Merge pull request #2681 from crazy-max/v0.17.0_update-buildkit

[v0.17 backport] vendor: update buildkit to v0.16.0

.github/workflows/docs-release.yml

@@ -57,7 +57,7 @@ jobs:
           VENDOR_MODULE: github.com/docker/buildx@${{ env.RELEASE_NAME }}
       -
         name: Create PR on docs repo
-        uses: peter-evans/create-pull-request@4320041ed380b20e97d388d56a7fb4f9b8c20e79  # v7.0.0
+        uses: peter-evans/create-pull-request@8867c4aba1b742c39f8d0ba35429c2dfa4b6cb20  # v7.0.1
         with:
           token: ${{ secrets.GHPAT_DOCS_DISPATCH }}
           push-to-fork: docker-tools-robot/docker.github.io

.mailmap

@@ -1,11 +1,25 @@
 # This file lists all individuals having contributed content to the repository.
 # For how it is generated, see hack/dockerfiles/authors.Dockerfile.
 
+Batuhan Apaydın <batuhan.apaydin@trendyol.com>
+Batuhan Apaydın <batuhan.apaydin@trendyol.com> <developerguy2@gmail.com>
 CrazyMax <github@crazymax.dev>
 CrazyMax <github@crazymax.dev> <1951866+crazy-max@users.noreply.github.com>
 CrazyMax <github@crazymax.dev> <crazy-max@users.noreply.github.com>
+David Karlsson <david.karlsson@docker.com>
+David Karlsson <david.karlsson@docker.com> <35727626+dvdksn@users.noreply.github.com>
+jaihwan104 <jaihwan104@woowahan.com>
+jaihwan104 <jaihwan104@woowahan.com> <42341126+jaihwan104@users.noreply.github.com>
+Kenyon Ralph <kenyon@kenyonralph.com>
+Kenyon Ralph <kenyon@kenyonralph.com> <quic_kralph@quicinc.com>
 Sebastiaan van Stijn <github@gone.nl>
 Sebastiaan van Stijn <github@gone.nl> <thaJeztah@users.noreply.github.com>
+Shaun Thompson <shaun.thompson@docker.com>
+Shaun Thompson <shaun.thompson@docker.com> <shaun.b.thompson@gmail.com>
+Silvin Lubecki <silvin.lubecki@docker.com>
+Silvin Lubecki <silvin.lubecki@docker.com> <31478878+silvin-lubecki@users.noreply.github.com>
+Talon Bowler <talon.bowler@docker.com>
+Talon Bowler <talon.bowler@docker.com> <nolat301@gmail.com>
 Tibor Vass <tibor@docker.com>
 Tibor Vass <tibor@docker.com> <tiborvass@users.noreply.github.com>
 Tõnis Tiigi <tonistiigi@gmail.com>

AUTHORS

@@ -1,45 +1,112 @@
 # This file lists all individuals having contributed content to the repository.
 # For how it is generated, see hack/dockerfiles/authors.Dockerfile.
 
+accetto <34798830+accetto@users.noreply.github.com>
 Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
+Aleksa Sarai <cyphar@cyphar.com>
 Alex Couture-Beil <alex@earthly.dev>
 Andrew Haines <andrew.haines@zencargo.com>
+Andy Caldwell <andrew.caldwell@metaswitch.com>
 Andy MacKinlay <admackin@users.noreply.github.com>
 Anthony Poschen <zanven42@gmail.com>
+Arnold Sobanski <arnold@l4g.dev>
 Artur Klauser <Artur.Klauser@computer.org>
-Batuhan Apaydın <developerguy2@gmail.com>
+Avi Deitcher <avi@deitcher.net>
+Batuhan Apaydın <batuhan.apaydin@trendyol.com>
+Ben Peachey <potherca@gmail.com>
+Bertrand Paquet <bertrand.paquet@gmail.com>
 Bin Du <bindu@microsoft.com>
 Brandon Philips <brandon@ifup.org>
 Brian Goff <cpuguy83@gmail.com>
+Bryce Lampe <bryce@pulumi.com>
+Cameron Adams <pnzreba@gmail.com>
+Christian Dupuis <cd@atomist.com>
+Cory Snider <csnider@mirantis.com>
 CrazyMax <github@crazymax.dev>
+David Gageot <david.gageot@docker.com>
+David Karlsson <david.karlsson@docker.com>
+David Scott <dave@recoil.org>
 dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 Devin Bayer <dev@doubly.so>
 Djordje Lukic <djordje.lukic@docker.com>
+Dmitry Makovey <dmakovey@gitlab.com>
 Dmytro Makovey <dmytro.makovey@docker.com>
 Donghui Wang <977675308@qq.com>
+Doug Borg <dougborg@apple.com>
+Edgar Lee <edgarl@netflix.com>
+Eli Treuherz <et@arenko.group>
+Eliott Wiener <eliottwiener@gmail.com>
+Elran Shefer <elran.shefer@velocity.tech>
 faust <faustin@fala.red>
 Felipe Santos <felipecassiors@gmail.com>
+Felix de Souza <fdesouza@palantir.com>
 Fernando Miguel <github@FernandoMiguel.net>
 gfrancesco <gfrancesco@users.noreply.github.com>
 gracenoah <gracenoahgh@gmail.com>
+Guillaume Lours <705411+glours@users.noreply.github.com>
+guoguangwu <guoguangwu@magic-shield.com>
 Hollow Man <hollowman@hollowman.ml>
+Ian King'ori <kingorim.ian@gmail.com>
+idnandre <andre@idntimes.com>
 Ilya Dmitrichenko <errordeveloper@gmail.com>
+Isaac Gaskin <isaac.gaskin@circle.com>
 Jack Laxson <jackjrabbit@gmail.com>
+jaihwan104 <jaihwan104@woowahan.com>
 Jean-Yves Gastaud <jygastaud@gmail.com>
+Jhan S. Álvarez <51450231+yastanotheruser@users.noreply.github.com>
+Jonathan A. Sternberg <jonathan.sternberg@docker.com>
+Jonathan Piché <jpiche@coveo.com>
+Justin Chadwell <me@jedevc.com>
+Kenyon Ralph <kenyon@kenyonralph.com>
 khs1994 <khs1994@khs1994.com>
+Kijima Daigo <norimaking777@gmail.com>
+Kohei Tokunaga <ktokunaga.mail@gmail.com>
 Kotaro Adachi <k33asby@gmail.com>
+Kushagra Mansingh <12158241+kushmansingh@users.noreply.github.com>
 l00397676 <lujingxiao@huawei.com>
+Laura Brehm <laurabrehm@hey.com>
+Laurent Goderre <laurent.goderre@docker.com>
+Mark Hildreth <113933455+markhildreth-gravity@users.noreply.github.com>
+Mayeul Blanzat <mayeul.blanzat@datadoghq.com>
 Michal Augustyn <michal.augustyn@mail.com>
+Milas Bowman <milas.bowman@docker.com>
+Mitsuru Kariya <mitsuru.kariya@nttdata.com>
+Moleus <fafufuburr@gmail.com>
+Nick Santos <nick.santos@docker.com>
+Nick Sieger <nick@nicksieger.com>
+Nicolas De Loof <nicolas.deloof@gmail.com>
+Niklas Gehlen <niklas@namespacelabs.com>
 Patrick Van Stee <patrick@vanstee.me>
+Paweł Gronowski <pawel.gronowski@docker.com>
+Phong Tran <tran.pho@northeastern.edu>
+Qasim Sarfraz <qasimsarfraz@microsoft.com>
+Rob Murray <rob.murray@docker.com>
+robertlestak <robert.lestak@umusic.com>
 Saul Shanabrook <s.shanabrook@gmail.com>
+Sean P. Kane <spkane00@gmail.com>
 Sebastiaan van Stijn <github@gone.nl>
+Shaun Thompson <shaun.thompson@docker.com>
 SHIMA Tatsuya <ts1s1andn@gmail.com>
 Silvin Lubecki <silvin.lubecki@docker.com>
+Simon A. Eugster <simon.eu@gmail.com>
 Solomon Hykes <sh.github.6811@hykes.org>
+Sumner Warren <sumner.warren@gmail.com>
 Sune Keller <absukl@almbrand.dk>
+Talon Bowler <talon.bowler@docker.com>
+Tianon Gravi <admwiggin@gmail.com>
 Tibor Vass <tibor@docker.com>
+Tim Smith <tismith@rvohealth.com>
+Timofey Kirillov <timofey.kirillov@flant.com>
+Tyler Smith <tylerlwsmith@gmail.com>
 Tõnis Tiigi <tonistiigi@gmail.com>
 Ulysses Souza <ulyssessouza@gmail.com>
+Usual Coder <34403413+Usual-Coder@users.noreply.github.com>
 Wang Jinglei <morlay.null@gmail.com>
+Wei <daviseago@gmail.com>
+Wojciech M <wmiedzybrodzki@outlook.com>
 Xiang Dai <764524258@qq.com>
+Zachary Povey <zachary.povey@autotrader.co.uk>
 zelahi <elahi.zuhayr@gmail.com>
+Zero <tobewhatwewant@gmail.com>
+zhyon404 <zhyong4@gmail.com>
+Zsolt <zsolt.szeberenyi@figured.com>

PROJECT.md

@@ -0,0 +1,453 @@
+# Project processing guide <!-- omit from toc -->
+
+- [Project scope](#project-scope)
+- [Labels](#labels)
+  - [Global](#global)
+  - [`area/`](#area)
+  - [`exp/`](#exp)
+  - [`impact/`](#impact)
+  - [`kind/`](#kind)
+  - [`needs/`](#needs)
+  - [`priority/`](#priority)
+  - [`status/`](#status)
+- [Types of releases](#types-of-releases)
+  - [Feature releases](#feature-releases)
+    - [Release Candidates](#release-candidates)
+    - [Support Policy](#support-policy)
+    - [Contributing to Releases](#contributing-to-releases)
+  - [Patch releases](#patch-releases)
+- [Milestones](#milestones)
+- [Triage process](#triage-process)
+  - [Verify essential information](#verify-essential-information)
+  - [Classify the issue](#classify-the-issue)
+- [Prioritization guidelines for `kind/bug`](#prioritization-guidelines-for-kindbug)
+- [Issue lifecyle](#issue-lifecyle)
+  - [Examples](#examples)
+    - [Submitting a bug](#submitting-a-bug)
+- [Pull request review process](#pull-request-review-process)
+- [Handling stalled issues and pull requests](#handling-stalled-issues-and-pull-requests)
+- [Moving to a discussion](#moving-to-a-discussion)
+- [Workflow automation](#workflow-automation)
+  - [Exempting an issue/PR from stale bot processing](#exempting-an-issuepr-from-stale-bot-processing)
+- [Updating dependencies](#updating-dependencies)
+
+---
+
+## Project scope
+
+**Docker Buildx** is a Docker CLI plugin designed to extend build capabilities using BuildKit. It provides advanced features for building container images, supporting multiple builder instances, multi-node builds, and high-level build constructs. Buildx enhances the Docker build process, making it more efficient and flexible, and is compatible with both Docker and Kubernetes environments. Key features include:
+
+- **Familiar user experience:** Buildx offers a user experience similar to legacy docker build, ensuring a smooth transition from legacy commands
+- **Full BuildKit capabilities:** Leverage the full feature set of [`moby/buildkit`](https://github.com/moby/buildkit) when using the container driver
+- **Multiple builder instances:** Supports the use of multiple builder instances, allowing concurrent builds and effective management and monitoring of these builders.
+- **Multi-node builds:** Use multiple nodes to build cross-platform images
+- **Compose integration:** Build complex, multi-services files as defined in compose
+- **High-level build constructs via `bake`:** Introduces high-level build constructs for more complex build workflows
+- **In-container driver support:** Support in-container drivers for both Docker and Kubernetes environments to support isolation/security.
+
+## Labels
+
+Below are common groups, labels, and their intended usage to support issues, pull requests, and discussion processing.
+
+### Global
+
+General attributes that can apply to nearly any issue or pull request.
+
+| Label               | Applies to  | Description                                                               |
+| ------------------- | ----------- | ------------------------------------------------------------------------- |
+| `bot`               | Issues, PRs | Created by a bot                                                          |
+| `good first issue ` | Issues      | Suitable for first-time contributors                                      |
+| `help wanted`       | Issues, PRs | Assistance requested                                                      |
+| `lgtm`              | PRs         | “Looks good to me” approval                                               |
+| `stale`             | Issues, PRs | The issue/PR has not had activity for a while                             |
+| `rotten`            | Issues, PRs | The issue/PR has not had activity since being marked stale and was closed |
+| `frozen`            | Issues, PRs | The issue/PR should be skipped by the stale-bot                           |
+| `dco/no`            | PRs         | The PR is missing a developer certificate of origin sign-off              |
+
+### `area/`
+
+Area or component of the project affected. Please note that the table below may not be inclusive of all current options.
+
+| Label                          | Applies to | Description                |
+| ------------------------------ | ---------- | -------------------------- |
+| `area/bake`                    | Any        | `bake`                     |
+| `area/bake/compose`            | Any        | `bake/compose`             |
+| `area/build`                   | Any        | `build`                    |
+| `area/builder`                 | Any        | `builder`                  |
+| `area/buildkit`                | Any        | Relates to `moby/buildkit` |
+| `area/cache`                   | Any        | `cache`                    |
+| `area/checks`                  | Any        | `checks`                   |
+| `area/ci`                      | Any        | Project CI                 |
+| `area/cli`                     | Any        | `cli`                      |
+| `area/controller`              | Any        | `controller`               |
+| `area/debug`                   | Any        | `debug`                    |
+| `area/dependencies`            | Any        | Project dependencies       |
+| `area/dockerfile`              | Any        | `dockerfile`               |
+| `area/docs`                    | Any        | `docs`                     |
+| `area/driver`                  | Any        | `driver`                   |
+| `area/driver/docker`           | Any        | `driver/docker`            |
+| `area/driver/docker-container` | Any        | `driver/docker-container`  |
+| `area/driver/kubernetes`       | Any        | `driver/kubernetes`        |
+| `area/driver/remote`           | Any        | `driver/remote`            |
+| `area/feature-parity`          | Any        | `feature-parity`           |
+| `area/github-actions`          | Any        | `github-actions`           |
+| `area/hack`                    | Any        | Project hack/support       |
+| `area/imagetools`              | Any        | `imagetools`               |
+| `area/metrics`                 | Any        | `metrics`                  |
+| `area/moby`                    | Any        | Relates to `moby/moby`     |
+| `area/project`                 | Any        | Project support            |
+| `area/qemu`                    | Any        | `qemu`                     |
+| `area/tests`                   | Any        | Project testing            |
+| `area/windows`                 | Any        | `windows`                  |
+
+### `exp/`
+
+Estimated experience level to complete the item
+
+| Label              | Applies to | Description                                                                     |
+| ------------------ | ---------- | ------------------------------------------------------------------------------- |
+| `exp/beginner`     | Issue      | Suitable for contributors new to the project or technology stack                |
+| `exp/intermediate` | Issue      | Requires some familiarity with the project and technology                       |
+| `exp/expert`       | Issue      | Requires deep understanding and advanced skills with the project and technology |
+
+### `impact/`
+
+Potential impact areas of the issue or pull request.
+
+| Label                | Applies to | Description                                        |
+| -------------------- | ---------- | -------------------------------------------------- |
+| `impact/breaking`    | PR         | Change is API-breaking                             |
+| `impact/changelog`   | PR         | When complete, the item should be in the changelog |
+| `impact/deprecation` | PR         | Change is a deprecation of a feature               |
+
+
+### `kind/`
+
+The type of issue, pull request or discussion
+
+| Label              | Applies to        | Description                                             |
+| ------------------ | ----------------- | ------------------------------------------------------- |
+| `kind/bug`         | Issue, PR         | Confirmed bug                                           |
+| `kind/chore`       | Issue, PR         | Project support tasks                                   |
+| `kind/docs`        | Issue, PR         | Additions or modifications to the documentation         |
+| `kind/duplicate`   | Any               | Duplicate of another item                               |
+| `kind/enhancement` | Any               | Enhancement of an existing feature                      |
+| `kind/feature`     | Any               | A brand new feature                                     |
+| `kind/maybe-bug`   | Issue, PR         | Unconfirmed bug, turns into kind/bug when confirmed     |
+| `kind/proposal`    | Issue, Discussion | A proposed major change                                 |
+| `kind/refactor`    | Issue, PR         | Refactor of existing code                               |
+| `kind/support`     | Any               | A question, discussion, or other user support item      |
+| `kind/tests`       | Issue, PR         | Additions or modifications to the project testing suite |
+
+### `needs/`
+
+Actions or missing requirements needed by the issue or pull request.
+
+| Label                       | Applies to | Description                                           |
+| --------------------------- | ---------- | ----------------------------------------------------- |
+| `needs/assignee`            | Issue, PR  | Needs an assignee                                     |
+| `needs/code-review`         | PR         | Needs review of code                                  |
+| `needs/design-review`       | Issue, PR  | Needs review of design                                |
+| `needs/docs-review`         | Issue, PR  | Needs review by the documentation team                |
+| `needs/docs-update`         | Issue, PR  | Needs an update to the docs                           |
+| `needs/follow-on-work`      | Issue, PR  | Needs follow-on work/PR                               |
+| `needs/issue`               | PR         | Needs an issue                                        |
+| `needs/maintainer-decision` | Issue, PR  | Needs maintainer discussion/decision before advancing |
+| `needs/milestone`           | Issue, PR  | Needs milestone assignment                            |
+| `needs/more-info`           | Any        | Needs more information from the author                |
+| `needs/more-investigation`  | Issue, PR  | Needs further investigation                           |
+| `needs/priority`            | Issue, PR  | Needs priority assignment                             |
+| `needs/pull-request`        | Issue      | Needs a pull request                                  |
+| `needs/rebase`              | PR         | Needs rebase to target branch                         |
+| `needs/reproduction`        | Issue, PR  | Needs reproduction steps                              |
+
+### `priority/`
+
+Level of urgency of a `kind/bug` issue or pull request.
+
+| Label         | Applies to | Description                                                             |
+| ------------- | ---------- | ----------------------------------------------------------------------- |
+| `priority/P0` | Issue, PR  | Urgent: Security, critical bugs, blocking issues.                       |
+| `priority/P1` | Issue, PR  | Important: This is a top priority and a must-have for the next release. |
+| `priority/P2` | Issue, PR  | Normal: Default priority                                                |
+
+### `status/`
+
+Current lifecycle state of the issue or pull request.
+
+| Label                 | Applies to | Description                                                            |
+| --------------------- | ---------- | ---------------------------------------------------------------------- |
+| `status/accepted`     | Issue, PR  | The issue has been reviewed and accepted for implementation            |
+| `status/active`       | PR         | The PR is actively being worked on by a maintainer or community member |
+| `status/blocked`      | Issue, PR  | The issue/PR is blocked from advancing to another status               |
+| `status/do-not-merge` | PR         | Should not be merged pending further review or changes                 |
+| `status/transfer`     | Any        | Transferred to another project                                         |
+| `status/triage`       | Any        | The item needs to be sorted by maintainers                             |
+| `status/wontfix`      | Issue, PR  | The issue/PR will not be fixed or addressed as described               |
+
+## Types of releases
+
+This project has feature releases, patch releases, and security releases.
+
+### Feature releases
+
+Feature releases are made from the development branch, followed by cutting a release branch for future patch releases, which may also occur during the code freeze period.
+
+#### Release Candidates
+
+Users can expect 2-3 release candidate (RC) test releases prior to a feature release. The first RC is typically released about one to two weeks before the final release.
+
+#### Support Policy
+
+Once a new feature release is cut, support for the previous feature release is discontinued. An exception may be made for urgent security releases that occur shortly after a new feature release. Buildx does not offer LTS (Long-Term Support) releases.
+
+#### Contributing to Releases
+
+Anyone can request that an issue or PR be included in the next feature or patch release milestone, provided it meets the necessary requirements.
+
+### Patch releases
+
+Patch releases should only include the most critical patches. Stability is vital, so everyone should always use the latest patch release.
+
+If a fix is needed but does not qualify for a patch release because of its code size or other criteria that make it too unpredictable, we will prioritize cutting a new feature release sooner rather than making an exception for backporting.
+
+Following PRs are included in patch releases
+
+- `priority/P0` fixes
+- `priority/P1` fixes, assuming maintainers don’t object because of the patch size
+- `priority/P2` fixes, only if (both required)
+    - proposed by maintainer
+    - the patch is trivial and self-contained
+- Documentation-only patches
+- Vendored dependency updates, only if:
+    - Fixing (qualifying) bug or security issue in Buildx
+    - The patch is small, else a forked version of the dependency with only the patches required
+
+New features do not qualify for patch release.
+
+## Milestones
+
+Milestones are used to help identify what releases a contribution will be in. 
+
+- The `v0.next` milestone collects unblocked items planned for the next 2-3 feature releases but not yet assigned to a specific version milestone.
+- The `v0.backlog` milestone gathers all triaged items considered for the long-term (beyond the next 3 feature releases) or currently unfit for a future release due to certain conditions. These items may be blocked and need to be unblocked before progressing.
+
+## Triage process
+
+Triage provides an important way to contribute to an open-source project. When submitted without an issue this process applies to Pull Requests as well. Triage helps ensure work items are resolved quickly by:
+
+- Ensuring the issue's intent and purpose are described precisely. This is necessary because it can be difficult for an issue to explain how an end user experiences a problem and what actions they took to arrive at the problem.
+- Giving a contributor the information they need before they commit to resolving an issue.
+- Lowering the issue count by preventing duplicate issues.
+- Streamlining the development process by preventing duplicate discussions.
+
+If you don't have time to code, consider helping with triage. The community will thank you for saving them time by spending some of yours. The same basic process should be applied upon receipt of a new issue.
+
+1. Verify essential information
+2. Classify the issue
+3. Prioritizing the issue
+
+### Verify essential information
+
+Before advancing the triage process, ensure the issue contains all necessary information to be properly understood and assessed. The required information may vary by issue type, but typically includes the system environment, version numbers, reproduction steps, expected outcomes, and actual results.
+
+- **Exercising Judgment**: Use your best judgment to assess the issue description’s completeness.
+- **Communicating Needs**: If the information provided is insufficient, kindly request additional details from the author. Explain that this information is crucial for clarity and resolution of the issue, and apply the `needs/more-information` label to indicate a response from the author is required.
+
+### Classify the issue
+
+An issue will typically have multiple labels. These are used to help communicate key information about context, requirements, and status. At a minimum, a properly classified issue should have:
+
+- (Required) One or more [`area/*`](#area) labels
+- (Required) One [`kind/*`](#kind) label  to indicate the type of issue
+- (Required if `kind/bug`) A [`priority/*`](#priority) label
+
+When assigning a decision the following labels should be present:
+
+- (Required) One [`status/*`](#status) label  to indicate lifecycle status
+
+Additional labels can provide more clarity:
+
+- Zero or more [`needs/*`](#needs) labels to indicate missing items
+- Zero or more [`impact/*`](#impact) labels
+- One [`exp/*`](#exp) label
+
+## Prioritization guidelines for `kind/bug`
+
+When an issue or pull request of `kind/bug` is correctly categorized and attached to a milestone, the labels indicate the urgency with which it should be completed. 
+
+**priority/P0**
+
+Fixing this item is the highest priority. A patch release will follow as soon as a patch is available and verified. This level is used exclusively for bugs.
+
+Examples:
+
+- Regression in a critical code path
+- Panic in a critical code path
+- Corruption in critical code path or rest of the system
+- Leaked zero-day critical security
+
+**priority/P1**
+
+Items with this label should be fixed with high priority and almost always included in a patch release. Unless waiting for another issue, patch releases should happen within a week. This level is not used for features or enhancements.
+
+Examples:
+
+- Any regression, panic
+- Measurable performance regression
+- A major bug in a new feature in the latest release
+- Incompatibility with upgraded external dependency
+
+**priority/P2**
+
+This is the default priority and is implied in the absence of a `priority/` label. Bugs with this priority should be included in the next feature release but may land in a patch release if they are ready and unlikely to impact other functionality adversely. Non-bug issues with this priority should also be included in the next feature release if they are available and ready.
+
+Examples:
+
+- Confirmed bugs
+- Bugs in non-default configurations
+- Most enhancements
+
+## Issue lifecyle
+
+```mermaid
+flowchart LR
+  create([New issue]) --> triage
+  subgraph triage[Triage Loop]
+    review[Review]
+  end
+  subgraph decision[Decision]
+    accept[Accept]
+    close[Close]
+  end
+  triage -- if accepted --> accept[Assign status, milestone]
+  triage -- if rejected --> close[Assign status, close issue]
+```
+
+### Examples
+
+#### Submitting a bug
+
+To help illustrate the issue life cycle let’s walk through submitting an issue as a potential bug in CI that enters a feedback loop and is eventually accepted as P2 priority and placed on the backlog.
+
+```mermaid
+flowchart LR
+
+	new([New issue])
+	
+	subgraph triage[Triage]
+	direction LR
+	
+  create["Action: Submit issue via Bug form\nLabels: kind/maybe-bug, status/triage"]
+  style create text-align:left
+
+		subgraph review[Review]
+		direction TB
+	  classify["Action: Maintainer reviews issue, requests more info\nLabels: kind/maybe-bug, status/triage, needs/more-info, area/*"]
+	  style classify text-align:left
+	  
+	  update["Action: Author updates issue\nLabels: kind/maybe-bug, status/triage, needs/more-info, area/*"]
+	  style update text-align:left
+	
+	  classify --> update
+	  update --> classify
+	  end
+  
+  create --> review
+  end
+
+	subgraph decision[Decision]
+	accept["Action: Maintainer reviews updates, accepts, assigns milestone\nLabels: kind/bug, priority/P2, status/accepted, area/*, impact/*"]
+  style accept text-align: left
+  end
+  
+  new --> triage
+  triage --> decision
+```
+
+## Pull request review process
+
+A thorough and timely review process for pull requests (PRs) is crucial for maintaining the integrity and quality of the project while fostering a collaborative environment.
+
+- **Labeling**: Most labels should be inherited from a linked issue. If no issue is linked an extended review process may be required.
+- **Continuous Integration**: With few exceptions, it is crucial that all Continuous Integration (CI) workflows pass successfully.
+- **Draft Status**: Incomplete or long-running PRs should be placed in "Draft" status. They may revert to "Draft" status upon initial review if significant rework is required.
+
+```mermaid
+flowchart LR
+  triage([Triage])
+  draft[Draft PR]
+  review[PR Review]
+  closed{{Close PR}}
+  merge{{Merge PR}}
+
+  subgraph feedback1[Feedback Loop]
+    draft
+  end
+  subgraph feedback2[Feedback Loop]
+     review
+  end
+
+  triage --> draft
+  draft --> review
+  review --> closed
+  review --> draft
+  review --> merge
+```
+
+## Handling stalled issues and pull requests
+
+Unfortunately, some issues or pull requests can remain inactive for extended periods. To mitigate this, automation is employed to prompt both the author and maintainers, ensuring that all contributions receive appropriate attention.
+
+**For Authors:**
+
+- **Closure of Inactive Items**: If your issue or PR becomes irrelevant or is no longer needed, please close it to help keep the project clean.
+- **Prompt Responses**: If additional information is requested, please respond promptly to facilitate progress.
+
+**For Maintainers:**
+
+- **Timely Responses**: Endeavor to address issues and PRs within a reasonable timeframe to keep the community actively engaged.
+- **Engagement with Stale Issues**: If an issue becomes stale due to maintainer inaction, re-engage with the author to reassess and revitalize the discussion.
+
+**Stale and Rotten Policy:**
+
+- An issue or PR will be labeled as **`stale`** after 14 calendar days of inactivity. If it remains inactive for another 30 days, it will be labeled as **`rotten`** and closed.
+- Authors whose issues or PRs have been closed are welcome to re-open them or create new ones and link to the original.
+
+**Skipping Stale Processing:**
+
+- To prevent an issue or PR from being marked as stale, label it as **`frozen`**.
+
+**Exceptions to Stale Processing:**
+
+- Issues or PRs marked as **`frozen`**.
+- Issues or PRs assigned to a milestone.
+
+## Moving to a discussion
+
+Sometimes, an issue or pull request may not be the appropriate medium for what is essentially a discussion. In such cases, the issue or PR will either be converted to a discussion or a new discussion will be created. The original item will then be labeled appropriately (**`kind/discussion`** or **`kind/question`**) and closed.
+
+If you believe this conversion was made in error, please express your concerns in the new discussion thread. If necessary, a reversal to the original issue or PR format can be facilitated.
+
+## Workflow automation
+
+To help expedite common operations, avoid errors and reduce toil some workflow automation is used by the project. This can include:
+
+- Stale issue or pull request processing
+- Auto-labeling actions
+- Auto-response actions
+- Label carry over from issue to pull request
+
+### Exempting an issue/PR from stale bot processing
+
+The stale item handling is configured in the [repository](link-to-config-file). To exempt an issue or PR from stale processing you can:
+
+- Add the item to a milestone
+- Add the `frozen` label to the item
+
+## Updating dependencies
+
+- **Runtime Dependencies**: Use the latest stable release available when the first Release Candidate (RC) of a new feature release is cut. For patch releases, update to the latest corresponding patch release of the dependency.
+- **Other Dependencies**: Always permitted to update to the latest patch release in the development branch. Updates to a new feature release require justification, unless the dependency is outdated. Prefer tagged versions of dependencies unless a specific untagged commit is needed. Go modules should specify the lowest compatible version; there is no requirement to update all dependencies to their latest versions before cutting a new Buildx feature release.
+- **Patch Releases**: Vendored dependency updates are considered for patch releases, except in the rare cases specified previously.
+- **Security Considerations**: A security scanner report indicating a non-exploitable issue via Buildx does not justify backports.

docs/bake-reference.md

@@ -871,8 +871,8 @@ This lets you [mount the secret][run_mount_secret] in your Dockerfile.
 ```dockerfile
 RUN --mount=type=secret,id=aws,target=/root/.aws/credentials \
     aws cloudfront create-invalidation ...
-RUN --mount=type=secret,id=KUBECONFIG \
-    KUBECONFIG=$(cat /run/secrets/KUBECONFIG) helm upgrade --install
+RUN --mount=type=secret,id=KUBECONFIG,env=KUBECONFIG \
+    helm upgrade --install
 ```
 
 ### `target.shm-size`

docs/reference/buildx_build.md

@@ -947,8 +947,8 @@ Attribute keys:
 # syntax=docker/dockerfile:1
 FROM node:alpine
 RUN --mount=type=bind,target=. \
-  --mount=type=secret,id=SECRET_TOKEN \
-  SECRET_TOKEN=$(cat /run/secrets/SECRET_TOKEN) yarn run test
+  --mount=type=secret,id=SECRET_TOKEN,env=SECRET_TOKEN \
+  yarn run test
 ```
 
 ```console

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/config v1.26.6
 	github.com/compose-spec/compose-go/v2 v2.1.6
 	github.com/containerd/console v1.0.4
-	github.com/containerd/containerd v1.7.20
+	github.com/containerd/containerd v1.7.21
 	github.com/containerd/continuity v0.4.3
 	github.com/containerd/errdefs v0.1.0
 	github.com/containerd/log v0.1.0
@@ -16,9 +16,9 @@ require (
 	github.com/containerd/typeurl/v2 v2.2.0
 	github.com/creack/pty v1.1.21
 	github.com/distribution/reference v0.6.0
-	github.com/docker/cli v27.2.0+incompatible
+	github.com/docker/cli v27.2.1+incompatible
 	github.com/docker/cli-docs-tool v0.8.0
-	github.com/docker/docker v27.2.0+incompatible
+	github.com/docker/docker v27.2.1+incompatible
 	github.com/docker/go-units v0.5.0
 	github.com/gofrs/flock v0.12.1
 	github.com/gogo/protobuf v1.3.2
@@ -29,7 +29,7 @@ require (
 	github.com/hashicorp/hcl/v2 v2.20.1
 	github.com/in-toto/in-toto-golang v0.5.0
 	github.com/mitchellh/hashstructure/v2 v2.0.2
-	github.com/moby/buildkit v0.16.0-rc1
+	github.com/moby/buildkit v0.16.0
 	github.com/moby/sys/mountinfo v0.7.2
 	github.com/moby/sys/signal v0.7.1
 	github.com/morikuni/aec v1.0.0
@@ -54,7 +54,7 @@ require (
 	golang.org/x/sys v0.22.0
 	golang.org/x/term v0.20.0
 	golang.org/x/text v0.15.0
-	google.golang.org/grpc v1.60.1
+	google.golang.org/grpc v1.62.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.29.2
 	k8s.io/apimachinery v0.29.2
@@ -163,13 +163,13 @@ require (
 	golang.org/x/crypto v0.23.0 // indirect
 	golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 // indirect
 	golang.org/x/net v0.25.0 // indirect
-	golang.org/x/oauth2 v0.13.0 // indirect
+	golang.org/x/oauth2 v0.16.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.17.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 // indirect
+	google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect

go.sum

@@ -1,4 +1,4 @@
-cloud.google.com/go v0.110.10 h1:LXy9GEO+timppncPIAZoOj3l58LIU9k+kn48AN7IO3Y=
+cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM=
 cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk=
 cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
@@ -80,8 +80,8 @@ github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cloudflare/cfssl v0.0.0-20180223231731-4e2dcbde5004 h1:lkAMpLVBDaj17e85keuznYcH5rqI438v41pKcBl4ZxQ=
 github.com/cloudflare/cfssl v0.0.0-20180223231731-4e2dcbde5004/go.mod h1:yMWuSON2oQp+43nFtAV/uvKQIFpSPerB57DCt9t8sSA=
-github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k=
-github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ=
+github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM=
 github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE=
 github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4=
 github.com/compose-spec/compose-go/v2 v2.1.6 h1:d0Cs0DffmOwmSzs0YPHwKCskknGq2jfGg4uGowlEpps=
@@ -90,8 +90,8 @@ github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaD
 github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
 github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro=
 github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk=
-github.com/containerd/containerd v1.7.20 h1:Sl6jQYk3TRavaU83h66QMbI2Nqg9Jm6qzwX57Vsn1SQ=
-github.com/containerd/containerd v1.7.20/go.mod h1:52GsS5CwquuqPuLncsXwG0t2CiUce+KsNHJZQJvAgR0=
+github.com/containerd/containerd v1.7.21 h1:USGXRK1eOC/SX0L195YgxTHb0a00anxajOzgfN0qrCA=
+github.com/containerd/containerd v1.7.21/go.mod h1:e3Jz1rYRUZ2Lt51YrH9Rz0zPyJBOlSvB3ghr2jbVD8g=
 github.com/containerd/containerd/api v1.7.19 h1:VWbJL+8Ap4Ju2mx9c9qS1uFSB1OVYr5JJrW2yT5vFoA=
 github.com/containerd/containerd/api v1.7.19/go.mod h1:fwGavl3LNwAV5ilJ0sbrABL44AQxmNjDRcwheXDb6Ig=
 github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8=
@@ -124,15 +124,15 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/cli v27.2.0+incompatible h1:yHD1QEB1/0vr5eBNpu8tncu8gWxg8EydFPOSKHzXSMM=
-github.com/docker/cli v27.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v27.2.1+incompatible h1:U5BPtiD0viUzjGAjV1p0MGB8eVA3L3cbIrnyWmSJI70=
+github.com/docker/cli v27.2.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/cli-docs-tool v0.8.0 h1:YcDWl7rQJC3lJ7WVZRwSs3bc9nka97QLWfyJQli8yJU=
 github.com/docker/cli-docs-tool v0.8.0/go.mod h1:8TQQ3E7mOXoYUs811LiPdUnAhXrcVsBIrW21a5pUbdk=
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v27.2.0+incompatible h1:Rk9nIVdfH3+Vz4cyI/uhbINhEZ/oLmc+CBXmH6fbNk4=
-github.com/docker/docker v27.2.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v27.2.1+incompatible h1:fQdiLfW7VLscyoeYEBz7/J8soYFDZV1u6VW6gJEjNMI=
+github.com/docker/docker v27.2.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
 github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
 github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0=
@@ -152,8 +152,8 @@ github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNE
 github.com/dvsekhvalnov/jose2go v0.0.0-20170216131308-f21a8cedbbae/go.mod h1:7BvyPhdbLxMXIYTFPLsyJRFMsKmOZnQmzh6Gb+uquuM=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA=
-github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE=
+github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
+github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
 github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
@@ -193,8 +193,8 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
-github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo=
-github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ=
+github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=
+github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -307,8 +307,8 @@ github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/z
 github.com/mitchellh/mapstructure v0.0.0-20150613213606-2caf8efc9366/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/moby/buildkit v0.16.0-rc1 h1:G6KBYr6T4B1ylpinYIjcNLcVkPUkuddw3daqaM9yg9A=
-github.com/moby/buildkit v0.16.0-rc1/go.mod h1:WLr3pMBXsAoSuZIGdGww1JPz8S8Qp+OTf0dlrPnzbDg=
+github.com/moby/buildkit v0.16.0 h1:wOVBj1o5YNVad/txPQNXUXdelm7Hs/i0PUFjzbK0VKE=
+github.com/moby/buildkit v0.16.0/go.mod h1:Xqx/5GlrqE1yIRORk0NSCVDFpQAU1WjlT6KHYZdisIQ=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
@@ -530,8 +530,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
-golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
-golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
+golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
+golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -587,15 +587,15 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8T
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
 google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
-google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg=
-google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic=
-google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f h1:2yNACc1O40tTnrsbk9Cv6oxiW8pxI/pXj0wRtdlYmgY=
-google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f/go.mod h1:Uy9bTZJqmfrw2rIBxgGLnamc78euZULUBrLZ9XTITKI=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 h1:/jFB8jK5R3Sq3i/lmeZO0cATSzFfZaJq1J2Euan3XKU=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0/go.mod h1:FUoWkonphQm3RhTS+kOEhF8h0iDpm4tdXolVCeZ9KKA=
+google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
+google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro=
+google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 h1:Lj5rbfG876hIAYFjqiJnPHfhXbv+nzTWfm04Fg/XSVU=
+google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 h1:AjyfHzEPEFp/NpvfN5g+KDla3EMojjhRVZc1i7cj+oM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s=
 google.golang.org/grpc v1.0.5/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
-google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU=
-google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM=
+google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk=
+google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=

hack/dockerfiles/authors.Dockerfile

@@ -1,20 +1,21 @@
 # syntax=docker/dockerfile:1
 
-FROM alpine:3.14 AS gen
+ARG ALPINE_VERSION=3.20
+
+FROM alpine:${ALPINE_VERSION} AS gen
 RUN apk add --no-cache git
 WORKDIR /src
 RUN --mount=type=bind,target=. <<EOT
-#!/usr/bin/env bash
-set -e
-mkdir /out
-# see also ".mailmap" for how email addresses and names are deduplicated
-{
-  echo "# This file lists all individuals having contributed content to the repository."
-  echo "# For how it is generated, see hack/dockerfiles/authors.Dockerfile."
-  echo
-  git log --format='%aN <%aE>' | LC_ALL=C.UTF-8 sort -uf
-} > /out/AUTHORS
-cat /out/AUTHORS
+  set -e
+  mkdir /out
+  # see also ".mailmap" for how email addresses and names are deduplicated
+  {
+    echo "# This file lists all individuals having contributed content to the repository."
+    echo "# For how it is generated, see hack/dockerfiles/authors.Dockerfile."
+    echo
+    git log --format='%aN <%aE>' | LC_ALL=C.UTF-8 sort -uf
+  } > /out/AUTHORS
+  cat /out/AUTHORS
 EOT
 
 FROM scratch AS update
@@ -22,12 +23,12 @@ COPY --from=gen /out /
 
 FROM gen AS validate
 RUN --mount=type=bind,target=.,rw <<EOT
-set -e
-git add -A
-cp -rf /out/* .
-if [ -n "$(git status --porcelain -- AUTHORS)" ]; then
-  echo >&2 'ERROR: Authors result differs. Please update with "make authors"'
-  git status --porcelain -- AUTHORS
-  exit 1
-fi
+  set -e
+  git add -A
+  cp -rf /out/* .
+  if [ -n "$(git status --porcelain -- AUTHORS)" ]; then
+    echo >&2 'ERROR: Authors result differs. Please update with "make authors"'
+    git status --porcelain -- AUTHORS
+    exit 1
+  fi
 EOT

vendor/github.com/containerd/containerd/version/version.go

@@ -23,7 +23,7 @@ var (
 	Package = "github.com/containerd/containerd"
 
 	// Version holds the complete version number. Filled in at linking time.
-	Version = "1.7.20+unknown"
+	Version = "1.7.21+unknown"
 
 	// Revision is filled with the VCS (e.g. git) revision being used to build
 	// the program at linking time.

vendor/github.com/docker/cli/cli/command/registry.go

@@ -124,17 +124,6 @@ func PromptUserForCredentials(ctx context.Context, cli Cli, argUser, argPassword
 		cli.SetIn(streams.NewIn(os.Stdin))
 	}
 
-	// Some links documenting this:
-	// - https://code.google.com/archive/p/mintty/issues/56
-	// - https://github.com/docker/docker/issues/15272
-	// - https://mintty.github.io/ (compatibility)
-	// Linux will hit this if you attempt `cat | docker login`, and Windows
-	// will hit this if you attempt docker login from mintty where stdin
-	// is a pipe, not a character based console.
-	if argPassword == "" && !cli.In().IsTerminal() {
-		return authConfig, errors.Errorf("Error: Cannot perform an interactive login from a non TTY device")
-	}
-
 	isDefaultRegistry := serverAddress == registry.IndexServer
 	defaultUsername = strings.TrimSpace(defaultUsername)
 

vendor/github.com/docker/cli/cli/connhelper/connhelper.go

@@ -45,14 +45,14 @@ func getConnectionHelper(daemonURL string, sshFlags []string) (*ConnectionHelper
 		if err != nil {
 			return nil, errors.Wrap(err, "ssh host connection is not valid")
 		}
+		sshFlags = addSSHTimeout(sshFlags)
+		sshFlags = disablePseudoTerminalAllocation(sshFlags)
 		return &ConnectionHelper{
 			Dialer: func(ctx context.Context, network, addr string) (net.Conn, error) {
 				args := []string{"docker"}
 				if sp.Path != "" {
 					args = append(args, "--host", "unix://"+sp.Path)
 				}
-				sshFlags = addSSHTimeout(sshFlags)
-				sshFlags = disablePseudoTerminalAllocation(sshFlags)
 				args = append(args, "system", "dial-stdio")
 				return commandconn.New(ctx, "ssh", append(sshFlags, sp.Args(args...)...)...)
 			},

vendor/github.com/docker/docker/api/swagger.yaml

@@ -5347,7 +5347,7 @@ definitions:
           The version Go used to compile the daemon, and the version of the Go
           runtime in use.
         type: "string"
-        example: "go1.21.13"
+        example: "go1.22.7"
       Os:
         description: |
           The operating system that the daemon is running on ("linux" or "windows")

vendor/github.com/docker/docker/api/types/container/hostconfig.go

@@ -1,6 +1,7 @@
 package container // import "github.com/docker/docker/api/types/container"
 
 import (
+	"errors"
 	"fmt"
 	"strings"
 
@@ -325,12 +326,12 @@ func ValidateRestartPolicy(policy RestartPolicy) error {
 			if policy.MaximumRetryCount < 0 {
 				msg += " and cannot be negative"
 			}
-			return &errInvalidParameter{fmt.Errorf(msg)}
+			return &errInvalidParameter{errors.New(msg)}
 		}
 		return nil
 	case RestartPolicyOnFailure:
 		if policy.MaximumRetryCount < 0 {
-			return &errInvalidParameter{fmt.Errorf("invalid restart policy: maximum retry count cannot be negative")}
+			return &errInvalidParameter{errors.New("invalid restart policy: maximum retry count cannot be negative")}
 		}
 		return nil
 	case "":

vendor/github.com/moby/buildkit/AUTHORS

@@ -6,11 +6,16 @@ Aaron L. Xu <likexu@harmonycloud.cn>
 Aaron Lehmann <aaron.lehmann@docker.com>
 Aaron Lehmann <alehmann@netflix.com>
 Abdur Rehman <abdur_rehman@mentor.com>
+adamperlin <adamp@nanosoft.com>
 Addam Hardy <addam.hardy@gmail.com>
 Adrian Plata <adrian.plata@docker.com>
+Adrien Delorme <azr@users.noreply.github.com>
+Ahmon Dancy <adancy@wikimedia.org>
 Aidan Hobson Sayers <aidanhs@cantab.net>
 Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Alan Fregtman <941331+darkvertex@users.noreply.github.com>
+Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
+Aleksa Sarai <cyphar@cyphar.com>
 Alex Couture-Beil <alex@earthly.dev>
 Alex Mayer <amayer5125@gmail.com>
 Alex Suraci <suraci.alex@gmail.com>
@@ -29,17 +34,27 @@ Andrey Smirnov <smirnov.andrey@gmail.com>
 Andy Alt <andy5995@users.noreply.github.com>
 Andy Caldwell <andrew.caldwell@metaswitch.com>
 Ankush Agarwal <ankushagarwal11@gmail.com>
+Anthony Nandaa <profnandaa@gmail.com>
 Anthony Sottile <asottile@umich.edu>
 Anurag Goel <anurag@render.com>
 Anusha Ragunathan <anusha@docker.com>
+Arkadiusz Drabczyk <arkadiusz@drabczyk.org>
+Arnaldo Garcia Rincon <agarrcia@amazon.com>
 Arnaud Bailly <arnaud.oqube@gmail.com>
+Artem Khramov <akhramov@pm.me>
+Austin Vazquez <macedonv@amazon.com>
 Avi Deitcher <avi@deitcher.net>
 Bastiaan Bakker <bbakker@xebia.com>
 Ben Longo <benlongo9807@gmail.com>
 Bertrand Paquet <bertrand.paquet@gmail.com>
+Billy Owire <billyowire@microsoft.com>
 Bin Liu <liubin0329@gmail.com>
+Bjorn Neergaard <bjorn.neergaard@docker.com>
 Brandon Mitchell <git@bmitch.net>
+Brennan Kinney <5098581+polarathene@users.noreply.github.com>
 Brian Goff <cpuguy83@gmail.com>
+Bunyamin Dokmetas <19335284+ztzxt@users.noreply.github.com>
+Burt Holzman <burt@fnal.gov>
 Ce Gao <ce.gao@outlook.com>
 Chaerim Yeo <yeochaerim@gmail.com>
 Changwei Ge <gechangwei@bytedance.com>
@@ -60,8 +75,10 @@ Corey Larson <corey@earthly.dev>
 Cory Bennett <cbennett@netflix.com>
 Cory Snider <csnider@mirantis.com>
 coryb <cbennett@netflix.com>
+Craig Andrews <candrews@integralblue.com>
 CrazyMax <github@crazymax.dev>
 Csaba Apagyi <csaba.apagyi@gmail.com>
+cuiyourong <cuiyourong@gmail.com>
 Dan Duvall <dduvall@wikimedia.org>
 Daniel Cassidy <mail@danielcassidy.me.uk>
 Daniel Nephin <dnephin@gmail.com>
@@ -74,9 +91,11 @@ David Dooling <dooling@gmail.com>
 David Gageot <david.gageot@docker.com>
 David Karlsson <david.karlsson@docker.com>
 Davis Schirmer <djds@bghost.xyz>
+Debosmit Ray <dray92@uw.edu>
 Dennis Chen <dennis.chen@arm.com>
+Dennis Haney <davh@davh.dk>
 dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-Derek McGowan <derek@mcgstyle.net>
+Derek McGowan <derek@mcg.dev>
 Dharmit Shah <shahdharmit@gmail.com>
 Ding Fei <dingfei@stars.org.cn>
 dito <itodaisuke00@gmail.com>
@@ -86,16 +105,21 @@ Eli Uriegas <eli.uriegas@docker.com>
 Elias Faxö <elias.faxo@tre.se>
 Eng Zer Jun <engzerjun@gmail.com>
 Eric Engestrom <eric@engestrom.ch>
+Erik McKelvey <Erik.McKelvey.is@gmail.com>
 Erik Sipsma <erik@sipsma.dev>
 eyherabh <hugogabriel.eyherabide@gmail.com>
 f0 <f0@users.noreply.github.com>
+fanjiyun.fjy <fanjiyun.fjy@alibaba-inc.com>
+Felix Fontein <felix@fontein.de>
 Fernando Miguel <github@FernandoMiguel.net>
 Fiona Klute <fiona.klute@gmx.de>
 Foysal Iqbal <foysal.iqbal.fb@gmail.com>
+Frank Villaro-Dixon <frank.villarodixon@merkle.com>
+frankyang <yyb196@gmail.com>
 Fred Cox <mcfedr@gmail.com>
 Frieder Bluemle <frieder.bluemle@gmail.com>
-Gabriel <samfiragabriel@gmail.com>
-Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
+Félix Mattrat <felix@dysosmus.net>
+Gabriel-Adrian Samfira <samfiragabriel@gmail.com>
 Gaetan de Villele <gdevillele@gmail.com>
 Gahl Saraf <saraf.gahl@gmail.com>
 genglu.gl <luzigeng32@163.com>
@@ -103,7 +127,10 @@ George <george@betterde.com>
 ggjulio <juligonz@student.42.fr>
 Govind Rai <raigovind93@gmail.com>
 Grant Reaber <grant.reaber@gmail.com>
-Guilhem C <guilhem.charles@gmail.com>
+Grégoire Payen de La Garanderie <gregoire.payen.de.la.garanderie@intel.com>
+guangwu <guoguangwu@magic-shield.com>
+Guilhem Charles <guilhem.charles@gmail.com>
+guoguangwu <guoguangwug@gmail.com>
 Hans van den Bogert <hansbogert@gmail.com>
 Hao Hu <hao.hu.fr@gmail.com>
 Hector S <hfsam88@gmail.com>
@@ -112,13 +139,19 @@ Himanshu Pandey <hpandey@pivotal.io>
 Hiromu Nakamura <abctail30@gmail.com>
 HowJMay <vulxj0j8j8@gmail.com>
 Hugo Santos <hugo@namespacelabs.com>
+Höhl, Lukas <lukas.hoehl@accso.de>
 Ian Campbell <ijc@docker.com>
+Ian King'ori <kingorim.ian@gmail.com>
+Ignas Mikalajūnas <ignas@devzero.io>
 Ilya Dmitrichenko <errordeveloper@gmail.com>
 Iskander (Alex) Sharipov <quasilyte@gmail.com>
 Jacob Gillespie <jacobwgillespie@gmail.com>
 Jacob MacElroy <jacob@okteto.com>
+Jakub Ciolek <jakub@ciolek.dev>
+James Carnegie <james.carnegie@docker.com>
 Jean-Pierre Huynh <jean-pierre.huynh@ounet.fr>
 Jeffrey Huang <jeffreyhuang23@gmail.com>
+Jesper Noordsij <jesper@sslleiden.nl>
 Jesse Rittner <rittneje@gmail.com>
 Jessica Frazelle <acidburn@microsoft.com>
 jgeiger <jgeiger@gmail.com>
@@ -130,6 +163,7 @@ John Maguire <jmaguire@duosecurity.com>
 John Mulhausen <john@docker.com>
 John Tims <john.k.tims@gmail.com>
 Jon Zeolla <zeolla@gmail.com>
+Jonathan A. Sternberg <jonathan.sternberg@docker.com>
 Jonathan Azoff <azoff@users.noreply.github.com>
 Jonathan Giannuzzi <jonathan@giannuzzi.me>
 Jonathan Stoppani <jonathan.stoppani@divio.com>
@@ -142,11 +176,14 @@ Justin Chadwell <me@jedevc.com>
 Justin Cormack <justin.cormack@docker.com>
 Justin Garrison <justin@linux.com>
 Jörg Franke <359489+NewJorg@users.noreply.github.com>
+Kai Takac <kai.takac@gmail.com>
 Kang, Matthew <impulsecss@gmail.com>
+Kazuyoshi Kato <kaz@fly.io>
 Kees Cook <keescook@chromium.org>
 Kevin Burke <kev@inburke.com>
 kevinmeredith <kevin.m.meredith@gmail.com>
 Kir Kolyshkin <kolyshkin@gmail.com>
+Kirill A. Korinsky <kirill@korins.ky>
 Kohei Tokunaga <ktokunaga.mail@gmail.com>
 Koichi Shiraishi <zchee.io@gmail.com>
 Kris-Mikael Krister <krismikael@protonmail.com>
@@ -155,7 +192,9 @@ Kyle <Kylemit@gmail.com>
 l00397676 <lujingxiao@huawei.com>
 Lajos Papp <lalyos@yahoo.com>
 lalyos <lalyos@yahoo.com>
+Leandro Santiago <leandrosansilva@gmail.com>
 Levi Harrison <levisamuelharrison@gmail.com>
+liulanzheng <lanzheng.liulz@alibaba-inc.com>
 liwenqi <vikilwq@zju.edu.cn>
 lixiaobing10051267 <li.xiaobing1@zte.com.cn>
 lomot <lomot@qq.com>
@@ -164,8 +203,10 @@ Luca Visentin <luck.visentin@gmail.com>
 Maciej Kalisz <mdkalish@users.noreply.github.com>
 Madhav Puri <madhav.puri@gmail.com>
 Manu Gupta <manugupt1@gmail.com>
+Marat Radchenko <marat@slonopotamus.org>
 Marcus Comstedt <marcus@mc.pp.se>
 Mark Gordon <msg555@gmail.com>
+Mark Yen <mark.yen@suse.com>
 Marko Kohtala <marko.kohtala@gmail.com>
 Mary Anthony <mary@docker.com>
 masibw <masi19bw@gmail.com>
@@ -181,19 +222,26 @@ Mihai Borobocea <MihaiBorob@gmail.com>
 Mike Brown <brownwm@us.ibm.com>
 mikelinjie <294893458@qq.com>
 Mikhail Vasin <vasin@cloud-tv.ru>
+Milas Bowman <milas.bowman@docker.com>
 Misty Stanley-Jones <misty@docker.com>
+Mitsuru Kariya <mitsuru.kariya@nttdata.com>
 Miyachi Katsuya <miyachi_katsuya@r.recruit.co.jp>
 Morgan Bauer <mbauer@us.ibm.com>
+Moritz "WanzenBug" Wanzenböck <moritz@wanzenbug.xyz>
 Morlay <morlay.null@gmail.com>
 msg <msg@clinc.com>
 Nao YONASHIRO <yonashiro@r.recruit.co.jp>
 Natasha Jarus <linuxmercedes@gmail.com>
 Nathan Sullivan <nathan@nightsys.net>
+Nguyễn Đức Chiến <nobi@nobidev.com>
 Nick Miyake <nmiyake@users.noreply.github.com>
 Nick Santos <nick.santos@docker.com>
 Nikhil Pandeti <nikhil.pandeti@utexas.edu>
+njucjc <njucjc@gmail.com>
+Nobi <nobi@nobidev.com>
 Noel Georgi <18496730+frezbo@users.noreply.github.com>
 Oliver Bristow <oliver.bristow@project-tracr.com>
+omahs <73983677+omahs@users.noreply.github.com>
 Omer Duchovne <79370724+od-cyera@users.noreply.github.com>
 Omer Mizrahi <ommizrah@microsoft.com>
 Ondrej Fabry <ofabry@cisco.com>
@@ -206,6 +254,7 @@ Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
 Paweł Gronowski <pawel.gronowski@docker.com>
 Peter Dave Hello <hsu@peterdavehello.org>
 Petr Fedchenkov <giggsoff@gmail.com>
+Petteri Räty <github@petteriraty.eu>
 Phil Estes <estesp@gmail.com>
 Pierre Fenoll <pierrefenoll@gmail.com>
 pieterdd <pieterdd@users.noreply.github.com>
@@ -213,18 +262,24 @@ Pranav Pandit <pranavp@microsoft.com>
 Pratik Raj <rajpratik71@gmail.com>
 Prayag Verma <prayag.verma@gmail.com>
 Qiang Huang <h.huangqiang@huawei.com>
+racequite <quiterace@gmail.com>
 Remy Suen <remy.suen@gmail.com>
+Reshen <reshen817@gmail.com>
+retornam <retornam@users.noreply.github.com>
 Ri Xu <xuri.me@gmail.com>
 Rob Taylor <rob@shape.build>
 Robert Estelle <robertestelle@gmail.com>
 Rubens Figueiredo <r.figueiredo.52@gmail.com>
+Salim B <git@salim.space>
 Sam Whited <sam@samwhited.com>
+Sascha Hemleb <github@sascha.hemleb.de>
 Sascha Schwarze <schwarzs@de.ibm.com>
 Sean P. Kane <spkane00@gmail.com>
 Sebastiaan van Stijn <github@gone.nl>
 Seiya Miyata <odradek38@gmail.com>
 Serhat Gülçiçek <serhat25@gmail.com>
 Sertac Ozercan <sozercan@gmail.com>
+Shaun Thompson <shaun.thompson@docker.com>
 Shev Yan <yandong_8212@163.com>
 Shijiang Wei <mountkin@gmail.com>
 Shingo Omura <everpeace@gmail.com>
@@ -239,10 +294,13 @@ Stefan Scherer <stefan.scherer@docker.com>
 Stefan Weil <sw@weilnetz.de>
 StefanSchoof <Stefan.Schoof@direkt-gruppe.de>
 Stepan Blyshchak <stepanblischak@gmail.com>
+Stephen Day <stephen.day@docker.com>
 Steve Lohr <schdief.law@gmail.com>
 sunchunming <sunchunming1@jd.com>
 Sven Dowideit <SvenDowideit@home.org.au>
+Swagat Bora <sbora@amazon.com>
 Takuya Noguchi <takninnovationresearch@gmail.com>
+Talon Bowler <talon.bowler@docker.com>
 Thomas Leonard <thomas.leonard@docker.com>
 Thomas Riccardi <riccardi@systran.fr>
 Thomas Shaw <tomwillfixit@users.noreply.github.com>
@@ -256,6 +314,7 @@ Tobias Klauser <tklauser@distanz.ch>
 Tomas Tomecek <ttomecek@redhat.com>
 Tomasz Kopczynski <tomek@kopczynski.net.pl>
 Tomohiro Kusumoto <zabio1192@gmail.com>
+Tristan Stenner <ts@ppi.de>
 Troels Liebe Bentsen <tlb@nversion.dk>
 Tõnis Tiigi <tonistiigi@gmail.com>
 Valentin Lorentz <progval+git@progval.net>
@@ -269,16 +328,21 @@ Wang Yumu <37442693@qq.com>
 Wei Fu <fuweid89@gmail.com>
 Wei Zhang <kweizh@gmail.com>
 wingkwong <wingkwong.code@gmail.com>
+x893675 <x893675@icloud.com>
 Xiaofan Zhang <xiaofan.zhang@clinc.com>
 Ximo Guanter <ximo.guanter@gmail.com>
 Yamazaki Masashi <masi19bw@gmail.com>
 Yan Song <imeoer@linux.alibaba.com>
 Yong Tang <yong.tang.github@outlook.com>
 Yuichiro Kaneko <spiketeika@gmail.com>
+yumemio <59369226+yumemio@users.noreply.github.com>
 Yurii Rashkovskii <yrashk@gmail.com>
+yzewei <yangzewei@loongson.cn>
 Zach Badgett <zach.badgett@gmail.com>
 zhangwenlong <zhangwenlong8911@163.com>
+Zhizhen He <hezhizhen.yi@gmail.com>
 Ziv Tsarfati <digger18@gmail.com>
 岁丰 <genglu.gl@antfin.com>
 沈陵 <shenling.yyb@alibaba-inc.com>
+蝦米 <me@jhdxr.com>
 郑泽宇 <perhapszzy@sina.com>

vendor/github.com/moby/buildkit/frontend/subrequests/lint/lint.go

@@ -180,7 +180,7 @@ func (results *LintResults) PrintTo(w io.Writer, scb SourceInfoMap) error {
 	return nil
 }
 
-func (results *LintResults) PrintErrorTo(w io.Writer) {
+func (results *LintResults) PrintErrorTo(w io.Writer, scb SourceInfoMap) {
 	// This prints out the error in LintResults to the writer in a format that
 	// is consistent with the warnings for easier downstream consumption.
 	if results.Error == nil {
@@ -189,6 +189,9 @@ func (results *LintResults) PrintErrorTo(w io.Writer) {
 
 	fmt.Fprintln(w, results.Error.Message)
 	sourceInfo := results.Sources[results.Error.Location.SourceIndex]
+	if scb != nil {
+		sourceInfo = scb(sourceInfo)
+	}
 	source := errdefs.Source{
 		Info:   sourceInfo,
 		Ranges: results.Error.Location.Ranges,

vendor/github.com/moby/buildkit/util/bklog/log.go

@@ -20,14 +20,6 @@ var (
 	L = logrus.NewEntry(logrus.StandardLogger())
 )
 
-var (
-	logWithTraceID = false
-)
-
-func EnableLogWithTraceID(b bool) {
-	logWithTraceID = b
-}
-
 type (
 	loggerKey struct{}
 )
@@ -51,13 +43,11 @@ func GetLogger(ctx context.Context) (l *logrus.Entry) {
 		l = L
 	}
 
-	if logWithTraceID {
-		if spanContext := trace.SpanFromContext(ctx).SpanContext(); spanContext.IsValid() {
-			return l.WithFields(logrus.Fields{
-				"traceID": spanContext.TraceID(),
-				"spanID":  spanContext.SpanID(),
-			})
-		}
+	if spanContext := trace.SpanFromContext(ctx).SpanContext(); spanContext.IsValid() {
+		return l.WithFields(logrus.Fields{
+			"traceID": spanContext.TraceID(),
+			"spanID":  spanContext.SpanID(),
+		})
 	}
 
 	return l

vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go

@@ -18,8 +18,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.31.0
-// 	protoc        v4.22.0
+// 	protoc-gen-go v1.32.0
+// 	protoc        v4.25.2
 // source: grpc/binlog/v1/binarylog.proto
 
 package grpc_binarylog_v1
@@ -430,7 +430,7 @@ type ClientHeader struct {
 	MethodName string `protobuf:"bytes,2,opt,name=method_name,json=methodName,proto3" json:"method_name,omitempty"`
 	// A single process may be used to run multiple virtual
 	// servers with different identities.
-	// The authority is the name of such a server identitiy.
+	// The authority is the name of such a server identity.
 	// It is typically a portion of the URI in the form of
 	// <host> or <host>:<port> .
 	Authority string `protobuf:"bytes,3,opt,name=authority,proto3" json:"authority,omitempty"`

vendor/google.golang.org/grpc/clientconn.go

@@ -1860,27 +1860,15 @@ func (cc *ClientConn) determineAuthority() error {
 	}
 
 	endpoint := cc.parsedTarget.Endpoint()
-	target := cc.target
-	switch {
-	case authorityFromDialOption != "":
+	if authorityFromDialOption != "" {
 		cc.authority = authorityFromDialOption
-	case authorityFromCreds != "":
+	} else if authorityFromCreds != "" {
 		cc.authority = authorityFromCreds
-	case strings.HasPrefix(target, "unix:") || strings.HasPrefix(target, "unix-abstract:"):
-		// TODO: remove when the unix resolver implements optional interface to
-		// return channel authority.
-		cc.authority = "localhost"
-	case strings.HasPrefix(endpoint, ":"):
+	} else if auth, ok := cc.resolverBuilder.(resolver.AuthorityOverrider); ok {
+		cc.authority = auth.OverrideAuthority(cc.parsedTarget)
+	} else if strings.HasPrefix(endpoint, ":") {
 		cc.authority = "localhost" + endpoint
-	default:
-		// TODO: Define an optional interface on the resolver builder to return
-		// the channel authority given the user's dial target. For resolvers
-		// which don't implement this interface, we will use the endpoint from
-		// "scheme://authority/endpoint" as the default authority.
-		// Escape the endpoint to handle use cases where the endpoint
-		// might not be a valid authority by default.
-		// For example an endpoint which has multiple paths like
-		// 'a/b/c', which is not a valid authority by default.
+	} else {
 		cc.authority = encodeAuthority(endpoint)
 	}
 	channelz.Infof(logger, cc.channelzID, "Channel authority set to %q", cc.authority)

vendor/google.golang.org/grpc/encoding/proto/proto.go

@@ -23,8 +23,9 @@ package proto
 import (
 	"fmt"
 
-	"github.com/golang/protobuf/proto"
 	"google.golang.org/grpc/encoding"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/protoadapt"
 )
 
 // Name is the name registered for the proto compressor.
@@ -38,21 +39,34 @@ func init() {
 type codec struct{}
 
 func (codec) Marshal(v any) ([]byte, error) {
-	vv, ok := v.(proto.Message)
-	if !ok {
+	vv := messageV2Of(v)
+	if vv == nil {
 		return nil, fmt.Errorf("failed to marshal, message is %T, want proto.Message", v)
 	}
+
 	return proto.Marshal(vv)
 }
 
 func (codec) Unmarshal(data []byte, v any) error {
-	vv, ok := v.(proto.Message)
-	if !ok {
+	vv := messageV2Of(v)
+	if vv == nil {
 		return fmt.Errorf("failed to unmarshal, message is %T, want proto.Message", v)
 	}
+
 	return proto.Unmarshal(data, vv)
 }
 
+func messageV2Of(v any) proto.Message {
+	switch v := v.(type) {
+	case protoadapt.MessageV1:
+		return protoadapt.MessageV2Of(v)
+	case protoadapt.MessageV2:
+		return v
+	}
+
+	return nil
+}
+
 func (codec) Name() string {
 	return Name
 }

vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go

@@ -17,8 +17,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.31.0
-// 	protoc        v4.22.0
+// 	protoc-gen-go v1.32.0
+// 	protoc        v4.25.2
 // source: grpc/health/v1/health.proto
 
 package grpc_health_v1

vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go

@@ -18,7 +18,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.3.0
-// - protoc             v4.22.0
+// - protoc             v4.25.2
 // source: grpc/health/v1/health.proto
 
 package grpc_health_v1

vendor/google.golang.org/grpc/internal/binarylog/method_logger.go

@@ -25,11 +25,12 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/golang/protobuf/proto"
-	"github.com/golang/protobuf/ptypes"
 	binlogpb "google.golang.org/grpc/binarylog/grpc_binarylog_v1"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 type callIDGenerator struct {
@@ -88,7 +89,7 @@ func NewTruncatingMethodLogger(h, m uint64) *TruncatingMethodLogger {
 // in TruncatingMethodLogger as possible.
 func (ml *TruncatingMethodLogger) Build(c LogEntryConfig) *binlogpb.GrpcLogEntry {
 	m := c.toProto()
-	timestamp, _ := ptypes.TimestampProto(time.Now())
+	timestamp := timestamppb.Now()
 	m.Timestamp = timestamp
 	m.CallId = ml.callID
 	m.SequenceIdWithinCall = ml.idWithinCallGen.next()
@@ -178,7 +179,7 @@ func (c *ClientHeader) toProto() *binlogpb.GrpcLogEntry {
 		Authority:  c.Authority,
 	}
 	if c.Timeout > 0 {
-		clientHeader.Timeout = ptypes.DurationProto(c.Timeout)
+		clientHeader.Timeout = durationpb.New(c.Timeout)
 	}
 	ret := &binlogpb.GrpcLogEntry{
 		Type: binlogpb.GrpcLogEntry_EVENT_TYPE_CLIENT_HEADER,

vendor/google.golang.org/grpc/internal/binarylog/sink.go

@@ -25,8 +25,8 @@ import (
 	"sync"
 	"time"
 
-	"github.com/golang/protobuf/proto"
 	binlogpb "google.golang.org/grpc/binarylog/grpc_binarylog_v1"
+	"google.golang.org/protobuf/proto"
 )
 
 var (

vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go

@@ -1,3 +1,8 @@
+//go:build !go1.21
+
+// TODO: when this file is deleted (after Go 1.20 support is dropped), delete
+// all of grpcrand and call the rand package directly.
+
 /*
  *
  * Copyright 2018 gRPC authors.

vendor/google.golang.org/grpc/internal/grpcrand/grpcrand_go1.21.go

@@ -0,0 +1,73 @@
+//go:build go1.21
+
+/*
+ *
+ * Copyright 2024 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package grpcrand implements math/rand functions in a concurrent-safe way
+// with a global random source, independent of math/rand's global source.
+package grpcrand
+
+import "math/rand"
+
+// This implementation will be used for Go version 1.21 or newer.
+// For older versions, the original implementation with mutex will be used.
+
+// Int implements rand.Int on the grpcrand global source.
+func Int() int {
+	return rand.Int()
+}
+
+// Int63n implements rand.Int63n on the grpcrand global source.
+func Int63n(n int64) int64 {
+	return rand.Int63n(n)
+}
+
+// Intn implements rand.Intn on the grpcrand global source.
+func Intn(n int) int {
+	return rand.Intn(n)
+}
+
+// Int31n implements rand.Int31n on the grpcrand global source.
+func Int31n(n int32) int32 {
+	return rand.Int31n(n)
+}
+
+// Float64 implements rand.Float64 on the grpcrand global source.
+func Float64() float64 {
+	return rand.Float64()
+}
+
+// Uint64 implements rand.Uint64 on the grpcrand global source.
+func Uint64() uint64 {
+	return rand.Uint64()
+}
+
+// Uint32 implements rand.Uint32 on the grpcrand global source.
+func Uint32() uint32 {
+	return rand.Uint32()
+}
+
+// ExpFloat64 implements rand.ExpFloat64 on the grpcrand global source.
+func ExpFloat64() float64 {
+	return rand.ExpFloat64()
+}
+
+// Shuffle implements rand.Shuffle on the grpcrand global source.
+var Shuffle = func(n int, f func(int, int)) {
+	rand.Shuffle(n, f)
+}

vendor/google.golang.org/grpc/internal/internal.go

@@ -57,7 +57,7 @@ var (
 	// GetXDSHandshakeInfoForTesting returns a pointer to the xds.HandshakeInfo
 	// stored in the passed in attributes. This is set by
 	// credentials/xds/xds.go.
-	GetXDSHandshakeInfoForTesting any // func (*attributes.Attributes) *xds.HandshakeInfo
+	GetXDSHandshakeInfoForTesting any // func (*attributes.Attributes) *unsafe.Pointer
 	// GetServerCredentials returns the transport credentials configured on a
 	// gRPC server. An xDS-enabled server needs to know what type of credentials
 	// is configured on the underlying gRPC server. This is set by server.go.
@@ -68,11 +68,6 @@ var (
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
 	CanonicalString any // func (codes.Code) string
-	// DrainServerTransports initiates a graceful close of existing connections
-	// on a gRPC server accepted on the provided listener address. An
-	// xDS-enabled server invokes this method on a grpc.Server when a particular
-	// listener moves to "not-serving" mode.
-	DrainServerTransports any // func(*grpc.Server, string)
 	// IsRegisteredMethod returns whether the passed in method is registered as
 	// a method on the server.
 	IsRegisteredMethod any // func(*grpc.Server, string) bool
@@ -188,6 +183,19 @@ var (
 	ExitIdleModeForTesting any // func(*grpc.ClientConn) error
 
 	ChannelzTurnOffForTesting func()
+
+	// TriggerXDSResourceNameNotFoundForTesting triggers the resource-not-found
+	// error for a given resource type and name. This is usually triggered when
+	// the associated watch timer fires. For testing purposes, having this
+	// function makes events more predictable than relying on timer events.
+	TriggerXDSResourceNameNotFoundForTesting any // func(func(xdsresource.Type, string), string, string) error
+
+	// TriggerXDSResourceNotFoundClient invokes the testing xDS Client singleton
+	// to invoke resource not found for a resource type name and resource name.
+	TriggerXDSResourceNameNotFoundClient any // func(string, string) error
+
+	// FromOutgoingContextRaw returns the un-merged, intermediary contents of metadata.rawMD.
+	FromOutgoingContextRaw any // func(context.Context) (metadata.MD, [][]string, bool)
 )
 
 // HealthChecker defines the signature of the client-side LB channel health checking function.

vendor/google.golang.org/grpc/internal/pretty/pretty.go

@@ -24,7 +24,6 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/golang/protobuf/jsonpb"
 	protov1 "github.com/golang/protobuf/proto"
 	"google.golang.org/protobuf/encoding/protojson"
 	protov2 "google.golang.org/protobuf/proto"
@@ -38,15 +37,15 @@ const jsonIndent = "  "
 func ToJSON(e any) string {
 	switch ee := e.(type) {
 	case protov1.Message:
-		mm := jsonpb.Marshaler{Indent: jsonIndent}
-		ret, err := mm.MarshalToString(ee)
+		mm := protojson.MarshalOptions{Indent: jsonIndent}
+		ret, err := mm.Marshal(protov1.MessageV2(ee))
 		if err != nil {
 			// This may fail for proto.Anys, e.g. for xDS v2, LDS, the v2
 			// messages are not imported, and this will fail because the message
 			// is not found.
 			return fmt.Sprintf("%+v", ee)
 		}
-		return ret
+		return string(ret)
 	case protov2.Message:
 		mm := protojson.MarshalOptions{
 			Multiline: true,

vendor/google.golang.org/grpc/internal/resolver/unix/unix.go

@@ -61,6 +61,10 @@ func (b *builder) Scheme() string {
 	return b.scheme
 }
 
+func (b *builder) OverrideAuthority(resolver.Target) string {
+	return "localhost"
+}
+
 type nopResolver struct {
 }
 

vendor/google.golang.org/grpc/internal/status/status.go

@@ -31,10 +31,11 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/golang/protobuf/proto"
-	"github.com/golang/protobuf/ptypes"
 	spb "google.golang.org/genproto/googleapis/rpc/status"
 	"google.golang.org/grpc/codes"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/protoadapt"
+	"google.golang.org/protobuf/types/known/anypb"
 )
 
 // Status represents an RPC status code, message, and details.  It is immutable
@@ -130,14 +131,14 @@ func (s *Status) Err() error {
 
 // WithDetails returns a new status with the provided details messages appended to the status.
 // If any errors are encountered, it returns nil and the first error encountered.
-func (s *Status) WithDetails(details ...proto.Message) (*Status, error) {
+func (s *Status) WithDetails(details ...protoadapt.MessageV1) (*Status, error) {
 	if s.Code() == codes.OK {
 		return nil, errors.New("no error details for status with code OK")
 	}
 	// s.Code() != OK implies that s.Proto() != nil.
 	p := s.Proto()
 	for _, detail := range details {
-		any, err := ptypes.MarshalAny(detail)
+		any, err := anypb.New(protoadapt.MessageV2Of(detail))
 		if err != nil {
 			return nil, err
 		}
@@ -154,12 +155,12 @@ func (s *Status) Details() []any {
 	}
 	details := make([]any, 0, len(s.s.Details))
 	for _, any := range s.s.Details {
-		detail := &ptypes.DynamicAny{}
-		if err := ptypes.UnmarshalAny(any, detail); err != nil {
+		detail, err := any.UnmarshalNew()
+		if err != nil {
 			details = append(details, err)
 			continue
 		}
-		details = append(details, detail.Message)
+		details = append(details, detail)
 	}
 	return details
 }

vendor/google.golang.org/grpc/internal/tcp_keepalive_others.go

@@ -1,4 +1,4 @@
-//go:build !unix
+//go:build !unix && !windows
 
 /*
  * Copyright 2023 gRPC authors.

vendor/google.golang.org/grpc/internal/tcp_keepalive_windows.go

@@ -0,0 +1,54 @@
+//go:build windows
+
+/*
+ * Copyright 2023 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package internal
+
+import (
+	"net"
+	"syscall"
+	"time"
+
+	"golang.org/x/sys/windows"
+)
+
+// NetDialerWithTCPKeepalive returns a net.Dialer that enables TCP keepalives on
+// the underlying connection with OS default values for keepalive parameters.
+//
+// TODO: Once https://github.com/golang/go/issues/62254 lands, and the
+// appropriate Go version becomes less than our least supported Go version, we
+// should look into using the new API to make things more straightforward.
+func NetDialerWithTCPKeepalive() *net.Dialer {
+	return &net.Dialer{
+		// Setting a negative value here prevents the Go stdlib from overriding
+		// the values of TCP keepalive time and interval. It also prevents the
+		// Go stdlib from enabling TCP keepalives by default.
+		KeepAlive: time.Duration(-1),
+		// This method is called after the underlying network socket is created,
+		// but before dialing the socket (or calling its connect() method). The
+		// combination of unconditionally enabling TCP keepalives here, and
+		// disabling the overriding of TCP keepalive parameters by setting the
+		// KeepAlive field to a negative value above, results in OS defaults for
+		// the TCP keealive interval and time parameters.
+		Control: func(_, _ string, c syscall.RawConn) error {
+			return c.Control(func(fd uintptr) {
+				windows.SetsockoptInt(windows.Handle(fd), windows.SOL_SOCKET, windows.SO_KEEPALIVE, 1)
+			})
+		},
+	}
+}

vendor/google.golang.org/grpc/internal/transport/controlbuf.go

@@ -535,8 +535,8 @@ const minBatchSize = 1000
 // size is too low to give stream goroutines a chance to fill it up.
 //
 // Upon exiting, if the error causing the exit is not an I/O error, run()
-// flushes and closes the underlying connection.  Otherwise, the connection is
-// left open to allow the I/O error to be encountered by the reader instead.
+// flushes the underlying connection.  The connection is always left open to
+// allow different closing behavior on the client and server.
 func (l *loopyWriter) run() (err error) {
 	defer func() {
 		if l.logger.V(logLevel) {
@@ -544,7 +544,6 @@ func (l *loopyWriter) run() (err error) {
 		}
 		if !isIOError(err) {
 			l.framer.writer.Flush()
-			l.conn.Close()
 		}
 		l.cbuf.finish()
 	}()

vendor/google.golang.org/grpc/internal/transport/handler_server.go

@@ -35,7 +35,6 @@ import (
 	"sync"
 	"time"
 
-	"github.com/golang/protobuf/proto"
 	"golang.org/x/net/http2"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
@@ -45,6 +44,7 @@ import (
 	"google.golang.org/grpc/peer"
 	"google.golang.org/grpc/stats"
 	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
 )
 
 // NewServerHandlerTransport returns a ServerTransport handling gRPC from

vendor/google.golang.org/grpc/internal/transport/http2_client.go

@@ -59,6 +59,8 @@ import (
 // atomically.
 var clientConnectionCounter uint64
 
+var metadataFromOutgoingContextRaw = internal.FromOutgoingContextRaw.(func(context.Context) (metadata.MD, [][]string, bool))
+
 // http2Client implements the ClientTransport interface with HTTP2.
 type http2Client struct {
 	lastRead  int64 // Keep this field 64-bit aligned. Accessed atomically.
@@ -449,7 +451,13 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts
 	}
 	go func() {
 		t.loopy = newLoopyWriter(clientSide, t.framer, t.controlBuf, t.bdpEst, t.conn, t.logger)
-		t.loopy.run()
+		if err := t.loopy.run(); !isIOError(err) {
+			// Immediately close the connection, as the loopy writer returns
+			// when there are no more active streams and we were draining (the
+			// server sent a GOAWAY).  For I/O errors, the reader will hit it
+			// after draining any remaining incoming data.
+			t.conn.Close()
+		}
 		close(t.writerDone)
 	}()
 	return t, nil
@@ -568,7 +576,7 @@ func (t *http2Client) createHeaderFields(ctx context.Context, callHdr *CallHdr)
 		headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-trace-bin", Value: encodeBinHeader(b)})
 	}
 
-	if md, added, ok := metadata.FromOutgoingContextRaw(ctx); ok {
+	if md, added, ok := metadataFromOutgoingContextRaw(ctx); ok {
 		var k string
 		for k, vv := range md {
 			// HTTP doesn't allow you to set pseudoheaders after non pseudoheaders were set.
@@ -1323,10 +1331,8 @@ func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) {
 	for streamID, stream := range t.activeStreams {
 		if streamID > id && streamID <= upperLimit {
 			// The stream was unprocessed by the server.
-			if streamID > id && streamID <= upperLimit {
-				atomic.StoreUint32(&stream.unprocessed, 1)
-				streamsToClose = append(streamsToClose, stream)
-			}
+			atomic.StoreUint32(&stream.unprocessed, 1)
+			streamsToClose = append(streamsToClose, stream)
 		}
 	}
 	t.mu.Unlock()

vendor/google.golang.org/grpc/internal/transport/http2_server.go

@@ -32,13 +32,13 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/golang/protobuf/proto"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/hpack"
 	"google.golang.org/grpc/internal/grpclog"
 	"google.golang.org/grpc/internal/grpcutil"
 	"google.golang.org/grpc/internal/pretty"
 	"google.golang.org/grpc/internal/syscall"
+	"google.golang.org/protobuf/proto"
 
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
@@ -322,8 +322,24 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 	go func() {
 		t.loopy = newLoopyWriter(serverSide, t.framer, t.controlBuf, t.bdpEst, t.conn, t.logger)
 		t.loopy.ssGoAwayHandler = t.outgoingGoAwayHandler
-		t.loopy.run()
+		err := t.loopy.run()
 		close(t.loopyWriterDone)
+		if !isIOError(err) {
+			// Close the connection if a non-I/O error occurs (for I/O errors
+			// the reader will also encounter the error and close).  Wait 1
+			// second before closing the connection, or when the reader is done
+			// (i.e. the client already closed the connection or a connection
+			// error occurred).  This avoids the potential problem where there
+			// is unread data on the receive side of the connection, which, if
+			// closed, would lead to a TCP RST instead of FIN, and the client
+			// encountering errors.  For more info:
+			// https://github.com/grpc/grpc-go/issues/5358
+			select {
+			case <-t.readerDone:
+			case <-time.After(time.Second):
+			}
+			t.conn.Close()
+		}
 	}()
 	go t.keepalive()
 	return t, nil
@@ -609,8 +625,8 @@ func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeade
 // traceCtx attaches trace to ctx and returns the new context.
 func (t *http2Server) HandleStreams(ctx context.Context, handle func(*Stream)) {
 	defer func() {
-		<-t.loopyWriterDone
 		close(t.readerDone)
+		<-t.loopyWriterDone
 	}()
 	for {
 		t.controlBuf.throttle()
@@ -636,10 +652,6 @@ func (t *http2Server) HandleStreams(ctx context.Context, handle func(*Stream)) {
 				}
 				continue
 			}
-			if err == io.EOF || err == io.ErrUnexpectedEOF {
-				t.Close(err)
-				return
-			}
 			t.Close(err)
 			return
 		}
@@ -960,7 +972,12 @@ func (t *http2Server) WriteHeader(s *Stream, md metadata.MD) error {
 		}
 	}
 	if err := t.writeHeaderLocked(s); err != nil {
-		return status.Convert(err).Err()
+		switch e := err.(type) {
+		case ConnectionError:
+			return status.Error(codes.Unavailable, e.Desc)
+		default:
+			return status.Convert(err).Err()
+		}
 	}
 	return nil
 }
@@ -1324,6 +1341,7 @@ func (t *http2Server) outgoingGoAwayHandler(g *goAway) (bool, error) {
 		if err := t.framer.fr.WriteGoAway(sid, g.code, g.debugData); err != nil {
 			return false, err
 		}
+		t.framer.writer.Flush()
 		if retErr != nil {
 			return false, retErr
 		}
@@ -1344,7 +1362,7 @@ func (t *http2Server) outgoingGoAwayHandler(g *goAway) (bool, error) {
 		return false, err
 	}
 	go func() {
-		timer := time.NewTimer(time.Minute)
+		timer := time.NewTimer(5 * time.Second)
 		defer timer.Stop()
 		select {
 		case <-t.drainEvent.Done():

vendor/google.golang.org/grpc/metadata/metadata.go

@@ -25,8 +25,14 @@ import (
 	"context"
 	"fmt"
 	"strings"
+
+	"google.golang.org/grpc/internal"
 )
 
+func init() {
+	internal.FromOutgoingContextRaw = fromOutgoingContextRaw
+}
+
 // DecodeKeyValue returns k, v, nil.
 //
 // Deprecated: use k and v directly instead.
@@ -238,16 +244,13 @@ func copyOf(v []string) []string {
 	return vals
 }
 
-// FromOutgoingContextRaw returns the un-merged, intermediary contents of rawMD.
+// fromOutgoingContextRaw returns the un-merged, intermediary contents of rawMD.
 //
 // Remember to perform strings.ToLower on the keys, for both the returned MD (MD
 // is a map, there's no guarantee it's created using our helper functions) and
 // the extra kv pairs (AppendToOutgoingContext doesn't turn them into
 // lowercase).
-//
-// This is intended for gRPC-internal use ONLY. Users should use
-// FromOutgoingContext instead.
-func FromOutgoingContextRaw(ctx context.Context) (MD, [][]string, bool) {
+func fromOutgoingContextRaw(ctx context.Context) (MD, [][]string, bool) {
 	raw, ok := ctx.Value(mdOutgoingKey{}).(rawMD)
 	if !ok {
 		return nil, nil, false

vendor/google.golang.org/grpc/resolver/resolver.go

@@ -314,3 +314,13 @@ type Resolver interface {
 	// Close closes the resolver.
 	Close()
 }
+
+// AuthorityOverrider is implemented by Builders that wish to override the
+// default authority for the ClientConn.
+// By default, the authority used is target.Endpoint().
+type AuthorityOverrider interface {
+	// OverrideAuthority returns the authority to use for a ClientConn with the
+	// given target. The implementation must generate it without blocking,
+	// typically in line, and must keep it unchanged.
+	OverrideAuthority(Target) string
+}

vendor/google.golang.org/grpc/rpc_util.go

@@ -189,6 +189,20 @@ type EmptyCallOption struct{}
 func (EmptyCallOption) before(*callInfo) error      { return nil }
 func (EmptyCallOption) after(*callInfo, *csAttempt) {}
 
+// StaticMethod returns a CallOption which specifies that a call is being made
+// to a method that is static, which means the method is known at compile time
+// and doesn't change at runtime. This can be used as a signal to stats plugins
+// that this method is safe to include as a key to a measurement.
+func StaticMethod() CallOption {
+	return StaticMethodCallOption{}
+}
+
+// StaticMethodCallOption is a CallOption that specifies that a call comes
+// from a static method.
+type StaticMethodCallOption struct {
+	EmptyCallOption
+}
+
 // Header returns a CallOptions that retrieves the header metadata
 // for a unary RPC.
 func Header(md *metadata.MD) CallOption {
@@ -640,14 +654,18 @@ func encode(c baseCodec, msg any) ([]byte, error) {
 	return b, nil
 }
 
-// compress returns the input bytes compressed by compressor or cp.  If both
-// compressors are nil, returns nil.
+// compress returns the input bytes compressed by compressor or cp.
+// If both compressors are nil, or if the message has zero length, returns nil,
+// indicating no compression was done.
 //
 // TODO(dfawley): eliminate cp parameter by wrapping Compressor in an encoding.Compressor.
 func compress(in []byte, cp Compressor, compressor encoding.Compressor) ([]byte, error) {
 	if compressor == nil && cp == nil {
 		return nil, nil
 	}
+	if len(in) == 0 {
+		return nil, nil
+	}
 	wrapErr := func(err error) error {
 		return status.Errorf(codes.Internal, "grpc: error while compressing: %v", err.Error())
 	}
@@ -954,6 +972,7 @@ const (
 	SupportPackageIsVersion5 = true
 	SupportPackageIsVersion6 = true
 	SupportPackageIsVersion7 = true
+	SupportPackageIsVersion8 = true
 )
 
 const grpcUA = "grpc-go/" + Version

vendor/google.golang.org/grpc/server.go

@@ -33,8 +33,6 @@ import (
 	"sync/atomic"
 	"time"
 
-	"golang.org/x/net/trace"
-
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/encoding"
@@ -74,9 +72,6 @@ func init() {
 		return srv.isRegisteredMethod(method)
 	}
 	internal.ServerFromContext = serverFromContext
-	internal.DrainServerTransports = func(srv *Server, addr string) {
-		srv.drainServerTransports(addr)
-	}
 	internal.AddGlobalServerOptions = func(opt ...ServerOption) {
 		globalServerOptions = append(globalServerOptions, opt...)
 	}
@@ -134,12 +129,13 @@ type Server struct {
 	drain    bool
 	cv       *sync.Cond              // signaled when connections close for GracefulStop
 	services map[string]*serviceInfo // service name -> service info
-	events   trace.EventLog
+	events   traceEventLog
 
 	quit               *grpcsync.Event
 	done               *grpcsync.Event
 	channelzRemoveOnce sync.Once
-	serveWG            sync.WaitGroup // counts active Serve goroutines for GracefulStop
+	serveWG            sync.WaitGroup // counts active Serve goroutines for Stop/GracefulStop
+	handlersWG         sync.WaitGroup // counts active method handler goroutines
 
 	channelzID *channelz.Identifier
 	czData     *channelzData
@@ -176,6 +172,7 @@ type serverOptions struct {
 	headerTableSize       *uint32
 	numServerWorkers      uint32
 	recvBufferPool        SharedBufferPool
+	waitForHandlers       bool
 }
 
 var defaultServerOptions = serverOptions{
@@ -573,6 +570,21 @@ func NumStreamWorkers(numServerWorkers uint32) ServerOption {
 	})
 }
 
+// WaitForHandlers cause Stop to wait until all outstanding method handlers have
+// exited before returning.  If false, Stop will return as soon as all
+// connections have closed, but method handlers may still be running. By
+// default, Stop does not wait for method handlers to return.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func WaitForHandlers(w bool) ServerOption {
+	return newFuncServerOption(func(o *serverOptions) {
+		o.waitForHandlers = w
+	})
+}
+
 // RecvBufferPool returns a ServerOption that configures the server
 // to use the provided shared buffer pool for parsing incoming messages. Depending
 // on the application's workload, this could result in reduced memory allocation.
@@ -656,7 +668,7 @@ func NewServer(opt ...ServerOption) *Server {
 	s.cv = sync.NewCond(&s.mu)
 	if EnableTracing {
 		_, file, line, _ := runtime.Caller(1)
-		s.events = trace.NewEventLog("grpc.Server", fmt.Sprintf("%s:%d", file, line))
+		s.events = newTraceEventLog("grpc.Server", fmt.Sprintf("%s:%d", file, line))
 	}
 
 	if s.opts.numServerWorkers > 0 {
@@ -932,6 +944,12 @@ func (s *Server) handleRawConn(lisAddr string, rawConn net.Conn) {
 		return
 	}
 
+	if cc, ok := rawConn.(interface {
+		PassServerTransport(transport.ServerTransport)
+	}); ok {
+		cc.PassServerTransport(st)
+	}
+
 	if !s.addConn(lisAddr, st) {
 		return
 	}
@@ -941,15 +959,6 @@ func (s *Server) handleRawConn(lisAddr string, rawConn net.Conn) {
 	}()
 }
 
-func (s *Server) drainServerTransports(addr string) {
-	s.mu.Lock()
-	conns := s.conns[addr]
-	for st := range conns {
-		st.Drain("")
-	}
-	s.mu.Unlock()
-}
-
 // newHTTP2Transport sets up a http/2 transport (using the
 // gRPC http2 server transport in transport/http2_server.go).
 func (s *Server) newHTTP2Transport(c net.Conn) transport.ServerTransport {
@@ -1010,9 +1019,11 @@ func (s *Server) serveStreams(ctx context.Context, st transport.ServerTransport,
 
 	streamQuota := newHandlerQuota(s.opts.maxConcurrentStreams)
 	st.HandleStreams(ctx, func(stream *transport.Stream) {
+		s.handlersWG.Add(1)
 		streamQuota.acquire()
 		f := func() {
 			defer streamQuota.release()
+			defer s.handlersWG.Done()
 			s.handleStream(st, stream)
 		}
 
@@ -1721,8 +1732,8 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str
 	ctx = contextWithServer(ctx, s)
 	var ti *traceInfo
 	if EnableTracing {
-		tr := trace.New("grpc.Recv."+methodFamily(stream.Method()), stream.Method())
-		ctx = trace.NewContext(ctx, tr)
+		tr := newTrace("grpc.Recv."+methodFamily(stream.Method()), stream.Method())
+		ctx = newTraceContext(ctx, tr)
 		ti = &traceInfo{
 			tr: tr,
 			firstLine: firstLine{
@@ -1911,6 +1922,10 @@ func (s *Server) stop(graceful bool) {
 		s.serverWorkerChannelClose()
 	}
 
+	if graceful || s.opts.waitForHandlers {
+		s.handlersWG.Wait()
+	}
+
 	if s.events != nil {
 		s.events.Finish()
 		s.events = nil

vendor/google.golang.org/grpc/stream.go

@@ -27,7 +27,6 @@ import (
 	"sync"
 	"time"
 
-	"golang.org/x/net/trace"
 	"google.golang.org/grpc/balancer"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/encoding"
@@ -48,6 +47,8 @@ import (
 	"google.golang.org/grpc/status"
 )
 
+var metadataFromOutgoingContextRaw = internal.FromOutgoingContextRaw.(func(context.Context) (metadata.MD, [][]string, bool))
+
 // StreamHandler defines the handler called by gRPC server to complete the
 // execution of a streaming RPC.
 //
@@ -184,7 +185,7 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth
 	// when the RPC completes.
 	opts = append([]CallOption{OnFinish(func(error) { cc.idlenessMgr.OnCallEnd() })}, opts...)
 
-	if md, added, ok := metadata.FromOutgoingContextRaw(ctx); ok {
+	if md, added, ok := metadataFromOutgoingContextRaw(ctx); ok {
 		// validate md
 		if err := imetadata.Validate(md); err != nil {
 			return nil, status.Error(codes.Internal, err.Error())
@@ -429,7 +430,7 @@ func (cs *clientStream) newAttemptLocked(isTransparent bool) (*csAttempt, error)
 	var trInfo *traceInfo
 	if EnableTracing {
 		trInfo = &traceInfo{
-			tr: trace.New("grpc.Sent."+methodFamily(method), method),
+			tr: newTrace("grpc.Sent."+methodFamily(method), method),
 			firstLine: firstLine{
 				client: true,
 			},
@@ -438,7 +439,7 @@ func (cs *clientStream) newAttemptLocked(isTransparent bool) (*csAttempt, error)
 			trInfo.firstLine.deadline = time.Until(deadline)
 		}
 		trInfo.tr.LazyLog(&trInfo.firstLine, false)
-		ctx = trace.NewContext(ctx, trInfo.tr)
+		ctx = newTraceContext(ctx, trInfo.tr)
 	}
 
 	if cs.cc.parsedTarget.URL.Scheme == internal.GRPCResolverSchemeExtraMetadata {

vendor/google.golang.org/grpc/trace.go

@@ -26,8 +26,6 @@ import (
 	"strings"
 	"sync"
 	"time"
-
-	"golang.org/x/net/trace"
 )
 
 // EnableTracing controls whether to trace RPCs using the golang.org/x/net/trace package.
@@ -44,9 +42,31 @@ func methodFamily(m string) string {
 	return m
 }
 
+// traceEventLog mirrors golang.org/x/net/trace.EventLog.
+//
+// It exists in order to avoid importing x/net/trace on grpcnotrace builds.
+type traceEventLog interface {
+	Printf(format string, a ...any)
+	Errorf(format string, a ...any)
+	Finish()
+}
+
+// traceLog mirrors golang.org/x/net/trace.Trace.
+//
+// It exists in order to avoid importing x/net/trace on grpcnotrace builds.
+type traceLog interface {
+	LazyLog(x fmt.Stringer, sensitive bool)
+	LazyPrintf(format string, a ...any)
+	SetError()
+	SetRecycler(f func(any))
+	SetTraceInfo(traceID, spanID uint64)
+	SetMaxEvents(m int)
+	Finish()
+}
+
 // traceInfo contains tracing information for an RPC.
 type traceInfo struct {
-	tr        trace.Trace
+	tr        traceLog
 	firstLine firstLine
 }
 

vendor/google.golang.org/grpc/trace_notrace.go

@@ -0,0 +1,52 @@
+//go:build grpcnotrace
+
+/*
+ *
+ * Copyright 2024 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package grpc
+
+// grpcnotrace can be used to avoid importing golang.org/x/net/trace, which in
+// turn enables binaries using gRPC-Go for dead code elimination, which can
+// yield 10-15% improvements in binary size when tracing is not needed.
+
+import (
+	"context"
+	"fmt"
+)
+
+type notrace struct{}
+
+func (notrace) LazyLog(x fmt.Stringer, sensitive bool) {}
+func (notrace) LazyPrintf(format string, a ...any)     {}
+func (notrace) SetError()                              {}
+func (notrace) SetRecycler(f func(any))                {}
+func (notrace) SetTraceInfo(traceID, spanID uint64)    {}
+func (notrace) SetMaxEvents(m int)                     {}
+func (notrace) Finish()                                {}
+
+func newTrace(family, title string) traceLog {
+	return notrace{}
+}
+
+func newTraceContext(ctx context.Context, tr traceLog) context.Context {
+	return ctx
+}
+
+func newTraceEventLog(family, title string) traceEventLog {
+	return nil
+}

vendor/google.golang.org/grpc/trace_withtrace.go

@@ -0,0 +1,39 @@
+//go:build !grpcnotrace
+
+/*
+ *
+ * Copyright 2024 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package grpc
+
+import (
+	"context"
+
+	t "golang.org/x/net/trace"
+)
+
+func newTrace(family, title string) traceLog {
+	return t.New(family, title)
+}
+
+func newTraceContext(ctx context.Context, tr traceLog) context.Context {
+	return t.NewContext(ctx, tr)
+}
+
+func newTraceEventLog(family, title string) traceEventLog {
+	return t.NewEventLog(family, title)
+}

vendor/google.golang.org/grpc/version.go

@@ -19,4 +19,4 @@
 package grpc
 
 // Version is the current grpc version.
-const Version = "1.60.1"
+const Version = "1.62.0"

vendor/google.golang.org/grpc/vet.sh

@@ -41,7 +41,7 @@ if [[ "$1" = "-install" ]]; then
   popd
   if [[ -z "${VET_SKIP_PROTO}" ]]; then
     if [[ "${GITHUB_ACTIONS}" = "true" ]]; then
-      PROTOBUF_VERSION=22.0 # a.k.a v4.22.0 in pb.go files.
+      PROTOBUF_VERSION=25.2 # a.k.a. v4.22.0 in pb.go files.
       PROTOC_FILENAME=protoc-${PROTOBUF_VERSION}-linux-x86_64.zip
       pushd /home/runner/go
       wget https://github.com/google/protobuf/releases/download/v${PROTOBUF_VERSION}/${PROTOC_FILENAME}
@@ -88,7 +88,7 @@ not git grep -l 'x/net/context' -- "*.go"
 git grep -l '"math/rand"' -- "*.go" 2>&1 | not grep -v '^examples\|^interop/stress\|grpcrand\|^benchmark\|wrr_test'
 
 # - Do not use "interface{}"; use "any" instead.
-git grep -l 'interface{}' -- "*.go" 2>&1 | not grep -v '\.pb\.go\|protoc-gen-go-grpc'
+git grep -l 'interface{}' -- "*.go" 2>&1 | not grep -v '\.pb\.go\|protoc-gen-go-grpc\|grpc_testing_not_regenerate'
 
 # - Do not call grpclog directly. Use grpclog.Component instead.
 git grep -l -e 'grpclog.I' --or -e 'grpclog.W' --or -e 'grpclog.E' --or -e 'grpclog.F' --or -e 'grpclog.V' -- "*.go" | not grep -v '^grpclog/component.go\|^internal/grpctest/tlogger_test.go'
@@ -127,7 +127,7 @@ staticcheck -go 1.19 -checks 'all' ./... > "${SC_OUT}" || true
 grep -v "(ST1000)" "${SC_OUT}" | grep -v "(SA1019)" | grep -v "(ST1003)" | not grep -v "(ST1019)\|\(other import of\)"
 
 # Exclude underscore checks for generated code.
-grep "(ST1003)" "${SC_OUT}" | not grep -v '\(.pb.go:\)\|\(code_string_test.go:\)'
+grep "(ST1003)" "${SC_OUT}" | not grep -v '\(.pb.go:\)\|\(code_string_test.go:\)\|\(grpc_testing_not_regenerate\)'
 
 # Error for duplicate imports not including grpc protos.
 grep "(ST1019)\|\(other import of\)" "${SC_OUT}" | not grep -Fv 'XXXXX PleaseIgnoreUnused
@@ -152,6 +152,7 @@ grep "(SA1019)" "${SC_OUT}" | not grep -Fv 'XXXXX PleaseIgnoreUnused
 XXXXX Protobuf related deprecation errors:
 "github.com/golang/protobuf
 .pb.go:
+grpc_testing_not_regenerate
 : ptypes.
 proto.RegisterType
 XXXXX gRPC internal usage deprecation errors:
@@ -184,9 +185,6 @@ GetSafeRegexMatch
 GetSuffixMatch
 GetTlsCertificateCertificateProviderInstance
 GetValidationContextCertificateProviderInstance
-XXXXX TODO: Remove the below deprecation usages:
-CloseNotifier
-Roots.Subjects
 XXXXX PleaseIgnoreUnused'
 
 echo SUCCESS

vendor/google.golang.org/protobuf/protoadapt/convert.go

@@ -0,0 +1,31 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package protoadapt bridges the original and new proto APIs.
+package protoadapt
+
+import (
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/runtime/protoiface"
+	"google.golang.org/protobuf/runtime/protoimpl"
+)
+
+// MessageV1 is the original [github.com/golang/protobuf/proto.Message] type.
+type MessageV1 = protoiface.MessageV1
+
+// MessageV2 is the [google.golang.org/protobuf/proto.Message] type used by the
+// current [google.golang.org/protobuf] module, adding support for reflection.
+type MessageV2 = proto.Message
+
+// MessageV1Of converts a v2 message to a v1 message.
+// It returns nil if m is nil.
+func MessageV1Of(m MessageV2) MessageV1 {
+	return protoimpl.X.ProtoMessageV1Of(m)
+}
+
+// MessageV2Of converts a v1 message to a v2 message.
+// It returns nil if m is nil.
+func MessageV2Of(m MessageV1) MessageV2 {
+	return protoimpl.X.ProtoMessageV2Of(m)
+}

vendor/modules.txt

@@ -150,7 +150,7 @@ github.com/compose-spec/compose-go/v2/validation
 # github.com/containerd/console v1.0.4
 ## explicit; go 1.13
 github.com/containerd/console
-# github.com/containerd/containerd v1.7.20
+# github.com/containerd/containerd v1.7.21
 ## explicit; go 1.21
 github.com/containerd/containerd/archive/compression
 github.com/containerd/containerd/content
@@ -218,7 +218,7 @@ github.com/davecgh/go-spew/spew
 # github.com/distribution/reference v0.6.0
 ## explicit; go 1.20
 github.com/distribution/reference
-# github.com/docker/cli v27.2.0+incompatible
+# github.com/docker/cli v27.2.1+incompatible
 ## explicit
 github.com/docker/cli/cli
 github.com/docker/cli/cli-plugins/hooks
@@ -270,7 +270,7 @@ github.com/docker/distribution/registry/client/transport
 github.com/docker/distribution/registry/storage/cache
 github.com/docker/distribution/registry/storage/cache/memory
 github.com/docker/distribution/uuid
-# github.com/docker/docker v27.2.0+incompatible
+# github.com/docker/docker v27.2.1+incompatible
 ## explicit
 github.com/docker/docker/api
 github.com/docker/docker/api/types
@@ -515,7 +515,7 @@ github.com/mitchellh/go-wordwrap
 github.com/mitchellh/hashstructure/v2
 # github.com/mitchellh/mapstructure v1.5.0
 ## explicit; go 1.14
-# github.com/moby/buildkit v0.16.0-rc1
+# github.com/moby/buildkit v0.16.0
 ## explicit; go 1.21.0
 github.com/moby/buildkit/api/services/control
 github.com/moby/buildkit/api/types
@@ -886,7 +886,7 @@ golang.org/x/net/internal/socks
 golang.org/x/net/internal/timeseries
 golang.org/x/net/proxy
 golang.org/x/net/trace
-# golang.org/x/oauth2 v0.13.0
+# golang.org/x/oauth2 v0.16.0
 ## explicit; go 1.18
 golang.org/x/oauth2
 golang.org/x/oauth2/internal
@@ -949,17 +949,17 @@ google.golang.org/appengine/internal/log
 google.golang.org/appengine/internal/remote_api
 google.golang.org/appengine/internal/urlfetch
 google.golang.org/appengine/urlfetch
-# google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3
+# google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80
 ## explicit; go 1.19
 google.golang.org/genproto/protobuf/field_mask
-# google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f
+# google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80
 ## explicit; go 1.19
 google.golang.org/genproto/googleapis/api/httpbody
-# google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80
 ## explicit; go 1.19
 google.golang.org/genproto/googleapis/rpc/errdetails
 google.golang.org/genproto/googleapis/rpc/status
-# google.golang.org/grpc v1.60.1
+# google.golang.org/grpc v1.62.0
 ## explicit; go 1.19
 google.golang.org/grpc
 google.golang.org/grpc/attributes
@@ -1044,6 +1044,7 @@ google.golang.org/protobuf/internal/set
 google.golang.org/protobuf/internal/strs
 google.golang.org/protobuf/internal/version
 google.golang.org/protobuf/proto
+google.golang.org/protobuf/protoadapt
 google.golang.org/protobuf/reflect/protodesc
 google.golang.org/protobuf/reflect/protopath
 google.golang.org/protobuf/reflect/protorange