vendor: update buildkit to master@31c870e82a48

Signed-off-by: Justin Chadwell <me@jedevc.com>

vendor/github.com/aws/aws-sdk-go-v2/aws/config.go

@@ -3,13 +3,14 @@ package aws
 import (
 	"net/http"
 
+	smithybearer "github.com/aws/smithy-go/auth/bearer"
 	"github.com/aws/smithy-go/logging"
 	"github.com/aws/smithy-go/middleware"
 )
 
 // HTTPClient provides the interface to provide custom HTTPClients. Generally
 // *http.Client is sufficient for most use cases. The HTTPClient should not
-// follow redirects.
+// follow 301 or 302 redirects.
 type HTTPClient interface {
 	Do(*http.Request) (*http.Response, error)
 }
@@ -25,11 +26,23 @@ type Config struct {
 	// information on AWS regions.
 	Region string
 
-	// The credentials object to use when signing requests. Defaults to a
-	// chain of credential providers to search for credentials in environment
-	// variables, shared credential file, and EC2 Instance Roles.
+	// The credentials object to use when signing requests.
+	// Use the LoadDefaultConfig to load configuration from all the SDK's supported
+	// sources, and resolve credentials using the SDK's default credential chain.
 	Credentials CredentialsProvider
 
+	// The Bearer Authentication token provider to use for authenticating API
+	// operation calls with a Bearer Authentication token. The API clients and
+	// operation must support Bearer Authentication scheme in order for the
+	// token provider to be used. API clients created with NewFromConfig will
+	// automatically be configured with this option, if the API client support
+	// Bearer Authentication.
+	//
+	// The SDK's config.LoadDefaultConfig can automatically populate this
+	// option for external configuration options such as SSO session.
+	// https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
+	BearerAuthTokenProvider smithybearer.TokenProvider
+
 	// The HTTP Client the SDK's API clients will use to invoke HTTP requests.
 	// The SDK defaults to a BuildableClient allowing API clients to create
 	// copies of the HTTP Client for service specific customizations.

vendor/github.com/aws/aws-sdk-go-v2/aws/credential_cache.go

@@ -46,14 +46,14 @@ type CredentialsCacheOptions struct {
 // CredentialsCache will look for optional interfaces on the Provider to adjust
 // how the credential cache handles credentials caching.
 //
-//   * HandleFailRefreshCredentialsCacheStrategy - Allows provider to handle
-//   credential refresh failures. This could return an updated Credentials
-//   value, or attempt another means of retrieving credentials.
+//   - HandleFailRefreshCredentialsCacheStrategy - Allows provider to handle
+//     credential refresh failures. This could return an updated Credentials
+//     value, or attempt another means of retrieving credentials.
 //
-//   * AdjustExpiresByCredentialsCacheStrategy - Allows provider to adjust how
-//   credentials Expires is modified. This could modify how the Credentials
-//   Expires is adjusted based on the CredentialsCache ExpiryWindow option.
-//   Such as providing a floor not to reduce the Expires below.
+//   - AdjustExpiresByCredentialsCacheStrategy - Allows provider to adjust how
+//     credentials Expires is modified. This could modify how the Credentials
+//     Expires is adjusted based on the CredentialsCache ExpiryWindow option.
+//     Such as providing a floor not to reduce the Expires below.
 type CredentialsCache struct {
 	provider CredentialsProvider
 
@@ -178,6 +178,12 @@ func (p *CredentialsCache) Invalidate() {
 	p.creds.Store((*Credentials)(nil))
 }
 
+// IsCredentialsProvider returns whether credential provider wrapped by CredentialsCache
+// matches the target provider type.
+func (p *CredentialsCache) IsCredentialsProvider(target CredentialsProvider) bool {
+	return IsCredentialsProvider(p.provider, target)
+}
+
 // HandleFailRefreshCredentialsCacheStrategy is an interface for
 // CredentialsCache to allow CredentialsProvider  how failed to refresh
 // credentials is handled.

vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go

@@ -3,6 +3,7 @@ package aws
 import (
 	"context"
 	"fmt"
+	"reflect"
 	"time"
 
 	"github.com/aws/aws-sdk-go-v2/internal/sdk"
@@ -23,41 +24,41 @@ import (
 // The following example demonstrates using the AnonymousCredentials to prevent
 // SDK's external config loading attempt to resolve credentials.
 //
-//     cfg, err := config.LoadDefaultConfig(context.TODO(),
-//          config.WithCredentialsProvider(aws.AnonymousCredentials{}),
-//     )
-//     if err != nil {
-//          log.Fatalf("failed to load config, %v", err)
-//     }
+//	cfg, err := config.LoadDefaultConfig(context.TODO(),
+//	     config.WithCredentialsProvider(aws.AnonymousCredentials{}),
+//	)
+//	if err != nil {
+//	     log.Fatalf("failed to load config, %v", err)
+//	}
 //
-//     client := s3.NewFromConfig(cfg)
+//	client := s3.NewFromConfig(cfg)
 //
 // Alternatively you can leave the API client Option's `Credential` member to
 // nil. If using the `NewFromConfig` constructor you'll need to explicitly set
 // the `Credentials` member to nil, if the external config resolved a
 // credential provider.
 //
-//     client := s3.New(s3.Options{
-//          // Credentials defaults to a nil value.
-//     })
+//	client := s3.New(s3.Options{
+//	     // Credentials defaults to a nil value.
+//	})
 //
 // This can also be configured for specific operations calls too.
 //
-//     cfg, err := config.LoadDefaultConfig(context.TODO())
-//     if err != nil {
-//          log.Fatalf("failed to load config, %v", err)
-//     }
+//	cfg, err := config.LoadDefaultConfig(context.TODO())
+//	if err != nil {
+//	     log.Fatalf("failed to load config, %v", err)
+//	}
 //
-//     client := s3.NewFromConfig(config)
+//	client := s3.NewFromConfig(config)
 //
-//     result, err := client.GetObject(context.TODO(), s3.GetObject{
-//          Bucket: aws.String("example-bucket"),
-//          Key: aws.String("example-key"),
-//     }, func(o *s3.Options) {
-//          o.Credentials = nil
-//          // Or
-//          o.Credentials = aws.AnonymousCredentials{}
-//     })
+//	result, err := client.GetObject(context.TODO(), s3.GetObject{
+//	     Bucket: aws.String("example-bucket"),
+//	     Key: aws.String("example-key"),
+//	}, func(o *s3.Options) {
+//	     o.Credentials = nil
+//	     // Or
+//	     o.Credentials = aws.AnonymousCredentials{}
+//	})
 type AnonymousCredentials struct{}
 
 // Retrieve implements the CredentialsProvider interface, but will always
@@ -129,3 +130,41 @@ type CredentialsProviderFunc func(context.Context) (Credentials, error)
 func (fn CredentialsProviderFunc) Retrieve(ctx context.Context) (Credentials, error) {
 	return fn(ctx)
 }
+
+type isCredentialsProvider interface {
+	IsCredentialsProvider(CredentialsProvider) bool
+}
+
+// IsCredentialsProvider returns whether the target CredentialProvider is the same type as provider when comparing the
+// implementation type.
+//
+// If provider has a method IsCredentialsProvider(CredentialsProvider) bool it will be responsible for validating
+// whether target matches the credential provider type.
+//
+// When comparing the CredentialProvider implementations provider and target for equality, the following rules are used:
+//
+//	If provider is of type T and target is of type V, true if type *T is the same as type *V, otherwise false
+//	If provider is of type *T and target is of type V, true if type *T is the same as type *V, otherwise false
+//	If provider is of type T and target is of type *V, true if type *T is the same as type *V, otherwise false
+//	If provider is of type *T and target is of type *V,true if type *T is the same as type *V, otherwise false
+func IsCredentialsProvider(provider, target CredentialsProvider) bool {
+	if target == nil || provider == nil {
+		return provider == target
+	}
+
+	if x, ok := provider.(isCredentialsProvider); ok {
+		return x.IsCredentialsProvider(target)
+	}
+
+	targetType := reflect.TypeOf(target)
+	if targetType.Kind() != reflect.Ptr {
+		targetType = reflect.PtrTo(targetType)
+	}
+
+	providerType := reflect.TypeOf(provider)
+	if providerType.Kind() != reflect.Ptr {
+		providerType = reflect.PtrTo(providerType)
+	}
+
+	return targetType.AssignableTo(providerType)
+}

vendor/github.com/aws/aws-sdk-go-v2/aws/doc.go

@@ -1,7 +1,7 @@
 // Package aws provides the core SDK's utilities and shared types. Use this package's
 // utilities to simplify setting and reading API operations parameters.
 //
-// Value and Pointer Conversion Utilities
+// # Value and Pointer Conversion Utilities
 //
 // This package includes a helper conversion utility for each scalar type the SDK's
 // API use. These utilities make getting a pointer of the scalar, and dereferencing
@@ -16,33 +16,33 @@
 // to get pointer of a literal string value, because getting the address of a
 // literal requires assigning the value to a variable first.
 //
-//    var strPtr *string
+//	var strPtr *string
 //
-//    // Without the SDK's conversion functions
-//    str := "my string"
-//    strPtr = &str
+//	// Without the SDK's conversion functions
+//	str := "my string"
+//	strPtr = &str
 //
-//    // With the SDK's conversion functions
-//    strPtr = aws.String("my string")
+//	// With the SDK's conversion functions
+//	strPtr = aws.String("my string")
 //
-//    // Convert *string to string value
-//    str = aws.ToString(strPtr)
+//	// Convert *string to string value
+//	str = aws.ToString(strPtr)
 //
 // In addition to scalars the aws package also includes conversion utilities for
 // map and slice for commonly types used in API parameters. The map and slice
 // conversion functions use similar naming pattern as the scalar conversion
 // functions.
 //
-//    var strPtrs []*string
-//    var strs []string = []string{"Go", "Gophers", "Go"}
+//	var strPtrs []*string
+//	var strs []string = []string{"Go", "Gophers", "Go"}
 //
-//    // Convert []string to []*string
-//    strPtrs = aws.StringSlice(strs)
+//	// Convert []string to []*string
+//	strPtrs = aws.StringSlice(strs)
 //
-//    // Convert []*string to []string
-//    strs = aws.ToStringSlice(strPtrs)
+//	// Convert []*string to []string
+//	strs = aws.ToStringSlice(strPtrs)
 //
-// SDK Default HTTP Client
+// # SDK Default HTTP Client
 //
 // The SDK will use the http.DefaultClient if a HTTP client is not provided to
 // the SDK's Session, or service client constructor. This means that if the

vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go

@@ -3,4 +3,4 @@
 package aws
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.16.3"
+const goModuleVersion = "1.17.6"

vendor/github.com/aws/aws-sdk-go-v2/aws/logging.go

@@ -7,10 +7,12 @@ package aws
 // The entire 64-bit group is reserved for later expansion by the SDK.
 //
 // Example: Setting ClientLogMode to enable logging of retries and requests
-//  clientLogMode := aws.LogRetries | aws.LogRequest
+//
+//	clientLogMode := aws.LogRetries | aws.LogRequest
 //
 // Example: Adding an additional log mode to an existing ClientLogMode value
-//  clientLogMode |= aws.LogResponse
+//
+//	clientLogMode |= aws.LogResponse
 type ClientLogMode uint64
 
 // Supported ClientLogMode bits that can be configured to toggle logging of specific SDK events.

vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go

@@ -68,10 +68,12 @@ type requestUserAgent struct {
 // request.
 //
 // User-Agent example:
-//   aws-sdk-go-v2/1.2.3
+//
+//	aws-sdk-go-v2/1.2.3
 //
 // X-Amz-User-Agent example:
-//   aws-sdk-go-v2/1.2.3 md/GOOS/linux md/GOARCH/amd64 lang/go/1.15
+//
+//	aws-sdk-go-v2/1.2.3 md/GOOS/linux md/GOARCH/amd64 lang/go/1.15
 func newRequestUserAgent() *requestUserAgent {
 	userAgent, sdkAgent := smithyhttp.NewUserAgentBuilder(), smithyhttp.NewUserAgentBuilder()
 	addProductName(userAgent)

vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/array.go

@@ -9,9 +9,9 @@ import (
 // representation of a list of values of a fixed type. A serialized array might
 // look like the following:
 //
-//     ListName.member.1=foo
-//     &ListName.member.2=bar
-//     &Listname.member.3=baz
+//	ListName.member.1=foo
+//	&ListName.member.2=bar
+//	&Listname.member.3=baz
 type Array struct {
 	// The query values to add the array to.
 	values url.Values
@@ -36,20 +36,31 @@ type Array struct {
 	memberName string
 	// Elements are stored in values, so we keep track of the list size here.
 	size int32
+	// Empty lists are encoded as "<prefix>=", if we add a value later we will
+	// remove this encoding
+	emptyValue Value
 }
 
 func newArray(values url.Values, prefix string, flat bool, memberName string) *Array {
+	emptyValue := newValue(values, prefix, flat)
+	emptyValue.String("")
+
 	return &Array{
 		values:     values,
 		prefix:     prefix,
 		flat:       flat,
 		memberName: memberName,
+		emptyValue: emptyValue,
 	}
 }
 
 // Value adds a new element to the Query Array. Returns a Value type used to
 // encode the array element.
 func (a *Array) Value() Value {
+	if a.size == 0 {
+		delete(a.values, a.emptyValue.key)
+	}
+
 	// Query lists start a 1, so adjust the size first
 	a.size++
 	prefix := a.prefix

vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/map.go

@@ -11,10 +11,10 @@ import (
 // the values must all be of the same type, and that map entries are ordered.
 // A serialized map might look like the following:
 //
-//     MapName.entry.1.key=Foo
-//     &MapName.entry.1.value=spam
-//     &MapName.entry.2.key=Bar
-//     &MapName.entry.2.value=eggs
+//	MapName.entry.1.key=Foo
+//	&MapName.entry.1.value=spam
+//	&MapName.entry.2.key=Bar
+//	&MapName.entry.2.value=eggs
 type Map struct {
 	// The query values to add the map to.
 	values url.Values

vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go

@@ -10,8 +10,8 @@ import (
 // values where there is a fixed set of keys whose values each have their
 // own known type. A serialized object might look like the following:
 //
-//     ObjectName.Foo=value
-//     &ObjectName.Bar=5
+//	ObjectName.Foo=value
+//	&ObjectName.Bar=5
 type Object struct {
 	// The query values to add the object to.
 	values url.Values

vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/xml/error_utils.go

@@ -21,26 +21,18 @@ func GetErrorResponseComponents(r io.Reader, noErrorWrapping bool) (ErrorCompone
 		if err := xml.NewDecoder(r).Decode(&errResponse); err != nil && err != io.EOF {
 			return ErrorComponents{}, fmt.Errorf("error while deserializing xml error response: %w", err)
 		}
-		return ErrorComponents{
-			Code:      errResponse.Code,
-			Message:   errResponse.Message,
-			RequestID: errResponse.RequestID,
-		}, nil
+		return ErrorComponents(errResponse), nil
 	}
 
 	var errResponse wrappedErrorResponse
 	if err := xml.NewDecoder(r).Decode(&errResponse); err != nil && err != io.EOF {
 		return ErrorComponents{}, fmt.Errorf("error while deserializing xml error response: %w", err)
 	}
-	return ErrorComponents{
-		Code:      errResponse.Code,
-		Message:   errResponse.Message,
-		RequestID: errResponse.RequestID,
-	}, nil
+	return ErrorComponents(errResponse), nil
 }
 
 // noWrappedErrorResponse represents the error response body with
-// no internal <Error></Error wrapping
+// no internal Error wrapping
 type noWrappedErrorResponse struct {
 	Code      string `xml:"Code"`
 	Message   string `xml:"Message"`
@@ -48,7 +40,7 @@ type noWrappedErrorResponse struct {
 }
 
 // wrappedErrorResponse represents the error response body
-// wrapped within <Error>...</Error>
+// wrapped within Error
 type wrappedErrorResponse struct {
 	Code      string `xml:"Error>Code"`
 	Message   string `xml:"Error>Message"`

vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/token_rate_limit.go

@@ -30,10 +30,6 @@ func NewTokenRateLimit(tokens uint) *TokenRateLimit {
 	}
 }
 
-func isTimeoutError(error) bool {
-	return false
-}
-
 type canceledError struct {
 	Err error
 }

vendor/github.com/aws/aws-sdk-go-v2/aws/retry/adaptive.go

@@ -93,7 +93,7 @@ func (a *AdaptiveMode) IsErrorRetryable(err error) bool {
 }
 
 // MaxAttempts returns the maximum number of attempts that can be made for
-// a attempt before failing. A value of 0 implies that the attempt should
+// an attempt before failing. A value of 0 implies that the attempt should
 // be retried until it succeeds if the errors are retryable.
 func (a *AdaptiveMode) MaxAttempts() int {
 	return a.retryer.MaxAttempts()
@@ -127,7 +127,7 @@ func (a *AdaptiveMode) GetInitialToken() (releaseToken func(error) error) {
 
 // GetAttemptToken returns the attempt token that can be used to rate limit
 // attempt calls. Will be used by the SDK's retry package's Attempt
-// middleware to get a attempt token prior to calling the temp and releasing
+// middleware to get an attempt token prior to calling the temp and releasing
 // the attempt token after the attempt has been made.
 func (a *AdaptiveMode) GetAttemptToken(ctx context.Context) (func(error) error, error) {
 	for {

vendor/github.com/aws/aws-sdk-go-v2/aws/retry/doc.go

@@ -1,12 +1,12 @@
 // Package retry provides interfaces and implementations for SDK request retry behavior.
 //
-// Retryer Interface and Implementations
+// # Retryer Interface and Implementations
 //
-// This packages defines Retryer interface that is used to either implement custom retry behavior
-// or to extend the existing retry implementations provided by the SDK. This packages provides a single
-// retry implementations: Standard.
+// This package defines Retryer interface that is used to either implement custom retry behavior
+// or to extend the existing retry implementations provided by the SDK. This package provides a single
+// retry implementation: Standard.
 //
-// Standard
+// # Standard
 //
 // Standard is the default retryer implementation used by service clients. The standard retryer is a rate limited
 // retryer that has a configurable max attempts to limit the number of retry attempts when a retryable error occurs.
@@ -15,66 +15,66 @@
 //
 // By default the standard retryer uses the DefaultRetryables slice of IsErrorRetryable types to determine whether
 // a given error is retryable. By default this list of retryables includes the following:
-//  - Retrying errors that implement the RetryableError method, and return true.
-//  - Connection Errors
-//    - Errors that implement a ConnectionError, Temporary, or Timeout method that return true.
-//    - Connection Reset Errors.
-//    - net.OpErr types that are dialing errors or are temporary.
-//    - HTTP Status Codes: 500, 502, 503, and 504.
-//  - API Error Codes
-//    - RequestTimeout, RequestTimeoutException
-//    - Throttling, ThrottlingException, ThrottledException, RequestThrottledException, TooManyRequestsException,
-//      RequestThrottled, SlowDown, EC2ThrottledException
-//    - ProvisionedThroughputExceededException, RequestLimitExceeded, BandwidthLimitExceeded, LimitExceededException
-//    - TransactionInProgressException, PriorRequestNotComplete
+//   - Retrying errors that implement the RetryableError method, and return true.
+//   - Connection Errors
+//   - Errors that implement a ConnectionError, Temporary, or Timeout method that return true.
+//   - Connection Reset Errors.
+//   - net.OpErr types that are dialing errors or are temporary.
+//   - HTTP Status Codes: 500, 502, 503, and 504.
+//   - API Error Codes
+//   - RequestTimeout, RequestTimeoutException
+//   - Throttling, ThrottlingException, ThrottledException, RequestThrottledException, TooManyRequestsException,
+//     RequestThrottled, SlowDown, EC2ThrottledException
+//   - ProvisionedThroughputExceededException, RequestLimitExceeded, BandwidthLimitExceeded, LimitExceededException
+//   - TransactionInProgressException, PriorRequestNotComplete
 //
 // The standard retryer will not retry a request in the event if the context associated with the request
 // has been cancelled. Applications must handle this case explicitly if they wish to retry with a different context
 // value.
 //
 // You can configure the standard retryer implementation to fit your applications by constructing a standard retryer
-// using the NewStandard function, and providing one more functional arguments that mutate the StandardOptions
+// using the NewStandard function, and providing one more functional argument that mutate the StandardOptions
 // structure. StandardOptions provides the ability to modify the token bucket rate limiter, retryable error conditions,
 // and the retry delay policy.
 //
 // For example to modify the default retry attempts for the standard retryer:
 //
-//  // configure the custom retryer
-//  customRetry := retry.NewStandard(func(o *retry.StandardOptions) {
-//      o.MaxAttempts = 5
-//  })
+//	// configure the custom retryer
+//	customRetry := retry.NewStandard(func(o *retry.StandardOptions) {
+//	    o.MaxAttempts = 5
+//	})
 //
-//  // create a service client with the retryer
-//  s3.NewFromConfig(cfg, func(o *s3.Options) {
-//      o.Retryer = customRetry
-//  })
+//	// create a service client with the retryer
+//	s3.NewFromConfig(cfg, func(o *s3.Options) {
+//	    o.Retryer = customRetry
+//	})
 //
-// Utilities
+// # Utilities
 //
 // A number of package functions have been provided to easily wrap retryer implementations in an implementation agnostic
 // way. These are:
 //
-//   AddWithErrorCodes      - Provides the ability to add additional API error codes that should be considered retryable
-//                           in addition to those considered retryable by the provided retryer.
+//	AddWithErrorCodes      - Provides the ability to add additional API error codes that should be considered retryable
+//	                        in addition to those considered retryable by the provided retryer.
 //
-//   AddWithMaxAttempts     - Provides the ability to set the max number of attempts for retrying a request by wrapping
-//                            a retryer implementation.
+//	AddWithMaxAttempts     - Provides the ability to set the max number of attempts for retrying a request by wrapping
+//	                         a retryer implementation.
 //
-//   AddWithMaxBackoffDelay - Provides the ability to set the max back off delay that can occur before retrying a
-//                            request by wrapping a retryer implementation.
+//	AddWithMaxBackoffDelay - Provides the ability to set the max back off delay that can occur before retrying a
+//	                         request by wrapping a retryer implementation.
 //
 // The following package functions have been provided to easily satisfy different retry interfaces to further customize
 // a given retryer's behavior:
 //
-//   BackoffDelayerFunc   - Can be used to wrap a function to satisfy the BackoffDelayer interface. For example,
-//                          you can use this method to easily create custom back off policies to be used with the
-//                          standard retryer.
+//	BackoffDelayerFunc   - Can be used to wrap a function to satisfy the BackoffDelayer interface. For example,
+//	                       you can use this method to easily create custom back off policies to be used with the
+//	                       standard retryer.
 //
-//   IsErrorRetryableFunc - Can be used to wrap a function to satisfy the IsErrorRetryable interface. For example,
-//                          this can be used to extend the standard retryer to add additional logic ot determine if a
-//                          error should be retried.
+//	IsErrorRetryableFunc - Can be used to wrap a function to satisfy the IsErrorRetryable interface. For example,
+//	                       this can be used to extend the standard retryer to add additional logic to determine if an
+//	                       error should be retried.
 //
-//   IsErrorTimeoutFunc   - Can be used to wrap a function to satisfy IsErrorTimeout interface. For example,
-//                          this can be used to extend the standard retryer to add additional logic to determine if an
-//                           error should be considered a timeout.
+//	IsErrorTimeoutFunc   - Can be used to wrap a function to satisfy IsErrorTimeout interface. For example,
+//	                       this can be used to extend the standard retryer to add additional logic to determine if an
+//	                        error should be considered a timeout.
 package retry

vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go

@@ -11,7 +11,6 @@ import (
 	awsmiddle "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/internal/sdk"
 	"github.com/aws/smithy-go/logging"
-	"github.com/aws/smithy-go/middleware"
 	smithymiddle "github.com/aws/smithy-go/middleware"
 	"github.com/aws/smithy-go/transport/http"
 )
@@ -90,7 +89,7 @@ func (r *Attempt) HandleFinalize(ctx context.Context, in smithymiddle.FinalizeIn
 		out, attemptResult, releaseRetryToken, err = r.handleAttempt(attemptCtx, attemptInput, releaseRetryToken, next)
 		attemptClockSkew, _ = awsmiddle.GetAttemptSkew(attemptResult.ResponseMetadata)
 
-		// AttempResult Retried states that the attempt was not successful, and
+		// AttemptResult Retried states that the attempt was not successful, and
 		// should be retried.
 		shouldRetry := attemptResult.Retried
 
@@ -292,7 +291,7 @@ type retryMetadataKey struct{}
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 func getRetryMetadata(ctx context.Context) (metadata retryMetadata, ok bool) {
-	metadata, ok = middleware.GetStackValue(ctx, retryMetadataKey{}).(retryMetadata)
+	metadata, ok = smithymiddle.GetStackValue(ctx, retryMetadataKey{}).(retryMetadata)
 	return metadata, ok
 }
 
@@ -301,7 +300,7 @@ func getRetryMetadata(ctx context.Context) (metadata retryMetadata, ok bool) {
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
 // to clear all stack values.
 func setRetryMetadata(ctx context.Context, metadata retryMetadata) context.Context {
-	return middleware.WithStackValue(ctx, retryMetadataKey{}, metadata)
+	return smithymiddle.WithStackValue(ctx, retryMetadataKey{}, metadata)
 }
 
 // AddRetryMiddlewaresOptions is the set of options that can be passed to

vendor/github.com/aws/aws-sdk-go-v2/aws/retryer.go

@@ -49,7 +49,7 @@ type Retryer interface {
 	IsErrorRetryable(error) bool
 
 	// MaxAttempts returns the maximum number of attempts that can be made for
-	// a attempt before failing. A value of 0 implies that the attempt should
+	// an attempt before failing. A value of 0 implies that the attempt should
 	// be retried until it succeeds if the errors are retryable.
 	MaxAttempts() int
 
@@ -66,7 +66,7 @@ type Retryer interface {
 	GetInitialToken() (releaseToken func(error) error)
 }
 
-// RetryerV2 is an interface to determine if a given error from a attempt
+// RetryerV2 is an interface to determine if a given error from an attempt
 // should be retried, and if so what backoff delay to apply. The default
 // implementation used by most services is the retry package's Standard type.
 // Which contains basic retry logic using exponential backoff.

vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/util.go

@@ -46,19 +46,35 @@ func StripExcessSpaces(str string) string {
 	return string(buf[:m])
 }
 
-// GetURIPath returns the escaped URI component from the provided URL
+// GetURIPath returns the escaped URI component from the provided URL.
 func GetURIPath(u *url.URL) string {
-	var uri string
+	var uriPath string
 
 	if len(u.Opaque) > 0 {
-		uri = "/" + strings.Join(strings.Split(u.Opaque, "/")[3:], "/")
+		const schemeSep, pathSep, queryStart = "//", "/", "?"
+
+		opaque := u.Opaque
+		// Cut off the query string if present.
+		if idx := strings.Index(opaque, queryStart); idx >= 0 {
+			opaque = opaque[:idx]
+		}
+
+		// Cutout the scheme separator if present.
+		if strings.Index(opaque, schemeSep) == 0 {
+			opaque = opaque[len(schemeSep):]
+		}
+
+		// capture URI path starting with first path separator.
+		if idx := strings.Index(opaque, pathSep); idx >= 0 {
+			uriPath = opaque[idx:]
+		}
 	} else {
-		uri = u.EscapedPath()
+		uriPath = u.EscapedPath()
 	}
 
-	if len(uri) == 0 {
-		uri = "/"
+	if len(uriPath) == 0 {
+		uriPath = "/"
 	}
 
-	return uri
+	return uriPath
 }

vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go

@@ -82,7 +82,7 @@ func (m *dynamicPayloadSigningMiddleware) HandleBuild(
 	}
 
 	// if TLS is enabled, use unsigned payload when supported
-	if strings.EqualFold(req.URL.Scheme, "https") {
+	if req.IsHTTPS() {
 		return (&unsignedPayload{}).HandleBuild(ctx, in, next)
 	}
 
@@ -371,13 +371,8 @@ func haveCredentialProvider(p aws.CredentialsProvider) bool {
 	if p == nil {
 		return false
 	}
-	switch p.(type) {
-	case aws.AnonymousCredentials,
-		*aws.AnonymousCredentials:
-		return false
-	}
 
-	return true
+	return !aws.IsCredentialsProvider(p, (*aws.AnonymousCredentials)(nil))
 }
 
 type payloadHashKey struct{}

vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go

@@ -3,20 +3,22 @@
 // Provides request signing for request that need to be signed with
 // AWS V4 Signatures.
 //
-// Standalone Signer
+// # Standalone Signer
 //
 // Generally using the signer outside of the SDK should not require any additional
-//  The signer does this by taking advantage of the URL.EscapedPath method. If your request URI requires
+//
+//	The signer does this by taking advantage of the URL.EscapedPath method. If your request URI requires
+//
 // additional escaping you many need to use the URL.Opaque to define what the raw URI should be sent
 // to the service as.
 //
 // The signer will first check the URL.Opaque field, and use its value if set.
 // The signer does require the URL.Opaque field to be set in the form of:
 //
-//     "//<hostname>/<path>"
+//	"//<hostname>/<path>"
 //
-//     // e.g.
-//     "//example.com/some/path"
+//	// e.g.
+//	"//example.com/some/path"
 //
 // The leading "//" and hostname are required or the URL.Opaque escaping will
 // not work correctly.
@@ -252,7 +254,7 @@ func buildAuthorizationHeader(credentialStr, signedHeadersStr, signingSignature
 // request has no payload you should use the hex encoded SHA-256 of an empty
 // string as the payloadHash value.
 //
-//   "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+//	"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
 //
 // Some services such as Amazon S3 accept alternative values for the payload
 // hash, such as "UNSIGNED-PAYLOAD" for requests where the body will not be
@@ -311,7 +313,7 @@ func (s Signer) SignHTTP(ctx context.Context, credentials aws.Credentials, r *ht
 // request has no payload you should use the hex encoded SHA-256 of an empty
 // string as the payloadHash value.
 //
-//   "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+//	"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
 //
 // Some services such as Amazon S3 accept alternative values for the payload
 // hash, such as "UNSIGNED-PAYLOAD" for requests where the body will not be
@@ -331,10 +333,10 @@ func (s Signer) SignHTTP(ctx context.Context, credentials aws.Credentials, r *ht
 // parameter is not used by all AWS services, and is most notable used by
 // Amazon S3 APIs.
 //
-//   expires := 20 * time.Minute
-//   query := req.URL.Query()
-//   query.Set("X-Amz-Expires", strconv.FormatInt(int64(expires/time.Second), 10)
-//   req.URL.RawQuery = query.Encode()
+//	expires := 20 * time.Minute
+//	query := req.URL.Query()
+//	query.Set("X-Amz-Expires", strconv.FormatInt(int64(expires/time.Second), 10)
+//	req.URL.RawQuery = query.Encode()
 //
 // This method does not modify the provided request.
 func (s *Signer) PresignHTTP(
@@ -407,8 +409,8 @@ func (s *httpSigner) buildCanonicalHeaders(host string, rule v4Internal.Rule, he
 	headers = append(headers, hostHeader)
 	signed[hostHeader] = append(signed[hostHeader], host)
 
+	const contentLengthHeader = "content-length"
 	if length > 0 {
-		const contentLengthHeader = "content-length"
 		headers = append(headers, contentLengthHeader)
 		signed[contentLengthHeader] = append(signed[contentLengthHeader], strconv.FormatInt(length, 10))
 	}
@@ -417,6 +419,10 @@ func (s *httpSigner) buildCanonicalHeaders(host string, rule v4Internal.Rule, he
 		if !rule.IsValid(k) {
 			continue // ignored header
 		}
+		if strings.EqualFold(k, contentLengthHeader) {
+			// prevent signing already handled content-length header.
+			continue
+		}
 
 		lowerCaseKey := strings.ToLower(k)
 		if _, ok := signed[lowerCaseKey]; ok {