65 files changed, 1580 insertions, 791 deletions

diff --git a/go.mod b/go.mod
index 4f819cebc..c1042e76c 100644
--- a/go.mod
+++ b/go.mod
@@ -30,10 +30,10 @@ require (
 	codeberg.org/gruf/go-runners v1.6.3
 	codeberg.org/gruf/go-sched v1.2.4
 	codeberg.org/gruf/go-split v1.2.0
-	codeberg.org/gruf/go-storage v0.2.0
+	codeberg.org/gruf/go-storage v0.2.1
 	codeberg.org/gruf/go-structr v0.9.7
 	github.com/DmitriyVTitov/size v1.5.0
-	github.com/KimMachineGun/automemlimit v0.7.1
+	github.com/KimMachineGun/automemlimit v0.7.2
 	github.com/SherClockHolmes/webpush-go v1.4.0
 	github.com/buckket/go-blurhash v1.1.0
 	github.com/coreos/go-oidc/v3 v3.14.1
@@ -50,19 +50,19 @@ require (
 	github.com/jackc/pgx/v5 v5.7.4
 	github.com/k3a/html2text v1.2.1
 	github.com/microcosm-cc/bluemonday v1.0.27
-	github.com/miekg/dns v1.1.65
+	github.com/miekg/dns v1.1.66
 	github.com/minio/minio-go/v7 v7.0.91
 	github.com/mitchellh/mapstructure v1.5.0
-	github.com/ncruces/go-sqlite3 v0.25.1
+	github.com/ncruces/go-sqlite3 v0.25.2
 	github.com/oklog/ulid v1.3.1
 	github.com/pquerna/otp v1.4.0
 	github.com/rivo/uniseg v0.4.7
-	github.com/spf13/cast v1.7.1
+	github.com/spf13/cast v1.8.0
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
 	github.com/spf13/viper v1.20.1
 	github.com/stretchr/testify v1.10.0
-	github.com/tdewolff/minify/v2 v2.23.1
+	github.com/tdewolff/minify/v2 v2.23.5
 	github.com/technologize/otel-go-contrib v1.1.1
 	github.com/temoto/robotstxt v1.1.2
 	github.com/tetratelabs/wazero v1.9.0
@@ -82,12 +82,12 @@ require (
 	go.opentelemetry.io/otel/sdk/metric v1.35.0
 	go.opentelemetry.io/otel/trace v1.35.0
 	go.uber.org/automaxprocs v1.6.0
-	golang.org/x/crypto v0.37.0
-	golang.org/x/image v0.26.0
-	golang.org/x/net v0.39.0
-	golang.org/x/oauth2 v0.29.0
-	golang.org/x/sys v0.32.0
-	golang.org/x/text v0.24.0
+	golang.org/x/crypto v0.38.0
+	golang.org/x/image v0.27.0
+	golang.org/x/net v0.40.0
+	golang.org/x/oauth2 v0.30.0
+	golang.org/x/sys v0.33.0
+	golang.org/x/text v0.25.0
 	gopkg.in/mcuadros/go-syslog.v2 v2.3.0
 	gopkg.in/yaml.v3 v3.0.1
 	modernc.org/sqlite v1.37.0
@@ -198,7 +198,7 @@ require (
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.12.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
-	github.com/tdewolff/parse/v2 v2.7.23 // indirect
+	github.com/tdewolff/parse/v2 v2.8.0 // indirect
 	github.com/tmthrgd/go-hex v0.0.0-20190904060850-447a3041c3bc // indirect
 	github.com/toqueteos/webbrowser v1.2.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
@@ -227,8 +227,8 @@ require (
 	golang.org/x/arch v0.16.0 // indirect
 	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
 	golang.org/x/mod v0.24.0 // indirect
-	golang.org/x/sync v0.13.0 // indirect
-	golang.org/x/tools v0.31.0 // indirect
+	golang.org/x/sync v0.14.0 // indirect
+	golang.org/x/tools v0.32.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a // indirect
 	google.golang.org/grpc v1.71.0 // indirect
diff --git a/go.sum b/go.sum
index a2f0a441f..df8fdf527 100644
--- a/go.sum
+++ b/go.sum
@@ -48,16 +48,16 @@ codeberg.org/gruf/go-sched v1.2.4 h1:ddBB9o0D/2oU8NbQ0ldN5aWxogpXPRBATWi58+p++Hw
 codeberg.org/gruf/go-sched v1.2.4/go.mod h1:wad6l+OcYGWMA2TzNLMmLObsrbBDxdJfEy5WvTgBjNk=
 codeberg.org/gruf/go-split v1.2.0 h1:PmzL23nVEVHm8VxjsJmv4m4wGQz2bGgQw52dgSSj65c=
 codeberg.org/gruf/go-split v1.2.0/go.mod h1:0rejWJpqvOoFAd7nwm5tIXYKaAqjtFGOXmTqQV+VO38=
-codeberg.org/gruf/go-storage v0.2.0 h1:mKj3Lx6AavEkuXXtxqPhdq+akW9YwrnP16yQBF7K5ZI=
-codeberg.org/gruf/go-storage v0.2.0/go.mod h1:o3GzMDE5QNUaRnm/daUzFqvuAaC4utlgXDXYO79sWKU=
+codeberg.org/gruf/go-storage v0.2.1 h1:AHVU+7ZKpaL6fTzcH7GU+JwY3HQVYOZ84U4HV//K1GA=
+codeberg.org/gruf/go-storage v0.2.1/go.mod h1:zJ5Nd2rKv0R5vF1rYbH+IEggUx8cIv72Vj2d8e//IAw=
 codeberg.org/gruf/go-structr v0.9.7 h1:yQeIxTjYb6reNdgESk915twyjolydYBqat/mlZrP7bg=
 codeberg.org/gruf/go-structr v0.9.7/go.mod h1:9k5hYztZ4PsBS+m1v5hUTeFiVUBTLF5VA7d9cd1OEMs=
 codeberg.org/superseriousbusiness/go-swagger v0.31.0-gts-go1.23-fix h1:+JvBZqsQfdT+ROnk2DkvXsKQ9QBorKKKBk5fBqw62I8=
 codeberg.org/superseriousbusiness/go-swagger v0.31.0-gts-go1.23-fix/go.mod h1:WSigRRWEig8zV6t6Sm8Y+EmUjlzA/HoaZJ5edupq7po=
 github.com/DmitriyVTitov/size v1.5.0 h1:/PzqxYrOyOUX1BXj6J9OuVRVGe+66VL4D9FlUaW515g=
 github.com/DmitriyVTitov/size v1.5.0/go.mod h1:le6rNI4CoLQV1b9gzp1+3d7hMAD/uu2QcJ+aYbNgiU0=
-github.com/KimMachineGun/automemlimit v0.7.1 h1:QcG/0iCOLChjfUweIMC3YL5Xy9C3VBeNmCZHrZfJMBw=
-github.com/KimMachineGun/automemlimit v0.7.1/go.mod h1:QZxpHaGOQoYvFhv/r4u3U0JTC2ZcOwbSr11UZF46UBM=
+github.com/KimMachineGun/automemlimit v0.7.2 h1:DyfHI7zLWmZPn2Wqdy2AgTiUvrGPmnYWgwhHXtAegX4=
+github.com/KimMachineGun/automemlimit v0.7.2/go.mod h1:QZxpHaGOQoYvFhv/r4u3U0JTC2ZcOwbSr11UZF46UBM=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
@@ -297,8 +297,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/microcosm-cc/bluemonday v1.0.27 h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk=
 github.com/microcosm-cc/bluemonday v1.0.27/go.mod h1:jFi9vgW+H7c3V0lb6nR74Ib/DIB5OBs92Dimizgw2cA=
-github.com/miekg/dns v1.1.65 h1:0+tIPHzUW0GCge7IiK3guGP57VAw7hoPDfApjkMD1Fc=
-github.com/miekg/dns v1.1.65/go.mod h1:Dzw9769uoKVaLuODMDZz9M6ynFU6Em65csPuoi8G0ck=
+github.com/miekg/dns v1.1.66 h1:FeZXOS3VCVsKnEAd+wBkjMC3D2K+ww66Cq3VnCINuJE=
+github.com/miekg/dns v1.1.66/go.mod h1:jGFzBsSNbJw6z1HYut1RKBKHA9PBdxeHrZG8J+gC2WE=
 github.com/minio/crc64nvme v1.0.1 h1:DHQPrYPdqK7jQG/Ls5CTBZWeex/2FMS3G5XGkycuFrY=
 github.com/minio/crc64nvme v1.0.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
@@ -324,8 +324,8 @@ github.com/moul/http2curl v1.0.0 h1:dRMWoAtb+ePxMlLkrCbAqh4TlPHXvoGUSQ323/9Zahs=
 github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/ncruces/go-sqlite3 v0.25.1 h1:nRK2mZ0jLNFJco8QFZ9+dCXxOGe6Re8bbG5o8gyalr8=
-github.com/ncruces/go-sqlite3 v0.25.1/go.mod h1:4BtkHRLbX5hE0PhBxJ11qETTwL7M4lk0ttru9nora1E=
+github.com/ncruces/go-sqlite3 v0.25.2 h1:suu3C7y92hPqozqO8+w3K333Q1VhWyN6K3JJKXdtC2U=
+github.com/ncruces/go-sqlite3 v0.25.2/go.mod h1:46HIzeCQQ+aNleAxCli+vpA2tfh7ttSnw24kQahBc1o=
 github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/ncruces/julianday v1.0.0 h1:fH0OKwa7NWvniGQtxdJRxAgkBMolni2BjDHaWTxqt7M=
@@ -386,8 +386,8 @@ github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIK
 github.com/spf13/afero v1.12.0 h1:UcOPyRBYczmFn6yvphxkn9ZEOY65cpwGKb5mL36mrqs=
 github.com/spf13/afero v1.12.0/go.mod h1:ZTlWwG4/ahT8W7T0WQ5uYmjI9duaLQGy3Q2OAl4sk/4=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y=
-github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
+github.com/spf13/cast v1.8.0 h1:gEN9K4b8Xws4EX0+a0reLmhq8moKn7ntRlQYgjPeCDk=
+github.com/spf13/cast v1.8.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
 github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
 github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
 github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
@@ -410,10 +410,10 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/tdewolff/minify/v2 v2.23.1 h1:r6sKQrumHzskWZRdhiRa+pZhn7CdBMojACNP9fuKpXQ=
-github.com/tdewolff/minify/v2 v2.23.1/go.mod h1:RkUGjklq6uIsBoOdzY3ll35HKKQ2aFqLQhnanBHhDyU=
-github.com/tdewolff/parse/v2 v2.7.23 h1:sCW2PNTCM1yVldh5YK/8wrpRI9rSbloUZWjAydlN2IA=
-github.com/tdewolff/parse/v2 v2.7.23/go.mod h1:I7TXO37t3aSG9SlPUBefAhgIF8nt7yYUwVGgETIoBcA=
+github.com/tdewolff/minify/v2 v2.23.5 h1:/P548KcpTkIOUvNg22zN83/GiaYSOIrbqtoue4I7kYM=
+github.com/tdewolff/minify/v2 v2.23.5/go.mod h1:2RI9tiIrzJU1Z5EasXEPaI1MqobRyxKHOOgrRkq5oEw=
+github.com/tdewolff/parse/v2 v2.8.0 h1:jW0afj6zpUGXuZTwJ7/UfP2SddyLalb/SDryjaMTkA4=
+github.com/tdewolff/parse/v2 v2.8.0/go.mod h1:Hwlni2tiVNKyzR1o6nUs4FOF07URA+JLBLd6dlIXYqo=
 github.com/tdewolff/test v1.0.11 h1:FdLbwQVHxqG16SlkGveC0JVyrJN62COWTRyUFzfbtBE=
 github.com/tdewolff/test v1.0.11/go.mod h1:XPuWBzvdUzhCuxWO1ojpXsyzsA5bFoS3tO/Q3kFuTG8=
 github.com/technologize/otel-go-contrib v1.1.1 h1:wZH9aSPNWZWIkEh3vfaKfMb15AJ80jJ1aVj/4GZdqIw=
@@ -552,12 +552,12 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
-golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
+golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
+golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
 golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 h1:nDVHiLt8aIbd/VzvPWN6kSOPE7+F/fNFDSXLVYkE/Iw=
 golang.org/x/exp v0.0.0-20250305212735-054e65f0b394/go.mod h1:sIifuuw/Yco/y6yb6+bDNfyeQ/MdPUy/hKEMYQV17cM=
-golang.org/x/image v0.26.0 h1:4XjIFEZWQmCZi6Wv8BoxsDhRU3RVnLX04dToTDAEPlY=
-golang.org/x/image v0.26.0/go.mod h1:lcxbMFAovzpnJxzXS3nyL83K27tmqtKzIJpctK8YO5c=
+golang.org/x/image v0.27.0 h1:C8gA4oWU/tKkdCfYT6T2u4faJu3MeNS5O8UPWlPF61w=
+golang.org/x/image v0.27.0/go.mod h1:xbdrClrAUway1MUTEZDq9mz/UpRwYAkFFNUslZtcB+g=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
@@ -580,10 +580,10 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
-golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
-golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
-golang.org/x/oauth2 v0.29.0 h1:WdYw2tdTK1S8olAzWHdgeqfy+Mtm9XNhv/xJsY65d98=
-golang.org/x/oauth2 v0.29.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
+golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
+golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
+golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -591,8 +591,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
-golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
+golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -608,8 +608,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
-golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -620,8 +620,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
-golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
+golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
+golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
@@ -632,8 +632,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
-golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
+golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
+golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -641,8 +641,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU=
-golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ=
+golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU=
+golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a h1:nwKuGPlUAt+aR+pcrkfFRrTU1BVrSmYyYMxYbUIVHr0=
 google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a/go.mod h1:3kWAYMk1I75K4vykHtKt2ycnOgpA6974V7bREqbsenU=
diff --git a/vendor/codeberg.org/gruf/go-storage/test.sh b/vendor/codeberg.org/gruf/go-storage/test.sh
index 91286b5c8..6eb18fa65 100644
--- a/vendor/codeberg.org/gruf/go-storage/test.sh
+++ b/vendor/codeberg.org/gruf/go-storage/test.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 export \
     MINIO_ADDR='127.0.0.1:8080' \
@@ -9,8 +9,7 @@ export \
     S3_DIR=$(mktemp -d)
 
 # Drop the test S3 bucket and kill minio on exit
-trap 'rm -rf "$S3_DIR"; [ $MINIO_PID -ne 0 ] && kill -9 $MINIO_PID' \
-    HUP INT QUIT ABRT KILL TERM EXIT
+trap 'rm -rf "$S3_DIR"; [ $MINIO_PID -ne 0 ] && kill -9 $MINIO_PID' EXIT
 
 # Create required S3 bucket dir
 mkdir -p "${S3_DIR}/${MINIO_BUCKET}"
diff --git a/vendor/github.com/KimMachineGun/automemlimit/memlimit/cgroups.go b/vendor/github.com/KimMachineGun/automemlimit/memlimit/cgroups.go
index 73a57c3eb..69d1771f0 100644
--- a/vendor/github.com/KimMachineGun/automemlimit/memlimit/cgroups.go
+++ b/vendor/github.com/KimMachineGun/automemlimit/memlimit/cgroups.go
@@ -276,11 +276,9 @@ func parseMountInfoLine(line string) (mountInfo, error) {
 		fields1 = append(fields1, "")
 	}
 
-	fields2 := strings.Split(fieldss[1], " ")
+	fields2 := strings.SplitN(fieldss[1], " ", 3)
 	if len(fields2) < 3 {
 		return mountInfo{}, fmt.Errorf("not enough fields after separator: %v", fields2)
-	} else if len(fields2) > 3 {
-		return mountInfo{}, fmt.Errorf("too many fields after separator: %v", fields2)
 	}
 
 	return mountInfo{
diff --git a/vendor/github.com/miekg/dns/README.md b/vendor/github.com/miekg/dns/README.md
index 0e42858ae..54471f5c2 100644
--- a/vendor/github.com/miekg/dns/README.md
+++ b/vendor/github.com/miekg/dns/README.md
@@ -185,6 +185,7 @@ Example programs can be found in the `github.com/miekg/exdns` repository.
 * 7871 - EDNS0 Client Subnet
 * 7873 - Domain Name System (DNS) Cookies
 * 8080 - EdDSA for DNSSEC
+* 8490 - DNS Stateful Operations
 * 8499 - DNS Terminology
 * 8659 - DNS Certification Authority Authorization (CAA) Resource Record
 * 8777 - DNS Reverse IP Automatic Multicast Tunneling (AMT) Discovery
diff --git a/vendor/github.com/miekg/dns/msg.go b/vendor/github.com/miekg/dns/msg.go
index 5fa7f9e83..d87b5323b 100644
--- a/vendor/github.com/miekg/dns/msg.go
+++ b/vendor/github.com/miekg/dns/msg.go
@@ -136,18 +136,19 @@ var OpcodeToString = map[int]string{
 
 // RcodeToString maps Rcodes to strings.
 var RcodeToString = map[int]string{
-	RcodeSuccess:        "NOERROR",
-	RcodeFormatError:    "FORMERR",
-	RcodeServerFailure:  "SERVFAIL",
-	RcodeNameError:      "NXDOMAIN",
-	RcodeNotImplemented: "NOTIMP",
-	RcodeRefused:        "REFUSED",
-	RcodeYXDomain:       "YXDOMAIN", // See RFC 2136
-	RcodeYXRrset:        "YXRRSET",
-	RcodeNXRrset:        "NXRRSET",
-	RcodeNotAuth:        "NOTAUTH",
-	RcodeNotZone:        "NOTZONE",
-	RcodeBadSig:         "BADSIG", // Also known as RcodeBadVers, see RFC 6891
+	RcodeSuccess:                    "NOERROR",
+	RcodeFormatError:                "FORMERR",
+	RcodeServerFailure:              "SERVFAIL",
+	RcodeNameError:                  "NXDOMAIN",
+	RcodeNotImplemented:             "NOTIMP",
+	RcodeRefused:                    "REFUSED",
+	RcodeYXDomain:                   "YXDOMAIN", // See RFC 2136
+	RcodeYXRrset:                    "YXRRSET",
+	RcodeNXRrset:                    "NXRRSET",
+	RcodeNotAuth:                    "NOTAUTH",
+	RcodeNotZone:                    "NOTZONE",
+	RcodeStatefulTypeNotImplemented: "DSOTYPENI",
+	RcodeBadSig:                     "BADSIG", // Also known as RcodeBadVers, see RFC 6891
 	//	RcodeBadVers:        "BADVERS",
 	RcodeBadKey:    "BADKEY",
 	RcodeBadTime:   "BADTIME",
@@ -874,7 +875,6 @@ func (dns *Msg) unpack(dh Header, msg []byte, off int) (err error) {
 	// 	// println("dns: extra bytes in dns packet", off, "<", len(msg))
 	// }
 	return err
-
 }
 
 // Unpack unpacks a binary message to a Msg structure.
diff --git a/vendor/github.com/miekg/dns/reverse.go b/vendor/github.com/miekg/dns/reverse.go
index 28151af83..6f5b3ea70 100644
--- a/vendor/github.com/miekg/dns/reverse.go
+++ b/vendor/github.com/miekg/dns/reverse.go
@@ -23,9 +23,12 @@ var StringToAlgorithm = reverseInt8(AlgorithmToString)
 // StringToHash is a map of names to hash IDs.
 var StringToHash = reverseInt8(HashToString)
 
-// StringToCertType is the reverseof CertTypeToString.
+// StringToCertType is the reverse of CertTypeToString.
 var StringToCertType = reverseInt16(CertTypeToString)
 
+// StringToStatefulType is the reverse of StatefulTypeToString.
+var StringToStatefulType = reverseInt16(StatefulTypeToString)
+
 // Reverse a map
 func reverseInt8(m map[uint8]string) map[string]uint8 {
 	n := make(map[string]uint8, len(m))
diff --git a/vendor/github.com/miekg/dns/scan.go b/vendor/github.com/miekg/dns/scan.go
index fa8a332ed..31957b2ea 100644
--- a/vendor/github.com/miekg/dns/scan.go
+++ b/vendor/github.com/miekg/dns/scan.go
@@ -1318,6 +1318,13 @@ func toAbsoluteName(name, origin string) (absolute string, ok bool) {
 		return origin, true
 	}
 
+	// this can happen when we have a comment after a RR that has a domain, '...   MX 20 ; this is wrong'.
+	// technically a newline can be in a domain name, but this is clearly an error and the newline only shows
+	// because of the scanning and the comment.
+	if name == "\n" {
+		return "", false
+	}
+
 	// require a valid domain name
 	_, ok = IsDomainName(name)
 	if !ok || name == "" {
diff --git a/vendor/github.com/miekg/dns/types.go b/vendor/github.com/miekg/dns/types.go
index e39cf2fec..f5067cd43 100644
--- a/vendor/github.com/miekg/dns/types.go
+++ b/vendor/github.com/miekg/dns/types.go
@@ -126,33 +126,35 @@ const (
 	ClassANY    = 255
 
 	// Message Response Codes, see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml
-	RcodeSuccess        = 0  // NoError   - No Error                          [DNS]
-	RcodeFormatError    = 1  // FormErr   - Format Error                      [DNS]
-	RcodeServerFailure  = 2  // ServFail  - Server Failure                    [DNS]
-	RcodeNameError      = 3  // NXDomain  - Non-Existent Domain               [DNS]
-	RcodeNotImplemented = 4  // NotImp    - Not Implemented                   [DNS]
-	RcodeRefused        = 5  // Refused   - Query Refused                     [DNS]
-	RcodeYXDomain       = 6  // YXDomain  - Name Exists when it should not    [DNS Update]
-	RcodeYXRrset        = 7  // YXRRSet   - RR Set Exists when it should not  [DNS Update]
-	RcodeNXRrset        = 8  // NXRRSet   - RR Set that should exist does not [DNS Update]
-	RcodeNotAuth        = 9  // NotAuth   - Server Not Authoritative for zone [DNS Update]
-	RcodeNotZone        = 10 // NotZone   - Name not contained in zone        [DNS Update/TSIG]
-	RcodeBadSig         = 16 // BADSIG    - TSIG Signature Failure            [TSIG]  https://www.rfc-editor.org/rfc/rfc6895.html#section-2.3
-	RcodeBadVers        = 16 // BADVERS   - Bad OPT Version                   [EDNS0] https://www.rfc-editor.org/rfc/rfc6895.html#section-2.3
-	RcodeBadKey         = 17 // BADKEY    - Key not recognized                [TSIG]
-	RcodeBadTime        = 18 // BADTIME   - Signature out of time window      [TSIG]
-	RcodeBadMode        = 19 // BADMODE   - Bad TKEY Mode                     [TKEY]
-	RcodeBadName        = 20 // BADNAME   - Duplicate key name                [TKEY]
-	RcodeBadAlg         = 21 // BADALG    - Algorithm not supported           [TKEY]
-	RcodeBadTrunc       = 22 // BADTRUNC  - Bad Truncation                    [TSIG]
-	RcodeBadCookie      = 23 // BADCOOKIE - Bad/missing Server Cookie         [DNS Cookies]
+	RcodeSuccess                    = 0  // NoError   - No Error                          [DNS]
+	RcodeFormatError                = 1  // FormErr   - Format Error                      [DNS]
+	RcodeServerFailure              = 2  // ServFail  - Server Failure                    [DNS]
+	RcodeNameError                  = 3  // NXDomain  - Non-Existent Domain               [DNS]
+	RcodeNotImplemented             = 4  // NotImp    - Not Implemented                   [DNS]
+	RcodeRefused                    = 5  // Refused   - Query Refused                     [DNS]
+	RcodeYXDomain                   = 6  // YXDomain  - Name Exists when it should not    [DNS Update]
+	RcodeYXRrset                    = 7  // YXRRSet   - RR Set Exists when it should not  [DNS Update]
+	RcodeNXRrset                    = 8  // NXRRSet   - RR Set that should exist does not [DNS Update]
+	RcodeNotAuth                    = 9  // NotAuth   - Server Not Authoritative for zone [DNS Update]
+	RcodeNotZone                    = 10 // NotZone   - Name not contained in zone        [DNS Update/TSIG]
+	RcodeStatefulTypeNotImplemented = 11 // DSOTypeNI - DSO-TYPE not implemented          [DNS Stateful Operations] https://www.rfc-editor.org/rfc/rfc8490.html#section-10.2
+	RcodeBadSig                     = 16 // BADSIG    - TSIG Signature Failure            [TSIG]  https://www.rfc-editor.org/rfc/rfc6895.html#section-2.3
+	RcodeBadVers                    = 16 // BADVERS   - Bad OPT Version                   [EDNS0] https://www.rfc-editor.org/rfc/rfc6895.html#section-2.3
+	RcodeBadKey                     = 17 // BADKEY    - Key not recognized                [TSIG]
+	RcodeBadTime                    = 18 // BADTIME   - Signature out of time window      [TSIG]
+	RcodeBadMode                    = 19 // BADMODE   - Bad TKEY Mode                     [TKEY]
+	RcodeBadName                    = 20 // BADNAME   - Duplicate key name                [TKEY]
+	RcodeBadAlg                     = 21 // BADALG    - Algorithm not supported           [TKEY]
+	RcodeBadTrunc                   = 22 // BADTRUNC  - Bad Truncation                    [TSIG]
+	RcodeBadCookie                  = 23 // BADCOOKIE - Bad/missing Server Cookie         [DNS Cookies]
 
 	// Message Opcodes. There is no 3.
-	OpcodeQuery  = 0
-	OpcodeIQuery = 1
-	OpcodeStatus = 2
-	OpcodeNotify = 4
-	OpcodeUpdate = 5
+	OpcodeQuery    = 0
+	OpcodeIQuery   = 1
+	OpcodeStatus   = 2
+	OpcodeNotify   = 4
+	OpcodeUpdate   = 5
+	OpcodeStateful = 6
 )
 
 // Used in ZONEMD https://tools.ietf.org/html/rfc8976
@@ -179,6 +181,19 @@ const (
 	AMTRELAYHost = IPSECGatewayHost
 )
 
+// Stateful types as defined in RFC 8490.
+const (
+	StatefulTypeKeepAlive uint16 = iota + 1
+	StatefulTypeRetryDelay
+	StatefulTypeEncryptionPadding
+)
+
+var StatefulTypeToString = map[uint16]string{
+	StatefulTypeKeepAlive:         "KeepAlive",
+	StatefulTypeRetryDelay:        "RetryDelay",
+	StatefulTypeEncryptionPadding: "EncryptionPadding",
+}
+
 // Header is the wire format for the DNS packet header.
 type Header struct {
 	Id                                 uint16
@@ -886,7 +901,7 @@ func (rr *LOC) String() string {
 	lon = lon % LOC_HOURS
 	s += fmt.Sprintf("%02d %02d %0.3f %s ", h, m, float64(lon)/1000, ew)
 
-	var alt = float64(rr.Altitude) / 100
+	alt := float64(rr.Altitude) / 100
 	alt -= LOC_ALTITUDEBASE
 	if rr.Altitude%100 != 0 {
 		s += fmt.Sprintf("%.2fm ", alt)
diff --git a/vendor/github.com/miekg/dns/version.go b/vendor/github.com/miekg/dns/version.go
index 73e34edc3..936dc2124 100644
--- a/vendor/github.com/miekg/dns/version.go
+++ b/vendor/github.com/miekg/dns/version.go
@@ -3,7 +3,7 @@ package dns
 import "fmt"
 
 // Version is current version of this library.
-var Version = v{1, 1, 65}
+var Version = v{1, 1, 66}
 
 // v holds the version of this library.
 type v struct {
diff --git a/vendor/github.com/miekg/dns/xfr.go b/vendor/github.com/miekg/dns/xfr.go
index 5cfbb516a..97a642471 100644
--- a/vendor/github.com/miekg/dns/xfr.go
+++ b/vendor/github.com/miekg/dns/xfr.go
@@ -251,10 +251,13 @@ func (t *Transfer) ReadMsg() (*Msg, error) {
 	if err := m.Unpack(p); err != nil {
 		return nil, err
 	}
-	if ts, tp := m.IsTsig(), t.tsigProvider(); ts != nil && tp != nil {
+
+	if tp := t.tsigProvider(); tp != nil {
 		// Need to work on the original message p, as that was used to calculate the tsig.
 		err = TsigVerifyWithProvider(p, tp, t.tsigRequestMAC, t.tsigTimersOnly)
-		t.tsigRequestMAC = ts.MAC
+		if ts := m.IsTsig(); ts != nil {
+			t.tsigRequestMAC = ts.MAC
+		}
 	}
 	return m, err
 }
diff --git a/vendor/github.com/ncruces/go-sqlite3/embed/README.md b/vendor/github.com/ncruces/go-sqlite3/embed/README.md
index 765c4b685..1a2d575bb 100644
--- a/vendor/github.com/ncruces/go-sqlite3/embed/README.md
+++ b/vendor/github.com/ncruces/go-sqlite3/embed/README.md
@@ -1,6 +1,6 @@
 # Embeddable Wasm build of SQLite
 
-This folder includes an embeddable Wasm build of SQLite 3.49.1 for use with
+This folder includes an embeddable Wasm build of SQLite 3.49.2 for use with
 [`github.com/ncruces/go-sqlite3`](https://pkg.go.dev/github.com/ncruces/go-sqlite3).
 
 The following optional features are compiled in:
diff --git a/vendor/github.com/ncruces/go-sqlite3/embed/sqlite3.wasm b/vendor/github.com/ncruces/go-sqlite3/embed/sqlite3.wasm
index 88ebe9932..44f667926 100644
--- a/vendor/github.com/ncruces/go-sqlite3/embed/sqlite3.wasm
+++ b/vendor/github.com/ncruces/go-sqlite3/embed/sqlite3.wasm
diff --git a/vendor/github.com/spf13/cast/.editorconfig b/vendor/github.com/spf13/cast/.editorconfig
new file mode 100644
index 000000000..a85749f19
--- /dev/null
+++ b/vendor/github.com/spf13/cast/.editorconfig
@@ -0,0 +1,15 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.go]
+indent_style = tab
+
+[{*.yml,*.yaml}]
+indent_size = 2
diff --git a/vendor/github.com/spf13/cast/.golangci.yaml b/vendor/github.com/spf13/cast/.golangci.yaml
new file mode 100644
index 000000000..e00fd47aa
--- /dev/null
+++ b/vendor/github.com/spf13/cast/.golangci.yaml
@@ -0,0 +1,39 @@
+version: "2"
+
+run:
+  timeout: 10m
+
+linters:
+  enable:
+    - errcheck
+    - govet
+    - ineffassign
+    - misspell
+    - nolintlint
+    # - revive
+    - unused
+
+  disable:
+    - staticcheck
+
+  settings:
+    misspell:
+      locale: US
+    nolintlint:
+      allow-unused: false # report any unused nolint directives
+      require-specific: false # don't require nolint directives to be specific about which linter is being skipped
+
+formatters:
+  enable:
+    - gci
+    - gofmt
+    # - gofumpt
+    - goimports
+    # - golines
+
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - localmodule
diff --git a/vendor/github.com/spf13/cast/README.md b/vendor/github.com/spf13/cast/README.md
index 1be666a45..c58eccb3f 100644
--- a/vendor/github.com/spf13/cast/README.md
+++ b/vendor/github.com/spf13/cast/README.md
@@ -1,9 +1,9 @@
 # cast
 
-[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/spf13/cast/test.yaml?branch=master&style=flat-square)](https://github.com/spf13/cast/actions/workflows/test.yaml)
-[![PkgGoDev](https://pkg.go.dev/badge/mod/github.com/spf13/cast)](https://pkg.go.dev/mod/github.com/spf13/cast)
-![Go Version](https://img.shields.io/badge/go%20version-%3E=1.16-61CFDD.svg?style=flat-square)
-[![Go Report Card](https://goreportcard.com/badge/github.com/spf13/cast?style=flat-square)](https://goreportcard.com/report/github.com/spf13/cast)
+[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/spf13/cast/ci.yaml?style=flat-square)](https://github.com/spf13/cast/actions/workflows/ci.yaml)
+[![go.dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/mod/github.com/spf13/cast)
+![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/spf13/cast?style=flat-square&color=61CFDD)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/spf13/cast/badge?style=flat-square)](https://deps.dev/go/github.com%252Fspf13%252Fcast)
 
 Easy and safe casting from one type to another in Go
 
@@ -73,3 +73,7 @@ the code for a complete set.
 	var eight interface{} = 8
     cast.ToInt(eight)              // 8
     cast.ToInt(nil)                // 0
+
+## License
+
+The project is licensed under the [MIT License](LICENSE).
diff --git a/vendor/github.com/spf13/cast/cast.go b/vendor/github.com/spf13/cast/cast.go
index 0cfe9418d..386ba80a9 100644
--- a/vendor/github.com/spf13/cast/cast.go
+++ b/vendor/github.com/spf13/cast/cast.go
@@ -169,6 +169,24 @@ func ToIntSlice(i interface{}) []int {
 	return v
 }
 
+// ToInt64Slice casts an interface to a []int64 type.
+func ToInt64Slice(i interface{}) []int64 {
+	v, _ := ToInt64SliceE(i)
+	return v
+}
+
+// ToUintSlice casts an interface to a []uint type.
+func ToUintSlice(i interface{}) []uint {
+	v, _ := ToUintSliceE(i)
+	return v
+}
+
+// ToFloat64Slice casts an interface to a []float64 type.
+func ToFloat64Slice(i interface{}) []float64 {
+	v, _ := ToFloat64SliceE(i)
+	return v
+}
+
 // ToDurationSlice casts an interface to a []time.Duration type.
 func ToDurationSlice(i interface{}) []time.Duration {
 	v, _ := ToDurationSliceE(i)
diff --git a/vendor/github.com/spf13/cast/caste.go b/vendor/github.com/spf13/cast/caste.go
index 4181a2e75..4d4ca8db1 100644
--- a/vendor/github.com/spf13/cast/caste.go
+++ b/vendor/github.com/spf13/cast/caste.go
@@ -615,9 +615,6 @@ func ToUint64E(i interface{}) (uint64, error) {
 	case string:
 		v, err := strconv.ParseUint(trimZeroDecimal(s), 0, 0)
 		if err == nil {
-			if v < 0 {
-				return 0, errNegativeNotAllowed
-			}
 			return v, nil
 		}
 		return 0, fmt.Errorf("unable to cast %#v of type %T to uint64", i, i)
@@ -1000,36 +997,57 @@ func ToStringE(i interface{}) (string, error) {
 	}
 }
 
-// ToStringMapStringE casts an interface to a map[string]string type.
-func ToStringMapStringE(i interface{}) (map[string]string, error) {
-	m := map[string]string{}
+func toMapE[K comparable, V any](i any, keyFn func(any) K, valFn func(any) V) (map[K]V, error) {
+	m := map[K]V{}
+
+	if i == nil {
+		return m, fmt.Errorf("unable to cast %#v of type %T to %T", i, i, m)
+	}
 
 	switch v := i.(type) {
-	case map[string]string:
+	case map[K]V:
 		return v, nil
-	case map[string]interface{}:
+
+	case map[K]any:
 		for k, val := range v {
-			m[ToString(k)] = ToString(val)
+			m[k] = valFn(val)
 		}
+
 		return m, nil
-	case map[interface{}]string:
+
+	case map[any]V:
 		for k, val := range v {
-			m[ToString(k)] = ToString(val)
+			m[keyFn(k)] = val
 		}
+
 		return m, nil
-	case map[interface{}]interface{}:
+
+	case map[any]any:
 		for k, val := range v {
-			m[ToString(k)] = ToString(val)
+			m[keyFn(k)] = valFn(val)
 		}
+
 		return m, nil
+
 	case string:
 		err := jsonStringToObject(v, &m)
+
 		return m, err
+
 	default:
-		return m, fmt.Errorf("unable to cast %#v of type %T to map[string]string", i, i)
+		return m, fmt.Errorf("unable to cast %#v of type %T to %T", i, i, m)
 	}
 }
 
+func toStringMapE[T any](i any, fn func(any) T) (map[string]T, error) {
+	return toMapE(i, ToString, fn)
+}
+
+// ToStringMapStringE casts an interface to a map[string]string type.
+func ToStringMapStringE(i any) (map[string]string, error) {
+	return toStringMapE(i, ToString)
+}
+
 // ToStringMapStringSliceE casts an interface to a map[string][]string type.
 func ToStringMapStringSliceE(i interface{}) (map[string][]string, error) {
 	m := map[string][]string{}
@@ -1096,130 +1114,83 @@ func ToStringMapStringSliceE(i interface{}) (map[string][]string, error) {
 
 // ToStringMapBoolE casts an interface to a map[string]bool type.
 func ToStringMapBoolE(i interface{}) (map[string]bool, error) {
-	m := map[string]bool{}
-
-	switch v := i.(type) {
-	case map[interface{}]interface{}:
-		for k, val := range v {
-			m[ToString(k)] = ToBool(val)
-		}
-		return m, nil
-	case map[string]interface{}:
-		for k, val := range v {
-			m[ToString(k)] = ToBool(val)
-		}
-		return m, nil
-	case map[string]bool:
-		return v, nil
-	case string:
-		err := jsonStringToObject(v, &m)
-		return m, err
-	default:
-		return m, fmt.Errorf("unable to cast %#v of type %T to map[string]bool", i, i)
-	}
+	return toStringMapE(i, ToBool)
 }
 
 // ToStringMapE casts an interface to a map[string]interface{} type.
 func ToStringMapE(i interface{}) (map[string]interface{}, error) {
-	m := map[string]interface{}{}
+	fn := func(i any) any { return i }
 
-	switch v := i.(type) {
-	case map[interface{}]interface{}:
-		for k, val := range v {
-			m[ToString(k)] = val
-		}
-		return m, nil
-	case map[string]interface{}:
-		return v, nil
-	case string:
-		err := jsonStringToObject(v, &m)
-		return m, err
-	default:
-		return m, fmt.Errorf("unable to cast %#v of type %T to map[string]interface{}", i, i)
-	}
+	return toStringMapE(i, fn)
 }
 
-// ToStringMapIntE casts an interface to a map[string]int{} type.
-func ToStringMapIntE(i interface{}) (map[string]int, error) {
-	m := map[string]int{}
+func toStringMapIntE[T int | int64](i any, fn func(any) T, fnE func(any) (T, error)) (map[string]T, error) {
+	m := map[string]T{}
+
 	if i == nil {
-		return m, fmt.Errorf("unable to cast %#v of type %T to map[string]int", i, i)
+		return m, fmt.Errorf("unable to cast %#v of type %T to %T", i, i, m)
 	}
 
 	switch v := i.(type) {
-	case map[interface{}]interface{}:
-		for k, val := range v {
-			m[ToString(k)] = ToInt(val)
-		}
-		return m, nil
-	case map[string]interface{}:
-		for k, val := range v {
-			m[k] = ToInt(val)
-		}
-		return m, nil
-	case map[string]int:
+	case map[string]T:
 		return v, nil
-	case string:
-		err := jsonStringToObject(v, &m)
-		return m, err
-	}
 
-	if reflect.TypeOf(i).Kind() != reflect.Map {
-		return m, fmt.Errorf("unable to cast %#v of type %T to map[string]int", i, i)
-	}
-
-	mVal := reflect.ValueOf(m)
-	v := reflect.ValueOf(i)
-	for _, keyVal := range v.MapKeys() {
-		val, err := ToIntE(v.MapIndex(keyVal).Interface())
-		if err != nil {
-			return m, fmt.Errorf("unable to cast %#v of type %T to map[string]int", i, i)
+	case map[string]any:
+		for k, val := range v {
+			m[k] = fn(val)
 		}
-		mVal.SetMapIndex(keyVal, reflect.ValueOf(val))
-	}
-	return m, nil
-}
 
-// ToStringMapInt64E casts an interface to a map[string]int64{} type.
-func ToStringMapInt64E(i interface{}) (map[string]int64, error) {
-	m := map[string]int64{}
-	if i == nil {
-		return m, fmt.Errorf("unable to cast %#v of type %T to map[string]int64", i, i)
-	}
+		return m, nil
 
-	switch v := i.(type) {
-	case map[interface{}]interface{}:
+	case map[any]T:
 		for k, val := range v {
-			m[ToString(k)] = ToInt64(val)
+			m[ToString(k)] = val
 		}
+
 		return m, nil
-	case map[string]interface{}:
+
+	case map[any]any:
 		for k, val := range v {
-			m[k] = ToInt64(val)
+			m[ToString(k)] = fn(val)
 		}
+
 		return m, nil
-	case map[string]int64:
-		return v, nil
+
 	case string:
 		err := jsonStringToObject(v, &m)
+
 		return m, err
 	}
 
 	if reflect.TypeOf(i).Kind() != reflect.Map {
-		return m, fmt.Errorf("unable to cast %#v of type %T to map[string]int64", i, i)
+		return m, fmt.Errorf("unable to cast %#v of type %T to %T", i, i, m)
 	}
+
 	mVal := reflect.ValueOf(m)
 	v := reflect.ValueOf(i)
+
 	for _, keyVal := range v.MapKeys() {
-		val, err := ToInt64E(v.MapIndex(keyVal).Interface())
+		val, err := fnE(v.MapIndex(keyVal).Interface())
 		if err != nil {
-			return m, fmt.Errorf("unable to cast %#v of type %T to map[string]int64", i, i)
+			return m, fmt.Errorf("unable to cast %#v of type %T to %T", i, i, m)
 		}
+
 		mVal.SetMapIndex(keyVal, reflect.ValueOf(val))
 	}
+
 	return m, nil
 }
 
+// ToStringMapIntE casts an interface to a map[string]int{} type.
+func ToStringMapIntE(i any) (map[string]int, error) {
+	return toStringMapIntE(i, ToInt, ToIntE)
+}
+
+// ToStringMapInt64E casts an interface to a map[string]int64{} type.
+func ToStringMapInt64E(i interface{}) (map[string]int64, error) {
+	return toStringMapIntE(i, ToInt64, ToInt64E)
+}
+
 // ToSliceE casts an interface to a []interface{} type.
 func ToSliceE(i interface{}) ([]interface{}, error) {
 	var s []interface{}
@@ -1237,14 +1208,13 @@ func ToSliceE(i interface{}) ([]interface{}, error) {
 	}
 }
 
-// ToBoolSliceE casts an interface to a []bool type.
-func ToBoolSliceE(i interface{}) ([]bool, error) {
+func toSliceE[T any](i any, fn func(any) (T, error)) ([]T, error) {
 	if i == nil {
-		return []bool{}, fmt.Errorf("unable to cast %#v of type %T to []bool", i, i)
+		return []T{}, fmt.Errorf("unable to cast %#v of type %T to %T", i, i, []T{})
 	}
 
 	switch v := i.(type) {
-	case []bool:
+	case []T:
 		return v, nil
 	}
 
@@ -1252,20 +1222,25 @@ func ToBoolSliceE(i interface{}) ([]bool, error) {
 	switch kind {
 	case reflect.Slice, reflect.Array:
 		s := reflect.ValueOf(i)
-		a := make([]bool, s.Len())
+		a := make([]T, s.Len())
 		for j := 0; j < s.Len(); j++ {
-			val, err := ToBoolE(s.Index(j).Interface())
+			val, err := fn(s.Index(j).Interface())
 			if err != nil {
-				return []bool{}, fmt.Errorf("unable to cast %#v of type %T to []bool", i, i)
+				return []T{}, fmt.Errorf("unable to cast %#v of type %T to %T", i, i, []T{})
 			}
 			a[j] = val
 		}
 		return a, nil
 	default:
-		return []bool{}, fmt.Errorf("unable to cast %#v of type %T to []bool", i, i)
+		return []T{}, fmt.Errorf("unable to cast %#v of type %T to %T", i, i, []T{})
 	}
 }
 
+// ToBoolSliceE casts an interface to a []bool type.
+func ToBoolSliceE(i interface{}) ([]bool, error) {
+	return toSliceE(i, ToBoolE)
+}
+
 // ToStringSliceE casts an interface to a []string type.
 func ToStringSliceE(i interface{}) ([]string, error) {
 	var a []string
@@ -1298,6 +1273,26 @@ func ToStringSliceE(i interface{}) ([]string, error) {
 			a = append(a, ToString(u))
 		}
 		return a, nil
+	case []uint8:
+		for _, u := range v {
+			a = append(a, ToString(u))
+		}
+		return a, nil
+	case []uint:
+		for _, u := range v {
+			a = append(a, ToString(u))
+		}
+		return a, nil
+	case []uint32:
+		for _, u := range v {
+			a = append(a, ToString(u))
+		}
+		return a, nil
+	case []uint64:
+		for _, u := range v {
+			a = append(a, ToString(u))
+		}
+		return a, nil
 	case []float32:
 		for _, u := range v {
 			a = append(a, ToString(u))
@@ -1328,60 +1323,27 @@ func ToStringSliceE(i interface{}) ([]string, error) {
 
 // ToIntSliceE casts an interface to a []int type.
 func ToIntSliceE(i interface{}) ([]int, error) {
-	if i == nil {
-		return []int{}, fmt.Errorf("unable to cast %#v of type %T to []int", i, i)
-	}
+	return toSliceE(i, ToIntE)
+}
 
-	switch v := i.(type) {
-	case []int:
-		return v, nil
-	}
+// ToUintSliceE casts an interface to a []uint type.
+func ToUintSliceE(i interface{}) ([]uint, error) {
+	return toSliceE(i, ToUintE)
+}
 
-	kind := reflect.TypeOf(i).Kind()
-	switch kind {
-	case reflect.Slice, reflect.Array:
-		s := reflect.ValueOf(i)
-		a := make([]int, s.Len())
-		for j := 0; j < s.Len(); j++ {
-			val, err := ToIntE(s.Index(j).Interface())
-			if err != nil {
-				return []int{}, fmt.Errorf("unable to cast %#v of type %T to []int", i, i)
-			}
-			a[j] = val
-		}
-		return a, nil
-	default:
-		return []int{}, fmt.Errorf("unable to cast %#v of type %T to []int", i, i)
-	}
+// ToFloat64SliceE casts an interface to a []float64 type.
+func ToFloat64SliceE(i interface{}) ([]float64, error) {
+	return toSliceE(i, ToFloat64E)
+}
+
+// ToInt64SliceE casts an interface to a []int64 type.
+func ToInt64SliceE(i interface{}) ([]int64, error) {
+	return toSliceE(i, ToInt64E)
 }
 
 // ToDurationSliceE casts an interface to a []time.Duration type.
 func ToDurationSliceE(i interface{}) ([]time.Duration, error) {
-	if i == nil {
-		return []time.Duration{}, fmt.Errorf("unable to cast %#v of type %T to []time.Duration", i, i)
-	}
-
-	switch v := i.(type) {
-	case []time.Duration:
-		return v, nil
-	}
-
-	kind := reflect.TypeOf(i).Kind()
-	switch kind {
-	case reflect.Slice, reflect.Array:
-		s := reflect.ValueOf(i)
-		a := make([]time.Duration, s.Len())
-		for j := 0; j < s.Len(); j++ {
-			val, err := ToDurationE(s.Index(j).Interface())
-			if err != nil {
-				return []time.Duration{}, fmt.Errorf("unable to cast %#v of type %T to []time.Duration", i, i)
-			}
-			a[j] = val
-		}
-		return a, nil
-	default:
-		return []time.Duration{}, fmt.Errorf("unable to cast %#v of type %T to []time.Duration", i, i)
-	}
+	return toSliceE(i, ToDurationE)
 }
 
 // StringToDate attempts to parse a string into a time.Time type using a
diff --git a/vendor/github.com/tdewolff/parse/v2/binary.go b/vendor/github.com/tdewolff/parse/v2/binary.go
index c412bd997..7247e6e10 100644
--- a/vendor/github.com/tdewolff/parse/v2/binary.go
+++ b/vendor/github.com/tdewolff/parse/v2/binary.go
@@ -574,6 +574,16 @@ func (r *BinaryReader2) Read(b []byte) (int, error) {
 	return n, err
 }
 
+// ReadAt complies with io.ReaderAt.
+func (r *BinaryReader2) ReadAt(b []byte, off int64) (int, error) {
+	data, err := r.f.Bytes(len(b), off)
+	if err != nil && err != io.EOF {
+		return 0, err
+	}
+	n := copy(b, data)
+	return n, err
+}
+
 // ReadBytes reads n bytes.
 func (r *BinaryReader2) ReadBytes(n int) []byte {
 	data, err := r.f.Bytes(n, r.pos)
diff --git a/vendor/github.com/tdewolff/parse/v2/binary_unix.go b/vendor/github.com/tdewolff/parse/v2/binary_unix.go
index 4a7218690..70bb8767f 100644
--- a/vendor/github.com/tdewolff/parse/v2/binary_unix.go
+++ b/vendor/github.com/tdewolff/parse/v2/binary_unix.go
@@ -22,12 +22,12 @@ func newBinaryReaderMmap(filename string) (*binaryReaderMmap, error) {
 	}
 	defer f.Close()
 
-	fi, err := f.Stat()
+	info, err := f.Stat()
 	if err != nil {
 		return nil, err
 	}
 
-	size := fi.Size()
+	size := info.Size()
 	if size == 0 {
 		// Treat (size == 0) as a special case, avoiding the syscall, since
 		// "man 2 mmap" says "the length... must be greater than 0".
@@ -38,9 +38,9 @@ func newBinaryReaderMmap(filename string) (*binaryReaderMmap, error) {
 			data: make([]byte, 0),
 		}, nil
 	} else if size < 0 {
-		return nil, fmt.Errorf("mmap: file %q has negative size", filename)
+		return nil, fmt.Errorf("mmap: file %s has negative size", filename)
 	} else if size != int64(int(size)) {
-		return nil, fmt.Errorf("mmap: file %q is too large", filename)
+		return nil, fmt.Errorf("mmap: file %s is too large", filename)
 	}
 
 	data, err := syscall.Mmap(int(f.Fd()), 0, int(size), syscall.PROT_READ, syscall.MAP_SHARED)
diff --git a/vendor/github.com/tdewolff/parse/v2/strconv/number.go b/vendor/github.com/tdewolff/parse/v2/strconv/number.go
index 9f768dbdb..eb2a909b2 100644
--- a/vendor/github.com/tdewolff/parse/v2/strconv/number.go
+++ b/vendor/github.com/tdewolff/parse/v2/strconv/number.go
@@ -10,7 +10,7 @@ import (
 func ParseNumber(b []byte, groupSym rune, decSym rune) (int64, int, int) {
 	n, dec := 0, 0
 	sign := int64(1)
-	price := int64(0)
+	num := int64(0)
 	hasDecimals := false
 	if 0 < len(b) && b[0] == '-' {
 		sign = -1
@@ -19,13 +19,13 @@ func ParseNumber(b []byte, groupSym rune, decSym rune) (int64, int, int) {
 	for n < len(b) {
 		if '0' <= b[n] && b[n] <= '9' {
 			digit := sign * int64(b[n]-'0')
-			if sign == 1 && (math.MaxInt64/10 < price || math.MaxInt64-digit < price*10) {
+			if sign == 1 && (math.MaxInt64/10 < num || math.MaxInt64-digit < num*10) {
 				break
-			} else if sign == -1 && (price < math.MinInt64/10 || price*10 < math.MinInt64-digit) {
+			} else if sign == -1 && (num < math.MinInt64/10 || num*10 < math.MinInt64-digit) {
 				break
 			}
-			price *= 10
-			price += digit
+			num *= 10
+			num += digit
 			if hasDecimals {
 				dec++
 			}
@@ -39,11 +39,11 @@ func ParseNumber(b []byte, groupSym rune, decSym rune) (int64, int, int) {
 			break
 		}
 	}
-	return price, dec, n
+	return num, dec, n
 }
 
 // AppendNumber will append an int64 formatted as a number with the given number of decimal digits.
-func AppendNumber(b []byte, price int64, dec int, groupSize int, groupSym rune, decSym rune) []byte {
+func AppendNumber(b []byte, num int64, dec int, groupSize int, groupSym rune, decSym rune) []byte {
 	if dec < 0 {
 		dec = 0
 	}
@@ -55,12 +55,12 @@ func AppendNumber(b []byte, price int64, dec int, groupSize int, groupSym rune,
 	}
 
 	sign := int64(1)
-	if price < 0 {
+	if num < 0 {
 		sign = -1
 	}
 
 	// calculate size
-	n := LenInt(price)
+	n := LenInt(num)
 	if dec < n && 0 < groupSize && groupSym != 0 {
 		n += utf8.RuneLen(groupSym) * (n - dec - 1) / groupSize
 	}
@@ -86,8 +86,8 @@ func AppendNumber(b []byte, price int64, dec int, groupSize int, groupSym rune,
 	i += n - 1
 	if 0 < dec {
 		for 0 < dec {
-			c := byte(sign*(price%10)) + '0'
-			price /= 10
+			c := byte(sign*(num%10)) + '0'
+			num /= 10
 			b[i] = c
 			dec--
 			i--
@@ -97,7 +97,7 @@ func AppendNumber(b []byte, price int64, dec int, groupSize int, groupSym rune,
 	}
 
 	// print integer-part
-	if price == 0 {
+	if num == 0 {
 		b[i] = '0'
 		if sign == -1 {
 			b[i-1] = '-'
@@ -105,14 +105,14 @@ func AppendNumber(b []byte, price int64, dec int, groupSize int, groupSym rune,
 		return b
 	}
 	j := 0
-	for price != 0 {
+	for num != 0 {
 		if 0 < groupSize && groupSym != 0 && 0 < j && j%groupSize == 0 {
 			i -= utf8.RuneLen(groupSym)
 			utf8.EncodeRune(b[i+1:], groupSym)
 		}
 
-		c := byte(sign*(price%10)) + '0'
-		price /= 10
+		c := byte(sign*(num%10)) + '0'
+		num /= 10
 		b[i] = c
 		i--
 		j++
diff --git a/vendor/golang.org/x/crypto/acme/acme.go b/vendor/golang.org/x/crypto/acme/acme.go
index a43c62f1d..cfb1dfd8c 100644
--- a/vendor/golang.org/x/crypto/acme/acme.go
+++ b/vendor/golang.org/x/crypto/acme/acme.go
@@ -353,6 +353,10 @@ func (c *Client) authorize(ctx context.Context, typ, val string) (*Authorization
 	if _, err := c.Discover(ctx); err != nil {
 		return nil, err
 	}
+	if c.dir.AuthzURL == "" {
+		// Pre-Authorization is unsupported
+		return nil, errPreAuthorizationNotSupported
+	}
 
 	type authzID struct {
 		Type  string `json:"type"`
diff --git a/vendor/golang.org/x/crypto/acme/autocert/listener.go b/vendor/golang.org/x/crypto/acme/autocert/listener.go
index 9d62f8ced..460133e0c 100644
--- a/vendor/golang.org/x/crypto/acme/autocert/listener.go
+++ b/vendor/golang.org/x/crypto/acme/autocert/listener.go
@@ -10,7 +10,6 @@ import (
 	"net"
 	"os"
 	"path/filepath"
-	"runtime"
 	"time"
 )
 
@@ -124,32 +123,13 @@ func (ln *listener) Close() error {
 	return ln.tcpListener.Close()
 }
 
-func homeDir() string {
-	if runtime.GOOS == "windows" {
-		return os.Getenv("HOMEDRIVE") + os.Getenv("HOMEPATH")
-	}
-	if h := os.Getenv("HOME"); h != "" {
-		return h
-	}
-	return "/"
-}
-
 func cacheDir() string {
 	const base = "golang-autocert"
-	switch runtime.GOOS {
-	case "darwin":
-		return filepath.Join(homeDir(), "Library", "Caches", base)
-	case "windows":
-		for _, ev := range []string{"APPDATA", "CSIDL_APPDATA", "TEMP", "TMP"} {
-			if v := os.Getenv(ev); v != "" {
-				return filepath.Join(v, base)
-			}
-		}
-		// Worst case:
-		return filepath.Join(homeDir(), base)
-	}
-	if xdg := os.Getenv("XDG_CACHE_HOME"); xdg != "" {
-		return filepath.Join(xdg, base)
+	cache, err := os.UserCacheDir()
+	if err != nil {
+		// Fall back to the root directory.
+		cache = "/.cache"
 	}
-	return filepath.Join(homeDir(), ".cache", base)
+
+	return filepath.Join(cache, base)
 }
diff --git a/vendor/golang.org/x/crypto/acme/http.go b/vendor/golang.org/x/crypto/acme/http.go
index d92ff232f..8f29df56e 100644
--- a/vendor/golang.org/x/crypto/acme/http.go
+++ b/vendor/golang.org/x/crypto/acme/http.go
@@ -66,7 +66,7 @@ func (c *Client) retryTimer() *retryTimer {
 // The n argument is always bounded between 1 and 30.
 // The returned value is always greater than 0.
 func defaultBackoff(n int, r *http.Request, res *http.Response) time.Duration {
-	const max = 10 * time.Second
+	const maxVal = 10 * time.Second
 	var jitter time.Duration
 	if x, err := rand.Int(rand.Reader, big.NewInt(1000)); err == nil {
 		// Set the minimum to 1ms to avoid a case where
@@ -86,10 +86,7 @@ func defaultBackoff(n int, r *http.Request, res *http.Response) time.Duration {
 		n = 30
 	}
 	d := time.Duration(1<<uint(n-1))*time.Second + jitter
-	if d > max {
-		return max
-	}
-	return d
+	return min(d, maxVal)
 }
 
 // retryAfter parses a Retry-After HTTP header value,
diff --git a/vendor/golang.org/x/crypto/acme/types.go b/vendor/golang.org/x/crypto/acme/types.go
index 45492adc8..640223cb7 100644
--- a/vendor/golang.org/x/crypto/acme/types.go
+++ b/vendor/golang.org/x/crypto/acme/types.go
@@ -56,6 +56,10 @@ var (
 
 	// ErrNoAccount indicates that the Client's key has not been registered with the CA.
 	ErrNoAccount = errors.New("acme: account does not exist")
+
+	// errPreAuthorizationNotSupported indicates that the server does not
+	// support pre-authorization of identifiers.
+	errPreAuthorizationNotSupported = errors.New("acme: pre-authorization is not supported")
 )
 
 // A Subproblem describes an ACME subproblem as reported in an Error.
diff --git a/vendor/golang.org/x/crypto/ssh/mlkem.go b/vendor/golang.org/x/crypto/ssh/mlkem.go
new file mode 100644
index 000000000..40681dd69
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ssh/mlkem.go
@@ -0,0 +1,187 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.24
+
+package ssh
+
+import (
+	"crypto"
+	"crypto/mlkem"
+	"crypto/sha256"
+	"errors"
+	"fmt"
+	"io"
+	"runtime"
+	"slices"
+
+	"golang.org/x/crypto/curve25519"
+)
+
+const (
+	kexAlgoMLKEM768xCurve25519SHA256 = "mlkem768x25519-sha256"
+)
+
+func init() {
+	// After Go 1.24rc1 mlkem swapped the order of return values of Encapsulate.
+	// See #70950.
+	if runtime.Version() == "go1.24rc1" {
+		return
+	}
+	supportedKexAlgos = slices.Insert(supportedKexAlgos, 0, kexAlgoMLKEM768xCurve25519SHA256)
+	preferredKexAlgos = slices.Insert(preferredKexAlgos, 0, kexAlgoMLKEM768xCurve25519SHA256)
+	kexAlgoMap[kexAlgoMLKEM768xCurve25519SHA256] = &mlkem768WithCurve25519sha256{}
+}
+
+// mlkem768WithCurve25519sha256 implements the hybrid ML-KEM768 with
+// curve25519-sha256 key exchange method, as described by
+// draft-kampanakis-curdle-ssh-pq-ke-05 section 2.3.3.
+type mlkem768WithCurve25519sha256 struct{}
+
+func (kex *mlkem768WithCurve25519sha256) Client(c packetConn, rand io.Reader, magics *handshakeMagics) (*kexResult, error) {
+	var c25519kp curve25519KeyPair
+	if err := c25519kp.generate(rand); err != nil {
+		return nil, err
+	}
+
+	seed := make([]byte, mlkem.SeedSize)
+	if _, err := io.ReadFull(rand, seed); err != nil {
+		return nil, err
+	}
+
+	mlkemDk, err := mlkem.NewDecapsulationKey768(seed)
+	if err != nil {
+		return nil, err
+	}
+
+	hybridKey := append(mlkemDk.EncapsulationKey().Bytes(), c25519kp.pub[:]...)
+	if err := c.writePacket(Marshal(&kexECDHInitMsg{hybridKey})); err != nil {
+		return nil, err
+	}
+
+	packet, err := c.readPacket()
+	if err != nil {
+		return nil, err
+	}
+
+	var reply kexECDHReplyMsg
+	if err = Unmarshal(packet, &reply); err != nil {
+		return nil, err
+	}
+
+	if len(reply.EphemeralPubKey) != mlkem.CiphertextSize768+32 {
+		return nil, errors.New("ssh: peer's mlkem768x25519 public value has wrong length")
+	}
+
+	// Perform KEM decapsulate operation to obtain shared key from ML-KEM.
+	mlkem768Secret, err := mlkemDk.Decapsulate(reply.EphemeralPubKey[:mlkem.CiphertextSize768])
+	if err != nil {
+		return nil, err
+	}
+
+	// Complete Curve25519 ECDH to obtain its shared key.
+	c25519Secret, err := curve25519.X25519(c25519kp.priv[:], reply.EphemeralPubKey[mlkem.CiphertextSize768:])
+	if err != nil {
+		return nil, fmt.Errorf("ssh: peer's mlkem768x25519 public value is not valid: %w", err)
+	}
+	// Compute actual shared key.
+	h := sha256.New()
+	h.Write(mlkem768Secret)
+	h.Write(c25519Secret)
+	secret := h.Sum(nil)
+
+	h.Reset()
+	magics.write(h)
+	writeString(h, reply.HostKey)
+	writeString(h, hybridKey)
+	writeString(h, reply.EphemeralPubKey)
+
+	K := make([]byte, stringLength(len(secret)))
+	marshalString(K, secret)
+	h.Write(K)
+
+	return &kexResult{
+		H:         h.Sum(nil),
+		K:         K,
+		HostKey:   reply.HostKey,
+		Signature: reply.Signature,
+		Hash:      crypto.SHA256,
+	}, nil
+}
+
+func (kex *mlkem768WithCurve25519sha256) Server(c packetConn, rand io.Reader, magics *handshakeMagics, priv AlgorithmSigner, algo string) (*kexResult, error) {
+	packet, err := c.readPacket()
+	if err != nil {
+		return nil, err
+	}
+
+	var kexInit kexECDHInitMsg
+	if err = Unmarshal(packet, &kexInit); err != nil {
+		return nil, err
+	}
+
+	if len(kexInit.ClientPubKey) != mlkem.EncapsulationKeySize768+32 {
+		return nil, errors.New("ssh: peer's ML-KEM768/curve25519 public value has wrong length")
+	}
+
+	encapsulationKey, err := mlkem.NewEncapsulationKey768(kexInit.ClientPubKey[:mlkem.EncapsulationKeySize768])
+	if err != nil {
+		return nil, fmt.Errorf("ssh: peer's ML-KEM768 encapsulation key is not valid: %w", err)
+	}
+	// Perform KEM encapsulate operation to obtain ciphertext and shared key.
+	mlkem768Secret, mlkem768Ciphertext := encapsulationKey.Encapsulate()
+
+	// Perform server side of Curve25519 ECDH to obtain server public value and
+	// shared key.
+	var c25519kp curve25519KeyPair
+	if err := c25519kp.generate(rand); err != nil {
+		return nil, err
+	}
+	c25519Secret, err := curve25519.X25519(c25519kp.priv[:], kexInit.ClientPubKey[mlkem.EncapsulationKeySize768:])
+	if err != nil {
+		return nil, fmt.Errorf("ssh: peer's ML-KEM768/curve25519 public value is not valid: %w", err)
+	}
+	hybridKey := append(mlkem768Ciphertext, c25519kp.pub[:]...)
+
+	// Compute actual shared key.
+	h := sha256.New()
+	h.Write(mlkem768Secret)
+	h.Write(c25519Secret)
+	secret := h.Sum(nil)
+
+	hostKeyBytes := priv.PublicKey().Marshal()
+
+	h.Reset()
+	magics.write(h)
+	writeString(h, hostKeyBytes)
+	writeString(h, kexInit.ClientPubKey)
+	writeString(h, hybridKey)
+
+	K := make([]byte, stringLength(len(secret)))
+	marshalString(K, secret)
+	h.Write(K)
+
+	H := h.Sum(nil)
+
+	sig, err := signAndMarshal(priv, rand, H, algo)
+	if err != nil {
+		return nil, err
+	}
+
+	reply := kexECDHReplyMsg{
+		EphemeralPubKey: hybridKey,
+		HostKey:         hostKeyBytes,
+		Signature:       sig,
+	}
+	if err := c.writePacket(Marshal(&reply)); err != nil {
+		return nil, err
+	}
+	return &kexResult{
+		H:         H,
+		K:         K,
+		HostKey:   hostKeyBytes,
+		Signature: sig,
+		Hash:      crypto.SHA256,
+	}, nil
+}
diff --git a/vendor/golang.org/x/oauth2/internal/doc.go b/vendor/golang.org/x/oauth2/internal/doc.go
index 03265e888..8c7c475f2 100644
--- a/vendor/golang.org/x/oauth2/internal/doc.go
+++ b/vendor/golang.org/x/oauth2/internal/doc.go
@@ -2,5 +2,5 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package internal contains support packages for oauth2 package.
+// Package internal contains support packages for [golang.org/x/oauth2].
 package internal
diff --git a/vendor/golang.org/x/oauth2/internal/oauth2.go b/vendor/golang.org/x/oauth2/internal/oauth2.go
index 14989beaf..71ea6ad1f 100644
--- a/vendor/golang.org/x/oauth2/internal/oauth2.go
+++ b/vendor/golang.org/x/oauth2/internal/oauth2.go
@@ -13,7 +13,7 @@ import (
 )
 
 // ParseKey converts the binary contents of a private key file
-// to an *rsa.PrivateKey. It detects whether the private key is in a
+// to an [*rsa.PrivateKey]. It detects whether the private key is in a
 // PEM container or not. If so, it extracts the private key
 // from PEM container before conversion. It only supports PEM
 // containers with no passphrase.
diff --git a/vendor/golang.org/x/oauth2/internal/token.go b/vendor/golang.org/x/oauth2/internal/token.go
index e83ddeef0..8389f2462 100644
--- a/vendor/golang.org/x/oauth2/internal/token.go
+++ b/vendor/golang.org/x/oauth2/internal/token.go
@@ -10,7 +10,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"math"
 	"mime"
 	"net/http"
@@ -26,9 +25,9 @@ import (
 // the requests to access protected resources on the OAuth 2.0
 // provider's backend.
 //
-// This type is a mirror of oauth2.Token and exists to break
+// This type is a mirror of [golang.org/x/oauth2.Token] and exists to break
 // an otherwise-circular dependency. Other internal packages
-// should convert this Token into an oauth2.Token before use.
+// should convert this Token into an [golang.org/x/oauth2.Token] before use.
 type Token struct {
 	// AccessToken is the token that authorizes and authenticates
 	// the requests.
@@ -50,9 +49,16 @@ type Token struct {
 	// mechanisms for that TokenSource will not be used.
 	Expiry time.Time
 
+	// ExpiresIn is the OAuth2 wire format "expires_in" field,
+	// which specifies how many seconds later the token expires,
+	// relative to an unknown time base approximately around "now".
+	// It is the application's responsibility to populate
+	// `Expiry` from `ExpiresIn` when required.
+	ExpiresIn int64 `json:"expires_in,omitempty"`
+
 	// Raw optionally contains extra metadata from the server
 	// when updating a token.
-	Raw interface{}
+	Raw any
 }
 
 // tokenJSON is the struct representing the HTTP response from OAuth2
@@ -99,14 +105,6 @@ func (e *expirationTime) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// RegisterBrokenAuthHeaderProvider previously did something. It is now a no-op.
-//
-// Deprecated: this function no longer does anything. Caller code that
-// wants to avoid potential extra HTTP requests made during
-// auto-probing of the provider's auth style should set
-// Endpoint.AuthStyle.
-func RegisterBrokenAuthHeaderProvider(tokenURL string) {}
-
 // AuthStyle is a copy of the golang.org/x/oauth2 package's AuthStyle type.
 type AuthStyle int
 
@@ -143,6 +141,11 @@ func (lc *LazyAuthStyleCache) Get() *AuthStyleCache {
 	return c
 }
 
+type authStyleCacheKey struct {
+	url      string
+	clientID string
+}
+
 // AuthStyleCache is the set of tokenURLs we've successfully used via
 // RetrieveToken and which style auth we ended up using.
 // It's called a cache, but it doesn't (yet?) shrink. It's expected that
@@ -150,26 +153,26 @@ func (lc *LazyAuthStyleCache) Get() *AuthStyleCache {
 // small.
 type AuthStyleCache struct {
 	mu sync.Mutex
-	m  map[string]AuthStyle // keyed by tokenURL
+	m  map[authStyleCacheKey]AuthStyle
 }
 
 // lookupAuthStyle reports which auth style we last used with tokenURL
 // when calling RetrieveToken and whether we have ever done so.
-func (c *AuthStyleCache) lookupAuthStyle(tokenURL string) (style AuthStyle, ok bool) {
+func (c *AuthStyleCache) lookupAuthStyle(tokenURL, clientID string) (style AuthStyle, ok bool) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
-	style, ok = c.m[tokenURL]
+	style, ok = c.m[authStyleCacheKey{tokenURL, clientID}]
 	return
 }
 
 // setAuthStyle adds an entry to authStyleCache, documented above.
-func (c *AuthStyleCache) setAuthStyle(tokenURL string, v AuthStyle) {
+func (c *AuthStyleCache) setAuthStyle(tokenURL, clientID string, v AuthStyle) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	if c.m == nil {
-		c.m = make(map[string]AuthStyle)
+		c.m = make(map[authStyleCacheKey]AuthStyle)
 	}
-	c.m[tokenURL] = v
+	c.m[authStyleCacheKey{tokenURL, clientID}] = v
 }
 
 // newTokenRequest returns a new *http.Request to retrieve a new token
@@ -210,9 +213,9 @@ func cloneURLValues(v url.Values) url.Values {
 }
 
 func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values, authStyle AuthStyle, styleCache *AuthStyleCache) (*Token, error) {
-	needsAuthStyleProbe := authStyle == 0
+	needsAuthStyleProbe := authStyle == AuthStyleUnknown
 	if needsAuthStyleProbe {
-		if style, ok := styleCache.lookupAuthStyle(tokenURL); ok {
+		if style, ok := styleCache.lookupAuthStyle(tokenURL, clientID); ok {
 			authStyle = style
 			needsAuthStyleProbe = false
 		} else {
@@ -242,7 +245,7 @@ func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string,
 		token, err = doTokenRoundTrip(ctx, req)
 	}
 	if needsAuthStyleProbe && err == nil {
-		styleCache.setAuthStyle(tokenURL, authStyle)
+		styleCache.setAuthStyle(tokenURL, clientID, authStyle)
 	}
 	// Don't overwrite `RefreshToken` with an empty value
 	// if this was a token refreshing request.
@@ -257,7 +260,7 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 	if err != nil {
 		return nil, err
 	}
-	body, err := ioutil.ReadAll(io.LimitReader(r.Body, 1<<20))
+	body, err := io.ReadAll(io.LimitReader(r.Body, 1<<20))
 	r.Body.Close()
 	if err != nil {
 		return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
@@ -312,7 +315,8 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 			TokenType:    tj.TokenType,
 			RefreshToken: tj.RefreshToken,
 			Expiry:       tj.expiry(),
-			Raw:          make(map[string]interface{}),
+			ExpiresIn:    int64(tj.ExpiresIn),
+			Raw:          make(map[string]any),
 		}
 		json.Unmarshal(body, &token.Raw) // no error checks for optional fields
 	}
diff --git a/vendor/golang.org/x/oauth2/internal/transport.go b/vendor/golang.org/x/oauth2/internal/transport.go
index b9db01ddf..afc0aeb27 100644
--- a/vendor/golang.org/x/oauth2/internal/transport.go
+++ b/vendor/golang.org/x/oauth2/internal/transport.go
@@ -9,8 +9,8 @@ import (
 	"net/http"
 )
 
-// HTTPClient is the context key to use with golang.org/x/net/context's
-// WithValue function to associate an *http.Client value with a context.
+// HTTPClient is the context key to use with [context.WithValue]
+// to associate an [*http.Client] value with a context.
 var HTTPClient ContextKey
 
 // ContextKey is just an empty struct. It exists so HTTPClient can be
diff --git a/vendor/golang.org/x/oauth2/oauth2.go b/vendor/golang.org/x/oauth2/oauth2.go
index eacdd7fd9..de34feb84 100644
--- a/vendor/golang.org/x/oauth2/oauth2.go
+++ b/vendor/golang.org/x/oauth2/oauth2.go
@@ -22,9 +22,9 @@ import (
 )
 
 // NoContext is the default context you should supply if not using
-// your own context.Context (see https://golang.org/x/net/context).
+// your own [context.Context].
 //
-// Deprecated: Use context.Background() or context.TODO() instead.
+// Deprecated: Use [context.Background] or [context.TODO] instead.
 var NoContext = context.TODO()
 
 // RegisterBrokenAuthHeaderProvider previously did something. It is now a no-op.
@@ -37,8 +37,8 @@ func RegisterBrokenAuthHeaderProvider(tokenURL string) {}
 
 // Config describes a typical 3-legged OAuth2 flow, with both the
 // client application information and the server's endpoint URLs.
-// For the client credentials 2-legged OAuth2 flow, see the clientcredentials
-// package (https://golang.org/x/oauth2/clientcredentials).
+// For the client credentials 2-legged OAuth2 flow, see the
+// [golang.org/x/oauth2/clientcredentials] package.
 type Config struct {
 	// ClientID is the application's ID.
 	ClientID string
@@ -46,7 +46,7 @@ type Config struct {
 	// ClientSecret is the application's secret.
 	ClientSecret string
 
-	// Endpoint contains the resource server's token endpoint
+	// Endpoint contains the authorization server's token endpoint
 	// URLs. These are constants specific to each server and are
 	// often available via site-specific packages, such as
 	// google.Endpoint or github.Endpoint.
@@ -135,7 +135,7 @@ type setParam struct{ k, v string }
 
 func (p setParam) setValue(m url.Values) { m.Set(p.k, p.v) }
 
-// SetAuthURLParam builds an AuthCodeOption which passes key/value parameters
+// SetAuthURLParam builds an [AuthCodeOption] which passes key/value parameters
 // to a provider's authorization endpoint.
 func SetAuthURLParam(key, value string) AuthCodeOption {
 	return setParam{key, value}
@@ -148,8 +148,8 @@ func SetAuthURLParam(key, value string) AuthCodeOption {
 // request and callback. The authorization server includes this value when
 // redirecting the user agent back to the client.
 //
-// Opts may include AccessTypeOnline or AccessTypeOffline, as well
-// as ApprovalForce.
+// Opts may include [AccessTypeOnline] or [AccessTypeOffline], as well
+// as [ApprovalForce].
 //
 // To protect against CSRF attacks, opts should include a PKCE challenge
 // (S256ChallengeOption). Not all servers support PKCE. An alternative is to
@@ -194,7 +194,7 @@ func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string {
 // and when other authorization grant types are not available."
 // See https://tools.ietf.org/html/rfc6749#section-4.3 for more info.
 //
-// The provided context optionally controls which HTTP client is used. See the HTTPClient variable.
+// The provided context optionally controls which HTTP client is used. See the [HTTPClient] variable.
 func (c *Config) PasswordCredentialsToken(ctx context.Context, username, password string) (*Token, error) {
 	v := url.Values{
 		"grant_type": {"password"},
@@ -212,10 +212,10 @@ func (c *Config) PasswordCredentialsToken(ctx context.Context, username, passwor
 // It is used after a resource provider redirects the user back
 // to the Redirect URI (the URL obtained from AuthCodeURL).
 //
-// The provided context optionally controls which HTTP client is used. See the HTTPClient variable.
+// The provided context optionally controls which HTTP client is used. See the [HTTPClient] variable.
 //
-// The code will be in the *http.Request.FormValue("code"). Before
-// calling Exchange, be sure to validate FormValue("state") if you are
+// The code will be in the [http.Request.FormValue]("code"). Before
+// calling Exchange, be sure to validate [http.Request.FormValue]("state") if you are
 // using it to protect against CSRF attacks.
 //
 // If using PKCE to protect against CSRF attacks, opts should include a
@@ -242,10 +242,10 @@ func (c *Config) Client(ctx context.Context, t *Token) *http.Client {
 	return NewClient(ctx, c.TokenSource(ctx, t))
 }
 
-// TokenSource returns a TokenSource that returns t until t expires,
+// TokenSource returns a [TokenSource] that returns t until t expires,
 // automatically refreshing it as necessary using the provided context.
 //
-// Most users will use Config.Client instead.
+// Most users will use [Config.Client] instead.
 func (c *Config) TokenSource(ctx context.Context, t *Token) TokenSource {
 	tkr := &tokenRefresher{
 		ctx:  ctx,
@@ -260,7 +260,7 @@ func (c *Config) TokenSource(ctx context.Context, t *Token) TokenSource {
 	}
 }
 
-// tokenRefresher is a TokenSource that makes "grant_type"=="refresh_token"
+// tokenRefresher is a TokenSource that makes "grant_type=refresh_token"
 // HTTP requests to renew a token using a RefreshToken.
 type tokenRefresher struct {
 	ctx          context.Context // used to get HTTP requests
@@ -305,8 +305,7 @@ type reuseTokenSource struct {
 }
 
 // Token returns the current token if it's still valid, else will
-// refresh the current token (using r.Context for HTTP client
-// information) and return the new one.
+// refresh the current token and return the new one.
 func (s *reuseTokenSource) Token() (*Token, error) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
@@ -322,7 +321,7 @@ func (s *reuseTokenSource) Token() (*Token, error) {
 	return t, nil
 }
 
-// StaticTokenSource returns a TokenSource that always returns the same token.
+// StaticTokenSource returns a [TokenSource] that always returns the same token.
 // Because the provided token t is never refreshed, StaticTokenSource is only
 // useful for tokens that never expire.
 func StaticTokenSource(t *Token) TokenSource {
@@ -338,16 +337,16 @@ func (s staticTokenSource) Token() (*Token, error) {
 	return s.t, nil
 }
 
-// HTTPClient is the context key to use with golang.org/x/net/context's
-// WithValue function to associate an *http.Client value with a context.
+// HTTPClient is the context key to use with [context.WithValue]
+// to associate a [*http.Client] value with a context.
 var HTTPClient internal.ContextKey
 
-// NewClient creates an *http.Client from a Context and TokenSource.
+// NewClient creates an [*http.Client] from a [context.Context] and [TokenSource].
 // The returned client is not valid beyond the lifetime of the context.
 //
-// Note that if a custom *http.Client is provided via the Context it
+// Note that if a custom [*http.Client] is provided via the [context.Context] it
 // is used only for token acquisition and is not used to configure the
-// *http.Client returned from NewClient.
+// [*http.Client] returned from NewClient.
 //
 // As a special case, if src is nil, a non-OAuth2 client is returned
 // using the provided context. This exists to support related OAuth2
@@ -368,7 +367,7 @@ func NewClient(ctx context.Context, src TokenSource) *http.Client {
 	}
 }
 
-// ReuseTokenSource returns a TokenSource which repeatedly returns the
+// ReuseTokenSource returns a [TokenSource] which repeatedly returns the
 // same token as long as it's valid, starting with t.
 // When its cached token is invalid, a new token is obtained from src.
 //
@@ -376,10 +375,10 @@ func NewClient(ctx context.Context, src TokenSource) *http.Client {
 // (such as a file on disk) between runs of a program, rather than
 // obtaining new tokens unnecessarily.
 //
-// The initial token t may be nil, in which case the TokenSource is
+// The initial token t may be nil, in which case the [TokenSource] is
 // wrapped in a caching version if it isn't one already. This also
 // means it's always safe to wrap ReuseTokenSource around any other
-// TokenSource without adverse effects.
+// [TokenSource] without adverse effects.
 func ReuseTokenSource(t *Token, src TokenSource) TokenSource {
 	// Don't wrap a reuseTokenSource in itself. That would work,
 	// but cause an unnecessary number of mutex operations.
@@ -397,8 +396,8 @@ func ReuseTokenSource(t *Token, src TokenSource) TokenSource {
 	}
 }
 
-// ReuseTokenSourceWithExpiry returns a TokenSource that acts in the same manner as the
-// TokenSource returned by ReuseTokenSource, except the expiry buffer is
+// ReuseTokenSourceWithExpiry returns a [TokenSource] that acts in the same manner as the
+// [TokenSource] returned by [ReuseTokenSource], except the expiry buffer is
 // configurable. The expiration time of a token is calculated as
 // t.Expiry.Add(-earlyExpiry).
 func ReuseTokenSourceWithExpiry(t *Token, src TokenSource, earlyExpiry time.Duration) TokenSource {
diff --git a/vendor/golang.org/x/oauth2/pkce.go b/vendor/golang.org/x/oauth2/pkce.go
index 6a95da975..cea8374d5 100644
--- a/vendor/golang.org/x/oauth2/pkce.go
+++ b/vendor/golang.org/x/oauth2/pkce.go
@@ -1,6 +1,7 @@
 // Copyright 2023 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
+
 package oauth2
 
 import (
@@ -20,9 +21,9 @@ const (
 // This follows recommendations in RFC 7636.
 //
 // A fresh verifier should be generated for each authorization.
-// S256ChallengeOption(verifier) should then be passed to Config.AuthCodeURL
-// (or Config.DeviceAuth) and VerifierOption(verifier) to Config.Exchange
-// (or Config.DeviceAccessToken).
+// The resulting verifier should be passed to [Config.AuthCodeURL] or [Config.DeviceAuth]
+// with [S256ChallengeOption], and to [Config.Exchange] or [Config.DeviceAccessToken]
+// with [VerifierOption].
 func GenerateVerifier() string {
 	// "RECOMMENDED that the output of a suitable random number generator be
 	// used to create a 32-octet sequence.  The octet sequence is then
@@ -36,22 +37,22 @@ func GenerateVerifier() string {
 	return base64.RawURLEncoding.EncodeToString(data)
 }
 
-// VerifierOption returns a PKCE code verifier AuthCodeOption. It should be
-// passed to Config.Exchange or Config.DeviceAccessToken only.
+// VerifierOption returns a PKCE code verifier [AuthCodeOption]. It should only be
+// passed to [Config.Exchange] or [Config.DeviceAccessToken].
 func VerifierOption(verifier string) AuthCodeOption {
 	return setParam{k: codeVerifierKey, v: verifier}
 }
 
 // S256ChallengeFromVerifier returns a PKCE code challenge derived from verifier with method S256.
 //
-// Prefer to use S256ChallengeOption where possible.
+// Prefer to use [S256ChallengeOption] where possible.
 func S256ChallengeFromVerifier(verifier string) string {
 	sha := sha256.Sum256([]byte(verifier))
 	return base64.RawURLEncoding.EncodeToString(sha[:])
 }
 
 // S256ChallengeOption derives a PKCE code challenge derived from verifier with
-// method S256. It should be passed to Config.AuthCodeURL or Config.DeviceAuth
+// method S256. It should be passed to [Config.AuthCodeURL] or [Config.DeviceAuth]
 // only.
 func S256ChallengeOption(verifier string) AuthCodeOption {
 	return challengeOption{
diff --git a/vendor/golang.org/x/oauth2/token.go b/vendor/golang.org/x/oauth2/token.go
index 8c31136c4..239ec3296 100644
--- a/vendor/golang.org/x/oauth2/token.go
+++ b/vendor/golang.org/x/oauth2/token.go
@@ -44,7 +44,7 @@ type Token struct {
 
 	// Expiry is the optional expiration time of the access token.
 	//
-	// If zero, TokenSource implementations will reuse the same
+	// If zero, [TokenSource] implementations will reuse the same
 	// token forever and RefreshToken or equivalent
 	// mechanisms for that TokenSource will not be used.
 	Expiry time.Time `json:"expiry,omitempty"`
@@ -58,7 +58,7 @@ type Token struct {
 
 	// raw optionally contains extra metadata from the server
 	// when updating a token.
-	raw interface{}
+	raw any
 
 	// expiryDelta is used to calculate when a token is considered
 	// expired, by subtracting from Expiry. If zero, defaultExpiryDelta
@@ -86,16 +86,16 @@ func (t *Token) Type() string {
 // SetAuthHeader sets the Authorization header to r using the access
 // token in t.
 //
-// This method is unnecessary when using Transport or an HTTP Client
+// This method is unnecessary when using [Transport] or an HTTP Client
 // returned by this package.
 func (t *Token) SetAuthHeader(r *http.Request) {
 	r.Header.Set("Authorization", t.Type()+" "+t.AccessToken)
 }
 
-// WithExtra returns a new Token that's a clone of t, but using the
+// WithExtra returns a new [Token] that's a clone of t, but using the
 // provided raw extra map. This is only intended for use by packages
 // implementing derivative OAuth2 flows.
-func (t *Token) WithExtra(extra interface{}) *Token {
+func (t *Token) WithExtra(extra any) *Token {
 	t2 := new(Token)
 	*t2 = *t
 	t2.raw = extra
@@ -105,8 +105,8 @@ func (t *Token) WithExtra(extra interface{}) *Token {
 // Extra returns an extra field.
 // Extra fields are key-value pairs returned by the server as a
 // part of the token retrieval response.
-func (t *Token) Extra(key string) interface{} {
-	if raw, ok := t.raw.(map[string]interface{}); ok {
+func (t *Token) Extra(key string) any {
+	if raw, ok := t.raw.(map[string]any); ok {
 		return raw[key]
 	}
 
@@ -163,6 +163,7 @@ func tokenFromInternal(t *internal.Token) *Token {
 		TokenType:    t.TokenType,
 		RefreshToken: t.RefreshToken,
 		Expiry:       t.Expiry,
+		ExpiresIn:    t.ExpiresIn,
 		raw:          t.Raw,
 	}
 }
diff --git a/vendor/golang.org/x/oauth2/transport.go b/vendor/golang.org/x/oauth2/transport.go
index 90657915f..8bbebbac9 100644
--- a/vendor/golang.org/x/oauth2/transport.go
+++ b/vendor/golang.org/x/oauth2/transport.go
@@ -11,12 +11,12 @@ import (
 	"sync"
 )
 
-// Transport is an http.RoundTripper that makes OAuth 2.0 HTTP requests,
-// wrapping a base RoundTripper and adding an Authorization header
-// with a token from the supplied Sources.
+// Transport is an [http.RoundTripper] that makes OAuth 2.0 HTTP requests,
+// wrapping a base [http.RoundTripper] and adding an Authorization header
+// with a token from the supplied [TokenSource].
 //
 // Transport is a low-level mechanism. Most code will use the
-// higher-level Config.Client method instead.
+// higher-level [Config.Client] method instead.
 type Transport struct {
 	// Source supplies the token to add to outgoing requests'
 	// Authorization headers.
@@ -47,7 +47,7 @@ func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) {
 		return nil, err
 	}
 
-	req2 := cloneRequest(req) // per RoundTripper contract
+	req2 := req.Clone(req.Context())
 	token.SetAuthHeader(req2)
 
 	// req.Body is assumed to be closed by the base RoundTripper.
@@ -73,17 +73,3 @@ func (t *Transport) base() http.RoundTripper {
 	}
 	return http.DefaultTransport
 }
-
-// cloneRequest returns a clone of the provided *http.Request.
-// The clone is a shallow copy of the struct and its Header map.
-func cloneRequest(r *http.Request) *http.Request {
-	// shallow copy of the struct
-	r2 := new(http.Request)
-	*r2 = *r
-	// deep copy of the Header
-	r2.Header = make(http.Header, len(r.Header))
-	for k, s := range r.Header {
-		r2.Header[k] = append([]string(nil), s...)
-	}
-	return r2
-}
diff --git a/vendor/golang.org/x/sync/errgroup/errgroup.go b/vendor/golang.org/x/sync/errgroup/errgroup.go
index f8c3c0926..cfafed5b5 100644
--- a/vendor/golang.org/x/sync/errgroup/errgroup.go
+++ b/vendor/golang.org/x/sync/errgroup/errgroup.go
@@ -12,6 +12,8 @@ package errgroup
 import (
 	"context"
 	"fmt"
+	"runtime"
+	"runtime/debug"
 	"sync"
 )
 
@@ -31,6 +33,10 @@ type Group struct {
 
 	errOnce sync.Once
 	err     error
+
+	mu         sync.Mutex
+	panicValue any  // = PanicError | PanicValue; non-nil if some Group.Go goroutine panicked.
+	abnormal   bool // some Group.Go goroutine terminated abnormally (panic or goexit).
 }
 
 func (g *Group) done() {
@@ -50,13 +56,22 @@ func WithContext(ctx context.Context) (*Group, context.Context) {
 	return &Group{cancel: cancel}, ctx
 }
 
-// Wait blocks until all function calls from the Go method have returned, then
-// returns the first non-nil error (if any) from them.
+// Wait blocks until all function calls from the Go method have returned
+// normally, then returns the first non-nil error (if any) from them.
+//
+// If any of the calls panics, Wait panics with a [PanicValue];
+// and if any of them calls [runtime.Goexit], Wait calls runtime.Goexit.
 func (g *Group) Wait() error {
 	g.wg.Wait()
 	if g.cancel != nil {
 		g.cancel(g.err)
 	}
+	if g.panicValue != nil {
+		panic(g.panicValue)
+	}
+	if g.abnormal {
+		runtime.Goexit()
+	}
 	return g.err
 }
 
@@ -65,18 +80,56 @@ func (g *Group) Wait() error {
 // It blocks until the new goroutine can be added without the number of
 // active goroutines in the group exceeding the configured limit.
 //
-// The first call to return a non-nil error cancels the group's context, if the
-// group was created by calling WithContext. The error will be returned by Wait.
+// It blocks until the new goroutine can be added without the number of
+// goroutines in the group exceeding the configured limit.
+//
+// The first goroutine in the group that returns a non-nil error, panics, or
+// invokes [runtime.Goexit] will cancel the associated Context, if any.
 func (g *Group) Go(f func() error) {
 	if g.sem != nil {
 		g.sem <- token{}
 	}
 
+	g.add(f)
+}
+
+func (g *Group) add(f func() error) {
 	g.wg.Add(1)
 	go func() {
 		defer g.done()
+		normalReturn := false
+		defer func() {
+			if normalReturn {
+				return
+			}
+			v := recover()
+			g.mu.Lock()
+			defer g.mu.Unlock()
+			if !g.abnormal {
+				if g.cancel != nil {
+					g.cancel(g.err)
+				}
+				g.abnormal = true
+			}
+			if v != nil && g.panicValue == nil {
+				switch v := v.(type) {
+				case error:
+					g.panicValue = PanicError{
+						Recovered: v,
+						Stack:     debug.Stack(),
+					}
+				default:
+					g.panicValue = PanicValue{
+						Recovered: v,
+						Stack:     debug.Stack(),
+					}
+				}
+			}
+		}()
 
-		if err := f(); err != nil {
+		err := f()
+		normalReturn = true
+		if err != nil {
 			g.errOnce.Do(func() {
 				g.err = err
 				if g.cancel != nil {
@@ -101,19 +154,7 @@ func (g *Group) TryGo(f func() error) bool {
 		}
 	}
 
-	g.wg.Add(1)
-	go func() {
-		defer g.done()
-
-		if err := f(); err != nil {
-			g.errOnce.Do(func() {
-				g.err = err
-				if g.cancel != nil {
-					g.cancel(g.err)
-				}
-			})
-		}
-	}()
+	g.add(f)
 	return true
 }
 
@@ -135,3 +176,33 @@ func (g *Group) SetLimit(n int) {
 	}
 	g.sem = make(chan token, n)
 }
+
+// PanicError wraps an error recovered from an unhandled panic
+// when calling a function passed to Go or TryGo.
+type PanicError struct {
+	Recovered error
+	Stack     []byte // result of call to [debug.Stack]
+}
+
+func (p PanicError) Error() string {
+	// A Go Error method conventionally does not include a stack dump, so omit it
+	// here. (Callers who care can extract it from the Stack field.)
+	return fmt.Sprintf("recovered from errgroup.Group: %v", p.Recovered)
+}
+
+func (p PanicError) Unwrap() error { return p.Recovered }
+
+// PanicValue wraps a value that does not implement the error interface,
+// recovered from an unhandled panic when calling a function passed to Go or
+// TryGo.
+type PanicValue struct {
+	Recovered any
+	Stack     []byte // result of call to [debug.Stack]
+}
+
+func (p PanicValue) String() string {
+	if len(p.Stack) > 0 {
+		return fmt.Sprintf("recovered from errgroup.Group: %v\n%s", p.Recovered, p.Stack)
+	}
+	return fmt.Sprintf("recovered from errgroup.Group: %v", p.Recovered)
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go
index 2e73ee197..63541994e 100644
--- a/vendor/golang.org/x/sys/cpu/cpu.go
+++ b/vendor/golang.org/x/sys/cpu/cpu.go
@@ -232,6 +232,17 @@ var RISCV64 struct {
 	HasZba            bool // Address generation instructions extension
 	HasZbb            bool // Basic bit-manipulation extension
 	HasZbs            bool // Single-bit instructions extension
+	HasZvbb           bool // Vector Basic Bit-manipulation
+	HasZvbc           bool // Vector Carryless Multiplication
+	HasZvkb           bool // Vector Cryptography Bit-manipulation
+	HasZvkt           bool // Vector Data-Independent Execution Latency
+	HasZvkg           bool // Vector GCM/GMAC
+	HasZvkn           bool // NIST Algorithm Suite (AES/SHA256/SHA512)
+	HasZvknc          bool // NIST Algorithm Suite with carryless multiply
+	HasZvkng          bool // NIST Algorithm Suite with GCM
+	HasZvks           bool // ShangMi Algorithm Suite
+	HasZvksc          bool // ShangMi Algorithm Suite with carryless multiplication
+	HasZvksg          bool // ShangMi Algorithm Suite with GCM
 	_                 CacheLinePad
 }
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_linux_riscv64.go
index cb4a0c572..ad741536f 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_riscv64.go
@@ -58,6 +58,15 @@ const (
 	riscv_HWPROBE_EXT_ZBA         = 0x8
 	riscv_HWPROBE_EXT_ZBB         = 0x10
 	riscv_HWPROBE_EXT_ZBS         = 0x20
+	riscv_HWPROBE_EXT_ZVBB        = 0x20000
+	riscv_HWPROBE_EXT_ZVBC        = 0x40000
+	riscv_HWPROBE_EXT_ZVKB        = 0x80000
+	riscv_HWPROBE_EXT_ZVKG        = 0x100000
+	riscv_HWPROBE_EXT_ZVKNED      = 0x200000
+	riscv_HWPROBE_EXT_ZVKNHB      = 0x800000
+	riscv_HWPROBE_EXT_ZVKSED      = 0x1000000
+	riscv_HWPROBE_EXT_ZVKSH       = 0x2000000
+	riscv_HWPROBE_EXT_ZVKT        = 0x4000000
 	riscv_HWPROBE_KEY_CPUPERF_0   = 0x5
 	riscv_HWPROBE_MISALIGNED_FAST = 0x3
 	riscv_HWPROBE_MISALIGNED_MASK = 0x7
@@ -99,6 +108,20 @@ func doinit() {
 			RISCV64.HasZba = isSet(v, riscv_HWPROBE_EXT_ZBA)
 			RISCV64.HasZbb = isSet(v, riscv_HWPROBE_EXT_ZBB)
 			RISCV64.HasZbs = isSet(v, riscv_HWPROBE_EXT_ZBS)
+			RISCV64.HasZvbb = isSet(v, riscv_HWPROBE_EXT_ZVBB)
+			RISCV64.HasZvbc = isSet(v, riscv_HWPROBE_EXT_ZVBC)
+			RISCV64.HasZvkb = isSet(v, riscv_HWPROBE_EXT_ZVKB)
+			RISCV64.HasZvkg = isSet(v, riscv_HWPROBE_EXT_ZVKG)
+			RISCV64.HasZvkt = isSet(v, riscv_HWPROBE_EXT_ZVKT)
+			// Cryptography shorthand extensions
+			RISCV64.HasZvkn = isSet(v, riscv_HWPROBE_EXT_ZVKNED) &&
+				isSet(v, riscv_HWPROBE_EXT_ZVKNHB) && RISCV64.HasZvkb && RISCV64.HasZvkt
+			RISCV64.HasZvknc = RISCV64.HasZvkn && RISCV64.HasZvbc
+			RISCV64.HasZvkng = RISCV64.HasZvkn && RISCV64.HasZvkg
+			RISCV64.HasZvks = isSet(v, riscv_HWPROBE_EXT_ZVKSED) &&
+				isSet(v, riscv_HWPROBE_EXT_ZVKSH) && RISCV64.HasZvkb && RISCV64.HasZvkt
+			RISCV64.HasZvksc = RISCV64.HasZvks && RISCV64.HasZvbc
+			RISCV64.HasZvksg = RISCV64.HasZvks && RISCV64.HasZvkg
 		}
 		if pairs[1].key != -1 {
 			v := pairs[1].value & riscv_HWPROBE_MISALIGNED_MASK
diff --git a/vendor/golang.org/x/sys/cpu/cpu_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
index aca3199c9..0f617aef5 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
@@ -16,5 +16,17 @@ func initOptions() {
 		{Name: "zba", Feature: &RISCV64.HasZba},
 		{Name: "zbb", Feature: &RISCV64.HasZbb},
 		{Name: "zbs", Feature: &RISCV64.HasZbs},
+		// RISC-V Cryptography Extensions
+		{Name: "zvbb", Feature: &RISCV64.HasZvbb},
+		{Name: "zvbc", Feature: &RISCV64.HasZvbc},
+		{Name: "zvkb", Feature: &RISCV64.HasZvkb},
+		{Name: "zvkg", Feature: &RISCV64.HasZvkg},
+		{Name: "zvkt", Feature: &RISCV64.HasZvkt},
+		{Name: "zvkn", Feature: &RISCV64.HasZvkn},
+		{Name: "zvknc", Feature: &RISCV64.HasZvknc},
+		{Name: "zvkng", Feature: &RISCV64.HasZvkng},
+		{Name: "zvks", Feature: &RISCV64.HasZvks},
+		{Name: "zvksc", Feature: &RISCV64.HasZvksc},
+		{Name: "zvksg", Feature: &RISCV64.HasZvksg},
 	}
 }
diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go
index b6e1ab76f..a8b0364c7 100644
--- a/vendor/golang.org/x/sys/windows/security_windows.go
+++ b/vendor/golang.org/x/sys/windows/security_windows.go
@@ -1303,7 +1303,10 @@ func (selfRelativeSD *SECURITY_DESCRIPTOR) ToAbsolute() (absoluteSD *SECURITY_DE
 		return nil, err
 	}
 	if absoluteSDSize > 0 {
-		absoluteSD = (*SECURITY_DESCRIPTOR)(unsafe.Pointer(&make([]byte, absoluteSDSize)[0]))
+		absoluteSD = new(SECURITY_DESCRIPTOR)
+		if unsafe.Sizeof(*absoluteSD) < uintptr(absoluteSDSize) {
+			panic("sizeof(SECURITY_DESCRIPTOR) too small")
+		}
 	}
 	var (
 		dacl  *ACL
@@ -1312,19 +1315,55 @@ func (selfRelativeSD *SECURITY_DESCRIPTOR) ToAbsolute() (absoluteSD *SECURITY_DE
 		group *SID
 	)
 	if daclSize > 0 {
-		dacl = (*ACL)(unsafe.Pointer(&make([]byte, daclSize)[0]))
+		dacl = (*ACL)(unsafe.Pointer(unsafe.SliceData(make([]byte, daclSize))))
 	}
 	if saclSize > 0 {
-		sacl = (*ACL)(unsafe.Pointer(&make([]byte, saclSize)[0]))
+		sacl = (*ACL)(unsafe.Pointer(unsafe.SliceData(make([]byte, saclSize))))
 	}
 	if ownerSize > 0 {
-		owner = (*SID)(unsafe.Pointer(&make([]byte, ownerSize)[0]))
+		owner = (*SID)(unsafe.Pointer(unsafe.SliceData(make([]byte, ownerSize))))
 	}
 	if groupSize > 0 {
-		group = (*SID)(unsafe.Pointer(&make([]byte, groupSize)[0]))
+		group = (*SID)(unsafe.Pointer(unsafe.SliceData(make([]byte, groupSize))))
 	}
+	// We call into Windows via makeAbsoluteSD, which sets up
+	// pointers within absoluteSD that point to other chunks of memory
+	// we pass into makeAbsoluteSD, and that happens outside the view of the GC.
+	// We therefore take some care here to then verify the pointers are as we expect
+	// and set them explicitly in view of the GC. See https://go.dev/issue/73199.
+	// TODO: consider weak pointers once Go 1.24 is appropriate. See suggestion in https://go.dev/cl/663575.
 	err = makeAbsoluteSD(selfRelativeSD, absoluteSD, &absoluteSDSize,
 		dacl, &daclSize, sacl, &saclSize, owner, &ownerSize, group, &groupSize)
+	if err != nil {
+		// Don't return absoluteSD, which might be partially initialized.
+		return nil, err
+	}
+	// Before using any fields, verify absoluteSD is in the format we expect according to Windows.
+	// See https://learn.microsoft.com/en-us/windows/win32/secauthz/absolute-and-self-relative-security-descriptors
+	absControl, _, err := absoluteSD.Control()
+	if err != nil {
+		panic("absoluteSD: " + err.Error())
+	}
+	if absControl&SE_SELF_RELATIVE != 0 {
+		panic("absoluteSD not in absolute format")
+	}
+	if absoluteSD.dacl != dacl {
+		panic("dacl pointer mismatch")
+	}
+	if absoluteSD.sacl != sacl {
+		panic("sacl pointer mismatch")
+	}
+	if absoluteSD.owner != owner {
+		panic("owner pointer mismatch")
+	}
+	if absoluteSD.group != group {
+		panic("group pointer mismatch")
+	}
+	absoluteSD.dacl = dacl
+	absoluteSD.sacl = sacl
+	absoluteSD.owner = owner
+	absoluteSD.group = group
+
 	return
 }
 
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 4a3254386..640f6b153 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -870,6 +870,7 @@ const socket_error = uintptr(^uint32(0))
 //sys	WSARecvFrom(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32,  from *RawSockaddrAny, fromlen *int32, overlapped *Overlapped, croutine *byte) (err error) [failretval==socket_error] = ws2_32.WSARecvFrom
 //sys	WSASendTo(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, to *RawSockaddrAny, tolen int32,  overlapped *Overlapped, croutine *byte) (err error) [failretval==socket_error] = ws2_32.WSASendTo
 //sys	WSASocket(af int32, typ int32, protocol int32, protoInfo *WSAProtocolInfo, group uint32, flags uint32) (handle Handle, err error) [failretval==InvalidHandle] = ws2_32.WSASocketW
+//sys	WSADuplicateSocket(s Handle, processID uint32, info *WSAProtocolInfo) (err error) [failretval!=0] = ws2_32.WSADuplicateSocketW
 //sys	GetHostByName(name string) (h *Hostent, err error) [failretval==nil] = ws2_32.gethostbyname
 //sys	GetServByName(name string, proto string) (s *Servent, err error) [failretval==nil] = ws2_32.getservbyname
 //sys	Ntohs(netshort uint16) (u uint16) = ws2_32.ntohs
@@ -1698,8 +1699,9 @@ func NewNTUnicodeString(s string) (*NTUnicodeString, error) {
 
 // Slice returns a uint16 slice that aliases the data in the NTUnicodeString.
 func (s *NTUnicodeString) Slice() []uint16 {
-	slice := unsafe.Slice(s.Buffer, s.MaximumLength)
-	return slice[:s.Length]
+	// Note: this rounds the length down, if it happens
+	// to (incorrectly) be odd. Probably safer than rounding up.
+	return unsafe.Slice(s.Buffer, s.MaximumLength/2)[:s.Length/2]
 }
 
 func (s *NTUnicodeString) String() string {
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index ad67df2fd..958bcf47a 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -2700,6 +2700,8 @@ type CommTimeouts struct {
 
 // NTUnicodeString is a UTF-16 string for NT native APIs, corresponding to UNICODE_STRING.
 type NTUnicodeString struct {
+	// Note: Length and MaximumLength are in *bytes*, not uint16s.
+	// They should always be even.
 	Length        uint16
 	MaximumLength uint16
 	Buffer        *uint16
@@ -3628,3 +3630,213 @@ const (
 	KLF_NOTELLSHELL   = 0x00000080
 	KLF_SETFORPROCESS = 0x00000100
 )
+
+// Virtual Key codes
+// https://docs.microsoft.com/en-us/windows/win32/inputdev/virtual-key-codes
+const (
+	VK_LBUTTON             = 0x01
+	VK_RBUTTON             = 0x02
+	VK_CANCEL              = 0x03
+	VK_MBUTTON             = 0x04
+	VK_XBUTTON1            = 0x05
+	VK_XBUTTON2            = 0x06
+	VK_BACK                = 0x08
+	VK_TAB                 = 0x09
+	VK_CLEAR               = 0x0C
+	VK_RETURN              = 0x0D
+	VK_SHIFT               = 0x10
+	VK_CONTROL             = 0x11
+	VK_MENU                = 0x12
+	VK_PAUSE               = 0x13
+	VK_CAPITAL             = 0x14
+	VK_KANA                = 0x15
+	VK_HANGEUL             = 0x15
+	VK_HANGUL              = 0x15
+	VK_IME_ON              = 0x16
+	VK_JUNJA               = 0x17
+	VK_FINAL               = 0x18
+	VK_HANJA               = 0x19
+	VK_KANJI               = 0x19
+	VK_IME_OFF             = 0x1A
+	VK_ESCAPE              = 0x1B
+	VK_CONVERT             = 0x1C
+	VK_NONCONVERT          = 0x1D
+	VK_ACCEPT              = 0x1E
+	VK_MODECHANGE          = 0x1F
+	VK_SPACE               = 0x20
+	VK_PRIOR               = 0x21
+	VK_NEXT                = 0x22
+	VK_END                 = 0x23
+	VK_HOME                = 0x24
+	VK_LEFT                = 0x25
+	VK_UP                  = 0x26
+	VK_RIGHT               = 0x27
+	VK_DOWN                = 0x28
+	VK_SELECT              = 0x29
+	VK_PRINT               = 0x2A
+	VK_EXECUTE             = 0x2B
+	VK_SNAPSHOT            = 0x2C
+	VK_INSERT              = 0x2D
+	VK_DELETE              = 0x2E
+	VK_HELP                = 0x2F
+	VK_LWIN                = 0x5B
+	VK_RWIN                = 0x5C
+	VK_APPS                = 0x5D
+	VK_SLEEP               = 0x5F
+	VK_NUMPAD0             = 0x60
+	VK_NUMPAD1             = 0x61
+	VK_NUMPAD2             = 0x62
+	VK_NUMPAD3             = 0x63
+	VK_NUMPAD4             = 0x64
+	VK_NUMPAD5             = 0x65
+	VK_NUMPAD6             = 0x66
+	VK_NUMPAD7             = 0x67
+	VK_NUMPAD8             = 0x68
+	VK_NUMPAD9             = 0x69
+	VK_MULTIPLY            = 0x6A
+	VK_ADD                 = 0x6B
+	VK_SEPARATOR           = 0x6C
+	VK_SUBTRACT            = 0x6D
+	VK_DECIMAL             = 0x6E
+	VK_DIVIDE              = 0x6F
+	VK_F1                  = 0x70
+	VK_F2                  = 0x71
+	VK_F3                  = 0x72
+	VK_F4                  = 0x73
+	VK_F5                  = 0x74
+	VK_F6                  = 0x75
+	VK_F7                  = 0x76
+	VK_F8                  = 0x77
+	VK_F9                  = 0x78
+	VK_F10                 = 0x79
+	VK_F11                 = 0x7A
+	VK_F12                 = 0x7B
+	VK_F13                 = 0x7C
+	VK_F14                 = 0x7D
+	VK_F15                 = 0x7E
+	VK_F16                 = 0x7F
+	VK_F17                 = 0x80
+	VK_F18                 = 0x81
+	VK_F19                 = 0x82
+	VK_F20                 = 0x83
+	VK_F21                 = 0x84
+	VK_F22                 = 0x85
+	VK_F23                 = 0x86
+	VK_F24                 = 0x87
+	VK_NUMLOCK             = 0x90
+	VK_SCROLL              = 0x91
+	VK_OEM_NEC_EQUAL       = 0x92
+	VK_OEM_FJ_JISHO        = 0x92
+	VK_OEM_FJ_MASSHOU      = 0x93
+	VK_OEM_FJ_TOUROKU      = 0x94
+	VK_OEM_FJ_LOYA         = 0x95
+	VK_OEM_FJ_ROYA         = 0x96
+	VK_LSHIFT              = 0xA0
+	VK_RSHIFT              = 0xA1
+	VK_LCONTROL            = 0xA2
+	VK_RCONTROL            = 0xA3
+	VK_LMENU               = 0xA4
+	VK_RMENU               = 0xA5
+	VK_BROWSER_BACK        = 0xA6
+	VK_BROWSER_FORWARD     = 0xA7
+	VK_BROWSER_REFRESH     = 0xA8
+	VK_BROWSER_STOP        = 0xA9
+	VK_BROWSER_SEARCH      = 0xAA
+	VK_BROWSER_FAVORITES   = 0xAB
+	VK_BROWSER_HOME        = 0xAC
+	VK_VOLUME_MUTE         = 0xAD
+	VK_VOLUME_DOWN         = 0xAE
+	VK_VOLUME_UP           = 0xAF
+	VK_MEDIA_NEXT_TRACK    = 0xB0
+	VK_MEDIA_PREV_TRACK    = 0xB1
+	VK_MEDIA_STOP          = 0xB2
+	VK_MEDIA_PLAY_PAUSE    = 0xB3
+	VK_LAUNCH_MAIL         = 0xB4
+	VK_LAUNCH_MEDIA_SELECT = 0xB5
+	VK_LAUNCH_APP1         = 0xB6
+	VK_LAUNCH_APP2         = 0xB7
+	VK_OEM_1               = 0xBA
+	VK_OEM_PLUS            = 0xBB
+	VK_OEM_COMMA           = 0xBC
+	VK_OEM_MINUS           = 0xBD
+	VK_OEM_PERIOD          = 0xBE
+	VK_OEM_2               = 0xBF
+	VK_OEM_3               = 0xC0
+	VK_OEM_4               = 0xDB
+	VK_OEM_5               = 0xDC
+	VK_OEM_6               = 0xDD
+	VK_OEM_7               = 0xDE
+	VK_OEM_8               = 0xDF
+	VK_OEM_AX              = 0xE1
+	VK_OEM_102             = 0xE2
+	VK_ICO_HELP            = 0xE3
+	VK_ICO_00              = 0xE4
+	VK_PROCESSKEY          = 0xE5
+	VK_ICO_CLEAR           = 0xE6
+	VK_OEM_RESET           = 0xE9
+	VK_OEM_JUMP            = 0xEA
+	VK_OEM_PA1             = 0xEB
+	VK_OEM_PA2             = 0xEC
+	VK_OEM_PA3             = 0xED
+	VK_OEM_WSCTRL          = 0xEE
+	VK_OEM_CUSEL           = 0xEF
+	VK_OEM_ATTN            = 0xF0
+	VK_OEM_FINISH          = 0xF1
+	VK_OEM_COPY            = 0xF2
+	VK_OEM_AUTO            = 0xF3
+	VK_OEM_ENLW            = 0xF4
+	VK_OEM_BACKTAB         = 0xF5
+	VK_ATTN                = 0xF6
+	VK_CRSEL               = 0xF7
+	VK_EXSEL               = 0xF8
+	VK_EREOF               = 0xF9
+	VK_PLAY                = 0xFA
+	VK_ZOOM                = 0xFB
+	VK_NONAME              = 0xFC
+	VK_PA1                 = 0xFD
+	VK_OEM_CLEAR           = 0xFE
+)
+
+// Mouse button constants.
+// https://docs.microsoft.com/en-us/windows/console/mouse-event-record-str
+const (
+	FROM_LEFT_1ST_BUTTON_PRESSED = 0x0001
+	RIGHTMOST_BUTTON_PRESSED     = 0x0002
+	FROM_LEFT_2ND_BUTTON_PRESSED = 0x0004
+	FROM_LEFT_3RD_BUTTON_PRESSED = 0x0008
+	FROM_LEFT_4TH_BUTTON_PRESSED = 0x0010
+)
+
+// Control key state constaints.
+// https://docs.microsoft.com/en-us/windows/console/key-event-record-str
+// https://docs.microsoft.com/en-us/windows/console/mouse-event-record-str
+const (
+	CAPSLOCK_ON        = 0x0080
+	ENHANCED_KEY       = 0x0100
+	LEFT_ALT_PRESSED   = 0x0002
+	LEFT_CTRL_PRESSED  = 0x0008
+	NUMLOCK_ON         = 0x0020
+	RIGHT_ALT_PRESSED  = 0x0001
+	RIGHT_CTRL_PRESSED = 0x0004
+	SCROLLLOCK_ON      = 0x0040
+	SHIFT_PRESSED      = 0x0010
+)
+
+// Mouse event record event flags.
+// https://docs.microsoft.com/en-us/windows/console/mouse-event-record-str
+const (
+	MOUSE_MOVED    = 0x0001
+	DOUBLE_CLICK   = 0x0002
+	MOUSE_WHEELED  = 0x0004
+	MOUSE_HWHEELED = 0x0008
+)
+
+// Input Record Event Types
+// https://learn.microsoft.com/en-us/windows/console/input-record-str
+const (
+	FOCUS_EVENT              = 0x0010
+	KEY_EVENT                = 0x0001
+	MENU_EVENT               = 0x0008
+	MOUSE_EVENT              = 0x0002
+	WINDOW_BUFFER_SIZE_EVENT = 0x0004
+)
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index 01c0716c2..a58bc48b8 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -511,6 +511,7 @@ var (
 	procFreeAddrInfoW                                        = modws2_32.NewProc("FreeAddrInfoW")
 	procGetAddrInfoW                                         = modws2_32.NewProc("GetAddrInfoW")
 	procWSACleanup                                           = modws2_32.NewProc("WSACleanup")
+	procWSADuplicateSocketW                                  = modws2_32.NewProc("WSADuplicateSocketW")
 	procWSAEnumProtocolsW                                    = modws2_32.NewProc("WSAEnumProtocolsW")
 	procWSAGetOverlappedResult                               = modws2_32.NewProc("WSAGetOverlappedResult")
 	procWSAIoctl                                             = modws2_32.NewProc("WSAIoctl")
@@ -4391,6 +4392,14 @@ func WSACleanup() (err error) {
 	return
 }
 
+func WSADuplicateSocket(s Handle, processID uint32, info *WSAProtocolInfo) (err error) {
+	r1, _, e1 := syscall.Syscall(procWSADuplicateSocketW.Addr(), 3, uintptr(s), uintptr(processID), uintptr(unsafe.Pointer(info)))
+	if r1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func WSAEnumProtocols(protocols *int32, protocolBuffer *WSAProtocolInfo, bufferLength *uint32) (n int32, err error) {
 	r0, _, e1 := syscall.Syscall(procWSAEnumProtocolsW.Addr(), 3, uintptr(unsafe.Pointer(protocols)), uintptr(unsafe.Pointer(protocolBuffer)), uintptr(unsafe.Pointer(bufferLength)))
 	n = int32(r0)
diff --git a/vendor/golang.org/x/tools/go/ast/astutil/imports.go b/vendor/golang.org/x/tools/go/ast/astutil/imports.go
index a6b5ed0a8..5e5601aa4 100644
--- a/vendor/golang.org/x/tools/go/ast/astutil/imports.go
+++ b/vendor/golang.org/x/tools/go/ast/astutil/imports.go
@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"go/ast"
 	"go/token"
+	"slices"
 	"strconv"
 	"strings"
 )
@@ -186,7 +187,7 @@ func AddNamedImport(fset *token.FileSet, f *ast.File, name, path string) (added
 			spec.(*ast.ImportSpec).Path.ValuePos = first.Pos()
 			first.Specs = append(first.Specs, spec)
 		}
-		f.Decls = append(f.Decls[:i], f.Decls[i+1:]...)
+		f.Decls = slices.Delete(f.Decls, i, i+1)
 		i--
 	}
 
diff --git a/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go b/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go
index 65fe2628e..7b90bc923 100644
--- a/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go
+++ b/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go
@@ -193,10 +193,7 @@ func Read(in io.Reader, fset *token.FileSet, imports map[string]*types.Package,
 			return pkg, err
 
 		default:
-			l := len(data)
-			if l > 10 {
-				l = 10
-			}
+			l := min(len(data), 10)
 			return nil, fmt.Errorf("unexpected export data with prefix %q for path %s", string(data[:l]), path)
 		}
 	}
diff --git a/vendor/golang.org/x/tools/go/packages/external.go b/vendor/golang.org/x/tools/go/packages/external.go
index 91bd62e83..f37bc6510 100644
--- a/vendor/golang.org/x/tools/go/packages/external.go
+++ b/vendor/golang.org/x/tools/go/packages/external.go
@@ -90,7 +90,7 @@ func findExternalDriver(cfg *Config) driver {
 	const toolPrefix = "GOPACKAGESDRIVER="
 	tool := ""
 	for _, env := range cfg.Env {
-		if val := strings.TrimPrefix(env, toolPrefix); val != env {
+		if val, ok := strings.CutPrefix(env, toolPrefix); ok {
 			tool = val
 		}
 	}
diff --git a/vendor/golang.org/x/tools/go/types/typeutil/callee.go b/vendor/golang.org/x/tools/go/types/typeutil/callee.go
index 754380351..53b713393 100644
--- a/vendor/golang.org/x/tools/go/types/typeutil/callee.go
+++ b/vendor/golang.org/x/tools/go/types/typeutil/callee.go
@@ -7,45 +7,23 @@ package typeutil
 import (
 	"go/ast"
 	"go/types"
-
-	"golang.org/x/tools/internal/typeparams"
+	_ "unsafe" // for linkname
 )
 
 // Callee returns the named target of a function call, if any:
 // a function, method, builtin, or variable.
 //
 // Functions and methods may potentially have type parameters.
+//
+// Note: for calls of instantiated functions and methods, Callee returns
+// the corresponding generic function or method on the generic type.
 func Callee(info *types.Info, call *ast.CallExpr) types.Object {
-	fun := ast.Unparen(call.Fun)
-
-	// Look through type instantiation if necessary.
-	isInstance := false
-	switch fun.(type) {
-	case *ast.IndexExpr, *ast.IndexListExpr:
-		// When extracting the callee from an *IndexExpr, we need to check that
-		// it is a *types.Func and not a *types.Var.
-		// Example: Don't match a slice m within the expression `m[0]()`.
-		isInstance = true
-		fun, _, _, _ = typeparams.UnpackIndexExpr(fun)
-	}
-
-	var obj types.Object
-	switch fun := fun.(type) {
-	case *ast.Ident:
-		obj = info.Uses[fun] // type, var, builtin, or declared func
-	case *ast.SelectorExpr:
-		if sel, ok := info.Selections[fun]; ok {
-			obj = sel.Obj() // method or field
-		} else {
-			obj = info.Uses[fun.Sel] // qualified identifier?
-		}
+	obj := info.Uses[usedIdent(info, call.Fun)]
+	if obj == nil {
+		return nil
 	}
 	if _, ok := obj.(*types.TypeName); ok {
-		return nil // T(x) is a conversion, not a call
-	}
-	// A Func is required to match instantiations.
-	if _, ok := obj.(*types.Func); isInstance && !ok {
-		return nil // Was not a Func.
+		return nil
 	}
 	return obj
 }
@@ -56,13 +34,52 @@ func Callee(info *types.Info, call *ast.CallExpr) types.Object {
 // Note: for calls of instantiated functions and methods, StaticCallee returns
 // the corresponding generic function or method on the generic type.
 func StaticCallee(info *types.Info, call *ast.CallExpr) *types.Func {
-	if f, ok := Callee(info, call).(*types.Func); ok && !interfaceMethod(f) {
-		return f
+	obj := info.Uses[usedIdent(info, call.Fun)]
+	fn, _ := obj.(*types.Func)
+	if fn == nil || interfaceMethod(fn) {
+		return nil
+	}
+	return fn
+}
+
+// usedIdent is the implementation of [internal/typesinternal.UsedIdent].
+// It returns the identifier associated with e.
+// See typesinternal.UsedIdent for a fuller description.
+// This function should live in typesinternal, but cannot because it would
+// create an import cycle.
+//
+//go:linkname usedIdent
+func usedIdent(info *types.Info, e ast.Expr) *ast.Ident {
+	if info.Types == nil || info.Uses == nil {
+		panic("one of info.Types or info.Uses is nil; both must be populated")
+	}
+	// Look through type instantiation if necessary.
+	switch d := ast.Unparen(e).(type) {
+	case *ast.IndexExpr:
+		if info.Types[d.Index].IsType() {
+			e = d.X
+		}
+	case *ast.IndexListExpr:
+		e = d.X
+	}
+
+	switch e := ast.Unparen(e).(type) {
+	// info.Uses always has the object we want, even for selector expressions.
+	// We don't need info.Selections.
+	// See go/types/recording.go:recordSelection.
+	case *ast.Ident:
+		return e
+	case *ast.SelectorExpr:
+		return e.Sel
 	}
 	return nil
 }
 
+// interfaceMethod reports whether its argument is a method of an interface.
+// This function should live in typesinternal, but cannot because it would create an import cycle.
+//
+//go:linkname interfaceMethod
 func interfaceMethod(f *types.Func) bool {
-	recv := f.Type().(*types.Signature).Recv()
+	recv := f.Signature().Recv()
 	return recv != nil && types.IsInterface(recv.Type())
 }
diff --git a/vendor/golang.org/x/tools/internal/event/label/label.go b/vendor/golang.org/x/tools/internal/event/label/label.go
index 7c00ca2a6..92a391057 100644
--- a/vendor/golang.org/x/tools/internal/event/label/label.go
+++ b/vendor/golang.org/x/tools/internal/event/label/label.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"io"
 	"reflect"
+	"slices"
 	"unsafe"
 )
 
@@ -154,10 +155,8 @@ func (f *filter) Valid(index int) bool {
 
 func (f *filter) Label(index int) Label {
 	l := f.underlying.Label(index)
-	for _, f := range f.keys {
-		if l.Key() == f {
-			return Label{}
-		}
+	if slices.Contains(f.keys, l.Key()) {
+		return Label{}
 	}
 	return l
 }
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/iexport.go b/vendor/golang.org/x/tools/internal/gcimporter/iexport.go
index 253d6493c..780873e3a 100644
--- a/vendor/golang.org/x/tools/internal/gcimporter/iexport.go
+++ b/vendor/golang.org/x/tools/internal/gcimporter/iexport.go
@@ -236,6 +236,7 @@ import (
 	"io"
 	"math/big"
 	"reflect"
+	"slices"
 	"sort"
 	"strconv"
 	"strings"
@@ -271,10 +272,10 @@ import (
 // file system, be sure to include a cryptographic digest of the executable in
 // the key to avoid version skew.
 //
-// If the provided reportf func is non-nil, it will be used for reporting bugs
-// encountered during export.
-// TODO(rfindley): remove reportf when we are confident enough in the new
-// objectpath encoding.
+// If the provided reportf func is non-nil, it is used for reporting
+// bugs (e.g. recovered panics) encountered during export, enabling us
+// to obtain via telemetry the stack that would otherwise be lost by
+// merely returning an error.
 func IExportShallow(fset *token.FileSet, pkg *types.Package, reportf ReportFunc) ([]byte, error) {
 	// In principle this operation can only fail if out.Write fails,
 	// but that's impossible for bytes.Buffer---and as a matter of
@@ -283,7 +284,7 @@ func IExportShallow(fset *token.FileSet, pkg *types.Package, reportf ReportFunc)
 	// TODO(adonovan): use byte slices throughout, avoiding copying.
 	const bundle, shallow = false, true
 	var out bytes.Buffer
-	err := iexportCommon(&out, fset, bundle, shallow, iexportVersion, []*types.Package{pkg})
+	err := iexportCommon(&out, fset, bundle, shallow, iexportVersion, []*types.Package{pkg}, reportf)
 	return out.Bytes(), err
 }
 
@@ -323,20 +324,27 @@ const bundleVersion = 0
 // so that calls to IImportData can override with a provided package path.
 func IExportData(out io.Writer, fset *token.FileSet, pkg *types.Package) error {
 	const bundle, shallow = false, false
-	return iexportCommon(out, fset, bundle, shallow, iexportVersion, []*types.Package{pkg})
+	return iexportCommon(out, fset, bundle, shallow, iexportVersion, []*types.Package{pkg}, nil)
 }
 
 // IExportBundle writes an indexed export bundle for pkgs to out.
 func IExportBundle(out io.Writer, fset *token.FileSet, pkgs []*types.Package) error {
 	const bundle, shallow = true, false
-	return iexportCommon(out, fset, bundle, shallow, iexportVersion, pkgs)
+	return iexportCommon(out, fset, bundle, shallow, iexportVersion, pkgs, nil)
 }
 
-func iexportCommon(out io.Writer, fset *token.FileSet, bundle, shallow bool, version int, pkgs []*types.Package) (err error) {
+func iexportCommon(out io.Writer, fset *token.FileSet, bundle, shallow bool, version int, pkgs []*types.Package, reportf ReportFunc) (err error) {
 	if !debug {
 		defer func() {
 			if e := recover(); e != nil {
+				// Report the stack via telemetry (see #71067).
+				if reportf != nil {
+					reportf("panic in exporter")
+				}
 				if ierr, ok := e.(internalError); ok {
+					// internalError usually means we exported a
+					// bad go/types data structure: a violation
+					// of an implicit precondition of Export.
 					err = ierr
 					return
 				}
@@ -458,7 +466,7 @@ func (p *iexporter) encodeFile(w *intWriter, file *token.File, needed []uint64)
 	w.uint64(size)
 
 	// Sort the set of needed offsets. Duplicates are harmless.
-	sort.Slice(needed, func(i, j int) bool { return needed[i] < needed[j] })
+	slices.Sort(needed)
 
 	lines := file.Lines() // byte offset of each line start
 	w.uint64(uint64(len(lines)))
@@ -812,7 +820,7 @@ func (p *iexporter) doDecl(obj types.Object) {
 
 		n := named.NumMethods()
 		w.uint64(uint64(n))
-		for i := 0; i < n; i++ {
+		for i := range n {
 			m := named.Method(i)
 			w.pos(m.Pos())
 			w.string(m.Name())
@@ -1089,7 +1097,7 @@ func (w *exportWriter) doTyp(t types.Type, pkg *types.Package) {
 		w.pkg(fieldPkg)
 		w.uint64(uint64(n))
 
-		for i := 0; i < n; i++ {
+		for i := range n {
 			f := t.Field(i)
 			if w.p.shallow {
 				w.objectPath(f)
@@ -1138,7 +1146,7 @@ func (w *exportWriter) doTyp(t types.Type, pkg *types.Package) {
 		w.startType(unionType)
 		nt := t.Len()
 		w.uint64(uint64(nt))
-		for i := 0; i < nt; i++ {
+		for i := range nt {
 			term := t.Term(i)
 			w.bool(term.Tilde())
 			w.typ(term.Type(), pkg)
@@ -1267,7 +1275,7 @@ func tparamName(exportName string) string {
 func (w *exportWriter) paramList(tup *types.Tuple) {
 	n := tup.Len()
 	w.uint64(uint64(n))
-	for i := 0; i < n; i++ {
+	for i := range n {
 		w.param(tup.At(i))
 	}
 }
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/iimport.go b/vendor/golang.org/x/tools/internal/gcimporter/iimport.go
index bc6c9741e..82e6c9d2d 100644
--- a/vendor/golang.org/x/tools/internal/gcimporter/iimport.go
+++ b/vendor/golang.org/x/tools/internal/gcimporter/iimport.go
@@ -16,6 +16,7 @@ import (
 	"go/types"
 	"io"
 	"math/big"
+	"slices"
 	"sort"
 	"strings"
 
@@ -314,7 +315,7 @@ func iimportCommon(fset *token.FileSet, getPackages GetPackagesFunc, data []byte
 		pkgs = pkgList[:1]
 
 		// record all referenced packages as imports
-		list := append(([]*types.Package)(nil), pkgList[1:]...)
+		list := slices.Clone(pkgList[1:])
 		sort.Sort(byPath(list))
 		pkgs[0].SetImports(list)
 	}
diff --git a/vendor/golang.org/x/tools/internal/gocommand/invoke.go b/vendor/golang.org/x/tools/internal/gocommand/invoke.go
index 7ea901344..58721202d 100644
--- a/vendor/golang.org/x/tools/internal/gocommand/invoke.go
+++ b/vendor/golang.org/x/tools/internal/gocommand/invoke.go
@@ -141,7 +141,7 @@ func (runner *Runner) runPiped(ctx context.Context, inv Invocation, stdout, stde
 
 	// Wait for all in-progress go commands to return before proceeding,
 	// to avoid load concurrency errors.
-	for i := 0; i < maxInFlight; i++ {
+	for range maxInFlight {
 		select {
 		case <-ctx.Done():
 			return ctx.Err(), ctx.Err()
diff --git a/vendor/golang.org/x/tools/internal/gopathwalk/walk.go b/vendor/golang.org/x/tools/internal/gopathwalk/walk.go
index 984b79c2a..5252144d0 100644
--- a/vendor/golang.org/x/tools/internal/gopathwalk/walk.go
+++ b/vendor/golang.org/x/tools/internal/gopathwalk/walk.go
@@ -14,6 +14,7 @@ import (
 	"os"
 	"path/filepath"
 	"runtime"
+	"slices"
 	"strings"
 	"sync"
 	"time"
@@ -195,10 +196,8 @@ func (w *walker) getIgnoredDirs(path string) []string {
 
 // shouldSkipDir reports whether the file should be skipped or not.
 func (w *walker) shouldSkipDir(dir string) bool {
-	for _, ignoredDir := range w.ignoredDirs {
-		if dir == ignoredDir {
-			return true
-		}
+	if slices.Contains(w.ignoredDirs, dir) {
+		return true
 	}
 	if w.skip != nil {
 		// Check with the user specified callback.
diff --git a/vendor/golang.org/x/tools/internal/imports/fix.go b/vendor/golang.org/x/tools/internal/imports/fix.go
index 737a9bfae..89b96381c 100644
--- a/vendor/golang.org/x/tools/internal/imports/fix.go
+++ b/vendor/golang.org/x/tools/internal/imports/fix.go
@@ -32,6 +32,7 @@ import (
 	"golang.org/x/tools/internal/gocommand"
 	"golang.org/x/tools/internal/gopathwalk"
 	"golang.org/x/tools/internal/stdlib"
+	"maps"
 )
 
 // importToGroup is a list of functions which map from an import path to
@@ -585,7 +586,7 @@ func getFixesWithSource(ctx context.Context, fset *token.FileSet, f *ast.File, f
 	srcDir := filepath.Dir(abs)
 
 	if logf != nil {
-		logf("fixImports(filename=%q), srcDir=%q ...", filename, abs, srcDir)
+		logf("fixImports(filename=%q), srcDir=%q ...", filename, srcDir)
 	}
 
 	// First pass: looking only at f, and using the naive algorithm to
@@ -968,9 +969,7 @@ func (e *ProcessEnv) CopyConfig() *ProcessEnv {
 		resolver:    nil,
 		Env:         map[string]string{},
 	}
-	for k, v := range e.Env {
-		copy.Env[k] = v
-	}
+	maps.Copy(copy.Env, e.Env)
 	return copy
 }
 
@@ -1003,9 +1002,7 @@ func (e *ProcessEnv) init() error {
 	if err := json.Unmarshal(stdout.Bytes(), &goEnv); err != nil {
 		return err
 	}
-	for k, v := range goEnv {
-		e.Env[k] = v
-	}
+	maps.Copy(e.Env, goEnv)
 	e.initialized = true
 	return nil
 }
diff --git a/vendor/golang.org/x/tools/internal/imports/mod.go b/vendor/golang.org/x/tools/internal/imports/mod.go
index 8555e3f83..df94ec818 100644
--- a/vendor/golang.org/x/tools/internal/imports/mod.go
+++ b/vendor/golang.org/x/tools/internal/imports/mod.go
@@ -13,6 +13,7 @@ import (
 	"path"
 	"path/filepath"
 	"regexp"
+	"slices"
 	"sort"
 	"strconv"
 	"strings"
@@ -150,8 +151,8 @@ func newModuleResolver(e *ProcessEnv, moduleCacheCache *DirInfoCache) (*ModuleRe
 				Path: "",
 				Dir:  filepath.Join(filepath.Dir(goWork), "vendor"),
 			}
-			r.modsByModPath = append(append([]*gocommand.ModuleJSON{}, mainModsVendor...), r.dummyVendorMod)
-			r.modsByDir = append(append([]*gocommand.ModuleJSON{}, mainModsVendor...), r.dummyVendorMod)
+			r.modsByModPath = append(slices.Clone(mainModsVendor), r.dummyVendorMod)
+			r.modsByDir = append(slices.Clone(mainModsVendor), r.dummyVendorMod)
 		}
 	} else {
 		// Vendor mode is off, so run go list -m ... to find everything.
diff --git a/vendor/golang.org/x/tools/internal/imports/mod_cache.go b/vendor/golang.org/x/tools/internal/imports/mod_cache.go
index b1192696b..b96c9d4bf 100644
--- a/vendor/golang.org/x/tools/internal/imports/mod_cache.go
+++ b/vendor/golang.org/x/tools/internal/imports/mod_cache.go
@@ -128,7 +128,7 @@ func (d *DirInfoCache) ScanAndListen(ctx context.Context, listener cacheListener
 	// are going to be. Setting an arbitrary limit makes it much easier.
 	const maxInFlight = 10
 	sema := make(chan struct{}, maxInFlight)
-	for i := 0; i < maxInFlight; i++ {
+	for range maxInFlight {
 		sema <- struct{}{}
 	}
 
@@ -156,7 +156,7 @@ func (d *DirInfoCache) ScanAndListen(ctx context.Context, listener cacheListener
 		d.mu.Lock()
 		delete(d.listeners, cookie)
 		d.mu.Unlock()
-		for i := 0; i < maxInFlight; i++ {
+		for range maxInFlight {
 			<-sema
 		}
 	}
diff --git a/vendor/golang.org/x/tools/internal/imports/sortimports.go b/vendor/golang.org/x/tools/internal/imports/sortimports.go
index da8194fd9..67c17bc43 100644
--- a/vendor/golang.org/x/tools/internal/imports/sortimports.go
+++ b/vendor/golang.org/x/tools/internal/imports/sortimports.go
@@ -11,6 +11,7 @@ import (
 	"go/ast"
 	"go/token"
 	"log"
+	"slices"
 	"sort"
 	"strconv"
 )
@@ -30,7 +31,7 @@ func sortImports(localPrefix string, tokFile *token.File, f *ast.File) {
 
 		if len(d.Specs) == 0 {
 			// Empty import block, remove it.
-			f.Decls = append(f.Decls[:i], f.Decls[i+1:]...)
+			f.Decls = slices.Delete(f.Decls, i, i+1)
 		}
 
 		if !d.Lparen.IsValid() {
@@ -91,7 +92,7 @@ func mergeImports(f *ast.File) {
 			spec.(*ast.ImportSpec).Path.ValuePos = first.Pos()
 			first.Specs = append(first.Specs, spec)
 		}
-		f.Decls = append(f.Decls[:i], f.Decls[i+1:]...)
+		f.Decls = slices.Delete(f.Decls, i, i+1)
 		i--
 	}
 }
diff --git a/vendor/golang.org/x/tools/internal/modindex/lookup.go b/vendor/golang.org/x/tools/internal/modindex/lookup.go
index 5499c5c67..bd605e0d7 100644
--- a/vendor/golang.org/x/tools/internal/modindex/lookup.go
+++ b/vendor/golang.org/x/tools/internal/modindex/lookup.go
@@ -120,7 +120,7 @@ func (ix *Index) Lookup(pkg, name string, prefix bool) []Candidate {
 				px.Results = int16(n)
 				if len(flds) >= 4 {
 					sig := strings.Split(flds[3], " ")
-					for i := 0; i < len(sig); i++ {
+					for i := range sig {
 						// $ cannot otherwise occur. removing the spaces
 						// almost works, but for chan struct{}, e.g.
 						sig[i] = strings.Replace(sig[i], "$", " ", -1)
@@ -136,7 +136,7 @@ func (ix *Index) Lookup(pkg, name string, prefix bool) []Candidate {
 
 func toFields(sig []string) []Field {
 	ans := make([]Field, len(sig)/2)
-	for i := 0; i < len(ans); i++ {
+	for i := range ans {
 		ans[i] = Field{Arg: sig[2*i], Type: sig[2*i+1]}
 	}
 	return ans
diff --git a/vendor/golang.org/x/tools/internal/pkgbits/decoder.go b/vendor/golang.org/x/tools/internal/pkgbits/decoder.go
index f6cb37c5c..c0aba26c4 100644
--- a/vendor/golang.org/x/tools/internal/pkgbits/decoder.go
+++ b/vendor/golang.org/x/tools/internal/pkgbits/decoder.go
@@ -259,7 +259,7 @@ func (r *Decoder) rawUvarint() uint64 {
 func readUvarint(r *strings.Reader) (uint64, error) {
 	var x uint64
 	var s uint
-	for i := 0; i < binary.MaxVarintLen64; i++ {
+	for i := range binary.MaxVarintLen64 {
 		b, err := r.ReadByte()
 		if err != nil {
 			if i > 0 && err == io.EOF {
diff --git a/vendor/golang.org/x/tools/internal/stdlib/deps.go b/vendor/golang.org/x/tools/internal/stdlib/deps.go
index 7cca431cd..c50bf406b 100644
--- a/vendor/golang.org/x/tools/internal/stdlib/deps.go
+++ b/vendor/golang.org/x/tools/internal/stdlib/deps.go
@@ -12,348 +12,348 @@ type pkginfo struct {
 }
 
 var deps = [...]pkginfo{
-	{"archive/tar", "\x03k\x03E5\x01\v\x01#\x01\x01\x02\x05\t\x02\x01\x02\x02\v"},
-	{"archive/zip", "\x02\x04a\a\x16\x0205\x01+\x05\x01\x10\x03\x02\r\x04"},
-	{"bufio", "\x03k}E\x13"},
-	{"bytes", "n+R\x03\fG\x02\x02"},
+	{"archive/tar", "\x03j\x03E6\x01\v\x01\"\x01\x01\x02\x05\n\x02\x01\x02\x02\v"},
+	{"archive/zip", "\x02\x04`\a\x16\x0206\x01*\x05\x01\x11\x03\x02\r\x04"},
+	{"bufio", "\x03j~E\x13"},
+	{"bytes", "m+S\x03\fG\x02\x02"},
 	{"cmp", ""},
 	{"compress/bzip2", "\x02\x02\xe7\x01B"},
-	{"compress/flate", "\x02l\x03z\r\x024\x01\x03"},
-	{"compress/gzip", "\x02\x04a\a\x03\x15eT"},
-	{"compress/lzw", "\x02l\x03z"},
-	{"compress/zlib", "\x02\x04a\a\x03\x13\x01f"},
+	{"compress/flate", "\x02k\x03{\r\x024\x01\x03"},
+	{"compress/gzip", "\x02\x04`\a\x03\x15fT"},
+	{"compress/lzw", "\x02k\x03{"},
+	{"compress/zlib", "\x02\x04`\a\x03\x13\x01g"},
 	{"container/heap", "\xae\x02"},
 	{"container/list", ""},
 	{"container/ring", ""},
-	{"context", "n\\h\x01\f"},
-	{"crypto", "\x84\x01gD"},
+	{"context", "m\\i\x01\f"},
+	{"crypto", "\x83\x01hD"},
 	{"crypto/aes", "\x10\n\a\x8e\x02"},
-	{"crypto/cipher", "\x03\x1e\x01\x01\x1d\x11\x1d,Q"},
-	{"crypto/des", "\x10\x13\x1d.,\x95\x01\x03"},
-	{"crypto/dsa", "@\x04*}\x0e"},
-	{"crypto/ecdh", "\x03\v\f\x0e\x04\x14\x04\r\x1d}"},
-	{"crypto/ecdsa", "\x0e\x05\x03\x04\x01\x0e\x16\x01\x04\f\x01\x1d}\x0e\x04K\x01"},
-	{"crypto/ed25519", "\x0e\x1c\x16\n\a\x1d}D"},
-	{"crypto/elliptic", "0>}\x0e9"},
-	{"crypto/fips140", " \x05\x91\x01"},
-	{"crypto/hkdf", "-\x12\x01.\x16"},
-	{"crypto/hmac", "\x1a\x14\x11\x01\x113"},
-	{"crypto/internal/boring", "\x0e\x02\rg"},
+	{"crypto/cipher", "\x03\x1e\x01\x01\x1d\x11\x1c,R"},
+	{"crypto/des", "\x10\x13\x1d-,\x96\x01\x03"},
+	{"crypto/dsa", "@\x04)~\x0e"},
+	{"crypto/ecdh", "\x03\v\f\x0e\x04\x14\x04\r\x1c~"},
+	{"crypto/ecdsa", "\x0e\x05\x03\x04\x01\x0e\x16\x01\x04\f\x01\x1c~\x0e\x04K\x01"},
+	{"crypto/ed25519", "\x0e\x1c\x16\n\a\x1c~D"},
+	{"crypto/elliptic", "0=~\x0e9"},
+	{"crypto/fips140", " \x05\x90\x01"},
+	{"crypto/hkdf", "-\x12\x01-\x16"},
+	{"crypto/hmac", "\x1a\x14\x11\x01\x112"},
+	{"crypto/internal/boring", "\x0e\x02\rf"},
 	{"crypto/internal/boring/bbig", "\x1a\xdf\x01L"},
 	{"crypto/internal/boring/bcache", "\xb3\x02\x12"},
 	{"crypto/internal/boring/sig", ""},
-	{"crypto/internal/cryptotest", "\x03\r\n)\x0e\x1a\x06\x13\x12#\a\t\x11\x11\x11\x1b\x01\f\f\x05\n"},
+	{"crypto/internal/cryptotest", "\x03\r\n)\x0e\x19\x06\x13\x12#\a\t\x11\x12\x11\x1a\r\r\x05\n"},
 	{"crypto/internal/entropy", "E"},
-	{"crypto/internal/fips140", ">0}9\f\x15"},
-	{"crypto/internal/fips140/aes", "\x03\x1d\x03\x02\x13\x04\x01\x01\x05+\x8c\x015"},
-	{"crypto/internal/fips140/aes/gcm", " \x01\x02\x02\x02\x11\x04\x01\x06+\x8a\x01"},
+	{"crypto/internal/fips140", ">/~8\r\x15"},
+	{"crypto/internal/fips140/aes", "\x03\x1d\x03\x02\x13\x04\x01\x01\x05*\x8d\x015"},
+	{"crypto/internal/fips140/aes/gcm", " \x01\x02\x02\x02\x11\x04\x01\x06*\x8b\x01"},
 	{"crypto/internal/fips140/alias", "\xc5\x02"},
-	{"crypto/internal/fips140/bigmod", "%\x17\x01\x06+\x8c\x01"},
+	{"crypto/internal/fips140/bigmod", "%\x17\x01\x06*\x8d\x01"},
 	{"crypto/internal/fips140/check", " \x0e\x06\b\x02\xad\x01Z"},
-	{"crypto/internal/fips140/check/checktest", "%\xff\x01!"},
-	{"crypto/internal/fips140/drbg", "\x03\x1c\x01\x01\x04\x13\x04\b\x01)}\x0f8"},
-	{"crypto/internal/fips140/ecdh", "\x03\x1d\x05\x02\t\f2}\x0f8"},
-	{"crypto/internal/fips140/ecdsa", "\x03\x1d\x04\x01\x02\a\x02\x068}G"},
-	{"crypto/internal/fips140/ed25519", "\x03\x1d\x05\x02\x04\v8\xc1\x01\x03"},
-	{"crypto/internal/fips140/edwards25519", "%\a\f\x042\x8c\x018"},
-	{"crypto/internal/fips140/edwards25519/field", "%\x13\x042\x8c\x01"},
-	{"crypto/internal/fips140/hkdf", "\x03\x1d\x05\t\x06:"},
-	{"crypto/internal/fips140/hmac", "\x03\x1d\x14\x01\x018"},
-	{"crypto/internal/fips140/mlkem", "\x03\x1d\x05\x02\x0e\x03\x042"},
-	{"crypto/internal/fips140/nistec", "%\f\a\x042\x8c\x01*\x0e\x13"},
-	{"crypto/internal/fips140/nistec/fiat", "%\x136\x8c\x01"},
-	{"crypto/internal/fips140/pbkdf2", "\x03\x1d\x05\t\x06:"},
-	{"crypto/internal/fips140/rsa", "\x03\x1d\x04\x01\x02\r\x01\x01\x026}G"},
-	{"crypto/internal/fips140/sha256", "\x03\x1d\x1c\x01\x06+\x8c\x01"},
-	{"crypto/internal/fips140/sha3", "\x03\x1d\x18\x04\x011\x8c\x01K"},
-	{"crypto/internal/fips140/sha512", "\x03\x1d\x1c\x01\x06+\x8c\x01"},
+	{"crypto/internal/fips140/check/checktest", "%\xfe\x01\""},
+	{"crypto/internal/fips140/drbg", "\x03\x1c\x01\x01\x04\x13\x04\b\x01(~\x0f8"},
+	{"crypto/internal/fips140/ecdh", "\x03\x1d\x05\x02\t\f1~\x0f8"},
+	{"crypto/internal/fips140/ecdsa", "\x03\x1d\x04\x01\x02\a\x02\x067~G"},
+	{"crypto/internal/fips140/ed25519", "\x03\x1d\x05\x02\x04\v7\xc2\x01\x03"},
+	{"crypto/internal/fips140/edwards25519", "%\a\f\x041\x8d\x018"},
+	{"crypto/internal/fips140/edwards25519/field", "%\x13\x041\x8d\x01"},
+	{"crypto/internal/fips140/hkdf", "\x03\x1d\x05\t\x069"},
+	{"crypto/internal/fips140/hmac", "\x03\x1d\x14\x01\x017"},
+	{"crypto/internal/fips140/mlkem", "\x03\x1d\x05\x02\x0e\x03\x041"},
+	{"crypto/internal/fips140/nistec", "%\f\a\x041\x8d\x01)\x0f\x13"},
+	{"crypto/internal/fips140/nistec/fiat", "%\x135\x8d\x01"},
+	{"crypto/internal/fips140/pbkdf2", "\x03\x1d\x05\t\x069"},
+	{"crypto/internal/fips140/rsa", "\x03\x1d\x04\x01\x02\r\x01\x01\x025~G"},
+	{"crypto/internal/fips140/sha256", "\x03\x1d\x1c\x01\x06*\x8d\x01"},
+	{"crypto/internal/fips140/sha3", "\x03\x1d\x18\x04\x010\x8d\x01K"},
+	{"crypto/internal/fips140/sha512", "\x03\x1d\x1c\x01\x06*\x8d\x01"},
 	{"crypto/internal/fips140/ssh", " \x05"},
-	{"crypto/internal/fips140/subtle", "#\x19\xbe\x01"},
-	{"crypto/internal/fips140/tls12", "\x03\x1d\x05\t\x06\x028"},
-	{"crypto/internal/fips140/tls13", "\x03\x1d\x05\b\a\b2"},
+	{"crypto/internal/fips140/subtle", "#"},
+	{"crypto/internal/fips140/tls12", "\x03\x1d\x05\t\x06\x027"},
+	{"crypto/internal/fips140/tls13", "\x03\x1d\x05\b\a\b1"},
 	{"crypto/internal/fips140deps", ""},
-	{"crypto/internal/fips140deps/byteorder", "\x9a\x01"},
-	{"crypto/internal/fips140deps/cpu", "\xae\x01\a"},
-	{"crypto/internal/fips140deps/godebug", "\xb6\x01"},
-	{"crypto/internal/fips140hash", "5\x1a5\xc1\x01"},
-	{"crypto/internal/fips140only", "'\r\x01\x01N25"},
+	{"crypto/internal/fips140deps/byteorder", "\x99\x01"},
+	{"crypto/internal/fips140deps/cpu", "\xad\x01\a"},
+	{"crypto/internal/fips140deps/godebug", "\xb5\x01"},
+	{"crypto/internal/fips140hash", "5\x1a4\xc2\x01"},
+	{"crypto/internal/fips140only", "'\r\x01\x01M26"},
 	{"crypto/internal/fips140test", ""},
-	{"crypto/internal/hpke", "\x0e\x01\x01\x03\x1a\x1d$,`M"},
+	{"crypto/internal/hpke", "\x0e\x01\x01\x03\x1a\x1d#,aM"},
 	{"crypto/internal/impl", "\xb0\x02"},
 	{"crypto/internal/randutil", "\xeb\x01\x12"},
-	{"crypto/internal/sysrand", "\xd7\x01@\x1b\x01\f\x06"},
-	{"crypto/internal/sysrand/internal/seccomp", "n"},
-	{"crypto/md5", "\x0e2.\x16\x16`"},
+	{"crypto/internal/sysrand", "mi\"\x1e\r\x0f\x01\x01\v\x06"},
+	{"crypto/internal/sysrand/internal/seccomp", "m"},
+	{"crypto/md5", "\x0e2-\x16\x16a"},
 	{"crypto/mlkem", "/"},
-	{"crypto/pbkdf2", "2\r\x01.\x16"},
-	{"crypto/rand", "\x1a\x06\a\x19\x04\x01)}\x0eL"},
-	{"crypto/rc4", "#\x1d.\xc1\x01"},
-	{"crypto/rsa", "\x0e\f\x01\t\x0f\f\x01\x04\x06\a\x1d\x03\x1325\r\x01"},
-	{"crypto/sha1", "\x0e\f&.\x16\x16\x14L"},
-	{"crypto/sha256", "\x0e\f\x1aP"},
-	{"crypto/sha3", "\x0e'O\xc1\x01"},
-	{"crypto/sha512", "\x0e\f\x1cN"},
-	{"crypto/subtle", "8\x98\x01T"},
-	{"crypto/tls", "\x03\b\x02\x01\x01\x01\x01\x02\x01\x01\x01\x03\x01\a\x01\v\x02\n\x01\b\x05\x03\x01\x01\x01\x01\x02\x01\x02\x01\x18\x02\x03\x13\x16\x14\b5\x16\x16\r\t\x01\x01\x01\x02\x01\f\x06\x02\x01"},
+	{"crypto/pbkdf2", "2\r\x01-\x16"},
+	{"crypto/rand", "\x1a\x06\a\x19\x04\x01(~\x0eL"},
+	{"crypto/rc4", "#\x1d-\xc2\x01"},
+	{"crypto/rsa", "\x0e\f\x01\t\x0f\f\x01\x04\x06\a\x1c\x03\x1326\r\x01"},
+	{"crypto/sha1", "\x0e\f&-\x16\x16\x14M"},
+	{"crypto/sha256", "\x0e\f\x1aO"},
+	{"crypto/sha3", "\x0e'N\xc2\x01"},
+	{"crypto/sha512", "\x0e\f\x1cM"},
+	{"crypto/subtle", "8\x96\x01U"},
+	{"crypto/tls", "\x03\b\x02\x01\x01\x01\x01\x02\x01\x01\x01\x03\x01\a\x01\v\x02\n\x01\b\x05\x03\x01\x01\x01\x01\x02\x01\x02\x01\x17\x02\x03\x13\x16\x14\b6\x16\x15\r\n\x01\x01\x01\x02\x01\f\x06\x02\x01"},
 	{"crypto/tls/internal/fips140tls", " \x93\x02"},
-	{"crypto/x509", "\x03\v\x01\x01\x01\x01\x01\x01\x01\x011\x03\x02\x01\x01\x02\x05\x01\x0e\x06\x02\x02\x03E5\x03\t\x01\x01\x01\a\x10\x05\t\x05\v\x01\x02\r\x02\x01\x01\x02\x03\x01"},
-	{"crypto/x509/internal/macos", "\x03k'\x8f\x01\v\x10\x06"},
-	{"crypto/x509/pkix", "d\x06\a\x88\x01F"},
-	{"database/sql", "\x03\nK\x16\x03z\f\x06\"\x05\t\x02\x03\x01\f\x02\x02\x02"},
-	{"database/sql/driver", "\ra\x03\xae\x01\x10\x10"},
-	{"debug/buildinfo", "\x03X\x02\x01\x01\b\a\x03`\x18\x02\x01+\x10\x1e"},
-	{"debug/dwarf", "\x03d\a\x03z1\x12\x01\x01"},
-	{"debug/elf", "\x03\x06Q\r\a\x03`\x19\x01,\x18\x01\x15"},
-	{"debug/gosym", "\x03d\n\xbd\x01\x01\x01\x02"},
-	{"debug/macho", "\x03\x06Q\r\n`\x1a,\x18\x01"},
-	{"debug/pe", "\x03\x06Q\r\a\x03`\x1a,\x18\x01\x15"},
-	{"debug/plan9obj", "g\a\x03`\x1a,"},
-	{"embed", "n+:\x18\x01S"},
+	{"crypto/x509", "\x03\v\x01\x01\x01\x01\x01\x01\x01\x011\x03\x02\x01\x01\x02\x05\x0e\x06\x02\x02\x03E\x033\x01\x02\t\x01\x01\x01\a\x0f\x05\x01\x06\x02\x05\f\x01\x02\r\x02\x01\x01\x02\x03\x01"},
+	{"crypto/x509/pkix", "c\x06\a\x89\x01F"},
+	{"database/sql", "\x03\nJ\x16\x03{\f\x06!\x05\n\x02\x03\x01\f\x02\x02\x02"},
+	{"database/sql/driver", "\r`\x03\xae\x01\x11\x10"},
+	{"debug/buildinfo", "\x03W\x02\x01\x01\b\a\x03`\x19\x02\x01*\x0f "},
+	{"debug/dwarf", "\x03c\a\x03{0\x13\x01\x01"},
+	{"debug/elf", "\x03\x06P\r\a\x03`\x1a\x01+\x19\x01\x15"},
+	{"debug/gosym", "\x03c\n\xbe\x01\x01\x01\x02"},
+	{"debug/macho", "\x03\x06P\r\n`\x1b+\x19\x01"},
+	{"debug/pe", "\x03\x06P\r\a\x03`\x1b+\x19\x01\x15"},
+	{"debug/plan9obj", "f\a\x03`\x1b+"},
+	{"embed", "m+:\x19\x01S"},
 	{"embed/internal/embedtest", ""},
 	{"encoding", ""},
 	{"encoding/ascii85", "\xeb\x01D"},
-	{"encoding/asn1", "\x03k\x03\x87\x01\x01&\x0e\x02\x01\x0f\x03\x01"},
+	{"encoding/asn1", "\x03j\x03\x88\x01\x01%\x0f\x02\x01\x0f\x03\x01"},
 	{"encoding/base32", "\xeb\x01B\x02"},
-	{"encoding/base64", "\x9a\x01QB\x02"},
-	{"encoding/binary", "n}\r'\x0e\x05"},
-	{"encoding/csv", "\x02\x01k\x03zE\x11\x02"},
-	{"encoding/gob", "\x02`\x05\a\x03`\x1a\f\x01\x02\x1d\b\x13\x01\x0e\x02"},
-	{"encoding/hex", "n\x03zB\x03"},
-	{"encoding/json", "\x03\x01^\x04\b\x03z\r'\x0e\x02\x01\x02\x0f\x01\x01\x02"},
-	{"encoding/pem", "\x03c\b}B\x03"},
-	{"encoding/xml", "\x02\x01_\f\x03z4\x05\v\x01\x02\x0f\x02"},
-	{"errors", "\xca\x01{"},
-	{"expvar", "kK9\t\n\x15\r\t\x02\x03\x01\x10"},
-	{"flag", "b\f\x03z,\b\x05\t\x02\x01\x0f"},
-	{"fmt", "nE8\r\x1f\b\x0e\x02\x03\x11"},
-	{"go/ast", "\x03\x01m\x0f\x01j\x03)\b\x0e\x02\x01"},
+	{"encoding/base64", "f\x85\x01B\x02"},
+	{"encoding/binary", "m~\r&\x0f\x05"},
+	{"encoding/csv", "\x02\x01j\x03{E\x11\x02"},
+	{"encoding/gob", "\x02_\x05\a\x03`\x1b\f\x01\x02\x1c\b\x14\x01\x0e\x02"},
+	{"encoding/hex", "m\x03{B\x03"},
+	{"encoding/json", "\x03\x01]\x04\b\x03{\r&\x0f\x02\x01\x02\x0f\x01\x01\x02"},
+	{"encoding/pem", "\x03b\b~B\x03"},
+	{"encoding/xml", "\x02\x01^\f\x03{3\x05\f\x01\x02\x0f\x02"},
+	{"errors", "\xc9\x01|"},
+	{"expvar", "jK:\t\n\x14\r\n\x02\x03\x01\x10"},
+	{"flag", "a\f\x03{+\b\x05\n\x02\x01\x0f"},
+	{"fmt", "mE9\r\x1e\b\x0f\x02\x03\x11"},
+	{"go/ast", "\x03\x01l\x0f\x01k\x03(\b\x0f\x02\x01"},
 	{"go/ast/internal/tests", ""},
-	{"go/build", "\x02\x01k\x03\x01\x03\x02\a\x02\x01\x17\x1e\x04\x02\t\x14\x12\x01+\x01\x04\x01\a\t\x02\x01\x11\x02\x02"},
-	{"go/build/constraint", "n\xc1\x01\x01\x11\x02"},
-	{"go/constant", "q\x10w\x01\x015\x01\x02\x11"},
-	{"go/doc", "\x04m\x01\x06\t=-1\x11\x02\x01\x11\x02"},
-	{"go/doc/comment", "\x03n\xbc\x01\x01\x01\x01\x11\x02"},
-	{"go/format", "\x03n\x01\f\x01\x02jE"},
-	{"go/importer", "t\a\x01\x01\x04\x01i9"},
-	{"go/internal/gccgoimporter", "\x02\x01X\x13\x03\x05\v\x01g\x02,\x01\x05\x12\x01\v\b"},
-	{"go/internal/gcimporter", "\x02o\x10\x01/\x05\x0e',\x16\x03\x02"},
-	{"go/internal/srcimporter", "q\x01\x02\n\x03\x01i,\x01\x05\x13\x02\x13"},
-	{"go/parser", "\x03k\x03\x01\x03\v\x01j\x01+\x06\x13"},
-	{"go/printer", "q\x01\x03\x03\tj\r\x1f\x16\x02\x01\x02\n\x05\x02"},
-	{"go/scanner", "\x03n\x10j2\x11\x01\x12\x02"},
-	{"go/token", "\x04m\xbc\x01\x02\x03\x01\x0e\x02"},
-	{"go/types", "\x03\x01\x06d\x03\x01\x04\b\x03\x02\x15\x1e\x06+\x04\x03\n%\a\t\x01\x01\x01\x02\x01\x0e\x02\x02"},
-	{"go/version", "\xbb\x01u"},
+	{"go/build", "\x02\x01j\x03\x01\x03\x02\a\x02\x01\x17\x1e\x04\x02\t\x14\x13\x01*\x01\x04\x01\a\n\x02\x01\x11\x02\x02"},
+	{"go/build/constraint", "m\xc2\x01\x01\x11\x02"},
+	{"go/constant", "p\x10x\x01\x015\x01\x02\x11"},
+	{"go/doc", "\x04l\x01\x06\t=.0\x12\x02\x01\x11\x02"},
+	{"go/doc/comment", "\x03m\xbd\x01\x01\x01\x01\x11\x02"},
+	{"go/format", "\x03m\x01\f\x01\x02kE"},
+	{"go/importer", "s\a\x01\x01\x04\x01j8"},
+	{"go/internal/gccgoimporter", "\x02\x01W\x13\x03\x05\v\x01h\x02+\x01\x05\x13\x01\v\b"},
+	{"go/internal/gcimporter", "\x02n\x10\x01/\x05\x0e(+\x17\x03\x02"},
+	{"go/internal/srcimporter", "p\x01\x02\n\x03\x01j+\x01\x05\x14\x02\x13"},
+	{"go/parser", "\x03j\x03\x01\x03\v\x01k\x01*\x06\x14"},
+	{"go/printer", "p\x01\x03\x03\tk\r\x1e\x17\x02\x01\x02\n\x05\x02"},
+	{"go/scanner", "\x03m\x10k1\x12\x01\x12\x02"},
+	{"go/token", "\x04l\xbd\x01\x02\x03\x01\x0e\x02"},
+	{"go/types", "\x03\x01\x06c\x03\x01\x04\b\x03\x02\x15\x1e\x06,\x04\x03\n$\a\n\x01\x01\x01\x02\x01\x0e\x02\x02"},
+	{"go/version", "\xba\x01v"},
 	{"hash", "\xeb\x01"},
-	{"hash/adler32", "n\x16\x16"},
-	{"hash/crc32", "n\x16\x16\x14\x84\x01\x01"},
-	{"hash/crc64", "n\x16\x16\x98\x01"},
-	{"hash/fnv", "n\x16\x16`"},
-	{"hash/maphash", "\x95\x01\x05\x1b\x03@M"},
+	{"hash/adler32", "m\x16\x16"},
+	{"hash/crc32", "m\x16\x16\x14\x85\x01\x01\x12"},
+	{"hash/crc64", "m\x16\x16\x99\x01"},
+	{"hash/fnv", "m\x16\x16a"},
+	{"hash/maphash", "\x94\x01\x05\x1b\x03AM"},
 	{"html", "\xb0\x02\x02\x11"},
-	{"html/template", "\x03h\x06\x19,5\x01\v \x05\x01\x02\x03\r\x01\x02\v\x01\x03\x02"},
-	{"image", "\x02l\x1f^\x0f5\x03\x01"},
+	{"html/template", "\x03g\x06\x19,6\x01\v\x1f\x05\x01\x02\x03\x0e\x01\x02\v\x01\x03\x02"},
+	{"image", "\x02k\x1f_\x0f5\x03\x01"},
 	{"image/color", ""},
-	{"image/color/palette", "\x8d\x01"},
-	{"image/draw", "\x8c\x01\x01\x04"},
-	{"image/gif", "\x02\x01\x05f\x03\x1b\x01\x01\x01\vQ"},
-	{"image/internal/imageutil", "\x8c\x01"},
-	{"image/jpeg", "\x02l\x1e\x01\x04Z"},
-	{"image/png", "\x02\a^\n\x13\x02\x06\x01^D"},
-	{"index/suffixarray", "\x03d\a}\r*\v\x01"},
-	{"internal/abi", "\xb5\x01\x90\x01"},
+	{"image/color/palette", "\x8c\x01"},
+	{"image/draw", "\x8b\x01\x01\x04"},
+	{"image/gif", "\x02\x01\x05e\x03\x1b\x01\x01\x01\vR"},
+	{"image/internal/imageutil", "\x8b\x01"},
+	{"image/jpeg", "\x02k\x1e\x01\x04["},
+	{"image/png", "\x02\a]\n\x13\x02\x06\x01_D"},
+	{"index/suffixarray", "\x03c\a~\r)\f\x01"},
+	{"internal/abi", "\xb4\x01\x91\x01"},
 	{"internal/asan", "\xc5\x02"},
-	{"internal/bisect", "\xa4\x02\x0e\x01"},
-	{"internal/buildcfg", "qG_\x06\x02\x05\v\x01"},
-	{"internal/bytealg", "\xae\x01\x97\x01"},
+	{"internal/bisect", "\xa3\x02\x0f\x01"},
+	{"internal/buildcfg", "pG_\x06\x02\x05\f\x01"},
+	{"internal/bytealg", "\xad\x01\x98\x01"},
 	{"internal/byteorder", ""},
 	{"internal/cfg", ""},
-	{"internal/chacha8rand", "\x9a\x01\x1b\x90\x01"},
+	{"internal/chacha8rand", "\x99\x01\x1b\x91\x01"},
 	{"internal/copyright", ""},
 	{"internal/coverage", ""},
 	{"internal/coverage/calloc", ""},
-	{"internal/coverage/cfile", "k\x06\x17\x16\x01\x02\x01\x01\x01\x01\x01\x01\x01$\x01\x1e,\x06\a\v\x01\x03\f\x06"},
-	{"internal/coverage/cformat", "\x04m-\x04I\f6\x01\x02\f"},
-	{"internal/coverage/cmerge", "q-Z"},
-	{"internal/coverage/decodecounter", "g\n-\v\x02@,\x18\x16"},
-	{"internal/coverage/decodemeta", "\x02e\n\x17\x16\v\x02@,"},
-	{"internal/coverage/encodecounter", "\x02e\n-\f\x01\x02>\f \x16"},
-	{"internal/coverage/encodemeta", "\x02\x01d\n\x13\x04\x16\r\x02>,."},
-	{"internal/coverage/pods", "\x04m-y\x06\x05\v\x02\x01"},
+	{"internal/coverage/cfile", "j\x06\x17\x16\x01\x02\x01\x01\x01\x01\x01\x01\x01#\x01 +\x06\a\f\x01\x03\f\x06"},
+	{"internal/coverage/cformat", "\x04l-\x04J\f6\x01\x02\f"},
+	{"internal/coverage/cmerge", "p-["},
+	{"internal/coverage/decodecounter", "f\n-\v\x02A+\x19\x16"},
+	{"internal/coverage/decodemeta", "\x02d\n\x17\x16\v\x02A+"},
+	{"internal/coverage/encodecounter", "\x02d\n-\f\x01\x02?\f\x1f\x17"},
+	{"internal/coverage/encodemeta", "\x02\x01c\n\x13\x04\x16\r\x02?+/"},
+	{"internal/coverage/pods", "\x04l-y\x06\x05\f\x02\x01"},
 	{"internal/coverage/rtcov", "\xc5\x02"},
-	{"internal/coverage/slicereader", "g\nzZ"},
-	{"internal/coverage/slicewriter", "qz"},
-	{"internal/coverage/stringtab", "q8\x04>"},
+	{"internal/coverage/slicereader", "f\n{Z"},
+	{"internal/coverage/slicewriter", "p{"},
+	{"internal/coverage/stringtab", "p8\x04?"},
 	{"internal/coverage/test", ""},
 	{"internal/coverage/uleb128", ""},
 	{"internal/cpu", "\xc5\x02"},
-	{"internal/dag", "\x04m\xbc\x01\x03"},
-	{"internal/diff", "\x03n\xbd\x01\x02"},
-	{"internal/exportdata", "\x02\x01k\x03\x03]\x1a,\x01\x05\x12\x01\x02"},
-	{"internal/filepathlite", "n+:\x19A"},
-	{"internal/fmtsort", "\x04\x9b\x02\x0e"},
-	{"internal/fuzz", "\x03\nA\x19\x04\x03\x03\x01\f\x0355\r\x02\x1d\x01\x05\x02\x05\v\x01\x02\x01\x01\v\x04\x02"},
+	{"internal/dag", "\x04l\xbd\x01\x03"},
+	{"internal/diff", "\x03m\xbe\x01\x02"},
+	{"internal/exportdata", "\x02\x01j\x03\x03]\x1b+\x01\x05\x13\x01\x02"},
+	{"internal/filepathlite", "m+:\x1aA"},
+	{"internal/fmtsort", "\x04\x9a\x02\x0f"},
+	{"internal/fuzz", "\x03\nA\x18\x04\x03\x03\x01\f\x0356\r\x02\x1c\x01\x05\x02\x05\f\x01\x02\x01\x01\v\x04\x02"},
 	{"internal/goarch", ""},
-	{"internal/godebug", "\x97\x01 {\x01\x12"},
+	{"internal/godebug", "\x96\x01 |\x01\x12"},
 	{"internal/godebugs", ""},
 	{"internal/goexperiment", ""},
 	{"internal/goos", ""},
-	{"internal/goroot", "\x97\x02\x01\x05\x13\x02"},
+	{"internal/goroot", "\x96\x02\x01\x05\x14\x02"},
 	{"internal/gover", "\x04"},
 	{"internal/goversion", ""},
 	{"internal/itoa", ""},
-	{"internal/lazyregexp", "\x97\x02\v\x0e\x02"},
-	{"internal/lazytemplate", "\xeb\x01,\x19\x02\v"},
+	{"internal/lazyregexp", "\x96\x02\v\x0f\x02"},
+	{"internal/lazytemplate", "\xeb\x01+\x1a\x02\v"},
 	{"internal/msan", "\xc5\x02"},
 	{"internal/nettrace", ""},
-	{"internal/obscuretestdata", "f\x85\x01,"},
-	{"internal/oserror", "n"},
-	{"internal/pkgbits", "\x03K\x19\a\x03\x05\vj\x0e\x1e\r\v\x01"},
+	{"internal/obscuretestdata", "e\x86\x01+"},
+	{"internal/oserror", "m"},
+	{"internal/pkgbits", "\x03K\x18\a\x03\x05\vk\x0e\x1d\r\f\x01"},
 	{"internal/platform", ""},
-	{"internal/poll", "nO\x1a\x149\x0e\x01\x01\v\x06"},
-	{"internal/profile", "\x03\x04g\x03z7\f\x01\x01\x0f"},
+	{"internal/poll", "mO\x1a\x158\x0f\x01\x01\v\x06"},
+	{"internal/profile", "\x03\x04f\x03{6\r\x01\x01\x0f"},
 	{"internal/profilerecord", ""},
-	{"internal/race", "\x95\x01\xb0\x01"},
-	{"internal/reflectlite", "\x95\x01 3<!"},
-	{"internal/routebsd", "n,w\x13\x10\x11"},
-	{"internal/runtime/atomic", "\xae\x01\x97\x01"},
-	{"internal/runtime/exithook", "\xcc\x01y"},
-	{"internal/runtime/maps", "\x95\x01\x01\x1f\v\t\x06\x01u"},
-	{"internal/runtime/math", "\xb5\x01"},
-	{"internal/runtime/sys", "\xae\x01\a\x04"},
+	{"internal/race", "\x94\x01\xb1\x01"},
+	{"internal/reflectlite", "\x94\x01 4;\""},
+	{"internal/runtime/atomic", "\xc5\x02"},
+	{"internal/runtime/exithook", "\xca\x01{"},
+	{"internal/runtime/maps", "\x94\x01\x01\x1f\v\t\x05\x01w"},
+	{"internal/runtime/math", "\xb4\x01"},
+	{"internal/runtime/sys", "\xb4\x01\x04"},
+	{"internal/runtime/syscall", "\xc5\x02"},
 	{"internal/saferio", "\xeb\x01Z"},
 	{"internal/singleflight", "\xb2\x02"},
-	{"internal/stringslite", "\x99\x01\xac\x01"},
-	{"internal/sync", "\x95\x01 \x14j\x12"},
+	{"internal/stringslite", "\x98\x01\xad\x01"},
+	{"internal/sync", "\x94\x01 \x14k\x12"},
 	{"internal/synctest", "\xc5\x02"},
 	{"internal/syscall/execenv", "\xb4\x02"},
-	{"internal/syscall/unix", "\x95\x01\x8f\x01\x10\x11"},
-	{"internal/sysinfo", "\xae\x01\x84\x01\x02"},
+	{"internal/syscall/unix", "\xa3\x02\x10\x01\x11"},
+	{"internal/sysinfo", "\x02\x01\xaa\x01>+\x1a\x02"},
 	{"internal/syslist", ""},
-	{"internal/testenv", "\x03\na\x02\x01*\x1a\x10'+\x01\x05\a\v\x01\x02\x02\x01\n"},
+	{"internal/testenv", "\x03\n`\x02\x01*\x1a\x10(*\x01\x05\a\f\x01\x02\x02\x01\n"},
 	{"internal/testlog", "\xb2\x02\x01\x12"},
-	{"internal/testpty", "n\x03f@\x1d"},
-	{"internal/trace", "\x02\x01\x01\x06]\a\x03n\x03\x03\x06\x03\n5\x01\x02\x0f\x06"},
-	{"internal/trace/internal/testgen", "\x03d\nl\x03\x02\x03\x011\v\x0e"},
-	{"internal/trace/internal/tracev1", "\x03\x01c\a\x03t\x06\r5\x01"},
-	{"internal/trace/raw", "\x02e\nq\x03\x06D\x01\x11"},
-	{"internal/trace/testtrace", "\x02\x01k\x03l\x03\x06\x057\v\x02\x01"},
-	{"internal/trace/tracev2", ""},
-	{"internal/trace/traceviewer", "\x02^\v\x06\x1a<\x16\a\a\x04\t\n\x15\x01\x05\a\v\x01\x02\r"},
+	{"internal/testpty", "m\x03\xa6\x01"},
+	{"internal/trace", "\x02\x01\x01\x06\\\a\x03m\x01\x01\x06\x06\x03\n5\x01\x02\x0f"},
+	{"internal/trace/event", ""},
+	{"internal/trace/event/go122", "pm"},
+	{"internal/trace/internal/oldtrace", "\x03\x01b\a\x03m\b\x06\r5\x01"},
+	{"internal/trace/internal/testgen/go122", "\x03c\nl\x01\x01\x03\x04\x010\v\x0f"},
+	{"internal/trace/raw", "\x02d\nm\b\x06D\x01\x11"},
+	{"internal/trace/testtrace", "\x02\x01j\x03l\x05\x05\x056\f\x02\x01"},
+	{"internal/trace/traceviewer", "\x02]\v\x06\x1a<\x16\b\a\x04\t\n\x14\x01\x05\a\f\x01\x02\r"},
 	{"internal/trace/traceviewer/format", ""},
-	{"internal/trace/version", "qq\t"},
-	{"internal/txtar", "\x03n\xa6\x01\x19"},
+	{"internal/trace/version", "pm\x01\r"},
+	{"internal/txtar", "\x03m\xa6\x01\x1a"},
 	{"internal/types/errors", "\xaf\x02"},
 	{"internal/unsafeheader", "\xc5\x02"},
-	{"internal/xcoff", "Z\r\a\x03`\x1a,\x18\x01"},
-	{"internal/zstd", "g\a\x03z\x0f"},
-	{"io", "n\xc4\x01"},
-	{"io/fs", "n+*(1\x11\x12\x04"},
-	{"io/ioutil", "\xeb\x01\x01+\x16\x03"},
-	{"iter", "\xc9\x01[!"},
-	{"log", "qz\x05'\r\x0e\x01\f"},
+	{"internal/xcoff", "Y\r\a\x03`\x1b+\x19\x01"},
+	{"internal/zstd", "f\a\x03{\x0f"},
+	{"io", "m\xc5\x01"},
+	{"io/fs", "m+*)0\x12\x12\x04"},
+	{"io/ioutil", "\xeb\x01\x01*\x17\x03"},
+	{"iter", "\xc8\x01[\""},
+	{"log", "p{\x05&\r\x0f\x01\f"},
 	{"log/internal", ""},
-	{"log/slog", "\x03\nU\t\x03\x03z\x04\x01\x02\x02\x04'\x05\t\x02\x01\x02\x01\f\x02\x02\x02"},
+	{"log/slog", "\x03\nT\t\x03\x03{\x04\x01\x02\x02\x04&\x05\n\x02\x01\x02\x01\f\x02\x02\x02"},
 	{"log/slog/internal", ""},
-	{"log/slog/internal/benchmarks", "\ra\x03z\x06\x03;\x10"},
+	{"log/slog/internal/benchmarks", "\r`\x03{\x06\x03;\x10"},
 	{"log/slog/internal/buffer", "\xb2\x02"},
 	{"log/slog/internal/slogtest", "\xf1\x01"},
-	{"log/syslog", "n\x03~\x12\x16\x19\x02\r"},
+	{"log/syslog", "m\x03\x7f\x12\x15\x1a\x02\r"},
 	{"maps", "\xee\x01W"},
-	{"math", "\xfa\x01K"},
-	{"math/big", "\x03k\x03)Q\r\x02\x021\x02\x01\x02\x13"},
+	{"math", "\xad\x01MK"},
+	{"math/big", "\x03j\x03)\x14>\r\x02\x023\x01\x02\x13"},
 	{"math/bits", "\xc5\x02"},
 	{"math/cmplx", "\xf8\x01\x02"},
-	{"math/rand", "\xb6\x01B:\x01\x12"},
-	{"math/rand/v2", "n,\x02\\\x02K"},
-	{"mime", "\x02\x01c\b\x03z\f \x16\x03\x02\x0f\x02"},
-	{"mime/multipart", "\x02\x01G$\x03E5\f\x01\x06\x02\x15\x02\x06\x10\x02\x01\x15"},
-	{"mime/quotedprintable", "\x02\x01nz"},
-	{"net", "\x04\ta+\x1d\a\x04\x05\x05\a\x01\x04\x14\x01%\x06\r\t\x05\x01\x01\v\x06\a"},
-	{"net/http", "\x02\x01\x04\x04\x02=\b\x14\x01\a\x03E5\x01\x03\b\x01\x02\x02\x02\x01\x02\x06\x02\x01\x01\n\x01\x01\x05\x01\x02\x05\t\x01\x01\x01\x02\x01\f\x02\x02\x02\b\x01\x01\x01"},
-	{"net/http/cgi", "\x02P\x1c\x03z\x04\b\n\x01\x13\x01\x01\x01\x04\x01\x05\x02\t\x02\x01\x0f\x0e"},
-	{"net/http/cookiejar", "\x04j\x03\x90\x01\x01\b\f\x17\x03\x02\r\x04"},
-	{"net/http/fcgi", "\x02\x01\nZ\a\x03z\x16\x01\x01\x14\x19\x02\r"},
-	{"net/http/httptest", "\x02\x01\nE\x02\x1c\x01z\x04\x12\x01\n\t\x02\x18\x01\x02\r\x0e"},
-	{"net/http/httptrace", "\rEo@\x14\n "},
-	{"net/http/httputil", "\x02\x01\na\x03z\x04\x0f\x03\x01\x05\x02\x01\v\x01\x1a\x02\r\x0e"},
-	{"net/http/internal", "\x02\x01k\x03z"},
+	{"math/rand", "\xb5\x01C:\x01\x12"},
+	{"math/rand/v2", "m,\x02]\x02K"},
+	{"mime", "\x02\x01b\b\x03{\f\x1f\x17\x03\x02\x0f\x02"},
+	{"mime/multipart", "\x02\x01G#\x03E6\f\x01\x06\x02\x14\x02\x06\x11\x02\x01\x15"},
+	{"mime/quotedprintable", "\x02\x01m{"},
+	{"net", "\x04\t`+\x1d\a\x04\x05\f\x01\x04\x15\x01$\x06\r\n\x05\x01\x01\v\x06\a"},
+	{"net/http", "\x02\x01\x04\x04\x02=\b\x13\x01\a\x03E6\x01\x03\b\x01\x02\x02\x02\x01\x02\x06\x02\x01\n\x01\x01\x05\x01\x02\x05\n\x01\x01\x01\x02\x01\f\x02\x02\x02\b\x01\x01\x01"},
+	{"net/http/cgi", "\x02P\x1b\x03{\x04\b\n\x01\x12\x01\x01\x01\x04\x01\x05\x02\n\x02\x01\x0f\x0e"},
+	{"net/http/cookiejar", "\x04i\x03\x91\x01\x01\b\v\x18\x03\x02\r\x04"},
+	{"net/http/fcgi", "\x02\x01\nY\a\x03{\x16\x01\x01\x13\x1a\x02\r"},
+	{"net/http/httptest", "\x02\x01\nE\x02\x1b\x01{\x04\x12\x01\t\t\x02\x19\x01\x02\r\x0e"},
+	{"net/http/httptrace", "\rEnA\x13\n!"},
+	{"net/http/httputil", "\x02\x01\n`\x03{\x04\x0f\x03\x01\x05\x02\x01\n\x01\x1b\x02\r\x0e"},
+	{"net/http/internal", "\x02\x01j\x03{"},
 	{"net/http/internal/ascii", "\xb0\x02\x11"},
-	{"net/http/internal/httpcommon", "\ra\x03\x96\x01\x0e\x01\x18\x01\x01\x02\x1b\x02"},
 	{"net/http/internal/testcert", "\xb0\x02"},
-	{"net/http/pprof", "\x02\x01\nd\x19,\x11$\x04\x13\x14\x01\r\x06\x02\x01\x02\x01\x0f"},
-	{"net/internal/cgotest", "\xd7\x01n"},
-	{"net/internal/socktest", "q\xc1\x01\x02"},
-	{"net/mail", "\x02l\x03z\x04\x0f\x03\x14\x1b\x02\r\x04"},
-	{"net/netip", "\x04j+\x01#;\x025\x15"},
-	{"net/rpc", "\x02g\x05\x03\x10\n`\x04\x12\x01\x1d\x0e\x03\x02"},
-	{"net/rpc/jsonrpc", "k\x03\x03z\x16\x11 "},
-	{"net/smtp", "\x19.\v\x14\b\x03z\x16\x14\x1b"},
-	{"net/textproto", "\x02\x01k\x03z\r\t.\x01\x02\x13"},
-	{"net/url", "n\x03\x86\x01%\x11\x02\x01\x15"},
-	{"os", "n+\x19\v\t\r\x03\x01\x04\x10\x018\t\x05\x01\x01\v\x06"},
-	{"os/exec", "\x03\naH \x01\x14\x01+\x06\a\v\x01\x04\v"},
+	{"net/http/pprof", "\x02\x01\nc\x19,\x11%\x04\x13\x13\x01\r\x06\x03\x01\x02\x01\x0f"},
+	{"net/internal/cgotest", ""},
+	{"net/internal/socktest", "p\xc2\x01\x02"},
+	{"net/mail", "\x02k\x03{\x04\x0f\x03\x13\x1c\x02\r\x04"},
+	{"net/netip", "\x04i+\x01#<\x025\x15"},
+	{"net/rpc", "\x02f\x05\x03\x10\na\x04\x12\x01\x1c\x0f\x03\x02"},
+	{"net/rpc/jsonrpc", "j\x03\x03{\x16\x10!"},
+	{"net/smtp", "\x19.\v\x13\b\x03{\x16\x13\x1c"},
+	{"net/textproto", "\x02\x01j\x03{\r\t.\x01\x02\x13"},
+	{"net/url", "m\x03\x87\x01$\x12\x02\x01\x15"},
+	{"os", "m+\x01\x18\x03\b\t\r\x03\x01\x04\x11\x017\n\x05\x01\x01\v\x06"},
+	{"os/exec", "\x03\n`H \x01\x15\x01*\x06\a\f\x01\x04\v"},
 	{"os/exec/internal/fdtest", "\xb4\x02"},
-	{"os/signal", "\r\x8a\x02\x16\x05\x02"},
-	{"os/user", "qfM\v\x01\x02\x02\x11"},
-	{"path", "n+\xaa\x01"},
-	{"path/filepath", "n+\x19:+\r\t\x03\x04\x0f"},
-	{"plugin", "n\xc4\x01\x13"},
-	{"reflect", "n'\x04\x1c\b\f\x05\x02\x18\x06\n,\v\x03\x0f\x02\x02"},
+	{"os/signal", "\r\x89\x02\x17\x05\x02"},
+	{"os/user", "\x02\x01j\x03{+\r\f\x01\x02"},
+	{"path", "m+\xab\x01"},
+	{"path/filepath", "m+\x19;*\r\n\x03\x04\x0f"},
+	{"plugin", "m"},
+	{"reflect", "m'\x04\x1c\b\f\x04\x02\x1a\x06\n+\f\x03\x0f\x02\x02"},
 	{"reflect/internal/example1", ""},
 	{"reflect/internal/example2", ""},
-	{"regexp", "\x03\xe8\x018\n\x02\x01\x02\x0f\x02"},
+	{"regexp", "\x03\xe8\x017\v\x02\x01\x02\x0f\x02"},
 	{"regexp/syntax", "\xad\x02\x01\x01\x01\x11\x02"},
-	{"runtime", "\x95\x01\x04\x01\x02\f\x06\a\x02\x01\x01\x0f\x04\x01\x01\x01\x01\x03\x0fc"},
-	{"runtime/cgo", "\xd0\x01b\x01\x12"},
-	{"runtime/coverage", "\xa0\x01K"},
-	{"runtime/debug", "qUQ\r\t\x02\x01\x0f\x06"},
+	{"runtime", "\x94\x01\x04\x01\x02\f\x06\a\x02\x01\x01\x0f\x03\x01\x01\x01\x01\x01\x03s"},
+	{"runtime/coverage", "\x9f\x01L"},
+	{"runtime/debug", "pUQ\r\n\x02\x01\x0f\x06"},
+	{"runtime/internal/startlinetest", ""},
 	{"runtime/internal/wasitest", ""},
-	{"runtime/metrics", "\xb7\x01A,!"},
-	{"runtime/pprof", "\x02\x01\x01\x03\x06Z\a\x03$3#\r\x1f\r\t\x01\x01\x01\x02\x02\b\x03\x06"},
-	{"runtime/race", ""},
-	{"runtime/trace", "\rdz9\x0e\x01\x12"},
+	{"runtime/metrics", "\xb6\x01B+\""},
+	{"runtime/pprof", "\x02\x01\x01\x03\x06Y\a\x03$3$\r\x1e\r\n\x01\x01\x01\x02\x02\b\x03\x06"},
+	{"runtime/race", "\xab\x02"},
+	{"runtime/race/internal/amd64v1", ""},
+	{"runtime/trace", "\rc{8\x0f\x01\x12"},
 	{"slices", "\x04\xea\x01\fK"},
-	{"sort", "\xca\x0103"},
-	{"strconv", "n+:%\x02I"},
-	{"strings", "n'\x04:\x18\x03\f8\x0f\x02\x02"},
+	{"sort", "\xc9\x0113"},
+	{"strconv", "m+:&\x02I"},
+	{"strings", "m'\x04:\x19\x03\f8\x0f\x02\x02"},
 	{"structs", ""},
-	{"sync", "\xc9\x01\vP\x0f\x12"},
+	{"sync", "\xc8\x01\vP\x10\x12"},
 	{"sync/atomic", "\xc5\x02"},
-	{"syscall", "n'\x01\x03\x01\x1b\b\x03\x03\x06[\x0e\x01\x12"},
-	{"testing", "\x03\na\x02\x01X\x0f\x13\r\x04\x1b\x06\x02\x05\x03\x05\x01\x02\x01\x02\x01\f\x02\x02\x02"},
-	{"testing/fstest", "n\x03z\x01\v%\x11\x03\b\a"},
-	{"testing/internal/testdeps", "\x02\v\xa7\x01'\x10,\x03\x05\x03\b\x06\x02\r"},
-	{"testing/iotest", "\x03k\x03z\x04"},
-	{"testing/quick", "p\x01\x87\x01\x04#\x11\x0f"},
-	{"testing/slogtest", "\ra\x03\x80\x01.\x05\x11\n"},
-	{"text/scanner", "\x03nz,*\x02"},
-	{"text/tabwriter", "qzX"},
-	{"text/template", "n\x03B8\x01\v\x1f\x01\x05\x01\x02\x05\f\x02\f\x03\x02"},
-	{"text/template/parse", "\x03n\xb3\x01\v\x01\x11\x02"},
-	{"time", "n+\x1d\x1d'*\x0e\x02\x11"},
-	{"time/tzdata", "n\xc6\x01\x11"},
+	{"syscall", "m(\x03\x01\x1b\b\x03\x03\x06\aT\x0f\x01\x12"},
+	{"testing", "\x03\n`\x02\x01G\x11\x0f\x14\r\x04\x1a\x06\x02\x05\x02\a\x01\x02\x01\x02\x01\f\x02\x02\x02"},
+	{"testing/fstest", "m\x03{\x01\v$\x12\x03\b\a"},
+	{"testing/internal/testdeps", "\x02\v\xa6\x01'\x11+\x03\x05\x03\b\a\x02\r"},
+	{"testing/iotest", "\x03j\x03{\x04"},
+	{"testing/quick", "o\x01\x88\x01\x04\"\x12\x0f"},
+	{"testing/slogtest", "\r`\x03\x81\x01-\x05\x12\n"},
+	{"text/scanner", "\x03m{++\x02"},
+	{"text/tabwriter", "p{X"},
+	{"text/template", "m\x03B9\x01\v\x1e\x01\x05\x01\x02\x05\r\x02\f\x03\x02"},
+	{"text/template/parse", "\x03m\xb3\x01\f\x01\x11\x02"},
+	{"time", "m+\x1d\x1d()\x0f\x02\x11"},
+	{"time/tzdata", "m\xc7\x01\x11"},
 	{"unicode", ""},
 	{"unicode/utf16", ""},
 	{"unicode/utf8", ""},
-	{"unique", "\x95\x01>\x01P\x0e\x13\x12"},
+	{"unique", "\x94\x01>\x01P\x0f\x13\x12"},
 	{"unsafe", ""},
-	{"vendor/golang.org/x/crypto/chacha20", "\x10W\a\x8c\x01*&"},
-	{"vendor/golang.org/x/crypto/chacha20poly1305", "\x10W\a\xd8\x01\x04\x01"},
-	{"vendor/golang.org/x/crypto/cryptobyte", "d\n\x03\x88\x01& \n"},
+	{"vendor/golang.org/x/crypto/chacha20", "\x10V\a\x8d\x01)'"},
+	{"vendor/golang.org/x/crypto/chacha20poly1305", "\x10V\a\xd9\x01\x04\x01\a"},
+	{"vendor/golang.org/x/crypto/cryptobyte", "c\n\x03\x89\x01%!\n"},
 	{"vendor/golang.org/x/crypto/cryptobyte/asn1", ""},
 	{"vendor/golang.org/x/crypto/internal/alias", "\xc5\x02"},
-	{"vendor/golang.org/x/crypto/internal/poly1305", "Q\x16\x93\x01"},
-	{"vendor/golang.org/x/net/dns/dnsmessage", "n"},
-	{"vendor/golang.org/x/net/http/httpguts", "\x81\x02\x14\x1b\x13\r"},
-	{"vendor/golang.org/x/net/http/httpproxy", "n\x03\x90\x01\x15\x01\x19\x13\r"},
-	{"vendor/golang.org/x/net/http2/hpack", "\x03k\x03zG"},
-	{"vendor/golang.org/x/net/idna", "q\x87\x018\x13\x10\x02\x01"},
-	{"vendor/golang.org/x/net/nettest", "\x03d\a\x03z\x11\x05\x16\x01\f\v\x01\x02\x02\x01\n"},
-	{"vendor/golang.org/x/sys/cpu", "\x97\x02\r\v\x01\x15"},
-	{"vendor/golang.org/x/text/secure/bidirule", "n\xd5\x01\x11\x01"},
-	{"vendor/golang.org/x/text/transform", "\x03k}X"},
-	{"vendor/golang.org/x/text/unicode/bidi", "\x03\bf~?\x15"},
-	{"vendor/golang.org/x/text/unicode/norm", "g\nzG\x11\x11"},
-	{"weak", "\x95\x01\x8f\x01!"},
+	{"vendor/golang.org/x/crypto/internal/poly1305", "Q\x15\x94\x01"},
+	{"vendor/golang.org/x/net/dns/dnsmessage", "m"},
+	{"vendor/golang.org/x/net/http/httpguts", "\x81\x02\x13\x1c\x13\r"},
+	{"vendor/golang.org/x/net/http/httpproxy", "m\x03\x91\x01\x0f\x05\x01\x1a\x13\r"},
+	{"vendor/golang.org/x/net/http2/hpack", "\x03j\x03{G"},
+	{"vendor/golang.org/x/net/idna", "p\x88\x018\x13\x10\x02\x01"},
+	{"vendor/golang.org/x/net/nettest", "\x03c\a\x03{\x11\x05\x15\x01\f\f\x01\x02\x02\x01\n"},
+	{"vendor/golang.org/x/sys/cpu", "\x96\x02\r\f\x01\x15"},
+	{"vendor/golang.org/x/text/secure/bidirule", "m\xd6\x01\x11\x01"},
+	{"vendor/golang.org/x/text/transform", "\x03j~X"},
+	{"vendor/golang.org/x/text/unicode/bidi", "\x03\be\x7f?\x15"},
+	{"vendor/golang.org/x/text/unicode/norm", "f\n{G\x11\x11"},
+	{"weak", "\x94\x01\x8f\x01\""},
 }
diff --git a/vendor/golang.org/x/tools/internal/stdlib/manifest.go b/vendor/golang.org/x/tools/internal/stdlib/manifest.go
index 00776a31b..2b418796a 100644
--- a/vendor/golang.org/x/tools/internal/stdlib/manifest.go
+++ b/vendor/golang.org/x/tools/internal/stdlib/manifest.go
@@ -7119,7 +7119,6 @@ var PackageSymbols = map[string][]Symbol{
 		{"FormatFileInfo", Func, 21},
 		{"Glob", Func, 16},
 		{"GlobFS", Type, 16},
-		{"Lstat", Func, 25},
 		{"ModeAppend", Const, 16},
 		{"ModeCharDevice", Const, 16},
 		{"ModeDevice", Const, 16},
@@ -7144,8 +7143,6 @@ var PackageSymbols = map[string][]Symbol{
 		{"ReadDirFile", Type, 16},
 		{"ReadFile", Func, 16},
 		{"ReadFileFS", Type, 16},
-		{"ReadLink", Func, 25},
-		{"ReadLinkFS", Type, 25},
 		{"SkipAll", Var, 20},
 		{"SkipDir", Var, 16},
 		{"Stat", Func, 16},
@@ -9149,8 +9146,6 @@ var PackageSymbols = map[string][]Symbol{
 		{"(*ProcessState).SysUsage", Method, 0},
 		{"(*ProcessState).SystemTime", Method, 0},
 		{"(*ProcessState).UserTime", Method, 0},
-		{"(*Root).Chmod", Method, 25},
-		{"(*Root).Chown", Method, 25},
 		{"(*Root).Close", Method, 24},
 		{"(*Root).Create", Method, 24},
 		{"(*Root).FS", Method, 24},
@@ -16759,11 +16754,9 @@ var PackageSymbols = map[string][]Symbol{
 	},
 	"testing/fstest": {
 		{"(MapFS).Glob", Method, 16},
-		{"(MapFS).Lstat", Method, 25},
 		{"(MapFS).Open", Method, 16},
 		{"(MapFS).ReadDir", Method, 16},
 		{"(MapFS).ReadFile", Method, 16},
-		{"(MapFS).ReadLink", Method, 25},
 		{"(MapFS).Stat", Method, 16},
 		{"(MapFS).Sub", Method, 16},
 		{"MapFS", Type, 16},
diff --git a/vendor/golang.org/x/tools/internal/typeparams/free.go b/vendor/golang.org/x/tools/internal/typeparams/free.go
index 0ade5c294..709d2fc14 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/free.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/free.go
@@ -70,7 +70,7 @@ func (w *Free) Has(typ types.Type) (res bool) {
 
 	case *types.Tuple:
 		n := t.Len()
-		for i := 0; i < n; i++ {
+		for i := range n {
 			if w.Has(t.At(i).Type()) {
 				return true
 			}
diff --git a/vendor/golang.org/x/tools/internal/typeparams/termlist.go b/vendor/golang.org/x/tools/internal/typeparams/termlist.go
index cbd12f801..9bc29143f 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/termlist.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/termlist.go
@@ -1,3 +1,6 @@
+// Code generated by "go test -run=Generate -write=all"; DO NOT EDIT.
+// Source: ../../cmd/compile/internal/types2/termlist.go
+
 // Copyright 2021 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
@@ -7,8 +10,8 @@
 package typeparams
 
 import (
-	"bytes"
 	"go/types"
+	"strings"
 )
 
 // A termlist represents the type set represented by the union
@@ -22,15 +25,18 @@ type termlist []*term
 // It is in normal form.
 var allTermlist = termlist{new(term)}
 
+// termSep is the separator used between individual terms.
+const termSep = " | "
+
 // String prints the termlist exactly (without normalization).
 func (xl termlist) String() string {
 	if len(xl) == 0 {
 		return "∅"
 	}
-	var buf bytes.Buffer
+	var buf strings.Builder
 	for i, x := range xl {
 		if i > 0 {
-			buf.WriteString(" | ")
+			buf.WriteString(termSep)
 		}
 		buf.WriteString(x.String())
 	}
diff --git a/vendor/golang.org/x/tools/internal/typeparams/typeterm.go b/vendor/golang.org/x/tools/internal/typeparams/typeterm.go
index 7350bb702..fa758cdc9 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/typeterm.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/typeterm.go
@@ -1,3 +1,6 @@
+// Code generated by "go test -run=Generate -write=all"; DO NOT EDIT.
+// Source: ../../cmd/compile/internal/types2/typeterm.go
+
 // Copyright 2021 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
diff --git a/vendor/golang.org/x/tools/internal/typesinternal/classify_call.go b/vendor/golang.org/x/tools/internal/typesinternal/classify_call.go
new file mode 100644
index 000000000..649c82b6b
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/typesinternal/classify_call.go
@@ -0,0 +1,135 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package typesinternal
+
+import (
+	"fmt"
+	"go/ast"
+	"go/types"
+	_ "unsafe"
+)
+
+// CallKind describes the function position of an [*ast.CallExpr].
+type CallKind int
+
+const (
+	CallStatic     CallKind = iota // static call to known function
+	CallInterface                  // dynamic call through an interface method
+	CallDynamic                    // dynamic call of a func value
+	CallBuiltin                    // call to a builtin function
+	CallConversion                 // a conversion (not a call)
+)
+
+var callKindNames = []string{
+	"CallStatic",
+	"CallInterface",
+	"CallDynamic",
+	"CallBuiltin",
+	"CallConversion",
+}
+
+func (k CallKind) String() string {
+	if i := int(k); i >= 0 && i < len(callKindNames) {
+		return callKindNames[i]
+	}
+	return fmt.Sprintf("typeutil.CallKind(%d)", k)
+}
+
+// ClassifyCall classifies the function position of a call expression ([*ast.CallExpr]).
+// It distinguishes among true function calls, calls to builtins, and type conversions,
+// and further classifies function calls as static calls (where the function is known),
+// dynamic interface calls, and other dynamic calls.
+//
+// For the declarations:
+//
+//	func f() {}
+//	func g[T any]() {}
+//	var v func()
+//	var s []func()
+//	type I interface { M() }
+//	var i I
+//
+// ClassifyCall returns the following:
+//
+//	f()           CallStatic
+//	g[int]()      CallStatic
+//	i.M()         CallInterface
+//	min(1, 2)     CallBuiltin
+//	v()           CallDynamic
+//	s[0]()        CallDynamic
+//	int(x)        CallConversion
+//	[]byte("")    CallConversion
+func ClassifyCall(info *types.Info, call *ast.CallExpr) CallKind {
+	if info.Types == nil {
+		panic("ClassifyCall: info.Types is nil")
+	}
+	if info.Types[call.Fun].IsType() {
+		return CallConversion
+	}
+	obj := info.Uses[UsedIdent(info, call.Fun)]
+	// Classify the call by the type of the object, if any.
+	switch obj := obj.(type) {
+	case *types.Builtin:
+		return CallBuiltin
+	case *types.Func:
+		if interfaceMethod(obj) {
+			return CallInterface
+		}
+		return CallStatic
+	default:
+		return CallDynamic
+	}
+}
+
+// UsedIdent returns the identifier such that info.Uses[UsedIdent(info, e)]
+// is the [types.Object] used by e, if any.
+//
+// If e is one of various forms of reference:
+//
+//	f, c, v, T           lexical reference
+//	pkg.X                qualified identifier
+//	f[T] or pkg.F[K,V]   instantiations of the above kinds
+//	expr.f               field or method value selector
+//	T.f                  method expression selector
+//
+// UsedIdent returns the identifier whose is associated value in [types.Info.Uses]
+// is the object to which it refers.
+//
+// For the declarations:
+//
+//	func F[T any] {...}
+//	type I interface { M() }
+//	var (
+//	  x int
+//	  s struct { f  int }
+//	  a []int
+//	  i I
+//	)
+//
+// UsedIdent returns the following:
+//
+//	Expr          UsedIdent
+//	x             x
+//	s.f           f
+//	F[int]        F
+//	i.M           M
+//	I.M           M
+//	min           min
+//	int           int
+//	1             nil
+//	a[0]          nil
+//	[]byte        nil
+//
+// Note: if e is an instantiated function or method, UsedIdent returns
+// the corresponding generic function or method on the generic type.
+func UsedIdent(info *types.Info, e ast.Expr) *ast.Ident {
+	return usedIdent(info, e)
+}
+
+//go:linkname usedIdent golang.org/x/tools/go/types/typeutil.usedIdent
+func usedIdent(info *types.Info, e ast.Expr) *ast.Ident
+
+//go:linkname interfaceMethod golang.org/x/tools/go/types/typeutil.interfaceMethod
+func interfaceMethod(f *types.Func) bool
diff --git a/vendor/golang.org/x/tools/internal/typesinternal/types.go b/vendor/golang.org/x/tools/internal/typesinternal/types.go
index edf0347ec..cc244689e 100644
--- a/vendor/golang.org/x/tools/internal/typesinternal/types.go
+++ b/vendor/golang.org/x/tools/internal/typesinternal/types.go
@@ -7,6 +7,7 @@
 package typesinternal
 
 import (
+	"go/ast"
 	"go/token"
 	"go/types"
 	"reflect"
@@ -127,3 +128,17 @@ func Origin(t NamedOrAlias) NamedOrAlias {
 func IsPackageLevel(obj types.Object) bool {
 	return obj.Pkg() != nil && obj.Parent() == obj.Pkg().Scope()
 }
+
+// NewTypesInfo returns a *types.Info with all maps populated.
+func NewTypesInfo() *types.Info {
+	return &types.Info{
+		Types:        map[ast.Expr]types.TypeAndValue{},
+		Instances:    map[*ast.Ident]types.Instance{},
+		Defs:         map[*ast.Ident]types.Object{},
+		Uses:         map[*ast.Ident]types.Object{},
+		Implicits:    map[ast.Node]types.Object{},
+		Selections:   map[*ast.SelectorExpr]*types.Selection{},
+		Scopes:       map[ast.Node]*types.Scope{},
+		FileVersions: map[*ast.File]string{},
+	}
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 4caacf97d..74ec27cfe 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -273,8 +273,8 @@ codeberg.org/gruf/go-sched
 # codeberg.org/gruf/go-split v1.2.0
 ## explicit; go 1.20
 codeberg.org/gruf/go-split
-# codeberg.org/gruf/go-storage v0.2.0
-## explicit; go 1.22
+# codeberg.org/gruf/go-storage v0.2.1
+## explicit; go 1.23.0
 codeberg.org/gruf/go-storage
 codeberg.org/gruf/go-storage/disk
 codeberg.org/gruf/go-storage/internal
@@ -286,7 +286,7 @@ codeberg.org/gruf/go-structr
 # github.com/DmitriyVTitov/size v1.5.0
 ## explicit; go 1.14
 github.com/DmitriyVTitov/size
-# github.com/KimMachineGun/automemlimit v0.7.1
+# github.com/KimMachineGun/automemlimit v0.7.2
 ## explicit; go 1.22.0
 github.com/KimMachineGun/automemlimit/memlimit
 # github.com/Masterminds/goutils v1.1.1
@@ -666,8 +666,8 @@ github.com/mattn/go-isatty
 ## explicit; go 1.19
 github.com/microcosm-cc/bluemonday
 github.com/microcosm-cc/bluemonday/css
-# github.com/miekg/dns v1.1.65
-## explicit; go 1.22.0
+# github.com/miekg/dns v1.1.66
+## explicit; go 1.23.0
 github.com/miekg/dns
 # github.com/minio/crc64nvme v1.0.1
 ## explicit; go 1.22
@@ -707,7 +707,7 @@ github.com/modern-go/reflect2
 # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
 ## explicit
 github.com/munnerz/goautoneg
-# github.com/ncruces/go-sqlite3 v0.25.1
+# github.com/ncruces/go-sqlite3 v0.25.2
 ## explicit; go 1.23.0
 github.com/ncruces/go-sqlite3
 github.com/ncruces/go-sqlite3/driver
@@ -804,7 +804,7 @@ github.com/sourcegraph/conc/panics
 github.com/spf13/afero
 github.com/spf13/afero/internal/common
 github.com/spf13/afero/mem
-# github.com/spf13/cast v1.7.1
+# github.com/spf13/cast v1.8.0
 ## explicit; go 1.19
 github.com/spf13/cast
 # github.com/spf13/cobra v1.9.1
@@ -830,12 +830,12 @@ github.com/stretchr/testify/suite
 # github.com/subosito/gotenv v1.6.0
 ## explicit; go 1.18
 github.com/subosito/gotenv
-# github.com/tdewolff/minify/v2 v2.23.1
-## explicit; go 1.18.0
+# github.com/tdewolff/minify/v2 v2.23.5
+## explicit; go 1.17
 github.com/tdewolff/minify/v2
 github.com/tdewolff/minify/v2/html
-# github.com/tdewolff/parse/v2 v2.7.23
-## explicit; go 1.13
+# github.com/tdewolff/parse/v2 v2.8.0
+## explicit; go 1.11
 github.com/tdewolff/parse/v2
 github.com/tdewolff/parse/v2/buffer
 github.com/tdewolff/parse/v2/html
@@ -1123,7 +1123,7 @@ go.uber.org/multierr
 # golang.org/x/arch v0.16.0
 ## explicit; go 1.23.0
 golang.org/x/arch/x86/x86asm
-# golang.org/x/crypto v0.37.0
+# golang.org/x/crypto v0.38.0
 ## explicit; go 1.23.0
 golang.org/x/crypto/acme
 golang.org/x/crypto/acme/autocert
@@ -1147,7 +1147,7 @@ golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
 # golang.org/x/exp v0.0.0-20250305212735-054e65f0b394
 ## explicit; go 1.23.0
 golang.org/x/exp/constraints
-# golang.org/x/image v0.26.0
+# golang.org/x/image v0.27.0
 ## explicit; go 1.23.0
 golang.org/x/image/riff
 golang.org/x/image/vp8
@@ -1158,7 +1158,7 @@ golang.org/x/image/webp
 golang.org/x/mod/internal/lazyregexp
 golang.org/x/mod/module
 golang.org/x/mod/semver
-# golang.org/x/net v0.39.0
+# golang.org/x/net v0.40.0
 ## explicit; go 1.23.0
 golang.org/x/net/bpf
 golang.org/x/net/context
@@ -1177,21 +1177,21 @@ golang.org/x/net/ipv4
 golang.org/x/net/ipv6
 golang.org/x/net/publicsuffix
 golang.org/x/net/trace
-# golang.org/x/oauth2 v0.29.0
+# golang.org/x/oauth2 v0.30.0
 ## explicit; go 1.23.0
 golang.org/x/oauth2
 golang.org/x/oauth2/internal
-# golang.org/x/sync v0.13.0
+# golang.org/x/sync v0.14.0
 ## explicit; go 1.23.0
 golang.org/x/sync/errgroup
 golang.org/x/sync/semaphore
-# golang.org/x/sys v0.32.0
+# golang.org/x/sys v0.33.0
 ## explicit; go 1.23.0
 golang.org/x/sys/cpu
 golang.org/x/sys/unix
 golang.org/x/sys/windows
 golang.org/x/sys/windows/registry
-# golang.org/x/text v0.24.0
+# golang.org/x/text v0.25.0
 ## explicit; go 1.23.0
 golang.org/x/text/cases
 golang.org/x/text/encoding
@@ -1213,7 +1213,7 @@ golang.org/x/text/transform
 golang.org/x/text/unicode/bidi
 golang.org/x/text/unicode/norm
 golang.org/x/text/width
-# golang.org/x/tools v0.31.0
+# golang.org/x/tools v0.32.0
 ## explicit; go 1.23.0
 golang.org/x/tools/go/ast/astutil
 golang.org/x/tools/go/gcexportdata