPClient                 string
 	MaxConcurrency             int
 	PendingConnectionAcquires  int
 	AvailableConcurrency       int
 	ActiveRequests             int
 	ReusedConnection           bool
 }
 // Data returns the MetricData associated with the MetricContext.
 func (mc *MetricContext) Data() *MetricData {
 	return mc.data
 }
 // ConnectionCounter returns the SharedConnectionCounter associated with the MetricContext.
 func (mc *MetricContext) ConnectionCounter() *SharedConnectionCounter {
 	return mc.connectionCounter
 }
 // Publisher returns the MetricPublisher associated with the MetricContext.
 func (mc *MetricContext) Publisher() MetricPublisher {
 	return mc.publisher
 }
 // ComputeRequestMetrics calculates and populates derived metrics based on the collected data.
 func (md *MetricData) ComputeRequestMetrics() {
 	for idx := range md.Attempts {
 		attempt := &md.Attempts[idx]
 		attempt.ConcurrencyAcquireDuration = attempt.ConnObtainedTime.Sub(attempt.ConnRequestedTime)
 		attempt.SigningDuration = attempt.SignEndTime.Sub(attempt.SignStartTime)
 		attempt.UnMarshallingDuration = attempt.DeserializeEndTime.Sub(attempt.DeserializeStartTime)
 		attempt.TimeToFirstByte = attempt.FirstByteTime.Sub(attempt.ServiceCallStart)
 		attempt.ServiceCallDuration = attempt.ServiceCallEnd.Sub(attempt.ServiceCallStart)
 	}
 	md.APICallDuration = md.RequestEndTime.Sub(md.RequestStartTime)
 	md.MarshallingDuration = md.SerializeEndTime.Sub(md.SerializeStartTime)
 	md.EndpointResolutionDuration = md.ResolveEndpointEndTime.Sub(md.ResolveEndpointStartTime)
 	md.RetryCount = len(md.Attempts) - 1
 	latestAttempt, err := md.LatestAttempt()
 	if err != nil {
 		fmt.Printf("error retrieving attempts data due to: %s. Skipping Throughput metrics", err.Error())
 	} else {
 		md.StatusCode = latestAttempt.StatusCode
 		if md.Success == 1 {
 			if latestAttempt.ResponseContentLength > 0 && latestAttempt.ServiceCallDuration > 0 {
 				md.InThroughput = float64(latestAttempt.ResponseContentLength) / latestAttempt.ServiceCallDuration.Seconds()
 			}
 			if md.RequestContentLength > 0 && latestAttempt.ServiceCallDuration > 0 {
 				md.OutThroughput = float64(md.RequestContentLength) / latestAttempt.ServiceCallDuration.Seconds()
 			}
 		}
 	}
 }
 // LatestAttempt returns the latest attempt metrics.
 // It returns an error if no attempts are initialized.
 func (md *MetricData) LatestAttempt() (*AttemptMetrics, error) {
 	if md.Attempts == nil || len(md.Attempts) == 0 {
 		return nil, fmt.Errorf("no attempts initialized. NewAttempt() should be called first")
 	}
 	return &md.Attempts[len(md.Attempts)-1], nil
 }
 // NewAttempt initializes new attempt metrics.
 func (md *MetricData) NewAttempt() {
 	if md.Attempts == nil {
 		md.Attempts = []AttemptMetrics{}
 	}
 	md.Attempts = append(md.Attempts, AttemptMetrics{})
 }
 // SharedConnectionCounter is a counter shared across API calls.
 type SharedConnectionCounter struct {
 	mu sync.Mutex
 	activeRequests           int
 	pendingConnectionAcquire int
 }
 // ActiveRequests returns the count of active requests.
 func (cc *SharedConnectionCounter) ActiveRequests() int {
 	cc.mu.Lock()
 	defer cc.mu.Unlock()
 	return cc.activeRequests
 }
 // PendingConnectionAcquire returns the count of pending connection acquires.
 func (cc *SharedConnectionCounter) PendingConnectionAcquire() int {
 	cc.mu.Lock()
 	defer cc.mu.Unlock()
 	return cc.pendingConnectionAcquire
 }
 // AddActiveRequest increments the count of active requests.
 func (cc *SharedConnectionCounter) AddActiveRequest() {
 	cc.mu.Lock()
 	defer cc.mu.Unlock()
 	cc.activeRequests++
 }
 // RemoveActiveRequest decrements the count of active requests.
 func (cc *SharedConnectionCounter) RemoveActiveRequest() {
 	cc.mu.Lock()
 	defer cc.mu.Unlock()
 	cc.activeRequests--
 }
 // AddPendingConnectionAcquire increments the count of pending connection acquires.
 func (cc *SharedConnectionCounter) AddPendingConnectionAcquire() {
 	cc.mu.Lock()
 	defer cc.mu.Unlock()
 	cc.pendingConnectionAcquire++
 }
 // RemovePendingConnectionAcquire decrements the count of pending connection acquires.
 func (cc *SharedConnectionCounter) RemovePendingConnectionAcquire() {
 	cc.mu.Lock()
 	defer cc.mu.Unlock()
 	cc.pendingConnectionAcquire--
 }
 // InitMetricContext initializes the metric context with the provided counter and publisher.
 // It returns the updated context.
 func InitMetricContext(
 	ctx context.Context, counter *SharedConnectionCounter, publisher MetricPublisher,
 ) context.Context {
 	if middleware.GetStackValue(ctx, metricContextKey{}) == nil {
 		ctx = middleware.WithStackValue(ctx, metricContextKey{}, &MetricContext{
 			connectionCounter: counter,
 			publisher:         publisher,
 			data: &MetricData{
 				Attempts: []AttemptMetrics{},
 				Stream:   StreamMetrics{},
 			},
 		})
 	}
 	return ctx
 }
 // Context returns the metric context from the given context.
 // It returns nil if the metric context is not found.
 func Context(ctx context.Context) *MetricContext {
 	mctx := middleware.GetStackValue(ctx, metricContextKey{})
 	if mctx == nil {
 		return nil
 	}
 	return mctx.(*MetricContext)
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/recursion_detection.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/recursion_detection.go
@@ -0,0 +1,94 @@
 package middleware
 import (
 	"context"
 	"fmt"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"os"
 )
 const envAwsLambdaFunctionName = "AWS_LAMBDA_FUNCTION_NAME"
 const envAmznTraceID = "_X_AMZN_TRACE_ID"
 const amznTraceIDHeader = "X-Amzn-Trace-Id"
 // AddRecursionDetection adds recursionDetection to the middleware stack
 func AddRecursionDetection(stack *middleware.Stack) error {
 	return stack.Build.Add(&RecursionDetection{}, middleware.After)
 }
 // RecursionDetection detects Lambda environment and sets its X-Ray trace ID to request header if absent
 // to avoid recursion invocation in Lambda
 type RecursionDetection struct{}
 // ID returns the middleware identifier
 func (m *RecursionDetection) ID() string {
 	return "RecursionDetection"
 }
 // HandleBuild detects Lambda environment and adds its trace ID to request header if absent
 func (m *RecursionDetection) HandleBuild(
 	ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
 ) (
 	out middleware.BuildOutput, metadata middleware.Metadata, err error,
 ) {
 	req, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, fmt.Errorf("unknown request type %T", req)
 	}
 	_, hasLambdaEnv := os.LookupEnv(envAwsLambdaFunctionName)
 	xAmznTraceID, hasTraceID := os.LookupEnv(envAmznTraceID)
 	value := req.Header.Get(amznTraceIDHeader)
 	// only set the X-Amzn-Trace-Id header when it is not set initially, the
 	// current environment is Lambda and the _X_AMZN_TRACE_ID env variable exists
 	if value != "" || !hasLambdaEnv || !hasTraceID {
 		return next.HandleBuild(ctx, in)
 	}
 	req.Header.Set(amznTraceIDHeader, percentEncode(xAmznTraceID))
 	return next.HandleBuild(ctx, in)
 }
 func percentEncode(s string) string {
 	upperhex := "0123456789ABCDEF"
 	hexCount := 0
 	for i := 0; i < len(s); i++ {
 		c := s[i]
 		if shouldEncode(c) {
 			hexCount++
 		}
 	}
 	if hexCount == 0 {
 		return s
 	}
 	required := len(s) + 2*hexCount
 	t := make([]byte, required)
 	j := 0
 	for i := 0; i < len(s); i++ {
 		if c := s[i]; shouldEncode(c) {
 			t[j] = '%'
 			t[j+1] = upperhex[c>>4]
 			t[j+2] = upperhex[c&15]
 			j += 3
 		} else {
 			t[j] = c
 			j++
 		}
 	}
 	return string(t)
 }
 func shouldEncode(c byte) bool {
 	if 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z' || '0' <= c && c <= '9' {
 		return false
 	}
 	switch c {
 	case '-', '=', ';', ':', '+', '&', '[', ']', '{', '}', '"', '\'', ',':
 		return false
 	default:
 		return true
 	}
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/request_id.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/request_id.go
@@ -0,0 +1,27 @@
 package middleware
 import (
 	"github.com/aws/smithy-go/middleware"
 )
 // requestIDKey is used to retrieve request id from response metadata
 type requestIDKey struct{}
 // SetRequestIDMetadata sets the provided request id over middleware metadata
 func SetRequestIDMetadata(metadata *middleware.Metadata, id string) {
 	metadata.Set(requestIDKey{}, id)
 }
 // GetRequestIDMetadata retrieves the request id from middleware metadata
 // returns string and bool indicating value of request id, whether request id was set.
 func GetRequestIDMetadata(metadata middleware.Metadata) (string, bool) {
 	if !metadata.Has(requestIDKey{}) {
 		return "", false
 	}
 	v, ok := metadata.Get(requestIDKey{}).(string)
 	if !ok {
 		return "", true
 	}
 	return v, true
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/request_id_retriever.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/request_id_retriever.go
@@ -0,0 +1,49 @@
 package middleware
 import (
 	"context"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 // AddRequestIDRetrieverMiddleware adds request id retriever middleware
 func AddRequestIDRetrieverMiddleware(stack *middleware.Stack) error {
 	// add error wrapper middleware before operation deserializers so that it can wrap the error response
 	// returned by operation deserializers
 	return stack.Deserialize.Insert(&requestIDRetriever{}, "OperationDeserializer", middleware.Before)
 }
 type requestIDRetriever struct {
 }
 // ID returns the middleware identifier
 func (m *requestIDRetriever) ID() string {
 	return "RequestIDRetriever"
 }
 func (m *requestIDRetriever) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
 	out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
 ) {
 	out, metadata, err = next.HandleDeserialize(ctx, in)
 	resp, ok := out.RawResponse.(*smithyhttp.Response)
 	if !ok {
 		// No raw response to wrap with.
 		return out, metadata, err
 	}
 	// Different header which can map to request id
 	requestIDHeaderList := []string{"X-Amzn-Requestid", "X-Amz-RequestId"}
 	for _, h := range requestIDHeaderList {
 		// check for headers known to contain Request id
 		if v := resp.Header.Get(h); len(v) != 0 {
 			// set reqID on metadata for successful responses.
 			SetRequestIDMetadata(&metadata, v)
 			break
 		}
 	}
 	return out, metadata, err
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go
@@ -0,0 +1,261 @@
 package middleware
 import (
 	"context"
 	"fmt"
 	"os"
 	"runtime"
 	"strings"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 var languageVersion = strings.TrimPrefix(runtime.Version(), "go")
 // SDKAgentKeyType is the metadata type to add to the SDK agent string
 type SDKAgentKeyType int
 // The set of valid SDKAgentKeyType constants. If an unknown value is assigned for SDKAgentKeyType it will
 // be mapped to AdditionalMetadata.
 const (
 	_ SDKAgentKeyType = iota
 	APIMetadata
 	OperatingSystemMetadata
 	LanguageMetadata
 	EnvironmentMetadata
 	FeatureMetadata
 	ConfigMetadata
 	FrameworkMetadata
 	AdditionalMetadata
 	ApplicationIdentifier
 )
 func (k SDKAgentKeyType) string() string {
 	switch k {
 	case APIMetadata:
 		return "api"
 	case OperatingSystemMetadata:
 		return "os"
 	case LanguageMetadata:
 		return "lang"
 	case EnvironmentMetadata:
 		return "exec-env"
 	case FeatureMetadata:
 		return "ft"
 	case ConfigMetadata:
 		return "cfg"
 	case FrameworkMetadata:
 		return "lib"
 	case ApplicationIdentifier:
 		return "app"
 	case AdditionalMetadata:
 		fallthrough
 	default:
 		return "md"
 	}
 }
 const execEnvVar = `AWS_EXECUTION_ENV`
 var validChars = map[rune]bool{
 	'!': true, '#': true, '$': true, '%': true, '&': true, '\'': true, '*': true, '+': true,
 	'-': true, '.': true, '^': true, '_': true, '`': true, '|': true, '~': true,
 }
 // requestUserAgent is a build middleware that set the User-Agent for the request.
 type requestUserAgent struct {
 	sdkAgent, userAgent *smithyhttp.UserAgentBuilder
 }
 // newRequestUserAgent returns a new requestUserAgent which will set the User-Agent and X-Amz-User-Agent for the
 // request.
 //
 // User-Agent example:
 //
 //	aws-sdk-go-v2/1.2.3
 //
 // X-Amz-User-Agent example:
 //
 //	aws-sdk-go-v2/1.2.3 md/GOOS/linux md/GOARCH/amd64 lang/go/1.15
 func newRequestUserAgent() *requestUserAgent {
 	userAgent, sdkAgent := smithyhttp.NewUserAgentBuilder(), smithyhttp.NewUserAgentBuilder()
 	addProductName(userAgent)
 	addProductName(sdkAgent)
 	r := &requestUserAgent{
 		sdkAgent:  sdkAgent,
 		userAgent: userAgent,
 	}
 	addSDKMetadata(r)
 	return r
 }
 func addSDKMetadata(r *requestUserAgent) {
 	r.AddSDKAgentKey(OperatingSystemMetadata, getNormalizedOSName())
 	r.AddSDKAgentKeyValue(LanguageMetadata, "go", languageVersion)
 	r.AddSDKAgentKeyValue(AdditionalMetadata, "GOOS", runtime.GOOS)
 	r.AddSDKAgentKeyValue(AdditionalMetadata, "GOARCH", runtime.GOARCH)
 	if ev := os.Getenv(execEnvVar); len(ev) > 0 {
 		r.AddSDKAgentKey(EnvironmentMetadata, ev)
 	}
 }
 func addProductName(builder *smithyhttp.UserAgentBuilder) {
 	builder.AddKeyValue(aws.SDKName, aws.SDKVersion)
 }
 // AddUserAgentKey retrieves a requestUserAgent from the provided stack, or initializes one.
 func AddUserAgentKey(key string) func(*middleware.Stack) error {
 	return func(stack *middleware.Stack) error {
 		requestUserAgent, err := getOrAddRequestUserAgent(stack)
 		if err != nil {
 			return err
 		}
 		requestUserAgent.AddUserAgentKey(key)
 		return nil
 	}
 }
 // AddUserAgentKeyValue retrieves a requestUserAgent from the provided stack, or initializes one.
 func AddUserAgentKeyValue(key, value string) func(*middleware.Stack) error {
 	return func(stack *middleware.Stack) error {
 		requestUserAgent, err := getOrAddRequestUserAgent(stack)
 		if err != nil {
 			return err
 		}
 		requestUserAgent.AddUserAgentKeyValue(key, value)
 		return nil
 	}
 }
 // AddSDKAgentKey retrieves a requestUserAgent from the provided stack, or initializes one.
 func AddSDKAgentKey(keyType SDKAgentKeyType, key string) func(*middleware.Stack) error {
 	return func(stack *middleware.Stack) error {
 		requestUserAgent, err := getOrAddRequestUserAgent(stack)
 		if err != nil {
 			return err
 		}
 		requestUserAgent.AddSDKAgentKey(keyType, key)
 		return nil
 	}
 }
 // AddSDKAgentKeyValue retrieves a requestUserAgent from the provided stack, or initializes one.
 func AddSDKAgentKeyValue(keyType SDKAgentKeyType, key, value string) func(*middleware.Stack) error {
 	return func(stack *middleware.Stack) error {
 		requestUserAgent, err := getOrAddRequestUserAgent(stack)
 		if err != nil {
 			return err
 		}
 		requestUserAgent.AddSDKAgentKeyValue(keyType, key, value)
 		return nil
 	}
 }
 // AddRequestUserAgentMiddleware registers a requestUserAgent middleware on the stack if not present.
 func AddRequestUserAgentMiddleware(stack *middleware.Stack) error {
 	_, err := getOrAddRequestUserAgent(stack)
 	return err
 }
 func getOrAddRequestUserAgent(stack *middleware.Stack) (*requestUserAgent, error) {
 	id := (*requestUserAgent)(nil).ID()
 	bm, ok := stack.Build.Get(id)
 	if !ok {
 		bm = newRequestUserAgent()
 		err := stack.Build.Add(bm, middleware.After)
 		if err != nil {
 			return nil, err
 		}
 	}
 	requestUserAgent, ok := bm.(*requestUserAgent)
 	if !ok {
 		return nil, fmt.Errorf("%T for %s middleware did not match expected type", bm, id)
 	}
 	return requestUserAgent, nil
 }
 // AddUserAgentKey adds the component identified by name to the User-Agent string.
 func (u *requestUserAgent) AddUserAgentKey(key string) {
 	u.userAgent.AddKey(strings.Map(rules, key))
 }
 // AddUserAgentKeyValue adds the key identified by the given name and value to the User-Agent string.
 func (u *requestUserAgent) AddUserAgentKeyValue(key, value string) {
 	u.userAgent.AddKeyValue(strings.Map(rules, key), strings.Map(rules, value))
 }
 // AddUserAgentKey adds the component identified by name to the User-Agent string.
 func (u *requestUserAgent) AddSDKAgentKey(keyType SDKAgentKeyType, key string) {
 	// TODO: should target sdkAgent
 	u.userAgent.AddKey(keyType.string() + "/" + strings.Map(rules, key))
 }
 // AddUserAgentKeyValue adds the key identified by the given name and value to the User-Agent string.
 func (u *requestUserAgent) AddSDKAgentKeyValue(keyType SDKAgentKeyType, key, value string) {
 	// TODO: should target sdkAgent
 	u.userAgent.AddKeyValue(keyType.string(), strings.Map(rules, key)+"#"+strings.Map(rules, value))
 }
 // ID the name of the middleware.
 func (u *requestUserAgent) ID() string {
 	return "UserAgent"
 }
 // HandleBuild adds or appends the constructed user agent to the request.
 func (u *requestUserAgent) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
 	out middleware.BuildOutput, metadata middleware.Metadata, err error,
 ) {
 	switch req := in.Request.(type) {
 	case *smithyhttp.Request:
 		u.addHTTPUserAgent(req)
 		// TODO: To be re-enabled
 		// u.addHTTPSDKAgent(req)
 	default:
 		return out, metadata, fmt.Errorf("unknown transport type %T", in)
 	}
 	return next.HandleBuild(ctx, in)
 }
 func (u *requestUserAgent) addHTTPUserAgent(request *smithyhttp.Request) {
 	const userAgent = "User-Agent"
 	updateHTTPHeader(request, userAgent, u.userAgent.Build())
 }
 func (u *requestUserAgent) addHTTPSDKAgent(request *smithyhttp.Request) {
 	const sdkAgent = "X-Amz-User-Agent"
 	updateHTTPHeader(request, sdkAgent, u.sdkAgent.Build())
 }
 func updateHTTPHeader(request *smithyhttp.Request, header string, value string) {
 	var current string
 	if v := request.Header[header]; len(v) > 0 {
 		current = v[0]
 	}
 	if len(current) > 0 {
 		current = value + " " + current
 	} else {
 		current = value
 	}
 	request.Header[header] = append(request.Header[header][:0], current)
 }
 func rules(r rune) rune {
 	switch {
 	case r >= '0' && r <= '9':
 		return r
 	case r >= 'A' && r <= 'Z' || r >= 'a' && r <= 'z':
 		return r
 	case validChars[r]:
 		return r
 	default:
 		return '-'
 	}
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/array.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/array.go
@@ -0,0 +1,72 @@
 package query
 import (
 	"fmt"
 	"net/url"
 )
 // Array represents the encoding of Query lists and sets. A Query array is a
 // representation of a list of values of a fixed type. A serialized array might
 // look like the following:
 //
 //	ListName.member.1=foo
 //	&ListName.member.2=bar
 //	&Listname.member.3=baz
 type Array struct {
 	// The query values to add the array to.
 	values url.Values
 	// The array's prefix, which includes the names of all parent structures
 	// and ends with the name of the list. For example, the prefix might be
 	// "ParentStructure.ListName". This prefix will be used to form the full
 	// keys for each element in the list. For example, an entry might have the
 	// key "ParentStructure.ListName.member.MemberName.1".
 	//
 	// While this is currently represented as a string that gets added to, it
 	// could also be represented as a stack that only gets condensed into a
 	// string when a finalized key is created. This could potentially reduce
 	// allocations.
 	prefix string
 	// Whether the list is flat or not. A list that is not flat will produce the
 	// following entry to the url.Values for a given entry:
 	//     ListName.MemberName.1=value
 	// A list that is flat will produce the following:
 	//     ListName.1=value
 	flat bool
 	// The location name of the member. In most cases this should be "member".
 	memberName string
 	// Elements are stored in values, so we keep track of the list size here.
 	size int32
 	// Empty lists are encoded as "<prefix>=", if we add a value later we will
 	// remove this encoding
 	emptyValue Value
 }
 func newArray(values url.Values, prefix string, flat bool, memberName string) *Array {
 	emptyValue := newValue(values, prefix, flat)
 	emptyValue.String("")
 	return &Array{
 		values:     values,
 		prefix:     prefix,
 		flat:       flat,
 		memberName: memberName,
 		emptyValue: emptyValue,
 	}
 }
 // Value adds a new element to the Query Array. Returns a Value type used to
 // encode the array element.
 func (a *Array) Value() Value {
 	if a.size == 0 {
 		delete(a.values, a.emptyValue.key)
 	}
 	// Query lists start a 1, so adjust the size first
 	a.size++
 	prefix := a.prefix
 	if !a.flat {
 		prefix = fmt.Sprintf("%s.%s", prefix, a.memberName)
 	}
 	// Lists can't have flat members
 	return newValue(a.values, fmt.Sprintf("%s.%d", prefix, a.size), false)
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/encoder.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/encoder.go
@@ -0,0 +1,80 @@
 package query
 import (
 	"io"
 	"net/url"
 	"sort"
 )
 // Encoder is a Query encoder that supports construction of Query body
 // values using methods.
 type Encoder struct {
 	// The query values that will be built up to manage encoding.
 	values url.Values
 	// The writer that the encoded body will be written to.
 	writer io.Writer
 	Value
 }
 // NewEncoder returns a new Query body encoder
 func NewEncoder(writer io.Writer) *Encoder {
 	values := url.Values{}
 	return &Encoder{
 		values: values,
 		writer: writer,
 		Value:  newBaseValue(values),
 	}
 }
 // Encode returns the []byte slice representing the current
 // state of the Query encoder.
 func (e Encoder) Encode() error {
 	ws, ok := e.writer.(interface{ WriteString(string) (int, error) })
 	if !ok {
 		// Fall back to less optimal byte slice casting if WriteString isn't available.
 		ws = &wrapWriteString{writer: e.writer}
 	}
 	// Get the keys and sort them to have a stable output
 	keys := make([]string, 0, len(e.values))
 	for k := range e.values {
 		keys = append(keys, k)
 	}
 	sort.Strings(keys)
 	isFirstEntry := true
 	for _, key := range keys {
 		queryValues := e.values[key]
 		escapedKey := url.QueryEscape(key)
 		for _, value := range queryValues {
 			if !isFirstEntry {
 				if _, err := ws.WriteString(`&`); err != nil {
 					return err
 				}
 			} else {
 				isFirstEntry = false
 			}
 			if _, err := ws.WriteString(escapedKey); err != nil {
 				return err
 			}
 			if _, err := ws.WriteString(`=`); err != nil {
 				return err
 			}
 			if _, err := ws.WriteString(url.QueryEscape(value)); err != nil {
 				return err
 			}
 		}
 	}
 	return nil
 }
 // wrapWriteString wraps an io.Writer to provide a WriteString method
 // where one is not available.
 type wrapWriteString struct {
 	writer io.Writer
 }
 // WriteString writes a string to the wrapped writer by casting it to
 // a byte array first.
 func (w wrapWriteString) WriteString(v string) (int, error) {
 	return w.writer.Write([]byte(v))
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/map.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/map.go
@@ -0,0 +1,78 @@
 package query
 import (
 	"fmt"
 	"net/url"
 )
 // Map represents the encoding of Query maps. A Query map is a representation
 // of a mapping of arbitrary string keys to arbitrary values of a fixed type.
 // A Map differs from an Object in that the set of keys is not fixed, in that
 // the values must all be of the same type, and that map entries are ordered.
 // A serialized map might look like the following:
 //
 //	MapName.entry.1.key=Foo
 //	&MapName.entry.1.value=spam
 //	&MapName.entry.2.key=Bar
 //	&MapName.entry.2.value=eggs
 type Map struct {
 	// The query values to add the map to.
 	values url.Values
 	// The map's prefix, which includes the names of all parent structures
 	// and ends with the name of the object. For example, the prefix might be
 	// "ParentStructure.MapName". This prefix will be used to form the full
 	// keys for each key-value pair of the map. For example, a value might have
 	// the key "ParentStructure.MapName.1.value".
 	//
 	// While this is currently represented as a string that gets added to, it
 	// could also be represented as a stack that only gets condensed into a
 	// string when a finalized key is created. This could potentially reduce
 	// allocations.
 	prefix string
 	// Whether the map is flat or not. A map that is not flat will produce the
 	// following entries to the url.Values for a given key-value pair:
 	//     MapName.entry.1.KeyLocationName=mykey
 	//     MapName.entry.1.ValueLocationName=myvalue
 	// A map that is flat will produce the following:
 	//     MapName.1.KeyLocationName=mykey
 	//     MapName.1.ValueLocationName=myvalue
 	flat bool
 	// The location name of the key. In most cases this should be "key".
 	keyLocationName string
 	// The location name of the value. In most cases this should be "value".
 	valueLocationName string
 	// Elements are stored in values, so we keep track of the list size here.
 	size int32
 }
 func newMap(values url.Values, prefix string, flat bool, keyLocationName string, valueLocationName string) *Map {
 	return &Map{
 		values:            values,
 		prefix:            prefix,
 		flat:              flat,
 		keyLocationName:   keyLocationName,
 		valueLocationName: valueLocationName,
 	}
 }
 // Key adds the given named key to the Query map.
 // Returns a Value encoder that should be used to encode a Query value type.
 func (m *Map) Key(name string) Value {
 	// Query lists start a 1, so adjust the size first
 	m.size++
 	var key string
 	var value string
 	if m.flat {
 		key = fmt.Sprintf("%s.%d.%s", m.prefix, m.size, m.keyLocationName)
 		value = fmt.Sprintf("%s.%d.%s", m.prefix, m.size, m.valueLocationName)
 	} else {
 		key = fmt.Sprintf("%s.entry.%d.%s", m.prefix, m.size, m.keyLocationName)
 		value = fmt.Sprintf("%s.entry.%d.%s", m.prefix, m.size, m.valueLocationName)
 	}
 	// The key can only be a string, so we just go ahead and set it here
 	newValue(m.values, key, false).String(name)
 	// Maps can't have flat members
 	return newValue(m.values, value, false)
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/middleware.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/middleware.go
@@ -0,0 +1,62 @@
 package query
 import (
 	"context"
 	"fmt"
 	"io/ioutil"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 // AddAsGetRequestMiddleware adds a middleware to the Serialize stack after the
 // operation serializer that will convert the query request body to a GET
 // operation with the query message in the HTTP request querystring.
 func AddAsGetRequestMiddleware(stack *middleware.Stack) error {
 	return stack.Serialize.Insert(&asGetRequest{}, "OperationSerializer", middleware.After)
 }
 type asGetRequest struct{}
 func (*asGetRequest) ID() string { return "Query:AsGetRequest" }
 func (m *asGetRequest) HandleSerialize(
 	ctx context.Context, input middleware.SerializeInput, next middleware.SerializeHandler,
 ) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
 	req, ok := input.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, fmt.Errorf("expect smithy HTTP Request, got %T", input.Request)
 	}
 	req.Method = "GET"
 	// If the stream is not set, nothing else to do.
 	stream := req.GetStream()
 	if stream == nil {
 		return next.HandleSerialize(ctx, input)
 	}
 	// Clear the stream since there will not be any body.
 	req.Header.Del("Content-Type")
 	req, err = req.SetStream(nil)
 	if err != nil {
 		return out, metadata, fmt.Errorf("unable update request body %w", err)
 	}
 	input.Request = req
 	// Update request query with the body's query string value.
 	delim := ""
 	if len(req.URL.RawQuery) != 0 {
 		delim = "&"
 	}
 	b, err := ioutil.ReadAll(stream)
 	if err != nil {
 		return out, metadata, fmt.Errorf("unable to get request body %w", err)
 	}
 	req.URL.RawQuery += delim + string(b)
 	return next.HandleSerialize(ctx, input)
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go
@@ -0,0 +1,69 @@
 package query
 import (
 	"fmt"
 	"net/url"
 )
 // Object represents the encoding of Query structures and unions. A Query
 // object is a representation of a mapping of string keys to arbitrary
 // values where there is a fixed set of keys whose values each have their
 // own known type. A serialized object might look like the following:
 //
 //	ObjectName.Foo=value
 //	&ObjectName.Bar=5
 type Object struct {
 	// The query values to add the object to.
 	values url.Values
 	// The object's prefix, which includes the names of all parent structures
 	// and ends with the name of the object. For example, the prefix might be
 	// "ParentStructure.ObjectName". This prefix will be used to form the full
 	// keys for each member of the object. For example, a member might have the
 	// key "ParentStructure.ObjectName.MemberName".
 	//
 	// While this is currently represented as a string that gets added to, it
 	// could also be represented as a stack that only gets condensed into a
 	// string when a finalized key is created. This could potentially reduce
 	// allocations.
 	prefix string
 }
 func newObject(values url.Values, prefix string) *Object {
 	return &Object{
 		values: values,
 		prefix: prefix,
 	}
 }
 // Key adds the given named key to the Query object.
 // Returns a Value encoder that should be used to encode a Query value type.
 func (o *Object) Key(name string) Value {
 	return o.key(name, false)
 }
 // KeyWithValues adds the given named key to the Query object.
 // Returns a Value encoder that should be used to encode a Query list of values.
 func (o *Object) KeyWithValues(name string) Value {
 	return o.keyWithValues(name, false)
 }
 // FlatKey adds the given named key to the Query object.
 // Returns a Value encoder that should be used to encode a Query value type. The
 // value will be flattened if it is a map or array.
 func (o *Object) FlatKey(name string) Value {
 	return o.key(name, true)
 }
 func (o *Object) key(name string, flatValue bool) Value {
 	if o.prefix != "" {
 		return newValue(o.values, fmt.Sprintf("%s.%s", o.prefix, name), flatValue)
 	}
 	return newValue(o.values, name, flatValue)
 }
 func (o *Object) keyWithValues(name string, flatValue bool) Value {
 	if o.prefix != "" {
 		return newAppendValue(o.values, fmt.Sprintf("%s.%s", o.prefix, name), flatValue)
 	}
 	return newAppendValue(o.values, name, flatValue)
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/value.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/value.go
@@ -0,0 +1,115 @@
 package query
 import (
 	"math/big"
 	"net/url"
 	"github.com/aws/smithy-go/encoding/httpbinding"
 )
 // Value represents a Query Value type.
 type Value struct {
 	// The query values to add the value to.
 	values url.Values
 	// The value's key, which will form the prefix for complex types.
 	key string
 	// Whether the value should be flattened or not if it's a flattenable type.
 	flat       bool
 	queryValue httpbinding.QueryValue
 }
 func newValue(values url.Values, key string, flat bool) Value {
 	return Value{
 		values:     values,
 		key:        key,
 		flat:       flat,
 		queryValue: httpbinding.NewQueryValue(values, key, false),
 	}
 }
 func newAppendValue(values url.Values, key string, flat bool) Value {
 	return Value{
 		values:     values,
 		key:        key,
 		flat:       flat,
 		queryValue: httpbinding.NewQueryValue(values, key, true),
 	}
 }
 func newBaseValue(values url.Values) Value {
 	return Value{
 		values:     values,
 		queryValue: httpbinding.NewQueryValue(nil, "", false),
 	}
 }
 // Array returns a new Array encoder.
 func (qv Value) Array(locationName string) *Array {
 	return newArray(qv.values, qv.key, qv.flat, locationName)
 }
 // Object returns a new Object encoder.
 func (qv Value) Object() *Object {
 	return newObject(qv.values, qv.key)
 }
 // Map returns a new Map encoder.
 func (qv Value) Map(keyLocationName string, valueLocationName string) *Map {
 	return newMap(qv.values, qv.key, qv.flat, keyLocationName, valueLocationName)
 }
 // Base64EncodeBytes encodes v as a base64 query string value.
 // This is intended to enable compatibility with the JSON encoder.
 func (qv Value) Base64EncodeBytes(v []byte) {
 	qv.queryValue.Blob(v)
 }
 // Boolean encodes v as a query string value
 func (qv Value) Boolean(v bool) {
 	qv.queryValue.Boolean(v)
 }
 // String encodes v as a query string value
 func (qv Value) String(v string) {
 	qv.queryValue.String(v)
 }
 // Byte encodes v as a query string value
 func (qv Value) Byte(v int8) {
 	qv.queryValue.Byte(v)
 }
 // Short encodes v as a query string value
 func (qv Value) Short(v int16) {
 	qv.queryValue.Short(v)
 }
 // Integer encodes v as a query string value
 func (qv Value) Integer(v int32) {
 	qv.queryValue.Integer(v)
 }
 // Long encodes v as a query string value
 func (qv Value) Long(v int64) {
 	qv.queryValue.Long(v)
 }
 // Float encodes v as a query string value
 func (qv Value) Float(v float32) {
 	qv.queryValue.Float(v)
 }
 // Double encodes v as a query string value
 func (qv Value) Double(v float64) {
 	qv.queryValue.Double(v)
 }
 // BigInteger encodes v as a query string value
 func (qv Value) BigInteger(v *big.Int) {
 	qv.queryValue.BigInteger(v)
 }
 // BigDecimal encodes v as a query string value
 func (qv Value) BigDecimal(v *big.Float) {
 	qv.queryValue.BigDecimal(v)
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/restjson/decoder_util.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/restjson/decoder_util.go
@@ -0,0 +1,85 @@
 package restjson
 import (
 	"encoding/json"
 	"io"
 	"strings"
 	"github.com/aws/smithy-go"
 )
 // GetErrorInfo util looks for code, __type, and message members in the
 // json body. These members are optionally available, and the function
 // returns the value of member if it is available. This function is useful to
 // identify the error code, msg in a REST JSON error response.
 func GetErrorInfo(decoder *json.Decoder) (errorType string, message string, err error) {
 	var errInfo struct {
 		Code    string
 		Type    string `json:"__type"`
 		Message string
 	}
 	err = decoder.Decode(&errInfo)
 	if err != nil {
 		if err == io.EOF {
 			return errorType, message, nil
 		}
 		return errorType, message, err
 	}
 	// assign error type
 	if len(errInfo.Code) != 0 {
 		errorType = errInfo.Code
 	} else if len(errInfo.Type) != 0 {
 		errorType = errInfo.Type
 	}
 	// assign error message
 	if len(errInfo.Message) != 0 {
 		message = errInfo.Message
 	}
 	// sanitize error
 	if len(errorType) != 0 {
 		errorType = SanitizeErrorCode(errorType)
 	}
 	return errorType, message, nil
 }
 // SanitizeErrorCode sanitizes the errorCode string .
 // The rule for sanitizing is if a `:` character is present, then take only the
 // contents before the first : character in the value.
 // If a # character is present, then take only the contents after the
 // first # character in the value.
 func SanitizeErrorCode(errorCode string) string {
 	if strings.ContainsAny(errorCode, ":") {
 		errorCode = strings.SplitN(errorCode, ":", 2)[0]
 	}
 	if strings.ContainsAny(errorCode, "#") {
 		errorCode = strings.SplitN(errorCode, "#", 2)[1]
 	}
 	return errorCode
 }
 // GetSmithyGenericAPIError returns smithy generic api error and an error interface.
 // Takes in json decoder, and error Code string as args. The function retrieves error message
 // and error code from the decoder body. If errorCode of length greater than 0 is passed in as
 // an argument, it is used instead.
 func GetSmithyGenericAPIError(decoder *json.Decoder, errorCode string) (*smithy.GenericAPIError, error) {
 	errorType, message, err := GetErrorInfo(decoder)
 	if err != nil {
 		return nil, err
 	}
 	if len(errorCode) == 0 {
 		errorCode = errorType
 	}
 	return &smithy.GenericAPIError{
 		Code:    errorCode,
 		Message: message,
 	}, nil
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/xml/error_utils.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/xml/error_utils.go
@@ -0,0 +1,48 @@
 package xml
 import (
 	"encoding/xml"
 	"fmt"
 	"io"
 )
 // ErrorComponents represents the error response fields
 // that will be deserialized from an xml error response body
 type ErrorComponents struct {
 	Code      string
 	Message   string
 	RequestID string
 }
 // GetErrorResponseComponents returns the error fields from an xml error response body
 func GetErrorResponseComponents(r io.Reader, noErrorWrapping bool) (ErrorComponents, error) {
 	if noErrorWrapping {
 		var errResponse noWrappedErrorResponse
 		if err := xml.NewDecoder(r).Decode(&errResponse); err != nil && err != io.EOF {
 			return ErrorComponents{}, fmt.Errorf("error while deserializing xml error response: %w", err)
 		}
 		return ErrorComponents(errResponse), nil
 	}
 	var errResponse wrappedErrorResponse
 	if err := xml.NewDecoder(r).Decode(&errResponse); err != nil && err != io.EOF {
 		return ErrorComponents{}, fmt.Errorf("error while deserializing xml error response: %w", err)
 	}
 	return ErrorComponents(errResponse), nil
 }
 // noWrappedErrorResponse represents the error response body with
 // no internal Error wrapping
 type noWrappedErrorResponse struct {
 	Code      string `xml:"Code"`
 	Message   string `xml:"Message"`
 	RequestID string `xml:"RequestId"`
 }
 // wrappedErrorResponse represents the error response body
 // wrapped within Error
 type wrappedErrorResponse struct {
 	Code      string `xml:"Error>Code"`
 	Message   string `xml:"Error>Message"`
 	RequestID string `xml:"RequestId"`
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/token_bucket.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/token_bucket.go
@@ -0,0 +1,96 @@
 package ratelimit
 import (
 	"sync"
 )
 // TokenBucket provides a concurrency safe utility for adding and removing
 // tokens from the available token bucket.
 type TokenBucket struct {
 	remainingTokens uint
 	maxCapacity     uint
 	minCapacity     uint
 	mu              sync.Mutex
 }
 // NewTokenBucket returns an initialized TokenBucket with the capacity
 // specified.
 func NewTokenBucket(i uint) *TokenBucket {
 	return &TokenBucket{
 		remainingTokens: i,
 		maxCapacity:     i,
 		minCapacity:     1,
 	}
 }
 // Retrieve attempts to reduce the available tokens by the amount requested. If
 // there are tokens available true will be returned along with the number of
 // available tokens remaining. If amount requested is larger than the available
 // capacity, false will be returned along with the available capacity. If the
 // amount is less than the available capacity, the capacity will be reduced by
 // that amount, and the remaining capacity and true will be returned.
 func (t *TokenBucket) Retrieve(amount uint) (available uint, retrieved bool) {
 	t.mu.Lock()
 	defer t.mu.Unlock()
 	if amount > t.remainingTokens {
 		return t.remainingTokens, false
 	}
 	t.remainingTokens -= amount
 	return t.remainingTokens, true
 }
 // Refund returns the amount of tokens back to the available token bucket, up
 // to the initial capacity.
 func (t *TokenBucket) Refund(amount uint) {
 	t.mu.Lock()
 	defer t.mu.Unlock()
 	// Capacity cannot exceed max capacity.
 	t.remainingTokens = uintMin(t.remainingTokens+amount, t.maxCapacity)
 }
 // Capacity returns the maximum capacity of tokens that the bucket could
 // contain.
 func (t *TokenBucket) Capacity() uint {
 	t.mu.Lock()
 	defer t.mu.Unlock()
 	return t.maxCapacity
 }
 // Remaining returns the number of tokens that remaining in the bucket.
 func (t *TokenBucket) Remaining() uint {
 	t.mu.Lock()
 	defer t.mu.Unlock()
 	return t.remainingTokens
 }
 // Resize adjusts the size of the token bucket. Returns the capacity remaining.
 func (t *TokenBucket) Resize(size uint) uint {
 	t.mu.Lock()
 	defer t.mu.Unlock()
 	t.maxCapacity = uintMax(size, t.minCapacity)
 	// Capacity needs to be capped at max capacity, if max size reduced.
 	t.remainingTokens = uintMin(t.remainingTokens, t.maxCapacity)
 	return t.remainingTokens
 }
 func uintMin(a, b uint) uint {
 	if a < b {
 		return a
 	}
 	return b
 }
 func uintMax(a, b uint) uint {
 	if a > b {
 		return a
 	}
 	return b
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/token_rate_limit.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/token_rate_limit.go
@@ -0,0 +1,83 @@
 package ratelimit
 import (
 	"context"
 	"fmt"
 )
 type rateToken struct {
 	tokenCost uint
 	bucket    *TokenBucket
 }
 func (t rateToken) release() error {
 	t.bucket.Refund(t.tokenCost)
 	return nil
 }
 // TokenRateLimit provides a Token Bucket RateLimiter implementation
 // that limits the overall number of retry attempts that can be made across
 // operation invocations.
 type TokenRateLimit struct {
 	bucket *TokenBucket
 }
 // NewTokenRateLimit returns an TokenRateLimit with default values.
 // Functional options can configure the retry rate limiter.
 func NewTokenRateLimit(tokens uint) *TokenRateLimit {
 	return &TokenRateLimit{
 		bucket: NewTokenBucket(tokens),
 	}
 }
 type canceledError struct {
 	Err error
 }
 func (c canceledError) CanceledError() bool { return true }
 func (c canceledError) Unwrap() error       { return c.Err }
 func (c canceledError) Error() string {
 	return fmt.Sprintf("canceled, %v", c.Err)
 }
 // GetToken may cause a available pool of retry quota to be
 // decremented. Will return an error if the decremented value can not be
 // reduced from the retry quota.
 func (l *TokenRateLimit) GetToken(ctx context.Context, cost uint) (func() error, error) {
 	select {
 	case <-ctx.Done():
 		return nil, canceledError{Err: ctx.Err()}
 	default:
 	}
 	if avail, ok := l.bucket.Retrieve(cost); !ok {
 		return nil, QuotaExceededError{Available: avail, Requested: cost}
 	}
 	return rateToken{
 		tokenCost: cost,
 		bucket:    l.bucket,
 	}.release, nil
 }
 // AddTokens increments the token bucket by a fixed amount.
 func (l *TokenRateLimit) AddTokens(v uint) error {
 	l.bucket.Refund(v)
 	return nil
 }
 // Remaining returns the number of remaining tokens in the bucket.
 func (l *TokenRateLimit) Remaining() uint {
 	return l.bucket.Remaining()
 }
 // QuotaExceededError provides the SDK error when the retries for a given
 // token bucket have been exhausted.
 type QuotaExceededError struct {
 	Available uint
 	Requested uint
 }
 func (e QuotaExceededError) Error() string {
 	return fmt.Sprintf("retry quota exceeded, %d available, %d requested",
 		e.Available, e.Requested)
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/request.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/request.go
@@ -0,0 +1,25 @@
 package aws
 import (
 	"fmt"
 )
 // TODO remove replace with smithy.CanceledError
 // RequestCanceledError is the error that will be returned by an API request
 // that was canceled. Requests given a Context may return this error when
 // canceled.
 type RequestCanceledError struct {
 	Err error
 }
 // CanceledError returns true to satisfy interfaces checking for canceled errors.
 func (*RequestCanceledError) CanceledError() bool { return true }
 // Unwrap returns the underlying error, if there was one.
 func (e *RequestCanceledError) Unwrap() error {
 	return e.Err
 }
 func (e *RequestCanceledError) Error() string {
 	return fmt.Sprintf("request canceled, %v", e.Err)
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/adaptive.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/adaptive.go
@@ -0,0 +1,156 @@
 package retry
 import (
 	"context"
 	"fmt"
 	"time"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/internal/sdk"
 )
 const (
 	// DefaultRequestCost is the cost of a single request from the adaptive
 	// rate limited token bucket.
 	DefaultRequestCost uint = 1
 )
 // DefaultThrottles provides the set of errors considered throttle errors that
 // are checked by default.
 var DefaultThrottles = []IsErrorThrottle{
 	ThrottleErrorCode{
 		Codes: DefaultThrottleErrorCodes,
 	},
 }
 // AdaptiveModeOptions provides the functional options for configuring the
 // adaptive retry mode, and delay behavior.
 type AdaptiveModeOptions struct {
 	// If the adaptive token bucket is empty, when an attempt will be made
 	// AdaptiveMode will sleep until a token is available. This can occur when
 	// attempts fail with throttle errors. Use this option to disable the sleep
 	// until token is available, and return error immediately.
 	FailOnNoAttemptTokens bool
 	// The cost of an attempt from the AdaptiveMode's adaptive token bucket.
 	RequestCost uint
 	// Set of strategies to determine if the attempt failed due to a throttle
 	// error.
 	//
 	// It is safe to append to this list in NewAdaptiveMode's functional options.
 	Throttles []IsErrorThrottle
 	// Set of options for standard retry mode that AdaptiveMode is built on top
 	// of. AdaptiveMode may apply its own defaults to Standard retry mode that
 	// are different than the defaults of NewStandard. Use these options to
 	// override the default options.
 	StandardOptions []func(*StandardOptions)
 }
 // AdaptiveMode provides an experimental retry strategy that expands on the
 // Standard retry strategy, adding client attempt rate limits. The attempt rate
 // limit is initially unrestricted, but becomes restricted when the attempt
 // fails with for a throttle error. When restricted AdaptiveMode may need to
 // sleep before an attempt is made, if too many throttles have been received.
 // AdaptiveMode's sleep can be canceled with context cancel. Set
 // AdaptiveModeOptions FailOnNoAttemptTokens to change the behavior from sleep,
 // to fail fast.
 //
 // Eventually unrestricted attempt rate limit will be restored once attempts no
 // longer are failing due to throttle errors.
 type AdaptiveMode struct {
 	options   AdaptiveModeOptions
 	throttles IsErrorThrottles
 	retryer   aws.RetryerV2
 	rateLimit *adaptiveRateLimit
 }
 // NewAdaptiveMode returns an initialized AdaptiveMode retry strategy.
 func NewAdaptiveMode(optFns ...func(*AdaptiveModeOptions)) *AdaptiveMode {
 	o := AdaptiveModeOptions{
 		RequestCost: DefaultRequestCost,
 		Throttles:   append([]IsErrorThrottle{}, DefaultThrottles...),
 	}
 	for _, fn := range optFns {
 		fn(&o)
 	}
 	return &AdaptiveMode{
 		options:   o,
 		throttles: IsErrorThrottles(o.Throttles),
 		retryer:   NewStandard(o.StandardOptions...),
 		rateLimit: newAdaptiveRateLimit(),
 	}
 }
 // IsErrorRetryable returns if the failed attempt is retryable. This check
 // should determine if the error can be retried, or if the error is
 // terminal.
 func (a *AdaptiveMode) IsErrorRetryable(err error) bool {
 	return a.retryer.IsErrorRetryable(err)
 }
 // MaxAttempts returns the maximum number of attempts that can be made for
 // an attempt before failing. A value of 0 implies that the attempt should
 // be retried until it succeeds if the errors are retryable.
 func (a *AdaptiveMode) MaxAttempts() int {
 	return a.retryer.MaxAttempts()
 }
 // RetryDelay returns the delay that should be used before retrying the
 // attempt. Will return error if the if the delay could not be determined.
 func (a *AdaptiveMode) RetryDelay(attempt int, opErr error) (
 	time.Duration, error,
 ) {
 	return a.retryer.RetryDelay(attempt, opErr)
 }
 // GetRetryToken attempts to deduct the retry cost from the retry token pool.
 // Returning the token release function, or error.
 func (a *AdaptiveMode) GetRetryToken(ctx context.Context, opErr error) (
 	releaseToken func(error) error, err error,
 ) {
 	return a.retryer.GetRetryToken(ctx, opErr)
 }
 // GetInitialToken returns the initial attempt token that can increment the
 // retry token pool if the attempt is successful.
 //
 // Deprecated: This method does not provide a way to block using Context,
 // nor can it return an error. Use RetryerV2, and GetAttemptToken instead. Only
 // present to implement Retryer interface.
 func (a *AdaptiveMode) GetInitialToken() (releaseToken func(error) error) {
 	return nopRelease
 }
 // GetAttemptToken returns the attempt token that can be used to rate limit
 // attempt calls. Will be used by the SDK's retry package's Attempt
 // middleware to get an attempt token prior to calling the temp and releasing
 // the attempt token after the attempt has been made.
 func (a *AdaptiveMode) GetAttemptToken(ctx context.Context) (func(error) error, error) {
 	for {
 		acquiredToken, waitTryAgain := a.rateLimit.AcquireToken(a.options.RequestCost)
 		if acquiredToken {
 			break
 		}
 		if a.options.FailOnNoAttemptTokens {
 			return nil, fmt.Errorf(
 				"unable to get attempt token, and FailOnNoAttemptTokens enables")
 		}
 		if err := sdk.SleepWithContext(ctx, waitTryAgain); err != nil {
 			return nil, fmt.Errorf("failed to wait for token to be available, %w", err)
 		}
 	}
 	return a.handleResponse, nil
 }
 func (a *AdaptiveMode) handleResponse(opErr error) error {
 	throttled := a.throttles.IsErrorThrottle(opErr).Bool()
 	a.rateLimit.Update(throttled)
 	return nil
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/adaptive_ratelimit.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/adaptive_ratelimit.go
@@ -0,0 +1,158 @@
 package retry
 import (
 	"math"
 	"sync"
 	"time"
 	"github.com/aws/aws-sdk-go-v2/internal/sdk"
 )
 type adaptiveRateLimit struct {
 	tokenBucketEnabled bool
 	smooth        float64
 	beta          float64
 	scaleConstant float64
 	minFillRate   float64
 	fillRate         float64
 	calculatedRate   float64
 	lastRefilled     time.Time
 	measuredTxRate   float64
 	lastTxRateBucket float64
 	requestCount     int64
 	lastMaxRate      float64
 	lastThrottleTime time.Time
 	timeWindow       float64
 	tokenBucket *adaptiveTokenBucket
 	mu sync.Mutex
 }
 func newAdaptiveRateLimit() *adaptiveRateLimit {
 	now := sdk.NowTime()
 	return &adaptiveRateLimit{
 		smooth:        0.8,
 		beta:          0.7,
 		scaleConstant: 0.4,
 		minFillRate: 0.5,
 		lastTxRateBucket: math.Floor(timeFloat64Seconds(now)),
 		lastThrottleTime: now,
 		tokenBucket: newAdaptiveTokenBucket(0),
 	}
 }
 func (a *adaptiveRateLimit) Enable(v bool) {
 	a.mu.Lock()
 	defer a.mu.Unlock()
 	a.tokenBucketEnabled = v
 }
 func (a *adaptiveRateLimit) AcquireToken(amount uint) (
 	tokenAcquired bool, waitTryAgain time.Duration,
 ) {
 	a.mu.Lock()
 	defer a.mu.Unlock()
 	if !a.tokenBucketEnabled {
 		return true, 0
 	}
 	a.tokenBucketRefill()
 	available, ok := a.tokenBucket.Retrieve(float64(amount))
 	if !ok {
 		waitDur := float64Seconds((float64(amount) - available) / a.fillRate)
 		return false, waitDur
 	}
 	return true, 0
 }
 func (a *adaptiveRateLimit) Update(throttled bool) {
 	a.mu.Lock()
 	defer a.mu.Unlock()
 	a.updateMeasuredRate()
 	if throttled {
 		rateToUse := a.measuredTxRate
 		if a.tokenBucketEnabled {
 			rateToUse = math.Min(a.measuredTxRate, a.fillRate)
 		}
 		a.lastMaxRate = rateToUse
 		a.calculateTimeWindow()
 		a.lastThrottleTime = sdk.NowTime()
 		a.calculatedRate = a.cubicThrottle(rateToUse)
 		a.tokenBucketEnabled = true
 	} else {
 		a.calculateTimeWindow()
 		a.calculatedRate = a.cubicSuccess(sdk.NowTime())
 	}
 	newRate := math.Min(a.calculatedRate, 2*a.measuredTxRate)
 	a.tokenBucketUpdateRate(newRate)
 }
 func (a *adaptiveRateLimit) cubicSuccess(t time.Time) float64 {
 	dt := secondsFloat64(t.Sub(a.lastThrottleTime))
 	return (a.scaleConstant * math.Pow(dt-a.timeWindow, 3)) + a.lastMaxRate
 }
 func (a *adaptiveRateLimit) cubicThrottle(rateToUse float64) float64 {
 	return rateToUse * a.beta
 }
 func (a *adaptiveRateLimit) calculateTimeWindow() {
 	a.timeWindow = math.Pow((a.lastMaxRate*(1.-a.beta))/a.scaleConstant, 1./3.)
 }
 func (a *adaptiveRateLimit) tokenBucketUpdateRate(newRPS float64) {
 	a.tokenBucketRefill()
 	a.fillRate = math.Max(newRPS, a.minFillRate)
 	a.tokenBucket.Resize(newRPS)
 }
 func (a *adaptiveRateLimit) updateMeasuredRate() {
 	now := sdk.NowTime()
 	timeBucket := math.Floor(timeFloat64Seconds(now)*2.) / 2.
 	a.requestCount++
 	if timeBucket > a.lastTxRateBucket {
 		currentRate := float64(a.requestCount) / (timeBucket - a.lastTxRateBucket)
 		a.measuredTxRate = (currentRate * a.smooth) + (a.measuredTxRate * (1. - a.smooth))
 		a.requestCount = 0
 		a.lastTxRateBucket = timeBucket
 	}
 }
 func (a *adaptiveRateLimit) tokenBucketRefill() {
 	now := sdk.NowTime()
 	if a.lastRefilled.IsZero() {
 		a.lastRefilled = now
 		return
 	}
 	fillAmount := secondsFloat64(now.Sub(a.lastRefilled)) * a.fillRate
 	a.tokenBucket.Refund(fillAmount)
 	a.lastRefilled = now
 }
 func float64Seconds(v float64) time.Duration {
 	return time.Duration(v * float64(time.Second))
 }
 func secondsFloat64(v time.Duration) float64 {
 	return float64(v) / float64(time.Second)
 }
 func timeFloat64Seconds(v time.Time) float64 {
 	return float64(v.UnixNano()) / float64(time.Second)
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/adaptive_token_bucket.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/adaptive_token_bucket.go
@@ -0,0 +1,83 @@
 package retry
 import (
 	"math"
 	"sync"
 )
 // adaptiveTokenBucket provides a concurrency safe utility for adding and
 // removing tokens from the available token bucket.
 type adaptiveTokenBucket struct {
 	remainingTokens float64
 	maxCapacity     float64
 	minCapacity     float64
 	mu              sync.Mutex
 }
 // newAdaptiveTokenBucket returns an initialized adaptiveTokenBucket with the
 // capacity specified.
 func newAdaptiveTokenBucket(i float64) *adaptiveTokenBucket {
 	return &adaptiveTokenBucket{
 		remainingTokens: i,
 		maxCapacity:     i,
 		minCapacity:     1,
 	}
 }
 // Retrieve attempts to reduce the available tokens by the amount requested. If
 // there are tokens available true will be returned along with the number of
 // available tokens remaining. If amount requested is larger than the available
 // capacity, false will be returned along with the available capacity. If the
 // amount is less than the available capacity, the capacity will be reduced by
 // that amount, and the remaining capacity and true will be returned.
 func (t *adaptiveTokenBucket) Retrieve(amount float64) (available float64, retrieved bool) {
 	t.mu.Lock()
 	defer t.mu.Unlock()
 	if amount > t.remainingTokens {
 		return t.remainingTokens, false
 	}
 	t.remainingTokens -= amount
 	return t.remainingTokens, true
 }
 // Refund returns the amount of tokens back to the available token bucket, up
 // to the initial capacity.
 func (t *adaptiveTokenBucket) Refund(amount float64) {
 	t.mu.Lock()
 	defer t.mu.Unlock()
 	// Capacity cannot exceed max capacity.
 	t.remainingTokens = math.Min(t.remainingTokens+amount, t.maxCapacity)
 }
 // Capacity returns the maximum capacity of tokens that the bucket could
 // contain.
 func (t *adaptiveTokenBucket) Capacity() float64 {
 	t.mu.Lock()
 	defer t.mu.Unlock()
 	return t.maxCapacity
 }
 // Remaining returns the number of tokens that remaining in the bucket.
 func (t *adaptiveTokenBucket) Remaining() float64 {
 	t.mu.Lock()
 	defer t.mu.Unlock()
 	return t.remainingTokens
 }
 // Resize adjusts the size of the token bucket. Returns the capacity remaining.
 func (t *adaptiveTokenBucket) Resize(size float64) float64 {
 	t.mu.Lock()
 	defer t.mu.Unlock()
 	t.maxCapacity = math.Max(size, t.minCapacity)
 	// Capacity needs to be capped at max capacity, if max size reduced.
 	t.remainingTokens = math.Min(t.remainingTokens, t.maxCapacity)
 	return t.remainingTokens
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/doc.go
@@ -0,0 +1,80 @@
 // Package retry provides interfaces and implementations for SDK request retry behavior.
 //
 // # Retryer Interface and Implementations
 //
 // This package defines Retryer interface that is used to either implement custom retry behavior
 // or to extend the existing retry implementations provided by the SDK. This package provides a single
 // retry implementation: Standard.
 //
 // # Standard
 //
 // Standard is the default retryer implementation used by service clients. The standard retryer is a rate limited
 // retryer that has a configurable max attempts to limit the number of retry attempts when a retryable error occurs.
 // In addition, the retryer uses a configurable token bucket to rate limit the retry attempts across the client,
 // and uses an additional delay policy to limit the time between a requests subsequent attempts.
 //
 // By default the standard retryer uses the DefaultRetryables slice of IsErrorRetryable types to determine whether
 // a given error is retryable. By default this list of retryables includes the following:
 //   - Retrying errors that implement the RetryableError method, and return true.
 //   - Connection Errors
 //   - Errors that implement a ConnectionError, Temporary, or Timeout method that return true.
 //   - Connection Reset Errors.
 //   - net.OpErr types that are dialing errors or are temporary.
 //   - HTTP Status Codes: 500, 502, 503, and 504.
 //   - API Error Codes
 //   - RequestTimeout, RequestTimeoutException
 //   - Throttling, ThrottlingException, ThrottledException, RequestThrottledException, TooManyRequestsException,
 //     RequestThrottled, SlowDown, EC2ThrottledException
 //   - ProvisionedThroughputExceededException, RequestLimitExceeded, BandwidthLimitExceeded, LimitExceededException
 //   - TransactionInProgressException, PriorRequestNotComplete
 //
 // The standard retryer will not retry a request in the event if the context associated with the request
 // has been cancelled. Applications must handle this case explicitly if they wish to retry with a different context
 // value.
 //
 // You can configure the standard retryer implementation to fit your applications by constructing a standard retryer
 // using the NewStandard function, and providing one more functional argument that mutate the StandardOptions
 // structure. StandardOptions provides the ability to modify the token bucket rate limiter, retryable error conditions,
 // and the retry delay policy.
 //
 // For example to modify the default retry attempts for the standard retryer:
 //
 //	// configure the custom retryer
 //	customRetry := retry.NewStandard(func(o *retry.StandardOptions) {
 //	    o.MaxAttempts = 5
 //	})
 //
 //	// create a service client with the retryer
 //	s3.NewFromConfig(cfg, func(o *s3.Options) {
 //	    o.Retryer = customRetry
 //	})
 //
 // # Utilities
 //
 // A number of package functions have been provided to easily wrap retryer implementations in an implementation agnostic
 // way. These are:
 //
 //	AddWithErrorCodes      - Provides the ability to add additional API error codes that should be considered retryable
 //	                        in addition to those considered retryable by the provided retryer.
 //
 //	AddWithMaxAttempts     - Provides the ability to set the max number of attempts for retrying a request by wrapping
 //	                         a retryer implementation.
 //
 //	AddWithMaxBackoffDelay - Provides the ability to set the max back off delay that can occur before retrying a
 //	                         request by wrapping a retryer implementation.
 //
 // The following package functions have been provided to easily satisfy different retry interfaces to further customize
 // a given retryer's behavior:
 //
 //	BackoffDelayerFunc   - Can be used to wrap a function to satisfy the BackoffDelayer interface. For example,
 //	                       you can use this method to easily create custom back off policies to be used with the
 //	                       standard retryer.
 //
 //	IsErrorRetryableFunc - Can be used to wrap a function to satisfy the IsErrorRetryable interface. For example,
 //	                       this can be used to extend the standard retryer to add additional logic to determine if an
 //	                       error should be retried.
 //
 //	IsErrorTimeoutFunc   - Can be used to wrap a function to satisfy IsErrorTimeout interface. For example,
 //	                       this can be used to extend the standard retryer to add additional logic to determine if an
 //	                        error should be considered a timeout.
 package retry
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/errors.go
@@ -0,0 +1,20 @@
 package retry
 import "fmt"
 // MaxAttemptsError provides the error when the maximum number of attempts have
 // been exceeded.
 type MaxAttemptsError struct {
 	Attempt int
 	Err     error
 }
 func (e *MaxAttemptsError) Error() string {
 	return fmt.Sprintf("exceeded maximum number of attempts, %d, %v", e.Attempt, e.Err)
 }
 // Unwrap returns the nested error causing the max attempts error. Provides the
 // implementation for errors.Is and errors.As to unwrap nested errors.
 func (e *MaxAttemptsError) Unwrap() error {
 	return e.Err
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/jitter_backoff.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/jitter_backoff.go
@@ -0,0 +1,49 @@
 package retry
 import (
 	"math"
 	"time"
 	"github.com/aws/aws-sdk-go-v2/internal/rand"
 	"github.com/aws/aws-sdk-go-v2/internal/timeconv"
 )
 // ExponentialJitterBackoff provides backoff delays with jitter based on the
 // number of attempts.
 type ExponentialJitterBackoff struct {
 	maxBackoff time.Duration
 	// precomputed number of attempts needed to reach max backoff.
 	maxBackoffAttempts float64
 	randFloat64 func() (float64, error)
 }
 // NewExponentialJitterBackoff returns an ExponentialJitterBackoff configured
 // for the max backoff.
 func NewExponentialJitterBackoff(maxBackoff time.Duration) *ExponentialJitterBackoff {
 	return &ExponentialJitterBackoff{
 		maxBackoff: maxBackoff,
 		maxBackoffAttempts: math.Log2(
 			float64(maxBackoff) / float64(time.Second)),
 		randFloat64: rand.CryptoRandFloat64,
 	}
 }
 // BackoffDelay returns the duration to wait before the next attempt should be
 // made. Returns an error if unable get a duration.
 func (j *ExponentialJitterBackoff) BackoffDelay(attempt int, err error) (time.Duration, error) {
 	if attempt > int(j.maxBackoffAttempts) {
 		return j.maxBackoff, nil
 	}
 	b, err := j.randFloat64()
 	if err != nil {
 		return 0, err
 	}
 	// [0.0, 1.0) * 2 ^ attempts
 	ri := int64(1 << uint64(attempt))
 	delaySeconds := b * float64(ri)
 	return timeconv.FloatSecondsDur(delaySeconds), nil
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/metadata.go
@@ -0,0 +1,52 @@
 package retry
 import (
 	awsmiddle "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/smithy-go/middleware"
 )
 // attemptResultsKey is a metadata accessor key to retrieve metadata
 // for all request attempts.
 type attemptResultsKey struct {
 }
 // GetAttemptResults retrieves attempts results from middleware metadata.
 func GetAttemptResults(metadata middleware.Metadata) (AttemptResults, bool) {
 	m, ok := metadata.Get(attemptResultsKey{}).(AttemptResults)
 	return m, ok
 }
 // AttemptResults represents struct containing metadata returned by all request attempts.
 type AttemptResults struct {
 	// Results is a slice consisting attempt result from all request attempts.
 	// Results are stored in order request attempt is made.
 	Results []AttemptResult
 }
 // AttemptResult represents attempt result returned by a single request attempt.
 type AttemptResult struct {
 	// Err is the error if received for the request attempt.
 	Err error
 	// Retryable denotes if request may be retried. This states if an
 	// error is considered retryable.
 	Retryable bool
 	// Retried indicates if this request was retried.
 	Retried bool
 	// ResponseMetadata is any existing metadata passed via the response middlewares.
 	ResponseMetadata middleware.Metadata
 }
 // addAttemptResults adds attempt results to middleware metadata
 func addAttemptResults(metadata *middleware.Metadata, v AttemptResults) {
 	metadata.Set(attemptResultsKey{}, v)
 }
 // GetRawResponse returns raw response recorded for the attempt result
 func (a AttemptResult) GetRawResponse() interface{} {
 	return awsmiddle.GetRawResponse(a.ResponseMetadata)
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go
@@ -0,0 +1,340 @@
 package retry
 import (
 	"context"
 	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics"
 	"strconv"
 	"strings"
 	"time"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddle "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/internal/sdk"
 	"github.com/aws/smithy-go/logging"
 	smithymiddle "github.com/aws/smithy-go/middleware"
 	"github.com/aws/smithy-go/transport/http"
 )
 // RequestCloner is a function that can take an input request type and clone
 // the request for use in a subsequent retry attempt.
 type RequestCloner func(interface{}) interface{}
 type retryMetadata struct {
 	AttemptNum       int
 	AttemptTime      time.Time
 	MaxAttempts      int
 	AttemptClockSkew time.Duration
 }
 // Attempt is a Smithy Finalize middleware that handles retry attempts using
 // the provided Retryer implementation.
 type Attempt struct {
 	// Enable the logging of retry attempts performed by the SDK. This will
 	// include logging retry attempts, unretryable errors, and when max
 	// attempts are reached.
 	LogAttempts bool
 	retryer       aws.RetryerV2
 	requestCloner RequestCloner
 }
 // NewAttemptMiddleware returns a new Attempt retry middleware.
 func NewAttemptMiddleware(retryer aws.Retryer, requestCloner RequestCloner, optFns ...func(*Attempt)) *Attempt {
 	m := &Attempt{
 		retryer:       wrapAsRetryerV2(retryer),
 		requestCloner: requestCloner,
 	}
 	for _, fn := range optFns {
 		fn(m)
 	}
 	return m
 }
 // ID returns the middleware identifier
 func (r *Attempt) ID() string { return "Retry" }
 func (r Attempt) logf(logger logging.Logger, classification logging.Classification, format string, v ...interface{}) {
 	if !r.LogAttempts {
 		return
 	}
 	logger.Logf(classification, format, v...)
 }
 // HandleFinalize utilizes the provider Retryer implementation to attempt
 // retries over the next handler
 func (r *Attempt) HandleFinalize(ctx context.Context, in smithymiddle.FinalizeInput, next smithymiddle.FinalizeHandler) (
 	out smithymiddle.FinalizeOutput, metadata smithymiddle.Metadata, err error,
 ) {
 	var attemptNum int
 	var attemptClockSkew time.Duration
 	var attemptResults AttemptResults
 	maxAttempts := r.retryer.MaxAttempts()
 	releaseRetryToken := nopRelease
 	for {
 		attemptNum++
 		attemptInput := in
 		attemptInput.Request = r.requestCloner(attemptInput.Request)
 		// Record the metadata for the for attempt being started.
 		attemptCtx := setRetryMetadata(ctx, retryMetadata{
 			AttemptNum:       attemptNum,
 			AttemptTime:      sdk.NowTime().UTC(),
 			MaxAttempts:      maxAttempts,
 			AttemptClockSkew: attemptClockSkew,
 		})
 		var attemptResult AttemptResult
 		out, attemptResult, releaseRetryToken, err = r.handleAttempt(attemptCtx, attemptInput, releaseRetryToken, next)
 		attemptClockSkew, _ = awsmiddle.GetAttemptSkew(attemptResult.ResponseMetadata)
 		// AttemptResult Retried states that the attempt was not successful, and
 		// should be retried.
 		shouldRetry := attemptResult.Retried
 		// Add attempt metadata to list of all attempt metadata
 		attemptResults.Results = append(attemptResults.Results, attemptResult)
 		if !shouldRetry {
 			// Ensure the last response's metadata is used as the bases for result
 			// metadata returned by the stack. The Slice of attempt results
 			// will be added to this cloned metadata.
 			metadata = attemptResult.ResponseMetadata.Clone()
 			break
 		}
 	}
 	addAttemptResults(&metadata, attemptResults)
 	return out, metadata, err
 }
 // handleAttempt handles an individual request attempt.
 func (r *Attempt) handleAttempt(
 	ctx context.Context, in smithymiddle.FinalizeInput, releaseRetryToken func(error) error, next smithymiddle.FinalizeHandler,
 ) (
 	out smithymiddle.FinalizeOutput, attemptResult AttemptResult, _ func(error) error, err error,
 ) {
 	defer func() {
 		attemptResult.Err = err
 	}()
 	// Short circuit if this attempt never can succeed because the context is
 	// canceled. This reduces the chance of token pools being modified for
 	// attempts that will not be made
 	select {
 	case <-ctx.Done():
 		return out, attemptResult, nopRelease, ctx.Err()
 	default:
 	}
 	//------------------------------
 	// Get Attempt Token
 	//------------------------------
 	releaseAttemptToken, err := r.retryer.GetAttemptToken(ctx)
 	if err != nil {
 		return out, attemptResult, nopRelease, fmt.Errorf(
 			"failed to get retry Send token, %w", err)
 	}
 	//------------------------------
 	// Send Attempt
 	//------------------------------
 	logger := smithymiddle.GetLogger(ctx)
 	service, operation := awsmiddle.GetServiceID(ctx), awsmiddle.GetOperationName(ctx)
 	retryMetadata, _ := getRetryMetadata(ctx)
 	attemptNum := retryMetadata.AttemptNum
 	maxAttempts := retryMetadata.MaxAttempts
 	// Following attempts must ensure the request payload stream starts in a
 	// rewound state.
 	if attemptNum > 1 {
 		if rewindable, ok := in.Request.(interface{ RewindStream() error }); ok {
 			if rewindErr := rewindable.RewindStream(); rewindErr != nil {
 				return out, attemptResult, nopRelease, fmt.Errorf(
 					"failed to rewind transport stream for retry, %w", rewindErr)
 			}
 		}
 		r.logf(logger, logging.Debug, "retrying request %s/%s, attempt %d",
 			service, operation, attemptNum)
 	}
 	var metadata smithymiddle.Metadata
 	out, metadata, err = next.HandleFinalize(ctx, in)
 	attemptResult.ResponseMetadata = metadata
 	//------------------------------
 	// Bookkeeping
 	//------------------------------
 	// Release the retry token based on the state of the attempt's error (if any).
 	if releaseError := releaseRetryToken(err); releaseError != nil && err != nil {
 		return out, attemptResult, nopRelease, fmt.Errorf(
 			"failed to release retry token after request error, %w", err)
 	}
 	// Release the attempt token based on the state of the attempt's error (if any).
 	if releaseError := releaseAttemptToken(err); releaseError != nil && err != nil {
 		return out, attemptResult, nopRelease, fmt.Errorf(
 			"failed to release initial token after request error, %w", err)
 	}
 	// If there was no error making the attempt, nothing further to do. There
 	// will be nothing to retry.
 	if err == nil {
 		return out, attemptResult, nopRelease, err
 	}
 	//------------------------------
 	// Is Retryable and Should Retry
 	//------------------------------
 	// If the attempt failed with an unretryable error, nothing further to do
 	// but return, and inform the caller about the terminal failure.
 	retryable := r.retryer.IsErrorRetryable(err)
 	if !retryable {
 		r.logf(logger, logging.Debug, "request failed with unretryable error %v", err)
 		return out, attemptResult, nopRelease, err
 	}
 	// set retryable to true
 	attemptResult.Retryable = true
 	// Once the maximum number of attempts have been exhausted there is nothing
 	// further to do other than inform the caller about the terminal failure.
 	if maxAttempts > 0 && attemptNum >= maxAttempts {
 		r.logf(logger, logging.Debug, "max retry attempts exhausted, max %d", maxAttempts)
 		err = &MaxAttemptsError{
 			Attempt: attemptNum,
 			Err:     err,
 		}
 		return out, attemptResult, nopRelease, err
 	}
 	//------------------------------
 	// Get Retry (aka Retry Quota) Token
 	//------------------------------
 	// Get a retry token that will be released after the
 	releaseRetryToken, retryTokenErr := r.retryer.GetRetryToken(ctx, err)
 	if retryTokenErr != nil {
 		return out, attemptResult, nopRelease, retryTokenErr
 	}
 	//------------------------------
 	// Retry Delay and Sleep
 	//------------------------------
 	// Get the retry delay before another attempt can be made, and sleep for
 	// that time. Potentially early exist if the sleep is canceled via the
 	// context.
 	retryDelay, reqErr := r.retryer.RetryDelay(attemptNum, err)
 	mctx := metrics.Context(ctx)
 	if mctx != nil {
 		attempt, err := mctx.Data().LatestAttempt()
 		if err != nil {
 			attempt.RetryDelay = retryDelay
 		}
 	}
 	if reqErr != nil {
 		return out, attemptResult, releaseRetryToken, reqErr
 	}
 	if reqErr = sdk.SleepWithContext(ctx, retryDelay); reqErr != nil {
 		err = &aws.RequestCanceledError{Err: reqErr}
 		return out, attemptResult, releaseRetryToken, err
 	}
 	// The request should be re-attempted.
 	attemptResult.Retried = true
 	return out, attemptResult, releaseRetryToken, err
 }
 // MetricsHeader attaches SDK request metric header for retries to the transport
 type MetricsHeader struct{}
 // ID returns the middleware identifier
 func (r *MetricsHeader) ID() string {
 	return "RetryMetricsHeader"
 }
 // HandleFinalize attaches the SDK request metric header to the transport layer
 func (r MetricsHeader) HandleFinalize(ctx context.Context, in smithymiddle.FinalizeInput, next smithymiddle.FinalizeHandler) (
 	out smithymiddle.FinalizeOutput, metadata smithymiddle.Metadata, err error,
 ) {
 	retryMetadata, _ := getRetryMetadata(ctx)
 	const retryMetricHeader = "Amz-Sdk-Request"
 	var parts []string
 	parts = append(parts, "attempt="+strconv.Itoa(retryMetadata.AttemptNum))
 	if retryMetadata.MaxAttempts != 0 {
 		parts = append(parts, "max="+strconv.Itoa(retryMetadata.MaxAttempts))
 	}
 	var ttl time.Time
 	if deadline, ok := ctx.Deadline(); ok {
 		ttl = deadline
 	}
 	// Only append the TTL if it can be determined.
 	if !ttl.IsZero() && retryMetadata.AttemptClockSkew > 0 {
 		const unixTimeFormat = "20060102T150405Z"
 		ttl = ttl.Add(retryMetadata.AttemptClockSkew)
 		parts = append(parts, "ttl="+ttl.Format(unixTimeFormat))
 	}
 	switch req := in.Request.(type) {
 	case *http.Request:
 		req.Header[retryMetricHeader] = append(req.Header[retryMetricHeader][:0], strings.Join(parts, "; "))
 	default:
 		return out, metadata, fmt.Errorf("unknown transport type %T", req)
 	}
 	return next.HandleFinalize(ctx, in)
 }
 type retryMetadataKey struct{}
 // getRetryMetadata retrieves retryMetadata from the context and a bool
 // indicating if it was set.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 func getRetryMetadata(ctx context.Context) (metadata retryMetadata, ok bool) {
 	metadata, ok = smithymiddle.GetStackValue(ctx, retryMetadataKey{}).(retryMetadata)
 	return metadata, ok
 }
 // setRetryMetadata sets the retryMetadata on the context.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 func setRetryMetadata(ctx context.Context, metadata retryMetadata) context.Context {
 	return smithymiddle.WithStackValue(ctx, retryMetadataKey{}, metadata)
 }
 // AddRetryMiddlewaresOptions is the set of options that can be passed to
 // AddRetryMiddlewares for configuring retry associated middleware.
 type AddRetryMiddlewaresOptions struct {
 	Retryer aws.Retryer
 	// Enable the logging of retry attempts performed by the SDK. This will
 	// include logging retry attempts, unretryable errors, and when max
 	// attempts are reached.
 	LogRetryAttempts bool
 }
 // AddRetryMiddlewares adds retry middleware to operation middleware stack
 func AddRetryMiddlewares(stack *smithymiddle.Stack, options AddRetryMiddlewaresOptions) error {
 	attempt := NewAttemptMiddleware(options.Retryer, http.RequestCloner, func(middleware *Attempt) {
 		middleware.LogAttempts = options.LogRetryAttempts
 	})
 	// index retry to before signing, if signing exists
 	if err := stack.Finalize.Insert(attempt, "Signing", smithymiddle.Before); err != nil {
 		return err
 	}
 	if err := stack.Finalize.Insert(&MetricsHeader{}, attempt.ID(), smithymiddle.After); err != nil {
 		return err
 	}
 	return nil
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retry.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retry.go
@@ -0,0 +1,90 @@
 package retry
 import (
 	"context"
 	"time"
 	"github.com/aws/aws-sdk-go-v2/aws"
 )
 // AddWithErrorCodes returns a Retryer with additional error codes considered
 // for determining if the error should be retried.
 func AddWithErrorCodes(r aws.Retryer, codes ...string) aws.Retryer {
 	retryable := &RetryableErrorCode{
 		Codes: map[string]struct{}{},
 	}
 	for _, c := range codes {
 		retryable.Codes[c] = struct{}{}
 	}
 	return &withIsErrorRetryable{
 		RetryerV2: wrapAsRetryerV2(r),
 		Retryable: retryable,
 	}
 }
 type withIsErrorRetryable struct {
 	aws.RetryerV2
 	Retryable IsErrorRetryable
 }
 func (r *withIsErrorRetryable) IsErrorRetryable(err error) bool {
 	if v := r.Retryable.IsErrorRetryable(err); v != aws.UnknownTernary {
 		return v.Bool()
 	}
 	return r.RetryerV2.IsErrorRetryable(err)
 }
 // AddWithMaxAttempts returns a Retryer with MaxAttempts set to the value
 // specified.
 func AddWithMaxAttempts(r aws.Retryer, max int) aws.Retryer {
 	return &withMaxAttempts{
 		RetryerV2: wrapAsRetryerV2(r),
 		Max:       max,
 	}
 }
 type withMaxAttempts struct {
 	aws.RetryerV2
 	Max int
 }
 func (w *withMaxAttempts) MaxAttempts() int {
 	return w.Max
 }
 // AddWithMaxBackoffDelay returns a retryer wrapping the passed in retryer
 // overriding the RetryDelay behavior for a alternate minimum initial backoff
 // delay.
 func AddWithMaxBackoffDelay(r aws.Retryer, delay time.Duration) aws.Retryer {
 	return &withMaxBackoffDelay{
 		RetryerV2: wrapAsRetryerV2(r),
 		backoff:   NewExponentialJitterBackoff(delay),
 	}
 }
 type withMaxBackoffDelay struct {
 	aws.RetryerV2
 	backoff *ExponentialJitterBackoff
 }
 func (r *withMaxBackoffDelay) RetryDelay(attempt int, err error) (time.Duration, error) {
 	return r.backoff.BackoffDelay(attempt, err)
 }
 type wrappedAsRetryerV2 struct {
 	aws.Retryer
 }
 func wrapAsRetryerV2(r aws.Retryer) aws.RetryerV2 {
 	v, ok := r.(aws.RetryerV2)
 	if !ok {
 		v = wrappedAsRetryerV2{Retryer: r}
 	}
 	return v
 }
 func (w wrappedAsRetryerV2) GetAttemptToken(context.Context) (func(error) error, error) {
 	return w.Retryer.GetInitialToken(), nil
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
@@ -0,0 +1,201 @@
 package retry
 import (
 	"errors"
 	"net"
 	"net/url"
 	"strings"
 	"github.com/aws/aws-sdk-go-v2/aws"
 )
 // IsErrorRetryable provides the interface of an implementation to determine if
 // a error as the result of an operation is retryable.
 type IsErrorRetryable interface {
 	IsErrorRetryable(error) aws.Ternary
 }
 // IsErrorRetryables is a collection of checks to determine of the error is
 // retryable.  Iterates through the checks and returns the state of retryable
 // if any check returns something other than unknown.
 type IsErrorRetryables []IsErrorRetryable
 // IsErrorRetryable returns if the error is retryable if any of the checks in
 // the list return a value other than unknown.
 func (r IsErrorRetryables) IsErrorRetryable(err error) aws.Ternary {
 	for _, re := range r {
 		if v := re.IsErrorRetryable(err); v != aws.UnknownTernary {
 			return v
 		}
 	}
 	return aws.UnknownTernary
 }
 // IsErrorRetryableFunc wraps a function with the IsErrorRetryable interface.
 type IsErrorRetryableFunc func(error) aws.Ternary
 // IsErrorRetryable returns if the error is retryable.
 func (fn IsErrorRetryableFunc) IsErrorRetryable(err error) aws.Ternary {
 	return fn(err)
 }
 // RetryableError is an IsErrorRetryable implementation which uses the
 // optional interface Retryable on the error value to determine if the error is
 // retryable.
 type RetryableError struct{}
 // IsErrorRetryable returns if the error is retryable if it satisfies the
 // Retryable interface, and returns if the attempt should be retried.
 func (RetryableError) IsErrorRetryable(err error) aws.Ternary {
 	var v interface{ RetryableError() bool }
 	if !errors.As(err, &v) {
 		return aws.UnknownTernary
 	}
 	return aws.BoolTernary(v.RetryableError())
 }
 // NoRetryCanceledError detects if the error was an request canceled error and
 // returns if so.
 type NoRetryCanceledError struct{}
 // IsErrorRetryable returns the error is not retryable if the request was
 // canceled.
 func (NoRetryCanceledError) IsErrorRetryable(err error) aws.Ternary {
 	var v interface{ CanceledError() bool }
 	if !errors.As(err, &v) {
 		return aws.UnknownTernary
 	}
 	if v.CanceledError() {
 		return aws.FalseTernary
 	}
 	return aws.UnknownTernary
 }
 // RetryableConnectionError determines if the underlying error is an HTTP
 // connection and returns if it should be retried.
 //
 // Includes errors such as connection reset, connection refused, net dial,
 // temporary, and timeout errors.
 type RetryableConnectionError struct{}
 // IsErrorRetryable returns if the error is caused by and HTTP connection
 // error, and should be retried.
 func (r RetryableConnectionError) IsErrorRetryable(err error) aws.Ternary {
 	if err == nil {
 		return aws.UnknownTernary
 	}
 	var retryable bool
 	var conErr interface{ ConnectionError() bool }
 	var tempErr interface{ Temporary() bool }
 	var timeoutErr interface{ Timeout() bool }
 	var urlErr *url.Error
 	var netOpErr *net.OpError
 	var dnsError *net.DNSError
 	if errors.As(err, &dnsError) {
 		// NXDOMAIN errors should not be retried
 		if dnsError.IsNotFound {
 			return aws.BoolTernary(false)
 		}
 		// if !dnsError.Temporary(), error may or may not be temporary,
 		// (i.e. !Temporary() =/=> !retryable) so we should fall through to
 		// remaining checks
 		if dnsError.Temporary() {
 			return aws.BoolTernary(true)
 		}
 	}
 	switch {
 	case errors.As(err, &conErr) && conErr.ConnectionError():
 		retryable = true
 	case strings.Contains(err.Error(), "connection reset"):
 		retryable = true
 	case errors.As(err, &urlErr):
 		// Refused connections should be retried as the service may not yet be
 		// running on the port. Go TCP dial considers refused connections as
 		// not temporary.
 		if strings.Contains(urlErr.Error(), "connection refused") {
 			retryable = true
 		} else {
 			return r.IsErrorRetryable(errors.Unwrap(urlErr))
 		}
 	case errors.As(err, &netOpErr):
 		// Network dial, or temporary network errors are always retryable.
 		if strings.EqualFold(netOpErr.Op, "dial") || netOpErr.Temporary() {
 			retryable = true
 		} else {
 			return r.IsErrorRetryable(errors.Unwrap(netOpErr))
 		}
 	case errors.As(err, &tempErr) && tempErr.Temporary():
 		// Fallback to the generic temporary check, with temporary errors
 		// retryable.
 		retryable = true
 	case errors.As(err, &timeoutErr) && timeoutErr.Timeout():
 		// Fallback to the generic timeout check, with timeout errors
 		// retryable.
 		retryable = true
 	default:
 		return aws.UnknownTernary
 	}
 	return aws.BoolTernary(retryable)
 }
 // RetryableHTTPStatusCode provides a IsErrorRetryable based on HTTP status
 // codes.
 type RetryableHTTPStatusCode struct {
 	Codes map[int]struct{}
 }
 // IsErrorRetryable return if the passed in error is retryable based on the
 // HTTP status code.
 func (r RetryableHTTPStatusCode) IsErrorRetryable(err error) aws.Ternary {
 	var v interface{ HTTPStatusCode() int }
 	if !errors.As(err, &v) {
 		return aws.UnknownTernary
 	}
 	_, ok := r.Codes[v.HTTPStatusCode()]
 	if !ok {
 		return aws.UnknownTernary
 	}
 	return aws.TrueTernary
 }
 // RetryableErrorCode determines if an attempt should be retried based on the
 // API error code.
 type RetryableErrorCode struct {
 	Codes map[string]struct{}
 }
 // IsErrorRetryable return if the error is retryable based on the error codes.
 // Returns unknown if the error doesn't have a code or it is unknown.
 func (r RetryableErrorCode) IsErrorRetryable(err error) aws.Ternary {
 	var v interface{ ErrorCode() string }
 	if !errors.As(err, &v) {
 		return aws.UnknownTernary
 	}
 	_, ok := r.Codes[v.ErrorCode()]
 	if !ok {
 		return aws.UnknownTernary
 	}
 	return aws.TrueTernary
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/standard.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/standard.go
@@ -0,0 +1,258 @@
 package retry
 import (
 	"context"
 	"fmt"
 	"time"
 	"github.com/aws/aws-sdk-go-v2/aws/ratelimit"
 )
 // BackoffDelayer provides the interface for determining the delay to before
 // another request attempt, that previously failed.
 type BackoffDelayer interface {
 	BackoffDelay(attempt int, err error) (time.Duration, error)
 }
 // BackoffDelayerFunc provides a wrapper around a function to determine the
 // backoff delay of an attempt retry.
 type BackoffDelayerFunc func(int, error) (time.Duration, error)
 // BackoffDelay returns the delay before attempt to retry a request.
 func (fn BackoffDelayerFunc) BackoffDelay(attempt int, err error) (time.Duration, error) {
 	return fn(attempt, err)
 }
 const (
 	// DefaultMaxAttempts is the maximum of attempts for an API request
 	DefaultMaxAttempts int = 3
 	// DefaultMaxBackoff is the maximum back off delay between attempts
 	DefaultMaxBackoff time.Duration = 20 * time.Second
 )
 // Default retry token quota values.
 const (
 	DefaultRetryRateTokens  uint = 500
 	DefaultRetryCost        uint = 5
 	DefaultRetryTimeoutCost uint = 10
 	DefaultNoRetryIncrement uint = 1
 )
 // DefaultRetryableHTTPStatusCodes is the default set of HTTP status codes the SDK
 // should consider as retryable errors.
 var DefaultRetryableHTTPStatusCodes = map[int]struct{}{
 	500: {},
 	502: {},
 	503: {},
 	504: {},
 }
 // DefaultRetryableErrorCodes provides the set of API error codes that should
 // be retried.
 var DefaultRetryableErrorCodes = map[string]struct{}{
 	"RequestTimeout":          {},
 	"RequestTimeoutException": {},
 }
 // DefaultThrottleErrorCodes provides the set of API error codes that are
 // considered throttle errors.
 var DefaultThrottleErrorCodes = map[string]struct{}{
 	"Throttling":                             {},
 	"ThrottlingException":                    {},
 	"ThrottledException":                     {},
 	"RequestThrottledException":              {},
 	"TooManyRequestsException":               {},
 	"ProvisionedThroughputExceededException": {},
 	"TransactionInProgressException":         {},
 	"RequestLimitExceeded":                   {},
 	"BandwidthLimitExceeded":                 {},
 	"LimitExceededException":                 {},
 	"RequestThrottled":                       {},
 	"SlowDown":                               {},
 	"PriorRequestNotComplete":                {},
 	"EC2ThrottledException":                  {},
 }
 // DefaultRetryables provides the set of retryable checks that are used by
 // default.
 var DefaultRetryables = []IsErrorRetryable{
 	NoRetryCanceledError{},
 	RetryableError{},
 	RetryableConnectionError{},
 	RetryableHTTPStatusCode{
 		Codes: DefaultRetryableHTTPStatusCodes,
 	},
 	RetryableErrorCode{
 		Codes: DefaultRetryableErrorCodes,
 	},
 	RetryableErrorCode{
 		Codes: DefaultThrottleErrorCodes,
 	},
 }
 // DefaultTimeouts provides the set of timeout checks that are used by default.
 var DefaultTimeouts = []IsErrorTimeout{
 	TimeouterError{},
 }
 // StandardOptions provides the functional options for configuring the standard
 // retryable, and delay behavior.
 type StandardOptions struct {
 	// Maximum number of attempts that should be made.
 	MaxAttempts int
 	// MaxBackoff duration between retried attempts.
 	MaxBackoff time.Duration
 	// Provides the backoff strategy the retryer will use to determine the
 	// delay between retry attempts.
 	Backoff BackoffDelayer
 	// Set of strategies to determine if the attempt should be retried based on
 	// the error response received.
 	//
 	// It is safe to append to this list in NewStandard's functional options.
 	Retryables []IsErrorRetryable
 	// Set of strategies to determine if the attempt failed due to a timeout
 	// error.
 	//
 	// It is safe to append to this list in NewStandard's functional options.
 	Timeouts []IsErrorTimeout
 	// Provides the rate limiting strategy for rate limiting attempt retries
 	// across all attempts the retryer is being used with.
 	RateLimiter RateLimiter
 	// The cost to deduct from the RateLimiter's token bucket per retry.
 	RetryCost uint
 	// The cost to deduct from the RateLimiter's token bucket per retry caused
 	// by timeout error.
 	RetryTimeoutCost uint
 	// The cost to payback to the RateLimiter's token bucket for successful
 	// attempts.
 	NoRetryIncrement uint
 }
 // RateLimiter provides the interface for limiting the rate of attempt retries
 // allowed by the retryer.
 type RateLimiter interface {
 	GetToken(ctx context.Context, cost uint) (releaseToken func() error, err error)
 	AddTokens(uint) error
 }
 // Standard is the standard retry pattern for the SDK. It uses a set of
 // retryable checks to determine of the failed attempt should be retried, and
 // what retry delay should be used.
 type Standard struct {
 	options StandardOptions
 	timeout   IsErrorTimeout
 	retryable IsErrorRetryable
 	backoff   BackoffDelayer
 }
 // NewStandard initializes a standard retry behavior with defaults that can be
 // overridden via functional options.
 func NewStandard(fnOpts ...func(*StandardOptions)) *Standard {
 	o := StandardOptions{
 		MaxAttempts: DefaultMaxAttempts,
 		MaxBackoff:  DefaultMaxBackoff,
 		Retryables:  append([]IsErrorRetryable{}, DefaultRetryables...),
 		Timeouts:    append([]IsErrorTimeout{}, DefaultTimeouts...),
 		RateLimiter:      ratelimit.NewTokenRateLimit(DefaultRetryRateTokens),
 		RetryCost:        DefaultRetryCost,
 		RetryTimeoutCost: DefaultRetryTimeoutCost,
 		NoRetryIncrement: DefaultNoRetryIncrement,
 	}
 	for _, fn := range fnOpts {
 		fn(&o)
 	}
 	if o.MaxAttempts <= 0 {
 		o.MaxAttempts = DefaultMaxAttempts
 	}
 	backoff := o.Backoff
 	if backoff == nil {
 		backoff = NewExponentialJitterBackoff(o.MaxBackoff)
 	}
 	return &Standard{
 		options:   o,
 		backoff:   backoff,
 		retryable: IsErrorRetryables(o.Retryables),
 		timeout:   IsErrorTimeouts(o.Timeouts),
 	}
 }
 // MaxAttempts returns the maximum number of attempts that can be made for a
 // request before failing.
 func (s *Standard) MaxAttempts() int {
 	return s.options.MaxAttempts
 }
 // IsErrorRetryable returns if the error is can be retried or not. Should not
 // consider the number of attempts made.
 func (s *Standard) IsErrorRetryable(err error) bool {
 	return s.retryable.IsErrorRetryable(err).Bool()
 }
 // RetryDelay returns the delay to use before another request attempt is made.
 func (s *Standard) RetryDelay(attempt int, err error) (time.Duration, error) {
 	return s.backoff.BackoffDelay(attempt, err)
 }
 // GetAttemptToken returns the token to be released after then attempt completes.
 // The release token will add NoRetryIncrement to the RateLimiter token pool if
 // the attempt was successful. If the attempt failed, nothing will be done.
 func (s *Standard) GetAttemptToken(context.Context) (func(error) error, error) {
 	return s.GetInitialToken(), nil
 }
 // GetInitialToken returns a token for adding the NoRetryIncrement to the
 // RateLimiter token if the attempt completed successfully without error.
 //
 // InitialToken applies to result of the each attempt, including the first.
 // Whereas the RetryToken applies to the result of subsequent attempts.
 //
 // Deprecated: use GetAttemptToken instead.
 func (s *Standard) GetInitialToken() func(error) error {
 	return releaseToken(s.noRetryIncrement).release
 }
 func (s *Standard) noRetryIncrement() error {
 	return s.options.RateLimiter.AddTokens(s.options.NoRetryIncrement)
 }
 // GetRetryToken attempts to deduct the retry cost from the retry token pool.
 // Returning the token release function, or error.
 func (s *Standard) GetRetryToken(ctx context.Context, opErr error) (func(error) error, error) {
 	cost := s.options.RetryCost
 	if s.timeout.IsErrorTimeout(opErr).Bool() {
 		cost = s.options.RetryTimeoutCost
 	}
 	fn, err := s.options.RateLimiter.GetToken(ctx, cost)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get rate limit token, %w", err)
 	}
 	return releaseToken(fn).release, nil
 }
 func nopRelease(error) error { return nil }
 type releaseToken func() error
 func (f releaseToken) release(err error) error {
 	if err != nil {
 		return nil
 	}
 	return f()
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/throttle_error.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/throttle_error.go
@@ -0,0 +1,60 @@
 package retry
 import (
 	"errors"
 	"github.com/aws/aws-sdk-go-v2/aws"
 )
 // IsErrorThrottle provides the interface of an implementation to determine if
 // a error response from an operation is a throttling error.
 type IsErrorThrottle interface {
 	IsErrorThrottle(error) aws.Ternary
 }
 // IsErrorThrottles is a collection of checks to determine of the error a
 // throttle error. Iterates through the checks and returns the state of
 // throttle if any check returns something other than unknown.
 type IsErrorThrottles []IsErrorThrottle
 // IsErrorThrottle returns if the error is a throttle error if any of the
 // checks in the list return a value other than unknown.
 func (r IsErrorThrottles) IsErrorThrottle(err error) aws.Ternary {
 	for _, re := range r {
 		if v := re.IsErrorThrottle(err); v != aws.UnknownTernary {
 			return v
 		}
 	}
 	return aws.UnknownTernary
 }
 // IsErrorThrottleFunc wraps a function with the IsErrorThrottle interface.
 type IsErrorThrottleFunc func(error) aws.Ternary
 // IsErrorThrottle returns if the error is a throttle error.
 func (fn IsErrorThrottleFunc) IsErrorThrottle(err error) aws.Ternary {
 	return fn(err)
 }
 // ThrottleErrorCode determines if an attempt should be retried based on the
 // API error code.
 type ThrottleErrorCode struct {
 	Codes map[string]struct{}
 }
 // IsErrorThrottle return if the error is a throttle error based on the error
 // codes. Returns unknown if the error doesn't have a code or it is unknown.
 func (r ThrottleErrorCode) IsErrorThrottle(err error) aws.Ternary {
 	var v interface{ ErrorCode() string }
 	if !errors.As(err, &v) {
 		return aws.UnknownTernary
 	}
 	_, ok := r.Codes[v.ErrorCode()]
 	if !ok {
 		return aws.UnknownTernary
 	}
 	return aws.TrueTernary
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/timeout_error.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/timeout_error.go
@@ -0,0 +1,52 @@
 package retry
 import (
 	"errors"
 	"github.com/aws/aws-sdk-go-v2/aws"
 )
 // IsErrorTimeout provides the interface of an implementation to determine if
 // a error matches.
 type IsErrorTimeout interface {
 	IsErrorTimeout(err error) aws.Ternary
 }
 // IsErrorTimeouts is a collection of checks to determine of the error is
 // retryable. Iterates through the checks and returns the state of retryable
 // if any check returns something other than unknown.
 type IsErrorTimeouts []IsErrorTimeout
 // IsErrorTimeout returns if the error is retryable if any of the checks in
 // the list return a value other than unknown.
 func (ts IsErrorTimeouts) IsErrorTimeout(err error) aws.Ternary {
 	for _, t := range ts {
 		if v := t.IsErrorTimeout(err); v != aws.UnknownTernary {
 			return v
 		}
 	}
 	return aws.UnknownTernary
 }
 // IsErrorTimeoutFunc wraps a function with the IsErrorTimeout interface.
 type IsErrorTimeoutFunc func(error) aws.Ternary
 // IsErrorTimeout returns if the error is retryable.
 func (fn IsErrorTimeoutFunc) IsErrorTimeout(err error) aws.Ternary {
 	return fn(err)
 }
 // TimeouterError provides the IsErrorTimeout implementation for determining if
 // an error is a timeout based on type with the Timeout method.
 type TimeouterError struct{}
 // IsErrorTimeout returns if the error is a timeout error.
 func (t TimeouterError) IsErrorTimeout(err error) aws.Ternary {
 	var v interface{ Timeout() bool }
 	if !errors.As(err, &v) {
 		return aws.UnknownTernary
 	}
 	return aws.BoolTernary(v.Timeout())
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retryer.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retryer.go
@@ -0,0 +1,127 @@
 package aws
 import (
 	"context"
 	"fmt"
 	"time"
 )
 // RetryMode provides the mode the API client will use to create a retryer
 // based on.
 type RetryMode string
 const (
 	// RetryModeStandard model provides rate limited retry attempts with
 	// exponential backoff delay.
 	RetryModeStandard RetryMode = "standard"
 	// RetryModeAdaptive model provides attempt send rate limiting on throttle
 	// responses in addition to standard mode's retry rate limiting.
 	//
 	// Adaptive retry mode is experimental and is subject to change in the
 	// future.
 	RetryModeAdaptive RetryMode = "adaptive"
 )
 // ParseRetryMode attempts to parse a RetryMode from the given string.
 // Returning error if the value is not a known RetryMode.
 func ParseRetryMode(v string) (mode RetryMode, err error) {
 	switch v {
 	case "standard":
 		return RetryModeStandard, nil
 	case "adaptive":
 		return RetryModeAdaptive, nil
 	default:
 		return mode, fmt.Errorf("unknown RetryMode, %v", v)
 	}
 }
 func (m RetryMode) String() string { return string(m) }
 // Retryer is an interface to determine if a given error from a
 // attempt should be retried, and if so what backoff delay to apply. The
 // default implementation used by most services is the retry package's Standard
 // type. Which contains basic retry logic using exponential backoff.
 type Retryer interface {
 	// IsErrorRetryable returns if the failed attempt is retryable. This check
 	// should determine if the error can be retried, or if the error is
 	// terminal.
 	IsErrorRetryable(error) bool
 	// MaxAttempts returns the maximum number of attempts that can be made for
 	// an attempt before failing. A value of 0 implies that the attempt should
 	// be retried until it succeeds if the errors are retryable.
 	MaxAttempts() int
 	// RetryDelay returns the delay that should be used before retrying the
 	// attempt. Will return error if the delay could not be determined.
 	RetryDelay(attempt int, opErr error) (time.Duration, error)
 	// GetRetryToken attempts to deduct the retry cost from the retry token pool.
 	// Returning the token release function, or error.
 	GetRetryToken(ctx context.Context, opErr error) (releaseToken func(error) error, err error)
 	// GetInitialToken returns the initial attempt token that can increment the
 	// retry token pool if the attempt is successful.
 	GetInitialToken() (releaseToken func(error) error)
 }
 // RetryerV2 is an interface to determine if a given error from an attempt
 // should be retried, and if so what backoff delay to apply. The default
 // implementation used by most services is the retry package's Standard type.
 // Which contains basic retry logic using exponential backoff.
 //
 // RetryerV2 replaces the Retryer interface, deprecating the GetInitialToken
 // method in favor of GetAttemptToken which takes a context, and can return an error.
 //
 // The SDK's retry package's Attempt middleware, and utilities will always
 // wrap a Retryer as a RetryerV2. Delegating to GetInitialToken, only if
 // GetAttemptToken is not implemented.
 type RetryerV2 interface {
 	Retryer
 	// GetInitialToken returns the initial attempt token that can increment the
 	// retry token pool if the attempt is successful.
 	//
 	// Deprecated: This method does not provide a way to block using Context,
 	// nor can it return an error. Use RetryerV2, and GetAttemptToken instead.
 	GetInitialToken() (releaseToken func(error) error)
 	// GetAttemptToken returns the send token that can be used to rate limit
 	// attempt calls. Will be used by the SDK's retry package's Attempt
 	// middleware to get a send token prior to calling the temp and releasing
 	// the send token after the attempt has been made.
 	GetAttemptToken(context.Context) (func(error) error, error)
 }
 // NopRetryer provides a RequestRetryDecider implementation that will flag
 // all attempt errors as not retryable, with a max attempts of 1.
 type NopRetryer struct{}
 // IsErrorRetryable returns false for all error values.
 func (NopRetryer) IsErrorRetryable(error) bool { return false }
 // MaxAttempts always returns 1 for the original attempt.
 func (NopRetryer) MaxAttempts() int { return 1 }
 // RetryDelay is not valid for the NopRetryer. Will always return error.
 func (NopRetryer) RetryDelay(int, error) (time.Duration, error) {
 	return 0, fmt.Errorf("not retrying any attempt errors")
 }
 // GetRetryToken returns a stub function that does nothing.
 func (NopRetryer) GetRetryToken(context.Context, error) (func(error) error, error) {
 	return nopReleaseToken, nil
 }
 // GetInitialToken returns a stub function that does nothing.
 func (NopRetryer) GetInitialToken() func(error) error {
 	return nopReleaseToken
 }
 // GetAttemptToken returns a stub function that does nothing.
 func (NopRetryer) GetAttemptToken(context.Context) (func(error) error, error) {
 	return nopReleaseToken, nil
 }
 func nopReleaseToken(error) error { return nil }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/runtime.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/runtime.go
@@ -0,0 +1,14 @@
 package aws
 // ExecutionEnvironmentID is the AWS execution environment runtime identifier.
 type ExecutionEnvironmentID string
 // RuntimeEnvironment is a collection of values that are determined at runtime
 // based on the environment that the SDK is executing in. Some of these values
 // may or may not be present based on the executing environment and certain SDK
 // configuration properties that drive whether these values are populated..
 type RuntimeEnvironment struct {
 	EnvironmentIdentifier     ExecutionEnvironmentID
 	Region                    string
 	EC2InstanceMetadataRegion string
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/cache.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/cache.go
@@ -0,0 +1,115 @@
 package v4
 import (
 	"strings"
 	"sync"
 	"time"
 	"github.com/aws/aws-sdk-go-v2/aws"
 )
 func lookupKey(service, region string) string {
 	var s strings.Builder
 	s.Grow(len(region) + len(service) + 3)
 	s.WriteString(region)
 	s.WriteRune('/')
 	s.WriteString(service)
 	return s.String()
 }
 type derivedKey struct {
 	AccessKey  string
 	Date       time.Time
 	Credential []byte
 }
 type derivedKeyCache struct {
 	values map[string]derivedKey
 	mutex  sync.RWMutex
 }
 func newDerivedKeyCache() derivedKeyCache {
 	return derivedKeyCache{
 		values: make(map[string]derivedKey),
 	}
 }
 func (s *derivedKeyCache) Get(credentials aws.Credentials, service, region string, signingTime SigningTime) []byte {
 	key := lookupKey(service, region)
 	s.mutex.RLock()
 	if cred, ok := s.get(key, credentials, signingTime.Time); ok {
 		s.mutex.RUnlock()
 		return cred
 	}
 	s.mutex.RUnlock()
 	s.mutex.Lock()
 	if cred, ok := s.get(key, credentials, signingTime.Time); ok {
 		s.mutex.Unlock()
 		return cred
 	}
 	cred := deriveKey(credentials.SecretAccessKey, service, region, signingTime)
 	entry := derivedKey{
 		AccessKey:  credentials.AccessKeyID,
 		Date:       signingTime.Time,
 		Credential: cred,
 	}
 	s.values[key] = entry
 	s.mutex.Unlock()
 	return cred
 }
 func (s *derivedKeyCache) get(key string, credentials aws.Credentials, signingTime time.Time) ([]byte, bool) {
 	cacheEntry, ok := s.retrieveFromCache(key)
 	if ok && cacheEntry.AccessKey == credentials.AccessKeyID && isSameDay(signingTime, cacheEntry.Date) {
 		return cacheEntry.Credential, true
 	}
 	return nil, false
 }
 func (s *derivedKeyCache) retrieveFromCache(key string) (derivedKey, bool) {
 	if v, ok := s.values[key]; ok {
 		return v, true
 	}
 	return derivedKey{}, false
 }
 // SigningKeyDeriver derives a signing key from a set of credentials
 type SigningKeyDeriver struct {
 	cache derivedKeyCache
 }
 // NewSigningKeyDeriver returns a new SigningKeyDeriver
 func NewSigningKeyDeriver() *SigningKeyDeriver {
 	return &SigningKeyDeriver{
 		cache: newDerivedKeyCache(),
 	}
 }
 // DeriveKey returns a derived signing key from the given credentials to be used with SigV4 signing.
 func (k *SigningKeyDeriver) DeriveKey(credential aws.Credentials, service, region string, signingTime SigningTime) []byte {
 	return k.cache.Get(credential, service, region, signingTime)
 }
 func deriveKey(secret, service, region string, t SigningTime) []byte {
 	hmacDate := HMACSHA256([]byte("AWS4"+secret), []byte(t.ShortTimeFormat()))
 	hmacRegion := HMACSHA256(hmacDate, []byte(region))
 	hmacService := HMACSHA256(hmacRegion, []byte(service))
 	return HMACSHA256(hmacService, []byte("aws4_request"))
 }
 func isSameDay(x, y time.Time) bool {
 	xYear, xMonth, xDay := x.Date()
 	yYear, yMonth, yDay := y.Date()
 	if xYear != yYear {
 		return false
 	}
 	if xMonth != yMonth {
 		return false
 	}
 	return xDay == yDay
 }
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/const.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/const.go
@@ -0,0 +1,40 @@
 package v4
 // Signature Version 4 (SigV4) Constants
 const (
 	// EmptyStringSHA256 is the hex encoded sha256 value of an empty string
 	EmptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
 	// UnsignedPayload indicates that the request payload body is unsigned
 	UnsignedPayload = "UNSIGNED-PAYLOAD"
 	// AmzAlgorithmKey indicates the signing algorithm
 	AmzAlgorithmKey = "X-Amz-Algorithm"
 	// AmzSecurityTokenKey indicates the security token to be used with temporary credentials
 	AmzSecurityTokenKey = "X-Amz-Security-Token"
 	// AmzDateKey is the UTC timestamp for the request in the format YYYYMMDD'T'HHMMSS'Z'
 	AmzDateKey = "X-Amz-Date"
 	// AmzCredentialKey is the access key ID and credential scope
 	AmzCredentialKey = "X-Amz-Credential"
 	// AmzSignedHeadersKey is the set of headers signed for the request
 	AmzSignedHeadersKey = "X-Amz-SignedHeaders"
 	// AmzSignatureKey is the query parameter to store the SigV4 signature
 	AmzSignatureKey = "X-Amz-Signature"
 	// TimeFormat is the time format to be used in the X-Amz-Date header or query parameter
 	TimeFormat = "20060102T150405Z"
 	// ShortTimeFormat is the shorten time format used in the credential scope
 	ShortTimeFormat = "20060102"
 	// ContentSHAKey is the SHA256 of request body
 	ContentSHAKey = "X-Amz-Content-Sha256"
 	// StreamingEventsPayload indicates that the request payload body is a signed event stream.
 	StreamingEventsPayload = "STREAMING-AWS4-HMAC-SHA256-EVENTS"
 )
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1 @@`
							`This repository holds Go packages for accessing Security Support Provider Interface on Windows.`
		`@@ -0,0 +1,2 @@`
							`// Package defaults provides recommended configuration values for AWS SDKs and CLIs.`
							`package defaults`